0

I am supposed to create an inside web based APEX application for students working at Oracle. The login is managed via Single-Sign-On. Also, I need to have two user roles, Student and Administrator, each of them with different privileges and different pages they can see. There seems to be no obvious way to do this.

I was thinking about somehow extracting the username from e-mail used in SSO, linking it with the database of "People" and having a column there that defines the user role. Then it would be stored somewhere and will determine the rights the person has. It seems messy though and I am quite new to APEX - I guess there is a better way to do this.

I know this can be done directly in APEX itself, but it would be much better to get this working in the app.

Scott Mikutsky
  • 746
  • 7
  • 21
Lea
  • 211
  • 1
  • 2
  • 14
  • I'm not clear whether you want to do it the "APEX" way, or roll your own. Have you read this post? http://stackoverflow.com/q/7905159/257090 – codenheim Jul 14 '14 at 08:46
  • @mrjoltcola I want the administrators in the XY app be different from the administrators in the APEX workspace if that's what you are asking. – Lea Jul 14 '14 at 09:11
  • The question @mrjoltcola linked to covers both using tables and using groups in apex. Since you use SSO I'd roll with an own table, where you store the combination of username and their granted role(s). I'd say there is no need to redefine the users again, but you will need their (hopefully) unique username - how else would you couple them together. Using apex groups is good for apex users only usually - and SSO authenticated users are not "apex users". Mind that an apex user could be an end user, and not necessarily a workspace administrator - it's definable. – Tom Jul 15 '14 at 05:40
  • If you do still have an issue in figuring it out do amend your question, otherwise I'd say it's a duplicate. – Tom Jul 15 '14 at 05:41
  • Hi @Tom, I wasn't insinuating that it was a duplicate, but was providing her the link as it appeared to have some good information in it. Since the other doesn't mention SSO, I tend to think this isn't a duplicate and Lea's question stands on its own. – codenheim Jul 15 '14 at 05:48
  • @mrjoltcola SSO is the authentication scheme. Testing user roles is authorization, and the linked question deals with that. The difference would be that with sso there is no need for a separate users table, just the `APP_USER` in the roles table. It's not meant in a bad way, it's very close to being a duplicate to me, but then again, I haven't cast a close vote yet. No problem with being stuck, even though the other question may well provide plenty of information. – Tom Jul 15 '14 at 08:05
  • I'll check that one out, thanks. I think I may use some of it - then I'll decide what to do with this question. Give me some time please :') – Lea Jul 16 '14 at 08:06

1 Answers1

1

Oracle APEX has the option to use Oracle SSO for logging in, it only requires some digging until you find it (authorization schemes).

After that I was using this select statement to determine the user role:

SELECT ROLE FROM PEOPLE
WHERE E_MAIL = V('APP_USER')

Much easier that I expected it to be.

Lea
  • 211
  • 1
  • 2
  • 14