Ability to Adhoc SQL using REF CURSOR based BIP Report not supported anymore - Page 2 — Oracle Analytics

Oracle Transactional Business Intelligence Idea Lab

Home Oracle Analytics Oracle Analytics Idea Labs More Solutions Idea Labs Oracle Transactional Business Intelligence Idea Lab

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Ability to Adhoc SQL using REF CURSOR based BIP Report not supported anymore

Submitted
783
Views
37
Comments
24

Comments

  • User_3MHU1
    User_3MHU1 Rank 1 - Community Starter

    Using this tool we can troubleshoot error in less time. Please support this functionality in future releases too.

  • Glen Ryen
    Glen Ryen Rank 4 - Community Specialist

    Ravi,

    Do you have a reference to an Oracle note on this?  Did Oracle cite security concerns?  I'm familiar with the tool and it always seemed a big risk for SQL injection, but I'd be interested to hear Oracle's official stance.

    Thanks,

    Glen

     

  • Shweta Vohra
    Shweta Vohra Rank 1 - Community Starter

    My role requires me to run various adhoc queries for management. I particularly review the workflow related queries. BI publisher is time consuming and has row limitation too. Please continue to support this functionality in future releases.

  • A J-113800
    A J-113800 Rank 1 - Community Starter

    This tool is useful for development and business analysts for running adhoc queries.

  • Eric Levinson-44477
    Eric Levinson-44477 Rank 1 - Community Starter

    This severely impacts our ability to process SQL queries against our ERP Cloud SaaS solution, and anywhere else we use REF cursor types.

  • Steve West
    Steve West Rank 1 - Community Starter

    We are reliant on this feature, being able to issue ad-hoc queries is extremely productive compared to predefining a BI report and DM for every single possible query.

  • Glen Ryen
    Glen Ryen Rank 4 - Community Specialist

    Is there an official Oracle announcement here?  If the risk is indeed SQL injection, I'd argue that's better off being closed for security purposes.  Plus I feel this change is not that difficult to work around with BI Publisher data models and reports, at least for static SQL (i.e. all the ad hoc requests).  It can be addressed with training.  Or is there a use case here that requires REF CURSORS?

  • David Wright - More4apps
    David Wright - More4apps Rank 3 - Community Apprentice

    Other SAAS products such as Salesforce have specific sql query web services available. As does netsuite https://docs.oracle.com/cloud/latest/netsuitecs_gs/NSSAW/NSSAW.pdf

    Please clarify, is this for HCM only? or the entire cloud ERP range?  Either way it is a huge lose of functionality. 

    Are you able to provide a pathway forward that gives the flexibility required to create ad-hoc queries?

  • David Wright - More4apps
    David Wright - More4apps Rank 3 - Community Apprentice

    Glen from our experience it isn't a sql injection issue.  The ref cursor method we are using does not have the ability to do any data manipulation, just data querying.  Which is great as I'd see injection as a huge hole in security too.

  • David Wright - More4apps
    David Wright - More4apps Rank 3 - Community Apprentice

    allows us to reduce the number of BI reports required.
    reduces number of sysadmin installations as dynamic queries remove the need to change/install BI reports all the time.
    helps with defining sql for BI reports when used.
    helps with diagnosing data issues.