I'm having another one of those days where I want to punch the Oracle Cloud team right in face. The sad part is that when dealing with such large companies it is never as simple as one might think to deliver blame for something that goes wrong. In fact, this is as much the executive team pushing people onto a platform that is ready, but that the support organization and the business model isn't. I'm still thinking that this is the future of Oracle, but they may have to fire 30% of their staff to get there.
So today my problem with them is that I had a minor but annoying bug. Occasionally I'd try to edit a user within the interface they provide within the app for user management. For those familiar w/ the Oracle Cloud world, we're talking about a managed schema (https://cloud.oracle.com/database?tabID=1383678929090
So when you first try out their platform (which you can test drive for free on a fully functional non-expiring platform at https://apex.oracle.com/
) you get the option of creating your first application and choosing the Authentication Method. Now, if you've read anything about APEX or followed a tutorial online then you'll follow the fully logical decision of having people authenticate using Application Express vs. anything else. WHICH IS SO TOTALLY WRONG AND YOU ARE A STUPID PERSON FOR DOING THAT (mild paraphrasing from Oracle support).
So Oracle CLOUD
is pushing people to use Oracle's global user Oracle Cloud Identity Management (referred to as various other things and improperly documented all over the place). Think of it like your Google account. You can use it to authenticate to all things Google and some things non-Google. Well, Oracle built their own here that is about 10% functional for the kinds of things you'd do day-to-day management-wise, but does solve the problem of a master login for "all things Oracle". So if I log into one particular cloud session account vs. another, I can use the same credentials. Handy...if you're into that.
But as the bulk of the features are geared toward fixing the issue w/ multiple hosted schemas, the extra overhead and confusion for users (they have to pick their datacenter where the app is hosted? HONESTLY?!) is just not needed.
So let's assume that you follow what anyone else in the world does w/ APEX (and the professionals would also tell you that you're a NOOB and you're an idiot and that you should roll your own) and you go w/ the other default
choice for creating Authentication and that would be Application Express. This means that you can manage users, see reports on usage, change passwords, create extra user-associated details, use PL/SQL for a lot of automation, etc. while still retaining the core features of user management. You get 90% of what you want/need w/o having to build it yourself. The only caveat is if you had two distinct schema services, then you'd have to figure out some way to authenticate across schemas since they are distinct. But for a small business or specific department in a large one, who cares.
Therefore, you use one of the DEFAULT METHODS to authenticate users and head happily along your way. Until...
About 18 months of happy service resulted in me getting a weird error when editing users. I'd try to edit them within the provided interface and it would give me an "internal error" (and the extra funny tagline - contact your system administrator - which I am). We'd had an upgrade (done by Oracle) a few weeks prior from 4.x -> 5.0 so I assumed it was somehow related. As a true hacker, I just went around the interface and did the edit directly via PL/SQL. That worked fine so who cares that the interface was broken. It was "fixed" in that I didn't care anymore. I continued on my merry way and resolved to eventually contact support when it annoyed me enough to make me care (again).
A month later I'd gotten into the policy even of just deleting and recreating the users in question when the problem would pop up which seemed to clear it. I just assumed there was some extraneous data in the old user version that was causing the new one to choke.
Then it got actually annoying. One of the crucial users of the system needed a simple pwd reset and I tried to alter it. Internal Error. I did the reset vis PL/SQL. Internal Error. Uh oh...that was new. Fine. Delete user via UI. Internal Error. Son of a... Delete user via PL/SQL. Internal Error. Are you kidding me?
So there was no way I could edit or delete this user. I created her an alt account and moved her records over to the new one in two minutes then chased down Oracle support. That was 22 days ago...
You see, Oracle support is insisting now that using Application Express authentication is soooo stupid and that I should never do that. I'm in "THE CLOUD" so I clearly should use their Cloud Identity Management. Which honestly, is the first time anybody over there has ever indicated that this was "a thing". My account is an OCIM account, but I'm an administrator. Why would others need a schema spanning account that includes links to Oracle support and other stuff that would confuse tiny user brains? KISS people.
They're insisting that I clearly should just change my entire authentication mechanism because they broke the Application Express datastore somehow during their upgrade. Clearly if a screen doesn't work then it is my fault and not theirs. If only I used OCIM then the problem would go away (future problems will be resolved by their new Oracle Super Cloud Identify Management portal which will be 100% different).
So I find myself this morning, again, updating the ticket and considering how much a ticket to Mumbai costs so I can fly over and deal w/ Rajagopalan in person. It isn't that I think he's a bad guy. I even feel his pain. But he's being told to tell me something that isn't viable. They haven't given him the tools to close the ticket by addressing the problem, so he takes the only path available to him.
I'm sure my ticket is weighing on him. Each morning he sees it blinking red on his account and his supervisor comes over to ask why he hasn't closed the ticket. I know that Raj is coming up with brand new Hindi insults to attach to my account profile. Which is ok. I deserve it. I'm understanding, but I'm also a d*ck when it comes to just accepting what people say from a support team. I know for a fact that Raj's supervisor told him to tell me to just use a completely different authentication method and that I'd fall for it and then he could close the ticket. The metrics were all that mattered to him/her.
So now Raj and I are at an impasse. He wants to close the ticket, while I have already resolved my immediate problem so don't exactly care. But I care enough about this PLATFORM That I'm not letting go. I want Oracle to fix their processes. I want them to own their mistakes. I want them to really embrace this as a path for them which means fixing all of the under the hood magic crap that their core product still stumbles along on. Meanwhile, Larry Ellison wants those cloud revenues to go up so he can slap his c*ck on the table at the next sailing event and brag about how they're a cloud company now.
I see Oracle as the US space shuttle. Horribly more complex and powerful than anything I could build, yet horribly out of date. Incredibly powerful technology from 30 years ago with new stuff just spliced in where possible. Now they've thrown "cloud" on top of it all because it sounded cool and are realizing what kind of work it takes to maintain their product and all the various ways it can break. Unlike the space shuttle program, Oracle is now attempting to hand every user their own "super powered rocket go space now" machine to commute to work in (and blaming them for when the flaming debris crashes to earth).
Meanwhile, Raj is "discussing it with others". I wish him luck. He isn't going to fix this anytime soon and I'm not closing the ticket. So we continuing our digital staring match from >8000 miles away and wait for the other to blink.
Good luck Raj. You're going to need it.