Manage Oracle APEX in Autonomous AI Database

Learn about functionality only available in Oracle APEX in Autonomous AI Database.

Note:

To learn more about Autonomous AI Database instance lifecycle operations, see Lifecycle Operations in Using Oracle Autonomous AI Database Serverless.
  • About Document Generator
    Learn about privileges required to configure Document Generator and how to configure Document Generator for an APEX instance.

Parent topic: Manage Oracle APEX

About Document Generator

Learn about privileges required to configure Document Generator and how to configure Document Generator for an APEX instance.

The Document Generator pre-built function enables you to generate documents based on Office templates and JSON data. You can configure the Document Generator for APEX from the OCI Console.

For more information, see Document Generator Function in Oracle Cloud Infrastructure Documentation.

Parent topic: Manage Oracle APEX in Autonomous AI Database

IAM Policies and Oracle Database Privileges

Learn more about OCI permissions the OCI user requires in order to configure Document Generator.

Required IAM Policies

To configure Document Generator against an APEX instance, an OCI user requires the following policies:
Policy Statement Justification
allow group '<identity_domain_name>'/'<group_name>' to read autonomous-database-family in compartment <compartment> Required to navigate to the APEX Instance Details page
allow group '<identity_domain_name>'/'<group_name>' to manage virtual-network-family in compartment <compartment> Required to create a Database Tools Private Endpoint
allow group '<identity_domain_name>'/'<group_name>' to manage vaults in compartment <compartment> Required to create a Vault
allow group '<identity_domain_name>'/'<group_name>' to manage keys in compartment <compartment> Required to create a Key
allow group '<identity_domain_name>'/'<group_name>' to manage secret-family in compartment <compartment> Required to create Vault Secrets
allow group '<identity_domain_name>'/'<group_name>' to manage database-tools-family in compartment <compartment> Required to create Database Tools connection and Private Endpoint and make use of them
allow group '<identity_domain_name>'/'<group_name>' to read function-family in compartment <compartment> Required to select Application, Function, and PbfListing
allow group '<identity_domain_name>'/'<group_name>' to read object-family in compartment <compartment> Required to get the Object Storage namespace
allow group '<identity_domain_name>'/'<group_name>' to manage policies in compartment <compartment> Required to manage Policies

Oracle AI Database Privileges

To configure Document Generator against an APEX instance, the database user specified in the Database Tools connection requires the grants described in the following table.

Note:

The ADMIN user of an APEX Instance (Autonomous AI Database Serverless) already has these grants.
Grant Statement Justification
GRANT CREATE SESSION TO <user> Required to create a session (log in to the database)

GRANT EXECUTE ON DBMS_CLOUD_ADMIN TO <user>

EXEC DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL(username => '<user>', grant_option => TRUE)

Required to enable/disable the ADB-S resource principal
GRANT APEX_ADMINISTRATOR_ROLE TO <user> Required to execute APEX_INSTANCE_ADMIN.{GET,SET}_PARAMETER

GRANT SELECT ON SYS.DBA_CREDENTIALS TO <user>

GRANT SELECT ON SYS.DBA_TAB_PRIVS TO <user>

 Required to obtain the enabled status of the ADB-S resource principal

Parent topic: About Document Generator

About Creating a Connection for Document Generator

Learn about creating a Database Connection for Document Generator.

Before you can configure Document Generator for an APEX instance, you must create a Database Tools connection.

When you create a Database Tools connection, you select a Runtime identity, which determines how the Database Tools connection retrieves secrets required to establish a connection (for example, database password, wallet) and how the APEX instance will interact with Document Generator. Expand Advanced options to configure Runtime identity. Options include:

  • Authenticated principal - With Authenticated principal, the user who is currently logged in to OCI retrieves secrets. With this option, the APEX instance will use Autonomous AI Database resource principal to invoke Document Generator and to interact with Object Storage.
  • Resource principal - With Resource principal, Database Tools service uses resource principal to retrieve secrets. With this option, the APEX instance will use Database Tools identity to invoke Document Generator and to interact with Object Storage.

To learn more, see fhe following topics:

Sharing Identity Credentials

If you created Database Tools connection using Resource principal as Runtime identity, you must create an identity and share it with APEX before you can configure Document Generator in the APEX instance. If the Database Tools connection is using Authenticated principal as Runtime identity, the Autonomous AI Database resource principal is automatically shared with APEX.

Tip:

To learn more about creating an identity, see Creating an Identity in Oracle Cloud Infrastructure Documentation.

Once you create an identity, Database Tools creates a new credential in the target database associated with the connection. The final step is to share it with APEX.

  1. On the Connection details page, select the Credentials tab.
  2. Locate the credential to be shared.
  3. From the Actions menu, click Share credential.
  4. On Share credential:
    • Click Create public synonym, enter a synonym, and click Create.
    • Click Grant privilege, enter the APEX schema name (for example, APEX_240200), and click Grant.

    Tip:

    You can find the APEX schema on the About Oracle APEX page. Sign in to any APEX workspace, click the Help menu, and select About. On the About Oracle APEX page, find Application Owner. See Viewing the About Oracle APEX Page in Oracle APEX Administration Guide.

Parent topic: About Document Generator

Configure Document Generator

Learn how to configure Document Generator.

Note:

Oracle Document Generator is only supported for the following workload types: Lakehouse; Transaction Processing; or JSON Database. The Document Generator integration is not supported for the APEX workload type.
You can configure the Oracle Document Generator pre-built function for Oracle Autonomous AI Database from the OCI Console.
In order to configure Document Generator, you must have a Database Tools connection to an Oracle Autonomous AI Database. To learn more, see About Creating a Connection for Document Generator.

To configure Document Generator:

  1. Navigate to the OCI Console Sign-In Page and sign in as described in Access Oracle Cloud Infrastructure.
  2. Next to the Oracle Cloud logo, click the Navigation menu (Navigation menu) and select Developer Services and then APEX Instances.
    The APEX Instances page appears.
  3. From the Actions menu, select View Details.

    The APEX Instance Details page appears.

  4. Click the Actions menu and select Configure Document Generator.

    Note:

    The Configure Document Generator option is only displayed for APEX Instances where the workload type is Lakehouse, Transaction Processing, or JSON Database.
  5. On the Configure Document Generator page:
    1. Compartment - Select the compartment which contains your Database Tools connection.
    2. Connection - Select a connection.

      Tip:

      Before creating a connection, review About Creating a Connection for Document Generator and Using the Oracle Cloud Infrastructure Console in Oracle Cloud Infrastructure Documentation.
  6. Enable Document Generator for the APEX instance - Turn on this option to enable Document Generator using the selected connection.
  7. Oracle Cloud Infrastructure credential - The option you select depends upon the Runtime identity defined in the connection.
    • Use Autonomous AI Database resource principal (OCI$RESOURCE_PRINCIPAL) - Select this option if the connection uses Authenticated principal as Runtime identity.
    • Use selected Oracle Cloud Infrastructure credential - Select this option if the connection uses Resource principal as Runtime identity.

      To learn more about Database Tools identities, see Using Identities with Database Tools in Oracle Cloud Infrastructure Documentation.

  8. Oracle Cloud Infrastructure credential - If applicable, select the credential defined in the identity. This option only displays for connections using Database Tools identities and if you previously selected Use selected Oracle Cloud Infrastructure credential.

    Tip:

    In order for the credential to appear, you must share it with APEX as described in About Creating a Connection for Document Generator.
  9. Compartment - Select the compartment which contains your Document Generator pre-built function.
  10. Document generator function - Select the function you want.

    Note:

    If the function is not available, you must create one. See Configuring the Document Generator Function in Oracle Cloud Infrastructure Documentation.
  11. Object storage bucket compartment for document templates and reports - Select the Object storage bucket compartment. By default, this is the current compartment.
  12. IAM policy creation:
    1. Policy Name - Create a policy group by entering a name.

      Tip:

      If you do not want to automatically create the policy, enable Do not create an IAM policy. If you will create the policy manually, it must apply to the resource selected in Oracle Cloud Infrastructure credential - either Autonomous AI Database or Database Tools identity.
    2. IAM policy creation, Policy compartment - (Optional) Change the Policy compartment.
  13. Click Configure.
    If the Document Generator is enabled successfully, a green Done label appears when configuration is complete. If configuration does not complete, an error label appears.
  14. Click Close to close the screen.

Parent topic: About Document Generator