9 Managing APEX and Extensions

Innovation Workbench (IW) is a workspace that provides read-only access to application data objects and a clean database schema by using Oracle APEX. This tool is a workspace for advanced analytics users to add new code by using Oracle Advanced Analytics (Oracle R/ODM) algorithms as well as SQL/PLSQL functions. IW is included with a subscription to the Retail Insights and AI Foundation Suite of cloud services. As an application administrator, you may be expected to handle certain tasks within Oracle APEX, such as user account management and workspace configuration.

Prerequisites

Before you can log in to Oracle APEX for the first time, you must set up the login details for the APEX workspace administrator. A Retail Workspace Administrator (rtlwsp_admin) account has been created during AI Foundation provisioning. This has the necessary privileges within the APEX workspace. However, since this APEX instance uses header authentication, an IAM entry will need to be created for this username as a one-time activity. Login to IAM as an administrator, create a new user, and set the information as shown below.

User Name: rtlwsp_admin

First/Last Name: APEX

Password: <use any password meeting your security requirements>

Figure 9-1 APEX User Setup in IAM

After the user is created, also update the IAM group assignments for it. It must have the IAM group for DATA_SCIENCE_ADMINISTRATOR_JOB (or DATA_SCIENCE_ADMINISTRATOR_JOB_PREPROD in non-production environments). These roles grant access to the Innovation Workbench URLs when using the AI Foundation user interface to log in. Users that don’t need administrator access can just be given DATA_SCIENCE_ANALYST_JOB and DATA_SCIENCE_ANALYST_JOB_PREPROD, which grants access to non-administrator links only.

Once you have set up the administrator account, you may access the application using the Retail AI Foundation Cloud Services application menu under Innovation Workbench. You can also navigate directly to APEX using the URL format:

https://<base URL>/<environment ID>/ords/

For example:

https://ocacs.ocs.oc-test.com/nryfhvvl5k3imnq6/ords/

You will then be presented with the welcome screen, where you must select an available workspace for the user to continue.

Figure 9-2 APEX Workspace Pre-Authenticated Login

Review the product documentation before starting any work in APEX:

https://apex.oracle.com/en/learn/documentation/

User Management

For the purposes of this documentation, there are three types of APEX users: end users, development users, and workspace administrator users. End users are users with access to the applications built with APEX. They will log into and use those applications, but not be involved in their development or management. Development users, on the other hand, can create and manage the APEX applications the end users use. Within this set of users, there are Developer and Workspace Administrator roles. Users with Developer role can create and edit APEX applications, while Workspace Administrators can do that as well as manage the application lifecycle and workspace settings.

This document will focus on managing Development and Workspace Administrator users. End-user authentication is managed by the Workspace Administrator, who can choose any supported form of authentication for the APEX applications developed. Development/Workspace Administrator user authentication is provided through integration with IDCS. The APEX Workspaces provisioned is configured to use HTTP Header Variable authentication.

Once provisioned, the workspace comes with a single user. This user is the Workspace Administrator for that workspace. For initial access, each Workspace Administrator account must have a matching username in IDCS. The Workspace Administrator account passwords and their lifecycle will then be managed in IDCS going forward. There is no need to synchronize this user with APEX. The only requirement is the usernames match.

This is the set of Workspace and Workspace Administrators provided with this release:

• Workspace: RETAILWORKSPACE

• Workspace Administrator: RTLWSP_ADMIN

In most cases, teams will need to create additional development/workspace administrator users in this workspace to facilitate the development of APEX applications and REST endpoints.  The Workspace Administrator account has the permissions to create additional Developer and Workspace Administrator users through the APEX UI. Any additional users created will need to follow the same pattern as the default user accounts. Create the users in APEX and create matching usernames in IDCS. Like the default Workspace Administrator accounts, these new accounts will have their passwords live in IDCS. For the APEX user creation, use the workspace's Administration menu in the top right corner to access Manage Users and Groups. 

Using the default workspace administrator, RTLWSP_ADMIN, manually add user accounts to the workspace based on their needed level of access. If the user created is an administrator or developer, a database schema will also be created for that username.

To add users in APEX, do the following:

1. From the APEX start page, access the Administration menu in the upper right corner and select the Manage Users and Groups option.

   

2. Click the Create User button within the User Management screen.

3. On the create user form, enter the Username and Email, which are identical to the OCI IAM user account you wish to add.

4. Under Account Privileges, select whether the User is a workspace administrator or the User is a developer.

   If neither option is selected, then the user will not have the ability to create anything in APEX but may be able to access applications that are already created.

   

5. For the Password, you may enter any value you wish. The APEX password is not used when authentication is managed by OCI IAM.

6. Ensure the option Require Change of Password on First Use is set to No, as we do not want APEX to manage the authentication.

7. Under Group Assignments, add one or more privileges to the user if they are a Developer or Administrator. When you are finished, click Create User at the top of the screen to add them to APEX.

For details on other user management activities in APEX, refer to the APEX Administration Guide chapter “Understanding Workspace Administration”.

https://docs.oracle.com/en/database/oracle/application-express/index.html

Application Management

If you are creating custom applications within APEX, an application administrator may be expected to import and export data and configurations between environments. These tools are located under the main menu for App Builder > Import or Export.

To import or export a workspace, refer to the APEX Administration Guide section Exporting and Importing a Workspace.

To import or export an application, refer to the APEX App Builder’s User Guide section on Deploying an Application.

For managing high volumes of data between environments (such as moving from a Stage to a Production environment), you should, if possible, regenerate the data tables in the target environment to ensure they are aligned with that database’s data. You may also log a Service Request with Oracle to request that a lift-and-shift operation be done on the APEX workspace schema.

AI Foundation Application Usage

Included with the AI Foundation subscription is access to both the Application Express tool and a variety of other functionality, collectively referred to as the Innovation Workbench. This includes Python notebooks and Oracle Data Mining processes for advanced analytics users. Access this advanced functionality using the AI Foundation application user interface links for Notebooks. You must also have the OCI IAM roles for DATA_SCIENCE_OLDS_ADMIN_JOB or DATA_SCIENCE_OLDS_ANALYST_JOB (or their associated PREPROD groups).

For more details on Notebook usage, see the AI Foundation Cloud Services Implementation Guide chapter “Innovation Workbench”.