Check privilege function logic

Related topics

This topic explains the logic for checking user privileges. There are two reasons why a user may not have a privilege: The user is not logged in and the PUBLIC user does not have the necessary privilege. The user is logged in, but has not been granted the necessary privilege. In the first case, if check_privilege finds that the user is not logged in, it returns FALSE and redirects the user's browser to the Single Sign-On Server so the user can log on. In the second case, the user should be informed that they do not have the required privilege. The following example checks whether a user has the EXECUTE privilege on an object: procedure display_user_mgr ( ... ) begin -- always begin with a privilege check if wwsec_app_priv.check_privilege ( p_object => wwsec_api.ADMIN_OBJ, p_privilege => wwsec_api.EXECUTE_PRIV, p_name => 'UserManager' -- the unique name of the object instance, p_requested_url => wwctx_api.get_product_schema || '.wwsec_app_user_mgr.display_user_mgr' )   then -- processing will not reach here -- if the user has insufficient -- privileges... -- privileged application code may follow end if; end display_user_mgr;

Related topics
Security API package	PDK PL/SQL API Reference - Home

Back to top

The PL/SQL API Reference is part of the Portal Developer Kit on Portal Studio