26.1 Available Parameter Values
The following table lists all the available parameter values you can set within the APEX_INSTANCE_ADMIN package, including parameters for email, wallet, and reporting printing.
You can query APEX_INSTANCE_PARAMETERS dictionary view to determine the current values of these parameters unless the parameter contains a password.
| Parameter Name | Description |
|---|---|
ACCOUNT_LIFETIME_DAYS |
The maximum number of days an end-user account password may be used before the account is expired. |
ADMIN_DIGEST_DEFAULT_REPORTING_PERIOD |
Default reporting period in days for APEX Administrator Digest. |
ADMIN_DIGEST_MAX_REPORTING_PERIOD |
Maximum reporting period in days for APEX Administrator Digest. Older data is removed from the metrics tables. |
ALLOW_DB_MONITOR |
If set to Y, the default, database monitoring is enabled. If set to N, it is disabled.
|
ALLOW_HASH_FUNCTIONS |
Comma-separated list of supported hash algorithms (default is SH256,SH384,SH512). SH1 is also supported by default in Oracle Database 11g.
|
ALLOW_HOSTNAMES |
If set, users can only navigate to an application if the URL's hostname part contains this value. Instance administrators can configure more specific values at workspace level. |
ALLOW_PUBLIC_FILE_UPLOAD |
If set to Y, enables file uploads without user authentication. If set to N, the default, they are disabled.
|
ALLOW_RAS |
This parameter is only supported if running Oracle Database 12c. If set to |
ALLOW_REST |
If set to Y, the default, enables exposing report regions as RESTful services. If set to N, disabled.
|
APEX_BUILDER_AUTHENTICATION |
Controls the authentication scheme for Oracle APEX Administration Services and the development environment. Valid parameter values include:
|
APEX_REST_PATH_PREFIX |
Controls the URI path prefix used to access built-in RESTful Services exposed by APEX. For example, built-in RESTful Service for referencing static application files using #APP_IMAGES# token. If the default prefix (r) conflicts with RESTful Services defined by users, adjust this preference to avoid the conflict.
|
APPLICATION_ACTIVITY_LOGGING |
Controls instance wide setting of application activity log ([A]lways, [N]ever, [U]se application settings). |
APPLICATION_ID_MAX |
The largest possible ID for a websheet or database application. |
APPLICATION_ID_MIN |
The smallest possible ID for a websheet or database application. |
AUTOEXTEND_TABLESPACES |
If set to Y, the default, provisioned tablespaces is autoextended up to a maximum size. If set to N tablespaces are not autoextended.
|
BIGFILE_TABLESPACES_ENABLED |
If set to Y, the tablespaces provisioned through APEX are created as bigfile tablespaces. If set to N, the tablespaces are created as smallfile tablespaces.
|
CHECK_FOR_UPDATES |
If set to N, the check for APEX and Oracle REST Data Services product updates is disabled for the entire instance, regardless of preferences specified by individual developers. The default is Y.
|
CHECKSUM_HASH_FUNCTION |
Defines the algorithm that is used to create one way hashes for URL checksums.Valid values are MD5 (deprecated), SH1 (SHA-1), SH256 (SHA-2, 256 bit), SH384 (SHA-2, 384 bit), SH512 (SHA-2, 512 bit) and n. The SHA-2 algorithms are only available on Oracle Database 12g and later. A null value evaluates to the most secure algorithm available and is the default. |
CLONE_SESSION_ENABLED |
If set to Y, the default, users can create multiple sessions in the browser.
|
CONTENT_CACHE_MAX_FILE_SIZE |
The individual file entry size limit for the content cache, per workspace. |
CONTENT_CACHE_SIZE_TARGET |
The target size for the content cache, per workspace. |
DB_SIGNATURE |
Set to the database host/service name on install. If it differs, for example, on cloned databases, sending emails will fail. A value of null (the default) disables any checks. |
DEBUG_MESSAGE_PAGE_VIEW_LIMIT |
Maximum number of debug messages for a single page view. Default is 50000.
|
DELETE_UPLOADED_FILES_AFTER_DAYS |
Uploaded files like application export files, websheet export files, spreadsheet data load files are automatically deleted after this number of days. Default is 14.
|
DISABLE_ADMIN_LOGIN |
If set to Y, Oracle APEX administration services are disabled. If set to N (default), they are not disabled.
|
DISABLE_WORKSPACE_LOGIN |
If set to Y, the workspace login is disabled. If set to N, the default, the login is not disabled.
|
DISABLE_WS_PROV |
If set to Y, the workspace creation is disabled for requests sent out by using e-mail notification. If set to N, the default, they are not disabled.
|
EMAIL_IMAGES_URL |
Specifies the full URL to the images directory of APEX instance, including the trailing slash after the images directory. For example: This setting is used for APEX system-generated emails. |
EMAIL_INSTANCE_URL |
Specifies the URL to APEX instance, including the trailing slash after the Database Access Descriptor. For example: This setting is used for APEX system-generated emails. |
ENABLE_LEGACY_WEB_ENTRY_POINTS |
If set to Y (default is N), procedures used in older APEX versions can be called in the URL (such as HTMLDB_UTIL.%).
|
ENABLE_TRANSACTIONAL_SQL |
If set to Y, transactional SQL commands are enabled on this instance. If set to N, the default, they are not enabled.
|
ENCRYPTED_TABLESPACES_ENABLED |
If set to Y, the tablespaces provisioned through APEX are created as encrypted tablespaces. If set to N, the tablespaces are not encyrpted.
|
ENV_BANNER_COLOR |
Defines the color class name for the environment banner color. Use accent-1, accent-2, accent-3, (and so on). Maximum of 16 color classes. |
ENV_BANNER_ENABLE |
Default If set to |
ENV_BANNER_LABEL |
Defines the label for the environment banner. |
ENV_BANNER_POS |
Defines the display position for the environment banner. Options: LEFT or TOP.
|
EXPIRE_FND_USER_ACCOUNTS |
If set to If set to |
HEADER_AUTH_CALLBACK |
Callback procedure name for HTTP header based authentication, defaults to apex_authentication.callback.
|
HTTP_ERROR_STATUS_ON_ERROR_PAGE_ENABLED
|
Used in conjunction with the If set to |
HTTP_RESPONSE_HEADERS |
List of http response headers, separated by newline (chr(10)). APEX writes these headers on each request, before rendering the page. The substitution string #CDN# within the headers is replaced with the content delivery networks that are known to APEX.
|
HTTP_STS_MAX_AGE |
REQUIRE_HTTPS must be set to A for this parameter to be relevant. APEX emits a Strict-Transport-Security header, with max-age=<value>, on HTTPS requests if HTTP_STS_MAX_AGE has a value greater than 0. If the request protocol is HTTP, instead of processing the request, APEX redirects to a HTTPS URL.
|
IGNORED_FRIENDLY_URL_PARAMETERS |
Comma-separated list of parameter names which are ignored when parsing friendly URLs. Default: |
INBOUND_PROXIES |
Comma-separated list of IP addresses for proxy servers through which requests come in. |
INSTANCE_NO_PROXY_DOMAINS |
Comma-separated list of domain names for which the instance proxy is not to be used. |
INSTANCE_PROXY |
The proxy server for all outbound HTTP(s) traffic. If INSTANCE_PROXY is set, it overrides any application specific proxy server definition.
|
INSTANCE_TABLESPACE |
If specified, the tablespace to use for the database user for all new workspaces. |
KEEP_SESSIONS_ON_UPGRADE |
This flag affects application upgrades. If set to N, the default, delete sessions associated with the application. If set to Y, leave sessions unaffected.
|
LOGIN_MESSAGE |
The text to be displayed on the login page. This text can include HTML. |
LOGIN_THROTTLE_DELAY |
The flag which determines the time increase in seconds after failed logins. |
LOGIN_THROTTLE_METHODS |
The methods to count failed logins. Colon-separated list of USERNAME_IP, USERNAME, IP.
|
MAX_APPLICATION_BACKUPS |
The maximum number of backups kept for each application. Default is 25. Maxium is 30. Zero (0) disables automated backups. |
MAX_DATA_EXPORT_IMAGES |
The maximum number of unique images to be included in a data export / report download. |
MAX_LOGIN_FAILURES |
Maximum login failures permitted. |
MAX_SESSION_IDLE_SEC |
The number of seconds an internal application may be idle. |
MAX_SESSION_LENGTH_SEC |
The number of seconds an internal application session may exist. |
MAX_WEBSERVICE_REQUESTS |
The maximum number of outbound web service requests permitted for each workspace in a rolling 24-hour period. Default is 1000. |
PASSWORD_ALPHA_CHARACTERS |
The alphabetic characters used for password complexity rules. Default list of alphabetic characters include the following: |
PASSWORD_HASH_FUNCTION |
Defines the algorithm that is used to create one way hashes for workspace user passwords. Valid values are MD5 (deprecated), SH1 (SHA-1), SH256 (SHA-2, 256 bit), SH384 (SHA-2, 384 bit), SH512 (SHA-2, 512 bit) and null. The SHA-2 algorithms are only available on Oracle Database Release 12g and later. A null value evaluates to the most secure algorithm available and is the default. |
PASSWORD_HASH_ITERATIONS |
Defines the number of iterations for the PASSWORD_HASH_FUNCTION (default 10000).
|
PASSWORD_HISTORY_DAYS |
Defines the number of days a previously used password cannot be used again as a new password by the same user. |
PASSWORD_NOT_LIKE_USERNAME |
If Y (the default is N), prevent workspace administrator, developer, and end user account passwords from containing the username.
|
PASSWORD_NOT_LIKE_WORDS |
Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain. These words may not appear in the password in any combination of upper- or lowercase. |
PASSWORD_NOT_LIKE_WS_NAME |
Set to Y to prevent workspace administrator, developer, and end user account passwords from ontaining the workspace name.
|
PASSWORD_ONE_ALPHA |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in PASSWORD_ALPHA_CHARACTERS.
|
PASSWORD_ONE_LOWER_CASE |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character.
|
PASSWORD_ONE_NUMERIC |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (0-9).
|
PASSWORD_ONE_PUNCTUATION |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in PASSWORD_PUNCTUATION_CHARACTERS.
|
PASSWORD_ONE_UPPER_CASE |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character.
|
PASSWORD_PUNCTUATION_CHARACTERS |
The punctuation characters used for password complexity rules. Default list of punctuation characters include the following: !"#$%&()``*+,-/:;<=>?_ |
PATH_PREFIX |
The unique URI path prefix used to access RESTful Services in a workspace. The default path prefix value is the name of the workspace. |
PLSQL_EDITING |
If set to Y, the default, the SQL Workshop Object Browser is enabled to permit users to edit and compile PL/SQL. If set to N, users are not permitted.
|
PRINT_BIB_LICENSED |
Specify either standard support or advanced support. Advanced support requires an Oracle BI Publisher license. Valid values include:
|
PRINT_SVR_HOST |
Specifies the host address of the print server converting engine, for example, localhost. Enter the appropriate host address if the print server is installed at another location.
|
PRINT_SVR_PORT |
Defines the port of the print server engine, for example 8888. Value must be a positive integer.
|
PRINT_SVR_PROTOCOL |
Valid values include:
|
PRINT_SVR_SCRIPT |
Defines the script that is the print server engine, for example: |
QOS_MAX_SESSION_KILL_TIMEOUT |
Number of seconds that an active old session can live, when QOS_MAX_SESSION_REQUESTS has been reached. The oldest database session with LAST_CALL_ET greater than QOS_MAX_SESSION_KILL_TIMEOUT is killed.
|
QOS_MAX_SESSION_REQUESTS |
Number of permitted concurrent requests to one session associated with this workspace. |
QOS_MAX_WORKSPACE_REQUESTS |
Number of permitted concurrent requests to sessions in this workspace. |
REQ_NEW_SCHEMA |
If set to Y, the option for new schema for new workspace requests is enabled. If set to N, the default, the option is disabled.
|
REQUIRE_HTTPS |
If set to If If Note: Note developers can also enforce HTTPS at the application level, by setting the Secure attribute of an application scheme's cookie. |
REQUIRE_VERIFICATION_CODE |
If set to Y, the Verification Code is displayed and is required for someone to request a new workspace. If set to N, the default, the Verification Code is not required.
|
RESTFUL_SERVICES_ENABLED |
If set to Y, the default, RESTful services development is enabled. If set to N, RESTful services are not enabled.
|
RESTRICT_DEV_HEADER |
Controls access to the APEX development environment and Administration Services using an HTTP request header. Specify the name of the header, for example Public-Access. If this header exists in the request, access is blocked. Normally an external load balancer or a web server adds this header. The value of the header is ignored.
|
RESTRICT_IP_RANGE |
To restrict access to the APEX development environment and Administration Services to a specific range of IP addresses, enter a comma-delimited list of IP addresses. If necessary, you can use an asterisk (*) as a wildcard, but do not include additional numeric values after wildcard characters. For example, 138.*.41.2 is not a valid value.
|
RESTRICT_RESPONSE_HEADERS |
If Y or null (default), show HTTP 500 when a page contains unsupported HTTP response headers. These include status codes 301, 308 and 410, and cache headers for POST requests.
|
RM_CONSUMER_GROUP |
If set, this is the resource manager consumer group to be used for all page events. A more specific group can be configured at workspace level. |
SAMESITE_COOKIE |
Default value of the cookie attribute "samesite." |
SAML_APEX_CERTIFICATE |
SAML authentication: The primary certificate of the APEX side. |
SAML_APEX_CERTIFICATE2 |
(Optional) SAML authentication: The alternative certificate of the APEX side. |
SAML_APEX_PRIVATE_KEY |
SAML authentication: The private key of the APEX side. |
SAML_APEX_PRIVATE_KEY2 |
(Optional) SAML authentication: The alternative private key of the APEX side. |
SAML_ENABLED |
SAML authentication: Y if workspace applications should be able to use SAML authentication.
|
SAML_IP_ISSUER |
SAML authentication: Issuer attribute from the identity provider's metadata. |
SAML_IP_SIGNING_CERTIFICATE |
SAML authentication: The certificate from the identity provider's metadata. |
SAML_IP_SIGNING_CERTIFICATE2 |
(Optional) SAML authentication: An alternative certificate from the identity provider's metadata. |
SAML_NAMEID_FORMAT |
SAML authentication: The NameID format that APEX expects. Defaults to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent when null.
|
SAML_SIGN_IN_URL |
SAML authentication: The identity provider's sign in URL. |
SAML_SIGN_OUT_URL |
(Optional) SAML authentication: The identity provider's sign out URL. |
SAML_SP_ISSUER |
SAML authentication: The "issuer" attribute that APEX sends (defaults to the callback URL). |
SAML_USERNAME_ATTRIBUTE |
SAML authentication: Responses can contain additional attributes about the user. If set, APEX uses that attribute's value as the username (defaults to the assertion subject's NameID attribute).
|
SERVICE_ADMIN_PASSWORD_MIN_LENGTH |
A positive integer or 0 which specifies the minimum character length for passwords for instance administrators, workspace administrators, developers, and end user APEX accounts, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_NEW_DIFFERS_BY |
A positive integer or 0 which specifies the number of differences required between old and new passwords. The passwords are compared character by character, and each difference that occurs in any position counts toward the required minimum difference. This setting applies to accounts for instance administrators, workspace administrators, developers, and end user APEX accounts, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_ONE_ALPHA |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in PASSWORD_ALPHA_CHARACTERS, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_ONE_NUMERIC |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (0-9), when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_ONE_PUNCTUATION
|
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in PASSWORD_PUNCTUATION_CHARACTERS, the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_ONE_LOWER_CASE |
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_ONE_UPPER_CASE
|
Set to Y to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_NOT_LIKE_USERNAME |
If Y, prevent workspace administrator, developer, and end user account passwords from containing the username, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_ADMIN_PASSWORD_NOT_LIKE_WORDS |
Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD). These words may not appear in the password in any combination of upper- or lowercase.
|
SERVICE_ADMIN_PASSWORD_NOT_LIKE_WS_NAME |
Set to Y to prevent workspace administrator, developer, and end user account passwords from containing the workspace name, when the strong password rules are enabled (see STRONG_SITE_ADMIN_PASSWORD).
|
SERVICE_REQUEST_FLOW |
Determines default provisioning mode. Default is MANUAL.
|
SERVICE_REQUESTS_ENABLED |
If set to Y, the default, workspace service requests for schemas, storage, and termination is enabled. If set to N, these requests are disabled.
|
SESSION_TIMEOUT_WARNING_SEC |
The number of seconds before session timeout that a warning displays for internal applications. |
SMTP_FROM |
Defines the "From" address for administrative tasks that generate email, such as approving a provision request or resetting a password. Enter a valid email address, for example: |
SMTP_HOST_ADDRESS |
Defines the server address of the SMTP server. If you are using another server as an SMTP relay, change this parameter to that server's address. Default setting: |
SMTP_HOST_PORT |
Defines the port the SMTP server listens to for mail requests. Default setting: |
SMTP_PASSWORD |
Defines the password APEX takes to authenticate itself against the SMTP server, with the parameter SMTP_USERNAME.
|
SMTP_TLS_MODE |
Defines whether APEX opens an encrypted connection to the SMTP server. Encryption is only supported on database versions 11.2.0.2 and later. On earlier database versions, the connection is not encrypted. If set to If set to If |
SMTP_USERNAME |
Defines the username APEX takes to authenticate itself against the SMTP server (default is null). Starting with database version 11.2.0.2, APEX uses UTL_MAIL's AUTH procedure for authentication. This procedure negotiates an authentication mode with the SMTP server. With earlier database versions, the authentication mode is always AUTH LOGIN. If SMTP_USERNAME is null, no authentication is used.
|
SOCIAL_AUTH_CALLBACK |
Callback procedure name for Social Sign-In, defaults to apex_authentication.callback.
|
SQL_SCRIPT_MAX_OUTPUT_SIZE |
Sets the maximum size for an individual script result. Default is 200000.
|
SSO_LOGOUT_URL |
Defines the URL APEX redirects to in order to trigger a logout from the Single Sign-On server. APEX automatically appends Example: |
STRONG_SITE_ADMIN_PASSWORD |
If set to Y, the default, the apex_admin password must conform to the default set of strong complexity rules. If set to N, the password is not required to follow the strong complexity rules.
|
SYSTEM_DEBUG_LEVEL |
Defines a default debug level for all incoming requests (null, 1-9) The SQLcl script utilities/debug/d0.sql can be used to switch between NULL (disabled) and level 9.
|
SYSTEM_HELP_URL |
Location of the help and documentation accessed from the Help link within the development environment. Default is http://apex.oracle.com/doc41 |
SYSTEM_MESSAGE |
The text to be displayed on the development environment home page. This text can include HTML. |
TRACE_HEADER_NAME |
This parameter contains a HTTP request header name and defaults to ECID-CONTEXT. The name must be in upper case. APEX writes the HTTP header value to the activity log's ECID column.
|
TRACING_ENABLED |
If set to If set to |
USERNAME_VALIDATION |
The regular expression used to validate a username if the Builder authentication scheme is not APEX. Default is as follows: |
WALLET_PATH |
The path to the wallet on the file system, for example: |
WALLET_PWD |
The password associated with the wallet. Use an empty/null value for auto-login wallets. |
WEBSERVICE_LOGGING |
Controls instance wide setting of web service activity log. A, N, or U (Always, Never, Use workspace settings).
|
WORKSPACE_EMAIL_MAXIMUM |
Sets the maximum number of emails that can be sent by using APEX_MAIL per workspace in a 24-hour period. Default is 1000.
|
WORKSPACE_FREE_SPACE_LIMIT |
Sets percentage limit for free space in a workspace. If available space is lower that the value set here, a report lists them for the APEX Administrator Digest. |
WORKSPACE_MAX_FILE_BYTES |
The maximum number of bytes for uploaded files for a workspace. A setting at the workspace-level overrides the instance-level setting. |
WORKSPACE_MAX_OUTPUT_SIZE |
The maximum space allocated for script results. Default is 2000000 |
WORKSPACE_NAME_USER_COOKIE |
If set to Y or null (the default), APEX sends persistent cookies for workspace name and username during login, as well as for language selection. If N, the cookies are not sent.
|
WORKSPACE_PROVISION_DEMO_OBJECTS |
If set to Y, the default, demonstration applications and database objects are created in new workspaces. If set to N, they are not created in the current workspace.
|
WORKSPACE_TEAM_DEV_FILES_YN |
If set to Y, the default, new workspaces enable file uploads into Team Development. If set to N, new workspaces disable file uploads into Team Development, disabling the ability to upload feature, bug, and feedback attachments.
|
WORKSPACE_TEAM_DEV_FS_LIMIT |
The maximum per upload file size of a Team Development file (feature, bug, and feedback attachments). Default value is 15728640 (15 MB). All possible options are listed below: |
See Also:
- Configuring Email in a Runtime Environment in the Oracle APEX Administration Guide
- Configuring Wallet Information in the Oracle APEX Administration Guide
- Configuring Report Printing for an Instance in the Oracle APEX Administration Guide
- Workspace and Application Administration in the Oracle APEX Administration Guide
Parent topic: APEX_INSTANCE_ADMIN