Oracle Corporation
Declarative attribute security using custom properties

Abstract:

In various embodiments, application development tools can allow developers to control whether or not an attribute of a view object is displayed by declaratively associating a data security privilege with the attribute. Associating a data security privilege with the attribute can be done by adding a specially named custom property on the view object attribute. Modifications to a base class can provide any necessary support to retrieve the privilege and determine whether a current user is allowed to view the attribute for the current record/row. If the user is authorized to view the attribute for the current record/row, then the attribute value is returned and displayed. Otherwise, redacting information, such as "*****" can be returned and displayed.