Skip to main content
HashnodeHot off the Application ExpressHot off the Application Express

Command Palette

Search for a command to run...

Oracle APEX Dynamic Groups

Published
2 min read
Oracle APEX Dynamic Groups
M
Matt Mulvaney

With around 20 years on the job, Matt is one of the most experienced software developers at Pretius. He likes meeting new people, traveling to conferences, and working on different projects.

He’s also a big sports fan (regularly watches Leeds United, Formula 1, and boxing), and not just as a spectator – he often starts his days on a mountain bike, to tune his mind.

Q. Whats the purpose of Dynamic Groups when I can just assign the logic within Authorization Schemes?

A. They are often used from IDPs (IAM, Entra, etc). After authenticating, the IDP chucks you a lump of JSON, which you have to catch and assign them to Dynamic Groups. These Dynamic Groups then map onto Authorization Schemes

This caught me out yesturday. So, I’m writing a quick blog to capture this information.

Let’s go!

  1. Set Shared Components > Security Attibutes > Source for Role or Group Schemes to Custom Code

  2. Set Shared Components > Authentication Schemes > Source > PL/SQL Code to something like this.

     PROCEDURE p_post_processing 
 IS
     l_group_names apex_t_varchar2;
 BEGIN

     apex_string.push (
       p_table => l_group_names,
       p_value => 'supervisor');

     apex_string.push (
       p_table => l_group_names,
       p_value => 'developer');

     apex_string.push (
       p_table => l_group_names,
       p_value => 'manager');

     apex_authorization.enable_dynamic_groups (
         p_group_names => l_group_names );

 END p_post_processing;

    In the above, I’m pushing 3 potential group that the user has. You must derive the group that the user has from a source. That source could be table driven or IDP (IAM, Entra, etc) driven (see step 35 for how to do this).

  3. Set the Login Processing > Post-Authentication Procedure Name is set to p_post_processing

  4. Create Authorization Schemes Shared Components > Authorization Schemes using Scheme Type of Is In Role or Group and Type of Custom.

    The Name(s) must match the assigned p_value in p_post_processing

    I created another Scheme for manager

  5. Assign compoents to the Authorization Scheme as you normally would

  6. Add an Interactive Report called Roles to show the assigned Dynamic Groups that have been assigned

     select *
   from APEX_WORKSPACE_SESSION_GROUPS
  where apex_session_id = :APP_SESSION

  7. Sign Out of your Application and Log Back in

  8. Behold - Dynamic Groups mapped to Authorization Schemes

ENJOY!

What’s the picture? A collection of walking aids spotted at Harrogate household waste recycling centre. Visit Yorkshire!

#orclapex#oracle#oracle-apex
627 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

H

Hot off the Application Express

190 posts

The low-code sharings of Matt Mulvaney