Changed Behavior

3 Changed Behavior

Some existing behavior changes in this release.

3.1 Oracle APEX 26.1 Requirements

Oracle Database 19c Requirements

APEX 26.1 requires Oracle Database 19c, patch set 19.18 or later.

Oracle REST Data Services (ORDS) Requirements

APEX 26.1 requires Oracle REST Data Services (ORDS) 26.1.1 or later.

Note:

For new installations, Oracle recommends installing ORDS before APEX.

3.2 App Builder UI Changes

Changes to the application builder user interface for this release include:

Install Application is renamed to Import Application.
Updated Oracle APEX Builder to default the Appearance setting to Auto (following the user's OS/browser light/dark preference) instead of the previous default of Dark mode.
The App Builder home default view is now Report instead of Icon.
For users with access to more than five workspaces, the App Builder workspace selection screen now contains a Search field and Sort By item to simplify the process of finding a desired workspace.
The existing Static ID property for Regions, Buttons, Interactive Grid, and Interactive Report Columns is renamed to HTML DOM ID to better reflect its purpose in the DOM and to avoid overlapping with the newly-introduced Static ID used in APEXlang application exports.
The Alias for saved reports in Interactive Grid and Interactive Report is now known as the Static ID.
When choosing a page template, there is no more "Default Template" option. All pages that used the default template now use the specific template set in the theme-level "Default Page Template" or "Default Modal Page Template". Page Template is now a required property in Page Designer.
The Shared Components, Templates interface now displays the Report Template Type for each report template
You can now hide or show global page (P0) components in the Rendering Tree View and Grid Layout View using the Show, Global Page Components option in the Utilities menu.
Fire on page initialization is now hidden for Page Load Dynamic Actions
Page Designer's Save button is disabled when no changes have been made to the page. The button activates when Page Designer has unsaved changes.
The columns available in the interactive report on the App Builder home page have changed:
- App Alias is visible by default
- Theme and Version can be displayed from the Actions menu
Property Editor group headers now remain visible at the top as you scroll
LOV-related properties are now closer to the top of the property list in Page Designer
Badge styles are now distinct from button styles in the App Builder
Locked user accounts are now more visually prominent in Manage Users and Groups
The View Differences modal for working copies now displays the Component Name, Type, and ID for each detected change.
When creating shortcuts, the Shortcut Name is now the Shortcut Static ID. Shortcut Static ID is case insensitive.
Developer Comments is now called Comments.
- When exporting, APEX either exports all comments, including application comments and component-level comments, or no comments.

3.3 Export and Import Changes

Oracle APEX 26.1 contains changes to existing import and export behaviors.

3.3.1 Exporting Data Profiles

As of APEX 26.1, a Data Profile can no longer be exported as a standalone component. It must be exported as part of the parent component that references it, such as a REST Source, Data Load Definition, or JSON Source.

While existing PL/SQL scripts that export Data Profiles directly, such as the example below, are still maintained, they may be desupported in future releases. Oracle recommends updating these scripts to export the parent component instead. The associated Data Profiles are automatically included in exports of the parent component.

DECLARE
   l_files apex_t_export_files;
BEGIN
   l_files := apex_export.get_application(p_application_id=>106, p_components=>apex_t_varchar2('DATA_PROFILE:'));
END;

3.3.2 Exporting and Importing Applications with Subscribed Components

When exporting applications that contain subscribed components, APEX now exports the master application ID, the master component Static ID, and the internal ID of the master component.

During import, APEX verifies whether the master application and master components exist in the target workspace, and gives you the ability to change subscription mappings. If any required master components are missing, the installation fails with an error.

This behavior is controlled using the apex_application_install.set_subscription_mode API or by selecting the appropriate Subscription Mode in the App Builder subscription mapping page during application import.

3.3.3 Single Page and Component Imports from Previous Releases

Previously, it was possible to import single page or component exports from previous releases of APEX into the current release. With APEX 26.1, you cannot import single page exports or component exports from earlier releases. Single page imports and component imports from APEX 26.1 continue to be supported.

You can still import full applications from APEX 24.2 and earlier.

3.4 Text Message Translation Changes

Text Messages now fall back to the primary language if the supplied language code text message is not found.

3.5 Matching Shared Components Across Applications

Previously, when copying a page with referenced shared components or when copying a component group or any shared component that may refer to other shared components, APEX employed an inconsistent approach for component identification and resolution of dependent shared components. In some cases, APEX matched components by name, and in others, APEX matched components by Static ID.

In this release, APEX now uses Static ID as the primary identifier for component matching. All referenceable components now include a Static ID attribute. If there is no component with a matching Static ID in the target application, APEX falls back to matching by component name for components where the name is unique enough to serve as an identifier. For a few components where the name is not guaranteed to be unique, including Application Computation, Email Template, Search Configuration, and Plug-in, APEX only matches by Static ID. If APEX does not find a match, the component is copied into the destination application.

This enhancement ensures consistent and predictable behavior for shared component reuse and dependency management.

3.6 Automatic Time Zone Behavior

Starting with APEX 26.1, the Automatic Time Zone functionality for applications works with time zone names instead of time zone offsets. Based on browser settings, the SESSIONTIMEZONE database function may return a time zone name like Europe/Paris instead of +01:00.

3.7 OData REST Service DML Support

The OData REST Data Source type provides built-in support for connecting to OData-compliant REST services. Previously, this was limited to read-only (fetch) operations. With this release, APEX now supports DML operations (insert, update, delete). You can now directly perform data modification against OData services using familiar APEX components such as interactive grids and forms or programmatically via the APEX_EXEC API.

3.8 AI Integration and Tool Changes

AI Configurations Renamed to AI Agents

AI Configurations are now renamed to AI Agents. This includes all occurrences: in the UI, in API parameters, and in public dictionary views.

The existing APIs APEX_AI.generate and APEX_AI.chat, accepting a p_config_static_id parameter, are now deprecated. Use the new overloads accepting a p_agent_static_id parameter instead.

Existing views and columns (for example, apex_appl_ai_configs) remain functional for APEX 26.1, but will be removed in a future release.

The ai_agent_id and ai_agent_name columns are now available in the following views:

apex_application_page_proc
apex_appl_workflow_activities
apex_appl_page_comp_da_acts

RAG Sources Renamed to Augment System Prompts

RAG Sources are renamed to Augment System Prompts. Any existing RAG Sources automatically become Augment System Prompt tools in APEX 26.1.

Cohere Changes

APEX now uses the Cohere v2 REST endpoint rather than the v1 API. Existing Cohere configurations inside APEX are automatically migrated from v1 to v2 on instance upgrade or application import.

APEX Assistant and SQL Views

The Query Builder AI Assistant now considers views as well as tables.

3.9 Component Changes

Oracle APEX 26.1 contains changes to component behavior.

3.9.1 Static ID Changes

Changes to Static ID have impacted several components:

Refresh/Publish - When Static ID changes in the master component, it is updated in the subscribing component after refreshing or publishing.
When copying a component without subscription to another component, APEX generates a new Static ID based on the new Component Name.
When copying a component with subscription to another application, APEX re-uses the source/master component Static ID

These Static ID changes are applicable to the below components:

REST Data Sources
Email Templates
Search Configurations
Data Load Definitions
JSON Sources

3.9.2 Subscription Status Changes

The new Static ID column has an impact on Subscription Status for existing components. If these components are subscribed, upon upgrade (or import of applications from prior APEX versions), Subscription Status is reset to "Could not determine, needs refresh":

Authentication Scheme
Authorization Scheme
Component Groups
Computations
List of Values
Map Background
Build Options
Application Process
Lists
Plug-ins (if they contain any Action Templates or Attribute Groups)
REST Data Sources
JSON Sources
Data Load Definitions

Select Refresh or go to the master component and select Publish to update the subscription status.

3.9.3 Changes to Static ID for JET Chart Axis and JET Chart Series Components

Static ID is now unique, and serves as the standard external identifier for APEXlang support. In prior versions of APEX, if you had duplicate Static IDs, upon upgrade, these duplicated Static ID values are modified to be unique Static IDs. This impacts your JavaScript code if the code referred to the Static ID values.

For existing applications, a new JavaScript Static ID property is available for JET Chart Series components and JET Chart Axis components to maintain backward compatibility with older applications that previously used a non-unique static ID for JavaScript customization. JavaScript Static ID is deprecated, and displays in Page Designer only if it already has a value. Static ID is the fallback JavaScript identifier if JavaScript Static ID is not set.

New applications should use the unique Static ID property.

3.9.4 Report Layout Changes

Changes to Static ID have impacted Report Layouts:

When copying a Report Layout to another application, APEX generates a new Static ID based on the new Report Layout Name.

3.9.5 Template Component-based Columns in Interactive Reports

It is now possible to sort and filter Template Component-based columns by value in Interactive Reports. Note that aggregations, control breaks, highlighting, computations, charting, group by, and pivot are still disabled.

For more information, see About Template Component Type Plug-ins in Oracle APEX App Builder User’s Guide.

3.9.6 Template Directive False Values

The template directive syntax uses a list of False Values to evaluate expressions. What isn't in the list is evaluated to be TRUE. In both the PL/SQL and JavaScript implementations, this list is extended to include “FALSE”. It is now:

["F", "f", "N", "n", "0", "FALSE"]

3.9.7 Interactive Report Output Limit Removed

Previously, Interactive Report had an output limit of 32K per row. With this release, Interactive Report output generation is refactored, and the output limit is no longer necessary.

3.9.8 Interactive Grid View Changes

There are minor changes in behavior for the grid view of an interactive grid:

The row header sequence (enabled with the rowHeader grid widget option) now has a value for inserted records. The value updates for inserts and deletes, and is based on the model recSequence record property.
The row element attribute data-rownum may be updated when records are inserted or deleted. The value is based on the model record index property.

3.9.9 Clipboard and Selection Feature Changes for Interactive Grid

Clipboard features for editable interactive grids are changed:

any empty virtual column, including the Actions button, is no longer copied to the clipboard
the selection row header is not copied unless it contains text
Copy now copies links as links if:
- the column metadata contains a URL property, or
- the column metadata includes linkTargetColumn
Paste now pastes links as links if the column value is the URL and the column is configured using linkTargetColumn
the Selection Actions button is now always a tab stop and focusing the button by click or tab key does not make the header cell the current cell
APEX now shows a progress spinner if bulk update operations (copy down, fill, clear, paste) take a long time
inserting a record in Cell Selection mode inserts the record after the current row
Insert and Delete keyboard key handling goes through the IG actions selection-add-row and selection-delete, making advanced customization of those actions more robust
row header sequence (enabled with JavaScript option rowHeader) has a value for inserted records and is updated for inserts and deletes. The undocumented row attribute data-rownum is also updated
cell selection mode is enhanced
- Ctrl+Space selects all the cells in a column
- Shift+Space selects all the cells in a row
- Ctrl+A (Cmd+A on Mac OS) selects all the cells
- row selection headers cannot be selected
- cell range selection can include aggregate rows
- with virtual scroll pagination, selection cells that are not yet loaded results in the Load All link appearing in the footer, just as it does in row selection mode
- row and column headers have styles applied to them to indicate that a cell in that row or column is selected

In addition to these changes, more kinds of cells and rows can be copied to the clipboard, including:

read-only cell content
header and group header rows/cells
aggregate rows/cells
control break rows/cells

3.9.10 Dynamic Action Changes

Dynamic Action Functionality

The way dynamic actions work is changed in this release:

When right-clicking a button in the Page Designer tree, Create Dynamic Action is replaced with Create Trigger Action. To create a regular dynamic action, set the property Type to Defined by Dynamic Action, then create a dynamic action.
In Template Components and Interactive Reports, LOV columns, you can now reference the RETURN value in HTML Expressions using the following syntax: &"COLUMN_ALIAS%RETURN".

Tip:
Ensure the column reference is wrapped in double quotes as shown above. Failure to do so results in a NULL value.
Card regions have an editable model now so that columns can be returned by Set Value and Execute Server-side Code actions.

Tip:
If you have done any DOM manipulation of individual cards after the region renders, these changes are lost because the UI automatically updates when the model changes.
Template Component regions have an editable model when one or more columns are Available on Client. These columns can be returned by Set Value and Execute Server-side Code actions.

Tip:
If you have done any DOM manipulation of individual template components after the region renders, these changes are lost because the UI automatically updates when the model changes.

Dynamic Action Page Unload uses "pagehide" event

Major browsers are in the process of deprecating the "unload" event. When this happens, the browser will not call "unload" event handlers and this includes APEX Page Unload dynamic actions. For this reason, the Page Unload dynamic action event now listens on the "pagehide" event, which is the event with the closest semantic meaning to "unload".

In most cases, your app should behave the same but you should review what your Page Unload dynamic actions are actually doing. Keep in mind that in modern browsers, especially mobile browsers, the "pagehide" and "unload" events are not reliably triggered in all cases and soon the "unload" event may not ever be triggered.

For more information, see Page Lifecycle API.

The following query helps identify any apps in the current workspace that contain dynamic actions using the "unload" event:

select application_id,
         application_name,
         page_id,
         page_name,
         dynamic_action_name,
         when_event_name,
         when_event_internal_name,
         number_of_actions
from apex_application_page_da
where when_event_internal_name = 'unload'
order by application_id, page_id, dynamic_action_name;

3.10 Object Browser Selection Improvements

Object Browser has improved selection support that makes it easier to copy data to the clipboard. In addition to the cell selection mode enhancements (see Clipboard and Selection Feature Changes for Interactive Grid), the grids in Object Browser support multiple range selection. You can select additional ranges by holding down Ctrl or Cmd and clicking, or by using Shift + F8.

3.11 Upgrade Application from Application Home Page

The existing Upgrade Application functionality is now also available through the New Features Available region on the Application Home Page. This notification is available after upgrading the APEX instance to APEX 26.1, and for any APEX applications imported from a prior version of APEX.

If you do not wish to upgrade the application, click Dismiss to dismiss the New Features Available notification.

For more information on upgrading your application, see Application Home Side Bar and Running Application Upgrade in Oracle APEX App Builder User’s Guide.

3.12 Changes to Public Dictionary Views

In the following public dictionary views, the columns attribute_01...25 now return null:

apex_application_auth
apex_application_authorization
apex_application_page_da_acts
apex_application_page_proc
apex_application_processes
apex_appl_automation_actions
apex_appl_plugin_settings
apex_appl_taskdef_actions
apex_appl_web_src_modules
apex_appl_workflow_activities

Use the JSON attributes column instead.

3.13 Changes to Faceted Search Charts

Previously, when displaying a chart from Faceted Search, the number of series was limited to ten (10) by default, and all other series from 11 onward were summarized in an "Others" slice. With APEX 26.1, you can now expand the "Others" slice by clicking on it to display further series in detail. To undo the expansion of the "Others" slice, click Reset.

3.14 Changes to Undocumented JavaScript APIs

The Static ID property is now renamed to HTML DOM ID for page-level components (see App Builder UI Changes). Related undocumented properties in JavaScript APIs are also renamed. APEX cannot maintain backward compatibility for these changes. Any custom JavaScript code referencing these undocumented properties requires immediate updates to ensure existing functionality continues to work.

This change could impact your applications when:

Using regionStaticId in the JavaScript initialization function to configure regions or staticId to modify column options. Update these references to regionDomId and domId, respectively.
Using regionStaticId in error objects to link errors to specific regions. Replace it with regionDomId.

An example of code that no longer works is this common technique: a shared JavaScript initialization function used to configure multiple regions (for example, Interactive Grids) dynamically based on CSS classes. Update the code to use regionDomId instead of regionStaticId.

function commonIGConfig(config) {
    config.defaultGridViewOptions = {
        stickyFooter: false
    };
    if ($("#" + config.regionStaticId).hasClass("seqNo")) { // Use regionDomId instead
        config.defaultGridViewOptions.rowHeader = "sequence";
    }    return config;
}

The following code is another example that needs to be updated. If you use regionStaticId in error objects to associate errors with specific regions, update it to regionDomId.

apex.message.showErrors([{  
    type: "error",  
    location: ["page","inline"],  
    regionStaticId: "test-region",  // Use regionDomId instead
    message: "Error message"  
}]);

Ensure that all affected JavaScript code relying on regionStaticId or staticId for region or column identification is updated to use the new property names to avoid any disruptions after upgrading.

3.15 Improved Keyboard Shortcut Display

Keyboard shortcut display is improved for Mac OS:

a space now shows between the modifier key and the key
APEX now shows symbols rather than words for common Mac modifier keys

This change applies wherever keyboard shortcut keys created with the API actions interface are displayed.

3.16 Team Development Relocated

Team Development now displays from the APEX home page, and is no longer part of the menu bar.

3.17 SQL Workshop Changes

Changes to SQL Workshop for this release include:

SQL blocks in SQL Commands can now be run based on the cursor location. If you select a query in the editor and then press Ctrl+Enter (Windows) or Cmd+Enter (Mac), that query runs. If you do not select a query, the query surrounding the current cursor position runs.
SQL Developer Web now has a list entry on the SQL workshop home page task list.

3.18 Compatibility Mode

The application attribute Compatibility Mode controls the compatibility mode of the APEX runtime engine. Certain runtime behaviors change from release to release. You can use the Compatibility Mode attribute to obtain specific application behavior. This section lists Compatibility Mode changes by release. Note that all mode changes are inclusive in that all changes in older releases are included in newer releases.

Compatibility Mode Changes in Mode 4.1

In Oracle Application Express release 4.1, Automatic DML forms raised an error when rendering the page if the column name of the source of an item was invalid. Prior to Oracle Application Express release 4.1, an invalid column name of the source of an item would not raise an error when rendering the page but it would also not set session state of the item.

Also, in Oracle Application Express release 4.1, there are two new application Security Attributes to control Browser Security: Cache and Embed in Frames. Enabling the Cache attribute enables the browser to save the contents of your application's pages in its cache, both in memory and on disk. The Embed in Frames attribute controls if the browser displays your application's pages within a frame. Applications running in a Pre-4.1 Compatibility Mode function as if the Cache is enabled and as if Embed in Frames is set to allowed. Applications running in Compatibility Mode 4.1 or later respect the specific Browser Security attributes.

Also, in Oracle Application Express release 4.1, because of bug 12990445, the following changes were implemented for Automatic Row Processing (DML) process types. The code which performs the INSERT was changed to determine if the columns should be included in the INSERT statement. Note that these are the same checks which occur before an UPDATE. These new checks include:

Is the source type a DB Column?
Is the page item contained in the POST request? For example, if the page item is conditional it will not be contained in the POST request if the condition evaluates to FALSE during page rendering.
Is the page item not of type Display Only where Save State is set to No?

To enable these behaviors, set the Compatibility Mode to 4.1 or later. For behavior that matches earlier releases, set the Compatibility Mode to Pre-4.1.

Compatibility Mode Changes in Mode 4.2

In Oracle Application Express release 4.2 due to changes for the new grid layout, when a page is rendered, all regions in a certain display point are evaluated before rendering that display point, to find out if they should be displayed or not (so that the grid layout knows how many columns to render). The regions where the evaluation returned true will be executed and displayed. However, this will not work if a PL/SQL based region sets session state which is then used in a subsequent region condition to determine if the region should be displayed. In that scenario, the condition has already been checked before the display point is rendered. Use computations or PL/SQL processes to set session state before any region is displayed. In previous versions, the condition was evaluated right before each region was displayed.

In Oracle Application Express release 4.2, computations and processes with a processing point Before Region(s) do now fire before any region gets rendered. Computations and processes with a processing point After Region(s) fire after all regions have been rendered. In previous versions, the computations and processes fired just before and after the region display point Page Template Body (1-3).

Oracle Application Express Patch Set 4.2.2 added two new Compatibility Mode changes for Compatibility Mode 4.2:

Text areas were changed to always use the Maximum Width attribute to restrict text input.
Enhanced security for report column links, where the link contains both JavaScript and references to other report column substitutions, for example:
```
javascript:alert( 'Delete #NAME#' );
```
In the previous example, NAME is a column name in the report.

Prior to Oracle Application Express release 4.2.1, to protect against possible cross-site scripting vulnerabilities, you would have had to explicitly escape any column values in the report source, so that they could safely be used in JavaScript links. When running in Compatibility Mode 4.2, Oracle Application Express automatically JavaScript escapes column name substitutions referenced in JavaScript links if the column is defined to escape special characters.

To fix this, Oracle recommends that you remove the manual JavaScript escaping from your report source and use of the native escaping.

Compatibility Mode Changes in Mode 5.0

In Oracle Application Express release 5.0, referencing a Static Application File with #WORKSPACE_IMAGES# no longer returns the application file. Instead, use #APP_IMAGES#.

The API calls to wwv_flow_custom_auth_std.logout, wwv_flow_custom_auth_std.logout_then_go_to_page, wwv_flow_custom_auth_std.logout_then_go_to_url, and apex_custom_auth.logout are desupported and will raise a runtime error instead of logging out from the Oracle Application Express session. Instead, use the apex_authentication.logout entry point.

Prior to release 5.0, developers using data upload did not have the option to choose a date format. Instead, a parser checked for the best format to match the user's entry or an end user could enter their own format. Oracle Application Express release 5.0 includes a new item that enables the user to choose an application date format or user entered format. Because applications created before release 5.0 do not have an item, a Compatibility Mode of 5.0 checks if the user has entered some data. If no data has been entered, it picks the application date format.

When a session timeout occurs and no timeout URL is specified, Oracle Application Express raises an error instead of redirecting to the application's home page. If the session setup for an Ajax requests fails, Oracle Application Express also raises an error. For Ajax requests that expect JSON, the response is a JSON string with members that describe the error. For other requests, the error appears on an error page.

Page items based on a database column where the attribute Source Used is set to Only when current value in session state is null will raise an error when the page item gets rendered. Using this setting for a database column is very dangerous and can result in accidentally overwriting data when viewing and saving multiple records. Always set the Source Used attribute to Always, replacing any existing value in session state.

Compatibility Mode Changes in Mode 5.1 / 18.1 / 18.2

In Oracle Application Express 18.1, buttons where the Execute Validations attribute is set to Yes also perform some client-side validations (such as item required checks) and will not submit the page until all issues are fixed. In previous versions this flag was just used to determine if server-side validations should be executed.

Tip:

Please pay attention when changing the Compatibility Mode to 5.1/18.1/18.2. Buttons, such as Cancel or Previous, where the Execute Validation flag has incorrectly been set to Yes and which use an After Submit branch, never execute validations when the user clicks the button. You can address this issue by using the new client-side validations, or by setting Execute Validations to No.

In release 5.1, any Ajax-based Dynamic Actions where the "Wait for Result" attribute is set to Yes perform an asynchronous Ajax call. Prior to 5.1, such calls would be made synchronously.

Compatibility Mode Changes in Mode 19.1

In Oracle Application Express 19.1, the Rich Text editor now enforces validation of the Max Length item attribute. When the length of the HTML markup exceeds the Max Length value, the system produces an error message.

Compatibility Mode Changes in Mode 19.2 / 20.1 / 20.2 / 21.1

In Oracle Application Express 19.2, Classic Reports render empty column values as an empty cell instead of using a "non-breaking white-space" ( ).

Compatibility Mode Changes in Mode 21.2 through 24.1

Prior to Oracle Application Express 21.2, all processes of the current processing point have been executed regardless of the added errors.

In Oracle Application Express 21.2, calling APEX_ERROR.ADD_ERROR in a process stops further processes from executing and immediately displays the inline errors.

Compatibility Mode Changes in Mode 24.2 / 26.1

Starting with release 24.2, APEX supports an extended substitution syntax for text messages: &{TEXT.MESSAGE}.

3.19 Enabling Network Services in Oracle Database

Database administrators must enable network services in Oracle Database to send outbound mail, invoke web services, or use template-based PDF report printing with external print servers in Oracle APEX.

Note:

Enabling network services does not apply to APEX instances running on Oracle Autonomous AI Database. APEX can communicate with external endpoints over the internet without additional configuration.

3.19.1 When and Why Network Services Must be Enabled

Enabling network services enables support for sending outbound mail in Oracle APEX, using REST Services, REST Enabled SQL, or other web services, and using a remote server for report printing.

By default, the ability to interact with network services is disabled in Oracle Database. Therefore, you must use the DBMS_NETWORK_ACL_ADMIN package to grant network connect privileges to the database user that owns the APEX schema (APEX_260100). Failing to grant these privileges results in issues with:

Sending outbound mail in Oracle APEX.

Users can call methods from the APEX_MAIL package, but issues arise when sending outbound email.
Consuming REST services and other web services from APEX.
Making outbound LDAP calls from APEX.
Using a remote print server for report printing.

The granted network connect privileges apply to the entire APEX instance and enable all applications in all workspaces to perform outbound network calls. You do not need to grant network connect privileges to individual workspace schemas unless applications also use native database PL/SQL API such as UTL_HTTP and UTL_SMTP.

Note:

When upgrading APEX, the upgrade automatically configures Network Services based on the configuration of the previous APEX version.

Tip:

To run the examples described in this section, the compatible initialization parameter of the database must be set to at least 11.1.0.0.0. By default, the parameter is set properly, but a database upgraded from a version prior to 11g may require an update. For information about changing database initialization parameters, see Specifying the Database Compatibility Level in Oracle Multitenant Administrator's Guide.

3.19.2 Granting Connect Privileges

The following example demonstrates how to grant connect privileges to any host for the the database user that owns the APEX schema (APEX_260100). This example assumes you connected to the database where Oracle APEX is installed as SYS specifying the SYSDBA role.

BEGIN
    DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
        host => '*',
        ace => xs$ace_type(privilege_list => xs$name_list('connect'),
                           principal_name => APEX_APPLICATION.g_flow_schema_owner,
                           principal_type => xs_acl.ptype_db));
END;
/

The following example demonstrates how to provide less privileged access to local network resources. This example enables access only to servers running on the same database host (localhost), such as email and report printing servers.

BEGIN
    DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(
        host => 'localhost',
        ace => xs$ace_type(privilege_list => xs$name_list('connect'),
                           principal_name => APEX_APPLICATION.g_flow_schema_owner,
                           principal_type => xs_acl.ptype_db));
END;
/

3.19.3 Troubleshooting an Invalid ACL Error

Learn how to identify any invalid ACL error by running the query.

If you receive an ORA-44416: Invalid ACL error after running the previous script, use the following query to identify the invalid ACL:

REM Show the dangling references to dropped users in the ACL that is assigned
REM to '*'.

SELECT ACL, PRINCIPAL
  FROM DBA_NETWORK_ACLS NACL, XDS_ACE ACE
 WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL AND
       NACL.ACLID = ACE.ACLID AND
       NOT EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

Next, run the following code to fix the ACL:

DECLARE
  ACL_ID   RAW(16);
  CNT      NUMBER;
BEGIN
  -- Look for the object ID of the ACL currently assigned to '*'
  SELECT ACLID INTO ACL_ID FROM DBA_NETWORK_ACLS
   WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;

  -- If just some users referenced in the ACL are invalid, remove just those
  -- users in the ACL. Otherwise, drop the ACL completely.
  SELECT COUNT(PRINCIPAL) INTO CNT FROM XDS_ACE
   WHERE ACLID = ACL_ID AND
         EXISTS (SELECT NULL FROM ALL_USERS WHERE USERNAME = PRINCIPAL);

  IF (CNT > 0) THEN

    FOR R IN (SELECT PRINCIPAL FROM XDS_ACE
               WHERE ACLID = ACL_ID AND
                     NOT EXISTS (SELECT NULL FROM ALL_USERS
                                  WHERE USERNAME = PRINCIPAL)) LOOP
      UPDATE XDB.XDB$ACL
         SET OBJECT_VALUE =
               DELETEXML(OBJECT_VALUE,
                         '/ACL/ACE[PRINCIPAL="'||R.PRINCIPAL||'"]')
       WHERE OBJECT_ID = ACL_ID;
    END LOOP;

  ELSE
    DELETE FROM XDB.XDB$ACL WHERE OBJECT_ID = ACL_ID;
  END IF;

END;
/

REM commit the changes.

COMMIT;

Once the ACL has been fixed, you must run the first script in this section to apply the ACL to the APEX_260100 user.