Security in Oracle Visual Builder Cloud Applications

Oracle Visual Builder Cloud Applications

With Visual Builder Cloud Service (VBCS), Oracle allows developers to quickly develop and deploy mobile and web applications, all from the browser window. With simple drag and drop actions, VBCS is simple, yet powerful tool to build modern web and mobile applications.

Enterprise applications space has always been dominated by Oracle, and with Fusion Cloud applications (SaaS) taking center stage – VBCS is only a natural extension (PaaS) to that ecosystem.

While developing and deploying may be seem simple, due care must be taken to secure the application. It is in this context, we would like to

explain how application and data security can be enforced in the VBCS applications.

Oracle Visual Builder Cloud Service allows to secure the application in the following ways:

  • Application Security
  • Data Security

Application security (role based) is to restrict the users access only the components that they are supposed to. It hides all other pages in the application.

In VBCS, we can set restrictions on entire pages, or just on certain components in a page. When we want to restrict access to a text field or a button in a page, we use dynamic UI controls.

As an example, we can hide the navigation button to a page or a tab by use of the below expression to set component visibility by role:

<oj-bind-if test=“$application.user.roles.role_name” >  </oj-bind-if>

Data Security controls what data a user can access in the application.

Role based security alone is not enough to make an application secure – we must always use it with data security to build a robust and secure application.

When we secure the data to be exposed for a specific user, even if someone spoofs the role, the REST call only returns an empty data set.

In the illustration below, we show how a page can be secured only for specific application roles:

  1. In the Business Objects panel, open the Business Object Editor
  2. Click the Security tab in the editor, click the icon next to Role-based Security to enable it.

For setting Role-Based view restrictions on a page we use the following JSON code snippet in JSON Metadata of the page/flow:

“security”: {   

“access”: {      

“requiresAuthentication”: true,     

“roles”: [“role_name“]    

}}

After adding the above code snippet, open the ‘Who Am I?’ utility and run the page as a user who does not have access, the page will no longer load as shown below:

To know more about how Oracle Visual Builder Cloud Service can benefit your business requirements, Contact us.

Leave a Reply

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.