Mike Kutz · @mkutz1492
28 followers · 29 posts · Server mastodon.worldReal Application Security (RAS) + APEX + Social Sign-in (eg Azure AD) can be a WIN-WIN combination.
I finally got APEX to dynamically enable External Application Roles based on the results from a REST call to Azure for `.../me/memberOf`.
Now, "who belongs to what group" in Azure controls RLS (via RAS Privileges) in APEX.
#oraclapex #oracledatabase #oracle #databases
Mike Kutz · @mkutz1492
25 followers · 31 posts · Server mastodon.worldApparently, #OraclAPEX doesn't like to do things simple when using External Dynamic Application Roles - Real Application Security (RAS).
workaround: check that it exists in V$XS_SESSION_ROLES
Mike Kutz · @mkutz1492
25 followers · 70 posts · Server mastodon.worldWorking on my "Expanded RAS HR Demo + APEX Integration" GitHub Repo by cleaning up my README.md files.
Real Application Security (RAS) is clearly the way to go for Row Level Security (RLS) in Oracle.
If you're interested in RAS too, please let me know.
#oracle #database #oracledatabase #sql #oraclapex
Mike Kutz · @mkutz1492
18 followers · 49 posts · Server mastodon.worldMy OCI ATP Free Tier should be patched late tomorrow (21-jan-2023) with the latest CPU (17-jan-2023)
Soon, I'll be able to verify that the patch for CVE-2023-21829 also fixed recently discovered similar anomalies.
#OracleDatabase #oracle #database #OracleCloud #oraclapex #sql
#oracledatabase #oracle #database #OracleCloud #oraclapex #sql
Mike Kutz · @mkutz1492
18 followers · 49 posts · Server mastodon.worldGreat.
I hit another wall while working with APEX + RAS.
`enable_dynamic_groups` isn't enabling External Roles as per documentation.
Either I didn't set something correct, I'm looking at the wrong view, or the procedure is broken.
Mike Kutz · @mkutz1492
15 followers · 154 posts · Server mastodon.worldI've finally got around to writing a blog for an Advanced Oracle RAS HR Demo which has the end-goal of using APEX as the front end.
Its a pretty nice enhancement to what is in the Oracle documentation.
It contains a nice mixture of:
- Namespaces
- Global Callbacks
- DB Principals
- and CBAC
Sadly, I've ran into 4 Oracle bugs in the process (5 if you include documentation errors) and they all still exist in 21c (ATP Free Tier).
#oracle #database #oraclapex #sql #oracledatabase
Mike Kutz · @mkutz1492
15 followers · 164 posts · Server mastodon.worldI'm reviewing my work (from earlier this year) with #OracleDatabase Real Application Security (RAS) and APEX
Here is one important hiccup to note:
You can:
- create a Namespace Template using all lower case
- create the Namespace for your RAS session using all lower case
- ⚠️ but, you can only access it's attribute ( `xs_sys_context` ) when using the Namespace in all upper case.
(Namespace `xs$session` is unaffected)
#oracledatabase #oracle #database #oraclapex