What DB privs are required to read an EM13r2 SYSMAN view in 12.2?

From: Rich J <rjoralist3_at_society.servebeer.com>
Date: Fri, 08 Dec 2017 10:31:53 -0600
Message-ID: <9d15e4c01f73754e69eab4f57cfb8834_at_society.servebeer.com>

Hey all,

I'm migrating my APEX EM reporting app from EM12r5 with a v12.1.0.2 repository DB to EM13r2 with a v12.2.0.1 repository. The APEX app reads views in the SYSMAN schema of the v12.2 repository DB via database link.  The DB link uses an account I created called APEX_REPORTING. Since upgrading to EM13r2/v12.2, that account no longer returns rows from the SYSMAN views.

I've traced it down to the SYSMAN.EM_MANAGEABLE_ENTITIES view. This view's only dependency is table SYSMAN.EM_MANAGEABLE_ENTITIES_E. In troubleshooting this, I've granted the APEX_REPORTING account SELECT ANY TABLE (also tried SELECT ANY DICTIONARY and the new READ ANY TABLE) as well as explicit SELECT on the SYSMAN view and table above:

ALTER USER APEX_REPORTING DEFAULT ROLE ALL; GRANT SELECT ANY TABLE TO APEX_REPORTING; GRANT SELECT ON SYSMAN.EM_MANAGEABLE_ENTITIES TO APEX_REPORTING; GRANT SELECT ON SYSMAN.EM_MANAGEABLE_ENTITIES_E TO APEX_REPORTING; A "SELECT *" on the view returns no rows, while 163 rows are returned from the table. If I grant DBA to APEX_REPORTING, all 163 rows are returned from the view. I'd prefer to not grant DBA to this account, but I'm struggling with why the above doesn't work. Some new security feature in v12.2 that I have yet to learn?



Received on Fri Dec 08 2017 - 17:31:53 CET

Original text of this message