1. App Builder User's Guide
  2. Managing Application Security
  3. Controlling Access to Applications, Pages, and Page Components
  4. Managing Roles and User Assignments

21.3.7 Managing Roles and User Assignments

Manage application access control roles and user role assignments on the Application Access Control page.

Tip:

You also use the APEX_ACL API. See APEX_ACL in Oracle APEX API Reference

Parent topic: Controlling Access to Applications, Pages, and Page Components

21.3.7.1 About Application Access Control

Learn about managing access control application users and roles.

You create an access control list by running the Access Control Wizard from either the Create Application Wizard or Create Page Wizard. The Access Control Wizard creates a page to manage an access control list and creates two tables within the application's default parsing schema to manage the access control list. Use the access control list within the application to associate the privileges (view, edit, and administration, with application users. Each privileges correlates to an access level role:
  • View correlates to the READER role.
  • Edit correlates to the CONTRIBUTOR role.
  • Administration correlates to the ADMINISTRATOR role.

To control access to application pages and components, you need to create an Authorization Scheme and associate it with the application.

About Defining Additional Roles

You can define additional roles on the Application Access Control page. Since roles are applied to users you must create the roles before adding users. Roles and users defined on the Application Access Control page can be reviewed using the following view:

  • APEX_APPL_ACL_USERS
  • APEX_APPL_ACL_USER_ROLES
  • APEX_APPL_ACL_ROLES

See Also:

Attaching an Authorization Scheme to an Application

Parent topic: Managing Roles and User Assignments

21.3.7.2 Creating Access Control Roles

Create application access control roles.

Tip:

Since roles are applied to users, you must create the roles before adding users.

To create an application access control role:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Security, select Application Access Control.
    The Application Access Control page appears.
  3. Under Roles, click Add Role.
    The Role dialog appears.
  4. On Role:
    1. Name - Enter a descriptive name for this role. Name may only contain alphanumeric characters and underscores (_).
    2. Static Identifier - Alternate application identifier for this role.
    3. Description - Enter an optional description of this role.
  5. Click Create Role.

    The new role displays under Roles on the Application Access Control page.

Parent topic: Managing Roles and User Assignments

21.3.7.3 Copying or Subscribing to Access Control Roles

Copy access control roles from the current application or from another application. When copying an access control role from another app, you can also subscribe to it.

Tip:

Subscriptions enable developers to reuse shared components across several applications in a workspace. To learn more about subscriptions, see Using Shared Component Subscriptions.

To copy or subscribe to access control roles:

  1. Navigate to the Application Access Control page.
    1. Navigate to the Workspace home page.
    2. Click the App Builder icon.
    3. Select an application.
    4. On the Application home page, click Shared Components.
    5. Under Security, click Application Access Control.

      The Application Access Control page appears. Note that the report includes the following columns: Subscribed From, Subscription Status, and Subscribers.

  2. To copy a role within the current application:
    1. Search for the role and click Copy in the Copy column.

      The Copy Role Wizard appears.

    2. New Role Name - Enter the name of the role. This name must be unique within the application.
    3. Click Copy Role.
  3. To copy a role from another application:
    1. From the Tasks region, click Copy Role from another app.
      The Copy Role Wizard appears.
    2. Application - Select the application from which you want to copy.
    3. Copy Role - Select the role to copy.
    4. Subscribe - Set this flag to On to subscribe to the role.
    5. Click Copy Role.

Parent topic: Managing Roles and User Assignments

21.3.7.4 Subscribing to Access Control Roles

Subscribe to an access control role in the Role dialog.

Subscriptions enable developers to reuse shared components across several applications in a workspace. To learn more about shared component subscriptions, see Using Shared Component Subscriptions.

Note:

You can also subscribe to a role by copying it and then subscribing. See Copying or Subscribing to Access Control Roles.

To subscribe to an access control role:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.
    4. Under Security, click Application Access Control.

      The Application Access Control page appears. Note that the report includes the following columns: Subscribed From, Subscription Status, and Subscribers.

  2. Under Roles, select the role.
    The Role dialog appears.
  3. To subscribe to an access control role:
    1. Find the Subscription region.
    2. Subscription, Subscribe From - Select a master role to subscribe to and click Apply Changes.

      The subscribed component is automatically refreshed from the selected master.

  4. To refresh a subscribed access control role:
    1. Find the Subscription region.
    2. Subscription, Refresh Role - If the access control role is already subscribed, click Refresh Role.
  5. To unsubscribe from a access control role:
    1. Find the Subscription region.
    2. Subscription, Unsubscribe - Click Unsubscribe.

Parent topic: Managing Roles and User Assignments

21.3.7.5 Deleting Access Control Roles

Learn about deleting application access control roles.

To delete a role:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Security, select Application Access Control.
    The Application Access Control page appears.
  3. Under Roles, select the role.
    The Role dialog appears.
  4. Click Delete.

Parent topic: Managing Roles and User Assignments

21.3.7.6 Adding User Role Assignments

Define additional user role assignments on the Application Access Control page.

To add user role assignments:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Security, select Application Access Control.
    The Application Access Control page appears.
  3. Under User Role Assignments, click Add User Role Assignment.
    The User Assignment dialog appears.
  4. On User Assignment:
    1. User Name - Enter a descriptive name for this role. Name may only contain alphanumeric characters and underscores (_).
    2. Application Role - Select a role.
  5. Click Create Assignment.

    The new user assignment displays under User Role Assignments.

Tip:

Application users are not exported as part of your application. When you deploy your application you will need to manually manage your user to role assignments. Roles are exported as part of an application export and imported with application imports.

Parent topic: Managing Roles and User Assignments

21.3.7.7 Editing User Role Assignments

Edit or delete user role assignments.

To edit user role assignments:

  1. Navigate to the Shared Components page:
    1. On the Workspace home page, click App Builder.
    2. Select an application.
    3. On the Application home page, click Shared Components.

      The Shared Components page appears.

  2. Under Security, select Application Access Control.
    The Application Access Control page appears.
  3. To edit an existing user role assignment:
    1. Under User Role Assignments, select a user name.
      The User Assignment dialog appears.
    2. For Application Role, celect a new role.
    3. Click Save.
  4. To delete a user role assignment:
    1. Under User Role Assignments, select a user name.
      The User Assignment dialog appears.
    2. Click Delete.

Tip:

Application users are not exported as part of your application. When you deploy your application you will need to manually manage your user to role assignments. Roles are exported as part of an application export and imported with application imports.

See Also:

Exporting Workspaces, Applications, and App Components

Parent topic: Managing Roles and User Assignments