Access to resources such as taskflows, regions, buttons, and menus in Fusion Applications is granted by entitlements stored in a policy store and managed through the Authorization Policy Manager (APM). Users are assigned roles comprised of a set of entitlements (Oracle makes this quite easy by providing you with job based seeded roles) authorizing them to access only the data and functions neccessary to perform their jobs and no more. On a more granular level it is also possible to control the rendering of certain UI objects by controlling their display attribute at runtime using Page Composer.
An example illustrating a conditional rendering of a Button is outlined below. The condition used in this example is the Role of the authenticated user.
2 Users and 2 Roles
In this example we have two HR Specialists, we want to prevent one of these users from saving Person records.
Figure1 Roles of Louise Beckham
Figure2. Roles of Megan Davis
Customizing the Object
Using Page Composer, the Administartor creates a security condition in Expression Builder. This condition states that the "Save" field on the "Person Management" page will be displayed if and only if the session authenticated user has the PER_HUMAN_RESOURCE_SPECIALIST_VIEW_ALL_DATA role. This happnes to be a role that our user Megan Davis has but that has not been granted to user Louise Beckham.
The statement, written in Expression Language (EL), used in this example is
#{securityContext.userInRole['PER_HUMAN_RESOURCE_SPECIALIST_VIEW_ALL_DATA']}
NB: It is possible to have a include multiple roles as follows: #{securityContext.userInRole['Role 1'||'Role2']}, it is also possible to exclude a role by include a '!' at the beginning of the expression as follows: #{!securityContext.userInRole['Role 1']}
Figure3. Selecting the ADF Object that we want to customize
Figure4. Creating a dynamically calculated attribute value using Expression Builder
Different Display for Different Users
Below is how each of our two users sees the same UI that has now been conditionally customized. We can see the "Save" button displayed on Morgan's UI but not on Louise's.
Figure 5 - .Louise's UI without the Save Button
Figure 6.Megan's UI with the Save Button