dragon.XPF

Authentication and authorization in the Oracle/Apex environment

Companies that use Oracle and Apex know the problem all too well – the Oracle/Apex standard is often not sufficient to meet the required requirements.
The dragon.XPF helps you to approach this topic calmly.
Based on the foundations of a well-structured authorization concept (groups, roles, objects), any requirements can be implemented.

Authentication and authorization in the Oracle/Apex environment

Authentication

In times when the operational security of systems is even more important and single sign-on solutions are only used to a limited extent, we have decided on a standard that also meets user acceptance.
Through By connecting an LDAP connector, all users can authenticate themselves to all internal applications with their Windows domain password. Of course, it is also possible to operate the registration completely independently by using your own user management.
For example, it is possible to have the user base created via LDAP, but the authentication method FORMS  within to keep the dragon.XPF.

  • Easy connection to existing Oracle/Apex applications
  • LDAP implementation based on the Active Directory standard
  • Two-track authentication possible (LDAP and FORMS)
  • User import possible via LDAP
  • LDAP test center for checking queries (searchBase, scope, filter)
  • Multi-factor authentication (MFA) can be set per Apex application and user
Authentication with LDAP/FORMS and MFA

Authorization

The greatest strength of the dragon.XPF tool is the ability to map any type of complex user authorization.
Knowing how quickly the requirements for the applications can increase within an application with many employees It is important to us to provide a highly scalable and well-designed solution.

  • Freely configurable group and role concept
  • Authorization objects based on the Apex Standard
  • Easy connection to existing applications
  • Consistent operating concept
simple and intutive authorization based on Apex standard

Details about the authorization objects

Based on the Oracle Apex Standard, it is possible to “compare” the authorization objects of your applications at any time. If new elements or entire pages are created, a so-called “privilege set” only needs to be created. This methodology carries out a fully automatic search of the application objects and compares them, i.e. objects that no longer exist are of course also removed.
Now the new authorization object only needs to be assigned to an existing or new role. If roles are part of groups, no further work (e.g. group generation) needs to be carried out and the employee can get started straight away.
For example, it is also possible to additionally edit an interactive grid using the read-only attribute to control. In addition, you can not only assign groups and roles to a user – you can also explicitly assign only a specific individual objectif necessary.

Overview of possible objects

  • Application
  • Page
  • Breadcrumb Entry
  • Application Computation
  • Interactive Grid
  • Interactive Grid Column
  • Application Process
  • List Entry
  • Page Branch
  • Page Button
  • Page Computation
  • Page Dynamic Action
  • Page Chart Series
  • Page Interactive Report Column
  • Page Item
  • Page Process
  • Page Region
  • Page Report Column
  • Page Validation

Strictly speaking, any authorization object can be generated that has the option of selecting an authorization controller in the Security area.

object overview including grid components

Just don’t lose track…

Anyone who has ever dealt with the topic of “application authorizations” in larger software systems knows how quickly you can lose track of all the groups, roles and authorization objects. Based on the capabilities of the Apex Interactive Grid (filtering, sorting, grouping, etc.), it is very easy to concentrate fully on the requirement.
For example, it is possible to display the users at any time, who belong to a role or group or in which roles or groups an authorization object occurs. If you notice that there are still employees missing or there are employees that you would like to remove or add, this can also be done in the same view.
It is also possible to display which group a role has been assigned to became. Thanks to all of these features, you always have an overview of your authorization system.

Technical Presentation

Do you have any questions?

Do not hesitate to contact us.