you have Oracle XE installed along with Apex version 2.1 or above and you are trying to execute a stored procedure directly from the URL (exploiting the HTTP binding performed automatically by the embedded PL/SQL gateway of XE, similar to mod_plsql) like:
http://127.0.0.1/apex/testif using a public synonym.
When you submit your request, the browser comes up with a similar screen:
The requested operation is not allowed
When i first hit this error message i contacted John Scott who quickly mentioned the name of the function i had to look at:
With this function name i searched the web and i stumbled immediately on Dietmar Aust's blog entry, where he clearly explains how to fix the problem and puts a link to the Oracle documentation dealing with the subject.
PS: please note that if you misspell the procedure name or if you forget to grant execute privilege to ANONYMOUS (see in the comments section) or to PUBLIC or you are trying to call the procedure name without the schema prefix and without a public synonym, you won't get HTTP 403 error (forbidden) but HTTP 404 (page not found), so if you get HTTP 403 it means that the procedure was actually found but did not pass the wwv_flow_epg_include_mod_local filter.