Monday, July 11, 2011

OAF and Function Security

A function is a piece of functionality that is assigned to, or excluded from a responsibility/menu.
A function may or may not point to a OAF page/Form.

Function Security is one of the several options for Dynamic User Interface. We can control the behavior of application depending on whether a function is granted or not.
here are two ways of implementing Function Security:

  • Declarative
  • Programmatic

Declarative Implementation:
We can control only the following item properties using this approach:
  • Rendered
  • Read Only
  • Disabled
  • Required
Set the value for any of the above properties according to the following SPEL syntax:
** Above value can be added via Personalization as well.

Property Property Internal NameExpression Test Result
RenderedRENDERED_ATTR${oa.FunctionSecurity.<myFuncName>}Returns True if <myFuncName> is granted, otherwise False.
Read OnlyREAD_ONLY_ATTR${oa.FunctionSecurity.<myFuncName>}Returns False if
<myFuncName> is granted, otherwise
DisabledDISABLED_ATTR${oa.FunctionSecurity.<myFuncName>}Returns False if
<myFuncName> is granted, otherwise
RequiredREQUIRED_ATTR${oa.FunctionSecurity.<myFuncName>}Returns no if
<myFuncName> is granted, otherwise

Note: Most people expect the declarative syntax to return True/Yes for properties if the function is granted and false otherwise, which is not the case.

A more flexible solution is to use a transient attribute in VO. Use function security in the getter method of the transient variable (Refer Programmatic Implementation). Use SPEL to set the properties of the UI Widgets. With this approach other possible values (uiOnly or validatorOnly) for Required property as well.

Programmatic Implementation:
Following methods test if a function is accessible under the current security context:

  • OAPageContext.testFunction("<Function Name>") ;
  • OADBTransaction.testFunction("<Function Name>") ;
Above methods return True if function is granted else return False.

OADBTransaction.testFunction is used in BC4J and PageContext version is used
in OAController.

We can have lot more control Programmatically. For example, we can modify the query of a VO, control the options being displayed in a drop down.

Use of Function Security to secure access to a page:
Prior to 11.5.10, we used to set the "Function" property on the PageLayout. If user is granted that function the page will render otherwise typical error "Insufficient Priviledges for current operation" is thrown if user attempts to navigate to that page.

While setting the Function property still works the recommended approach from 11.5.10 onwards is to set the Rendered property of PageLayout with the following syntax:

Note: There are two ways of navigating to a page; you can navigate by passing page parameter or you can pass OAFunc parameter.
If you are navigating to a page using OAFunc=<FunctionName>, again the function security is checked. If Function is granted to the user, then navigation is successful, else "Insufficient Priviledges" error is thrown.


  1. well written buddy...v useful...i have used the declarative way but was looking for programmatic control for some options and found the answer here.

  2. There are many options for more programmatic control. Let me know what type of control you were looking for.

    I'll probably be be putting another post on programmatic control in a week or so.