Why doesn't DLP use roles within Oracle? Oracle can be administered in such a way that when an account is created for a particular position, only those permissions needed for that position are granted. Those permissions are "bundled" into a role. Rather than granting individual permissions, a role can be granted. Why isn't this done with DLP?
Object privileges granted through roles do not work within procedures, functions, and packages. Those permissions must be granted explicitly to the user. DLP utilizes objects that require specific access privileges. They must be accessible through procedures, functions, or packages.
Very specifically, the upgrader will not work. The initial install may work, but the upgrader will FAIL. If this appears to be the case, have the customer directly grant all permissions to the schema owner, leave the roles as is. Then reattempt the upgrade.
A demonstration script is attached.