I was messing with RAS and dynamic roles and finally solved my problem.
It seems that this function only likes the roles in UPPER case. It is Unknown if this is a known bug or not.
xs_sys_context has a similar problem with being case insesitive too. So, I don't know if it is an APEX Problem or RAS problem.
Detailed testing method available upon request
21c ATP Free Tier (or I'd be filing an SR instead of posting here)
-- as ADMIN
-- don't forget to enable RAS at the APEX instance level
begin
-- this is needed for RAS Internal
-- you also need to create matching APEX User for this test
xs_principal.create_user(name => 'daustin');
-- psst - External RAS users require at least 1 enabled dynamic role
-- otherwise, i'd use that since you don't need to create a RAS User also
-- make sure you enable the ability to use dynamic roles in the APEX app
-- Shared Components -> Security Attributes -> Source for Role or Group Schemes
-- should have the value "Authentication Scheme"
xs_principal.create_dynamic_role( 'registered' );
xs_principal.create_dynamic_role( 'unregistered' );
end;
/
Code for Authentication Scheme Source
-- authentication scheme Source for defining the
-- Post-Authentication Procedure Name
procedure enable_roles
as
begin
apex_authorization.enable_dynamic_groups(
p_group_names => apex_t_varchar2( upper('registered'), lower('unregistered'))
);
end;
-- RAS Mode = Internal
-- do not enable any roles in "RAS" (ie keep all on left)
SQL for IR to show enabled Dynamic Roles
select * from v$xs_session_roles
Resulting IR shows only the UPPER() dynamic role having been enabled.
