Hi I'm having issue as follow:
- To access Page 12 the user need an P12_ID.
- In another page have a table contain link to P12, this table only show the user a selected number of row based on a specific role in the company. Click a row and it will pass P12_ID to Page 12.
- If a user have access to P12 they could try to guess the id which they do not have access to by typing in the url. Is there a way to fix this.
- I do have an idea to fix this but could there be a better way. My idea is to make a page computation before header to verify that user is indeed have access to this P12_ID on Page 12.
- In the image above use RAW(16) DEFAULT ON NULL SYSGUID() but some other table use NUMBER GENERATED BY DEFAULT ON NULL AS IDENTITY so it's very easy to guess the P12_ID.