APEX Authentication and Authorisation for Forms Developers

In this video I explain the many Authentication schemes of Oracle APEX as compared to the few available in Oracle Forms. APEX includes all the Authentication Schemes which Oracle Forms has including a flexible scheme which provides the ability for the developer to create their own custom scheme. This is a highly versatile feature which can be used for table based authentication, or it could be used for a more advanced authentication against LDAP or for 3rd party system including EBS.

Once authenticated, the user will acquire their roles & privileges to prevent some users accessing pages or components which they should not be able to access. This is a process called authorisation.

The most popular authorisation scheme type is PL/SQLFunction Returning Boolean which allows the developer to create their own function to return a true if they have access or a false if they do not. This value is, by default, held in session rather than multiple components repeatedly accessing this scheme only to be provided the same result each time.

In contrast with Oracle Forms, authorisation is handled manually with program units and triggers which contains a mix of authorisation code together with validations and business logic. APEX logically separates these 3 areas in to Authorisation Schemes, Validations and Processes meaning your application is easier to support and maintain.

Author: Matt Mulvaney

Job Title: Senior Oracle APEX Development Consultant

Bio: Matt is an experienced APEX solution designer having designed numerous complex systems using a broad range of Oracle Technologies. Building on his previous experience of Oracle Forms & PL/SQL, he is entirely focused on providing functionally rich APEX solutions. Matt promotes APEX as a software platform and openly shares best practises, techniques & approaches. Matt has a passion for excellence and enjoys producing high quality software solutions which provide a real business benefit.