Granting Permissions to Roles
You eventually associate each application role with a specific set of grants to ADF resources. The security policy names the application role as the principal of the grant, rather than specific users.
Oracle ADF Security defines the following authorization points for your application’s access policies:
Groups of Web pages with grants issued on ADF task flows; the pages that the task flow defines are all securable with grants.
Individual Web pages with grants issued on ADF page definitions; useful for any Web page that is not contained in an ADF task flow. A page definition is created automatically for Web pages with components that are bound to data. If you want to secure a Web page that does not display databound components, you can create an empty page definition file for it.
Specific row-level data accessed through the Business Components data model project, with grants issued on entity objects or their attributes.
For the view–controller project, you use the overview editor for ADF security policies to secure ADF resources, including ADF task flows and ADF page definitions. To open the overview editor, double-click jazn-data.xml in the Application Resources panel in JDeveloper. This editor is available only if you have ADF Security configured.