Any information on forms6i security??

[hyousef]

Can anyone give me info or the sites on forms6i security?

I am using Oracle9i and forms6i.
I have created some users accounts, roles and object privileges granted using Oracle Enterprise Manager and object privileges granted but need to apply it on forms (block level, items level...so Some users can view and edit and some users can view only.

All users are front end users (working with forms only).

Can someone point me to the right way plz.
Thank you in advance.

[stecal]

You can attach a library that checks/validates user roles. Every form references the attached library (pll file). Or, you can put the code in pre-form or when-new-form-instance at the form level trigger area that checks/validates user permissions.

[hyousef]

Stecal,
From where can i attach a library that checks/validates user roles??

which way is better to use.

I don't have much experience in this issue, can you please explain it to me more in details.

I appreciate your help.

[stecal]

If you don't have a lot of forms to maintain, put the role checking code in the form-level trigger. Raise an alert message to tell the user he cannot access the form because of (whatever reason).

[hyousef]

I have one form but contains many datablocks,

Some users have full access to all datablocks and canvases and some users have access to some blocks and canvases (not all blocks)
Also, some users can edit data and some can view only.

I want to control users and the blocks,items,canvases that they have access to.

In this case, where should i put my "security" code?

Stecal, is it possible to give me a sample code that i can start from???

Thanks a lot.

[stecal]

You can create some roles that correspond to the privileges with respect to seeing blocks on the form.

Try to create roles that apply to all cases/types of users so you can set permissions at a higher level within the form, then at each block (when_new_block) all you have to do is check for true/false for existence of a role/permission.

The roles don't have to be actual database roles. You can create your own user role table and reference that table for better performance. Your table will have columns
username, role or datablock name, permission.

select information about a user into a cursor or record.
evaluate the roles the user has
set global flags (boolean) for each data block "role" to true or false

User calls the form, his permissions are evaluated at when_new_form_instance, and you set block properties. The blocks he can see are shown, the ones he can't use are hidden. If it is a block that doesn't appear initially, you put in a trigger that checks permission to see the block when_new_block_instance.

[hyousef]

Hi Stecal,

Thanks for your information, i will give it a try.

I have done some search and i found that some users use "menu security"...Does it apply to my case??