Hello,
I am designing a secure Oracle APEX SaaS environment and I need guidance on best practices for restricting developer access while still allowing normal application development.
My requirements are:
What I want to allow:
- Developer can access APEX Application Builder in a DEV workspace
- Developer can create and modify pages, components, and UI logic
- Developer can use REST Data Sources and RESTful Services
- Developer can work on application functionality normally
What I want to prevent:
- Exporting or downloading the APEX application
- Accessing SQL Workshop
- Viewing or querying the parsing schema directly
- Accessing or copying tables, views, packages, or procedures
- Accessing the core database schema or business logic
My goal:
To protect the application's intellectual property and database structure, while still allowing safe development.
Questions:
- What is the recommended Oracle APEX architecture to enforce this? (DEV / TEST / PROD separation, runtime-only, etc.)
- What privileges should the parsing schema have or not have?
- How do SaaS companies using Oracle APEX typically prevent developers from exporting applications or accessing core schemas?
- Is workspace isolation and API-based access (Views/Packages only) the correct approach?
I am especially interested in real-world best practices used in production SaaS environments.
Thank you.