• June 12, 2013

How to customize the user experience in Fusion Apps - Part 1 Composer Security Expressions

Access to resources such as taskflows, regions, buttons, and menus in Fusion Applications is granted by entitlements stored in a policy store and managed through the Authorization Policy Manager (APM).  Users are assigned roles comprised of  a set of entitlements (Oracle makes this quite easy  by providing you with job based seeded roles) authorizing them to  access  only the data and functions neccessary to perform their jobs and no more. On a more granular level it is also possible to control the rendering of certain UI objects by controlling their display attribute at runtime using Page Composer.

An example illustrating a conditional rendering of a Button is outlined below. The condition used in this example is the Role of the authenticated user.

2 Users and 2 Roles

In this example we have two HR Specialists, we want to prevent one of these users from saving Person records.

Figure1 Roles of Louise Beckham

Figure2. Roles of Megan Davis

Customizing the Object

Using Page Composer, the Administartor creates a security condition in Expression Builder. This condition states that the "Save" field on the "Person Management" page will be displayed if and only if the session authenticated user has the PER_HUMAN_RESOURCE_SPECIALIST_VIEW_ALL_DATA role. This happnes to be a role that our user Megan Davis has but that has not been granted to user Louise Beckham.

The statement, written in Expression Language (EL), used in this example is


NB: It is possible to have a include multiple roles as follows: #{securityContext.userInRole['Role 1'||'Role2']}, it is also possible to exclude a role by include a '!' at the beginning of the expression as follows: #{!securityContext.userInRole['Role 1']}

Figure3. Selecting the ADF Object
that we want to customize

Figure4. Creating a dynamically calculated attribute value using Expression Builder

Different Display for Different Users

Below is how each of our two users sees the same UI that has now been conditionally customized. We can see the "Save" button displayed on Morgan's UI but not on Louise's.

Figure 5 - .Louise's UI without the Save Button

Figure 6.Megan's UI with the Save Button

Join the discussion

Comments ( 2 )
  • Mukesh Saturday, January 10, 2015


    Thank you for the useful information.

    We have a specific requirement (in Fusion Financials Cloud Services), where we need to track if a user has taken action on a specific record, he/she should not be able to take the next action on that record. We are hoping to achieve it by using expression builder on the action button, where we would like to compare last updated by username. I would really appreciate if you can guide us through this.

    Thanks and Best Regards,


  • frederick.voltmer@oracle.com Tuesday, April 21, 2015

    @Mukesh: Please take a look at the Fusion Middleware Developer's Guide for Oracle SOA Suite (http://docs.oracle.com/cd/E23943_01/dev.1111/e10224/toc.htm). Review Chapter 11: Using Conditional Branching in a BPEL Process.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.