This topic explains the logic for checking user privileges. There are two reasons why a user may not have a privilege:

• The user is not logged in and the PUBLIC user does not have the necessary privilege.
• The user is logged in, but has not been granted the necessary privilege.

In the first case, if check_privilege finds that the user is not logged in, it returns FALSE and redirects the user's browser to the Single Sign-On Server so the user can log on. In the second case, the user should be informed that they do not have the required privilege.

The following example checks whether a user has the EXECUTE privilege on an object:

procedure display_user_mgr
 ( ... )
 begin -- always begin with a privilege check
   if wwsec_app_priv.check_privilege
   (
      p_object 		=> wwsec_api.ADMIN_OBJ,
      p_privilege 	=> wwsec_api.EXECUTE_PRIV,
      p_name 		=> 'UserManager' -- the unique name of the object instance,
      p_requested_url => wwctx_api.get_product_schema || '.wwsec_app_user_mgr.display_user_mgr'
   )
 then
  -- processing will not reach here if the user has insufficient privileges...
  -- privileged application code may follow
 end if;
 end display_user_mgr;