To keep function results at replay, you must grant KEEP privileges to the user invoking the function. You impose this security restriction to ensure that it is valid for replay to save and restore function results for code that is not owned by that user.
Grant and Revoke Interface
To grant and revoke permission to keep mutables for Oracle Dates and SYS_GUID:
GRANT [KEEP DATE_TIME | KEEP SYS_GUID]...[to USER] REVOKE [KEEP DATE_TIME | KEEP SYS_GUID]...[from USER]
For example, for possible Oracle E-Business Suite usage with original dates:
GRANT KEEP DATE_TIME, KEEP SYS_GUID to [custom user]; GRANT KEEP DATE_TIME, KEEP SYS_GUID to [apps user];
Granting Permission to Keep Mutables for Oracle Sequences
To grant permission to the owner of the sequence:
CREATE SEQUENCE [sequence object] [KEEP|NOKEEP]; ALTER SEQUENCE [sequence object] [KEEP|NOKEEP];
The preceding commands keep the original values of sequence.nextval for replaying so that keys match.
To grant and revoke permission for others using the sequence:
GRANT KEEP SEQUENCES...[to USER] on [sequence object]; REVOKE KEEP SEQUENCES...[from USER] on [sequence object];
For example, for possible Oracle E-Business Suite usage with original sequence values:
GRANT KEEP SEQUENCES to [apps user] on [sequence object]; GRANT KEEP SEQUENCES to [custom user] on [sequence object];
Rules for Grants on Mutables
If you grant all on an object for a user, then mutables are excluded. Mutables require explicit grants. It is not supported to grant mutables to the users supplied or created by Oracle Database, such as SYS, AUDSYS, GSMUSER, SYSTEM.
The DBA role includes mutable permission.
If a user has mutables granted, then the objects inherit mutable access when the mutable functions are called (in SYS_GUID, SYSDATE and SYSTIMESTAMP).
If keeping mutables on a sequence object is revoked, then SQL or PL/SQL commands using that object does not allow mutable collection or application for that sequence.
If grants are revoked between run time and failover, then the mutables that were collected are not applied.
If grants are granted between run time and failover, then mutables are not collected and so none are applied.