Skip to Main Content

Application Development Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

add a filter to the documents in 'Shipment detail' in the Mobile Layout of OTM

Daan MatheeuwsenOct 30 2024

I am currently working on implementing a document filter within the shipment details section of our mobile app. This feature is essential because the app will be used by service providers, and they should not have access to all of the stored PDF documents related to a shipment. When users navigate to Active Shipments, select an active shipment, and access the Documents tab, they currently see all documents associated with that shipment.

To improve security and usability, I need to create a filter that displays only specific documents—specifically, those that are relevant and sent via the portal. However, the existing configuration in the JSON does not support filtering or disabling document visibility, which has created a challenge in implementing this functionality.

There have been no recent changes to document visibility in the shipment details of the mobile app, yet the need for this feature has become increasingly evident as we seek to streamline access for service providers. My goal is to establish a filter that limits document access to only the necessary document types, ensuring that sensitive or irrelevant files remain hidden.

Does anyone know how I can fix this problem?

Comments

thatJeffSmith-Oracle Feb 13 2025

Your ENTRA users will get authenticated via JSON Web Tokens, and their Entra roles will determine which ORDS REST APIs they can hit.

When they hit an endpoint, it'll execute code in the database as the database user that owns the schema where the REST API is defined, not as Entra defiend end user. In fact, the Entra users won't have accounts in the database (they could, but wont' need to).

The :current_user field as far as ords is concerned would be the corresponding oauth2 client or JWT issued for the authorizied session.

Your prehook should be able to alter the session to set the context that would put your RLS/VPD security policy in play.

1 - 1

Post Details

Added on Oct 30 2024
0 comments
77 views