I attempted to create a workspace in APEX using an existing schema called PEOPLE and it gave the error message "The schema is reserved or restricted". I tried with other existing schemas that I created and they all worked fine.
Technical/Environment details follow:
Database: Oracle 19c EE installed on local machine.
Apex: 19.2 installed as Embedded Gateway on local machine.
Created pluggable database called PDB1.
Created tablespace PEOPLE_TAB using OMF (Oracle Managed Files) syntax.
Created local user PEOPLE in PDB1.
Gave PEOPLE the following roles and privs (I'm aware some are doubled up like RESOURCE role and CREATE SESSION priv):
RESOURCE
UNLIMITED TABLESPACE
SELECT_CATALOG_ROLE
CREATE SESSION
CREATE TABLE
CREATE TYPE
CREATE CLUSTER
CREATE TRIGGER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE VIEW
CREATE DIMENSION
CREATE JOB
CREATE SYNONYM
CREATE DIMENSION
CREATE MATERIALIZED VIEW
I created another user TEST1 in the same tablespace PEOPLE_TAB, with the same privs as PEOPLE and re-created the objects and data. I could successfully create a workspace using this new schema!
Trawled the web, but most articles and posts refer to older versions of APEX, but I still tried the following.
I followed the advice given in the Oracle docs, Application Express Release 19.2 Adminstration Guide section 2.13
The APEX engine schema for APEX 19.2 is APEX_190200. So I unlocked APEX_190200 and logged in (after changing password) to run the checks.
-- Checked if PEOPLE was a restricted schema
SELECT schema FROM APEX_190200.wwv_flow_restricted_schemas order by schema;
PEOPLE is not listed and I assume is not restricted. So I tried to unrestrict PEOPLE anyway as detailed in the docs.
-- ran from APEX_190200
EXEC APEX_INSTANCE_ADMIN.UNRESTRICT_SCHEMA(p_schema => 'PEOPLE');
COMMIT;
Successfully ran but did not resolve the issue.
Looking on the web most of the info was out of date but tried anyway.
-- ran from APEX_190200
EXEC APEX_SITE_ADMIN_PRIVS.UNRESTRICT_SCHEMA(p_schema => 'PEOPLE');
COMMIT;
The above did not run and complained the package didn't exist. I verified that when looking for APEX_SITE_ADMIN_PRIVS in user_objects - it was not there.
Some years ago there was a bug with the function wwv_flow_provision.IS_RESERVED, but I checked this and it ran ok returning FALSE for PEOPLE and TRUE for reserved words like VARCHAR.
It's really thrown me when I can create an identical user (different name) with identical privs, objects and data was created on the same tablespace and it worked fine with an APEX workspace.
Does anyone have any experience of resolving this issue or point me in the right direction?
Thank you.
You are receiving the error because PEOPLE is specified as a restricted schema with an APEX package.
In the installation scripts for APEX 19.2, the file named f4050.sql has a page validation on page 79 (the page that is raising the error) that looks like this:
...
...
...
wwv_flow_api.create_page_validation(
p_id=>wwv_flow_api.id(114752711027135415)
,p_validation_name=>'schema not reserved/restricted'
,p_validation_sequence=>80
,p_validation=>wwv_flow_string.join(wwv_flow_t_varchar2(
'wwv_flow_provision.schema_name_valid(',
' p_schema => :F4050_P79_SCHEMA,',
' p_workspace_name => :F4050_P27_COMPANY);'))
,p_validation_type=>'PLSQL_EXPRESSION'
,p_error_message=>'Schema is reserved or restricted'
,p_when_button_pressed=>wwv_flow_api.id(12559200978895311)
,p_error_display_location=>'INLINE_WITH_FIELD_AND_NOTIFICATION'
);
...
...
...
Then using a procedure block like this, you can determine if the schema name is valid or not:
BEGIN
IF apex_190200.wwv_flow_provision.schema_name_valid (p_schema => 'PEOPLE',
p_workspace_name => 'PEOPLE')
THEN
DBMS_OUTPUT.put_line ('Valid');
ELSE
DBMS_OUTPUT.put_line ('Invalid');
END IF;
END;
/
Then by unwrapping the code in those packages (tools can be easily found online). Within that code, there is a call to another function named WWV_FLOW_PROVISIONING.RESERVED_SCHEMA (P_SCHEMA => P_SCHEMA). Within that function, there is code that looks like this:
IF C_SCHEMA IN (
'HTMLDB_PUBLIC_USER',
'APEX_PUBLIC_USER',
'PUBLIC_USER',
'FLOWS_FILES',
'SCHEDULER',
'PEOPLE') THEN
RETURN TRUE;
END IF;
So without modifying the package WWV_FLOW_PROVISIONING (which I would highly recommend AGAINST), you will not be able to create an APEX workspace with the schema name PEOPLE. This will need to be fixed by Oracle either through a patch to the package or in a newer version of APEX.
Fascinating issue. The restricted schema is hard-coded in APEX provisioning code. It's very much a legacy issue.
We can attempt to fix this in the next release of APEX, but that won't help you now. If you file a Service Request for Oracle Support, I'll make sure you get a fix for this issue (assuming you're using a supported version of APEX).
Related
When importing project, there are a lot of bad table names referenced from application, which causes errors. I need to manually rename or create tables accordingly. It would be fine if i find all bad SQL expressions in application with simple few clicks.
How to validate all SQL expressions from pages content body, pages items, etc. to see at what places there are errors?
EDIT:
Here: Table SAMPLE$PROJECT_TASKS does not exist and was not find by Advisor.
Use Advisor. It is located in application's Utilities.
For example:
I created a table named brisime
then I created an interactive report based on that table (it worked OK)
went to SQL Workshop and dropped the table
interactive report doesn't work any more (of course it doesn't)
So, what does the Advisor say? I included only "Is valid SQL or PL/SQL code":
The result is then:
As expected; table doesn't exist, and Advisor found it.
[EDIT]
As of your comment that chart's series query isn't checked by the Advisor: I don't know why - maybe you should ask people who developed Apex (visit OTN Forums).
However, just for testing purposes, I created a page that has two regions:
chart
classic report
Both used the same table as a source. I then dropped the table and ran the page in Debug mode. It shows two separate debug identifiers
chart uses ajax plugin path
classic report uses show path
The Advisor says that report failed on "Is Valid SQL or PL/SQL Code" check, but nothing for the chart. Maybe it is about Ajax, i.e. it isn't checked. On the other hand, maybe it is not the reason, I really can't tell.
We have an Apex application (version 20.1) and our users must be able to change the database schema at runtime via button click (preferably without logging in again).
Currently we are solving this by installing our application multiple times, once per schema.
We recently discovered the function apex_export.get_application. We intend to use this function to bring our frontend under version control (finally!). We would like to deploy our application directly from the exported files. Having a single application, we would not have to mess with the internal component ids from the exported files.
Is it possible to install the application once and change the default schema via Pl/SQL code? Thank you!
I don't think this can be done, but perhaps the following is a reasonable compromise
add all the schemas you need to support to the workspace schema list
Any SQL (and I do mean any) in your app would be prefixed with an application item, eg
Before: select * from my_table
After: select * from &my_schema..my_table
At login time (or when a user selects it) you modify the MY_SCHEMA application item
(I've not tried this...so test/tread carefully)
I am new to oracle and using SQL plus terminal to access oracle DB. I tried to create one function and it returned warning that
function created with compilation error
When I executed show errors it always showing
ERROR:
ORA-00942: table or view does not exist
My function :
create or replace function axsaum.get_name
AS
v_name varchar2(20);
begin
v_name:='Helloooooo';
dbms_output.put_line(v_name);
END;
/
Please suggest.
You have the error message: ORA-00942: table or view does not exist. This means your function contains a reference to a database object which the compiler is unable to associate to a table or view within the scope of the function.
There are several reasons why you might get this.
Your function references a table or view which exists in the schema but you have misspelled its name.
Your function references a table or view which exists in a different schema and you have not prefixed the reference with the owning schema and there is no synonym either.
Your function references a table or view which exists in a different schema but the schema owner has not granted you rights on that object.
Your function references a table or view which exists in a different schema and the schema owner has granted you rights on that object through a role. The Oracle security model means that we cannot build database objects (views, stored procedures, etc) using privileges granted to our account through a role. The privileges have to be explicitly granted to our named account.
The object does not exist in your schema or another.
The first two causes are ones you can fix by yourself. The others would require the intervention of the schema owner, or a power user with admin privileges (such as a DBA).
Now that you've posted your function, we can see that you are referencing an Oracle built-in package, DBMS_OUTPUT. Now that package should be installed and granted as part of a default install. But if you have a non-standard install or have accidentally dropped or revoked something you will need to get the SYS user to run the dbmsotpt.sql script which should fix it. The details are covered in the package's documentation. Find out more.
I have been trying to provide my Oracle PL/SQL package as a web service in Oracle 11g (11.2.0.2.0). While everything else is going well, I seem to have a problem in using any procedure/function that uses XMLTYPE over the web service. While I would be very surprised, if XMLTYPE was not supported in Oracle web service, and also because I haven't found any resources that indicated such limitation, I believe I'm doing something wrong. However, I cannot figure out where the problem would be and therefore the question.
I have configured a native web service in my Oracle database according to Native Oracle XML DB Web Services in Oracle 11g Release 1 and I have been successful in testing procedures with basic datatypes using SoapUI.
To rule out any other sources for the problem I created the following minimized test package that reproduces the problem:
CREATE OR REPLACE PACKAGE web_test_package AUTHID CURRENT_USER AS
PROCEDURE xmltype_test (dummy IN varchar2);
END;
/
CREATE OR REPLACE PACKAGE BODY web_test_package AS
PROCEDURE xmltype_test (dummy IN varchar2)
IS
xt XmlType;
BEGIN
select XMLTYPE('<MyXmlTag></MyXmlTag>') into xt from dual;
END xmltype_test;
END;
/
If I now run the defined procedure in SQLPlus, it runs nicely:
SQL> exec web_test_package.xmltype_test;
PL/SQL procedure successfully completed.
When the service is configured and the package has been defined into the database, I can get the WSDL for the package from http://host:port/orawsv/DBSCHEMA/WEB_TEST_PACKAGE?wsdl. Using the WSDL I create a SoapUI project, which contains a sample request. Then I configure the request to use Basic Authentication, and I'm ready to test the query.
When running the query with SoapUI, I get the following errors in the response:
<OracleError>
<ErrorNumber>ORA-19202</ErrorNumber>
<Message>Error occurred in XML processing</Message>
</OracleError>
<OracleError>
<ErrorNumber>ORA-00904</ErrorNumber>
<Message>: invalid identifier</Message>
</OracleError>
<OracleError>
<ErrorNumber>ORA-06512</ErrorNumber>
<Message>at "MY_USER.WEB_TEST_PACKAGE", line 6</Message>
</OracleError>
<OracleError>
<ErrorNumber>ORA-06512</ErrorNumber>
<Message>at line 1</Message>
</OracleError>
If I now interpret the errors correctly, they mean that I get the error ORA-00904 "invalid identifier" on the line where I have my select-clause. And in my understanding "XMLTYPE" is the only identifier on that line, which means that it is not recognized when the procedure is executed through the web service.
So finally the question: Is there a limitation that XMLTYPE cannot be used in procedures that are called through web service? Or am I missing something here?
For the record, I have also tried to replace the constructor format XMLTYPE(...) with method format XMLTYPE.CreateXML(...), but that didn't help.
I was finally able to solve my issue. The solution consisted of two parts:
Firstly, I needed to give my web service user the following permission:
grant XDB_WEBSERVICES_WITH_PUBLIC to my_user;
This was in comments in some guides that I used, but apparently it is required for the XMLTYPE to be visible for a session launched by the web service.
Secondly I learned that having XMLTYPE as a return type of a function is a problem, when the function is called by a web service. I had one function like that and the solution was to change its return type to CLOB and add the following conversion in the end of it.
RETURN return_xml.getClobVal();
This returns the return value nicely as XML to my SOAPUI request.
Edit. There seems to be a limit of 4000 chars in returning CLOB from Oracle native web service. This can be awkwardly resolved by casting it back to XMLTYPE. So to correctly return XML from Oracle native web service, you will actually need to do the following:
RETURN XMLTYPE(return_xml.getClobVal());
Even though looking odd, this back and forth casting changes the format of the XMLTYPE enough so that it can be returned nicely and without character limitation.
I'm on Oracle 11g, and I do understand the issue of a 3rd-party grant.
But, given that have user1 creating a view "view1" as Select 'foo' from dual.
Then I grant Select on view1 to user2 and I get this error.
But note the "dual" in the view is not qualified as sys.dual, it's just dual. I would think with a synonym public.dual that the actual "dual" used would be public.dual, not sys.dual, so no 3rd party issue should exist because it's public.
And if sys.dual is the one Oracle assumes in this view, one would think that given the use of dual is common in views, and that granting privs on views to other users is also common--wouldn't thousands of users be reporting this issue?
I do see sporadic posts about this but no real solution except to create another copy of dual for the user creating the view, but this doesn't make sense to me.
Thanks for any help.
After consulting our dbas, the issue is an Oracle "Feature" in 11.2.0.4:
TL;DR verison:
As of v 11.0.4, if your View uses Dual, then you can't grant that View anything but SELECT.
Why would we want to grant a view more than Select? In our case the app vendor packaged their updates in such a way that the database portion of the updates automatically scripted full CRUD grants to the master app-schema on every new object, and this included views, because it was simply easier to script that way. This all worked fine until 11.0.4, when Oracle said/enforced "Hey, you can't do that".
Full version:
(Quoted from Oracle site https://support.oracle.com/epmos/faces/BugDisplay?parent=DOCUMENT&sourceId=1628033.1&id=17994036)
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 11.2.0.4 [Release 11.2]
Information in this document applies to any platform.
SYMPTOMS
After upgrading from 11.2.0.3 to 11.2.0.4, you encounter the following error while executing the "create or replace view" statement:
ORA-01720: grant option does not exist
Views were created before the upgrade and "CREATE OR REPLACE VIEW" had worked fine.
CAUSE
The observed behavior is correct. You will get this ORA-1720 error when REPLACING a view that selects from some other user's tables and both of the following conditions are true:
you have already granted select or other privileges on the VIEW to some other user
the view owner does not have the GRANT option on the tables being selected from (or view owner may have some privilege with grant option but not others)
Development has explained it as follows:
The code was changed in 11.2.0.4 so that create view behavior is similar to grant. If you try to make a GRANT on an existing view and the view owner does not have the grant option, then ORA-1720 is the expected result (even in 11.2.0.3). In 11.2.0.4, we have simply made CREATE VIEW consistent with the GRANT behavior, i.e. if an incompatible grant exists, then the new view definition must not be allowed (even with FORCE). In other words, we do not allow incompatible grants to coexist with the view definition and so an error must be thrown. The behavior in release 11.2.0.3 (and earlier) was incorrect; the new behavior in 11.2.0.4 is intentional and correct.
SOLUTION
To avoid this issue, you can do either of the following:
Remove all grants on the view before REPLACING the view. This will ensure that no incompatible grants exist.
Drop and recreate the view. Dropping the view will automatically remove all grants.
REFERENCES
BUG:17994036 - POST UPGRADE TO 11.2.0.4 CREATE OR REPLACE FAILS WITH ORA-01720
BUG:18024486 - ORA-1720 WHEN CREATING VIEW AFTER TO HAVE UPGRADE FROM 11.2.0.3.0 TO 11.2.0.4.0
With sys (as sysdba ) database user grant the necessary privileges, and after that try yo recreate the view with sys (as sysdba ) database user. This was helpful for me.
Regards,
Vase Tusevski