Oracle History #6

New Features for
Administrators
(Oracle9i)

November, 2003

CloudBox

Jang Kyung Sang

Oracle9i New Features http://www.ggola.com

Oracle9i New Features for Administrators

course

Preface

1. Oracle Server Security

2. General High Availability Technology

3. LogMiner Enhancements

4. Backup and Recovery

5. Data Guard

6. Database Resource Manager

7. Online Operation

8. Advanced Partition and Segment Management Enhancement

9. Automatic Segment and Advanced Index Management
Enhancement

10. Advanced Performance Features for Index, Cursor, Optimizing
and Statistics

11. Scalable Session Management

12. Real Application Cluster

13. Oracle Managed Files

14. New Tablespace Management

15. New Memory Management

16. Oracle Enterprise Manager

17. New and Standard SQL

18. Globalization Support

19. Workspace Management

20. Advanced Replication

OCP9i New Features check
.

jkspark@hanafos.com -2-


Preface

oracle9i new features
oracle version

.
.

PIII 512M PC Redhat Linux 7
. test user scott
directory oracle OFA .
pc , linux server (hostname) “LIRACLE”
oracle instance “NEWSVC”
.

oem, rman globalization support
chapter
oracle version

.

ocp ocm
paper
. ocm
paper
. (
60 ) (2004.01)
2 .

9i (new
features ..) .

iSQL*Plus

- sql*plus 2tier client pc sql*net(net*?i
) .

- from 9i client web browser oracle
database oracle http server
sql*plus .
CF. , web browser oracle http rdbms



sample schema

- scott/tiger oracle sample schema
5 schema . database
example . (demo schema
“$ORACLE_HOME/demo/schema” )

- oracle HR, OE/OC, QS, PM, SH
schema QS QS_
user .
CF. test : AIX 9iR2 OC
redhat 9iR2 OE
. oracle install option
scripts .

- 350M ~ 400M disk
space .
CF. users partition, replication, advanced queuing
example

.(
)



1. Oracle Server Security

connection to database

oracle new version
. from 9i svrmgrl
remove shell svrmgrl

. to 8i sqlplus internal
.

remote password login file (orapw)
.

internal connection

- 1:
[NEWSVC]LIRACLE:/oracle/app/oracle/admin/NEWSVC/
work> sqlplus /nolog
SQL> conn / as sysdba
SQL>

- 2:
work> sqlplus "/as sysdba"
SQL>

- 3:
work> sqlplus
Enter user-name: /as sysdba
SQL>

default security

default security
oracle privilege
rule . oracle
grant, revoke privilege role
mechanism default security
from 9i
.

initial parameter O7_DICTIONARY_ACCESSIBILITY

- to 8i select any table privilege users
object .



- from 9i
sysdba data dictionary rule
.

- , select any table privilege object
initial parameter
O7_DICTIONARY_ACCESSIBILITY TRUE
. oracle default
parameter FALSE setting .

- .

SQL> sho parameter o7
NAME TYPE VALUE
--------------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE

SQL> conn system/manager

SQL> grant select any table to qs ;

SQL> conn qs/qs

SQL> desc v$session
ERROR:
ORA-04043: object "SYS"."V_$SESSION" does not exist

SQL> shutdown & restart after change parameter

NAME TYPE VALUE
--------------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean TRUE
SQL> conn qs/qs

SQL> desc v$session
Name Null? Type
---------------------------- -------- -------
SADDR RAW(4)
SID NUMBER
…………

dbca (database creation assistant)

- oracle oui runinstaller gui
database .
CF. “$ORACLE_HOME/bin/dbca”
.

- database initial
parameter ,
. dbca scripts

.
CF. ! dbca



.

- dbca database oracle default
security restriction .

1. oracle user default password
user lock .

2. database
users .
SQL> alter user hr account unlock ;
SQL> alter user hr identified by <password> ;

secure application role

role (control in application level)

- role "set role" or
"dbms_session.set_role" hidden password
. pl/sql block identification
application level role control
.

- "scott" user role enable
.


SQL> create user scott identified by tiger default tablespace users
2 temporary tablespace temp ;

SQL> grant create session to scott ;

SQL> grant alter session to scott ;

NAME TYPE VALUE
--------------------------------------------------------------------------------
O7_DICTIONARY_ACCESSIBILITY boolean TRUE

SQL> create role marketing identified using system.sales_market ;

SQL> select * from dba_application_roles ;
ROLE SCHEMA PACKAGE
-------------------- -------------------- --------------------
MARKETING SYSTEM SALES_MARKET

SQL> grant select any table to marketing ;



SQL> create or replace procedure sales_market
2 authid current_user is
3 vs_user string(30);
4 begin
5 select sys_context('userenv', 'session_user')
6 into vs_user from dual;
7 if vs_user != 'SCOTT' then
8 dbms_output.put_line('you are an invalid user!');
9 return;
10 end if;
11 dbms_session.set_role('MARKETING');
12 end;
13 /

SQL> grant marketing to scott, scott2 ;

SQL> grant execute on sales_market to scott, scott2 ;

SQL> conn scott/tiger

SQL> desc v$session
Name Null? Type
----------------------------------------- -------- -------
SADDR RAW(4)
SID NUMBER
........

SQL> set role none ;

SQL> desc v$session ;
ERROR:

SQL> set role marketing ;
set role marketing
*
ERROR at line 1:
ORA-01979: missing or invalid password for role 'MARKETING'

SQL> set serveroutput on
SQL> exec system.sales_market;

pl/sql procedure successfully completed.

SQL> desc v$session
Name Null? Type
----------------------------------------- -------- -------
SADDR RAW(4)
SID NUMBER
........

SQL> conn scott2/tiger

SQL> desc v$session
Name Null? Type
----------------------------------------- -------- -------
SADDR RAW(4)
SID NUMBER
........



SQL> set role none ;

SQL> desc v$session ;
ERROR:

SQL> set role marketing ;
set role marketing
*
ERROR at line 1:
ORA-01979: missing or invalid password for role 'MARKETING'

SQL> exec system.sales_market;
you are an invalid user!


SQL> desc v$session
ERROR:
ORA-04043: object "SYS"."V_$SESSION" does not exist;

global application context

application context and global

- oracle8i application context session
user session application context setup
time . , session context setup
.
( oracle8i new features application context
)

- 9i global application context setup time
, web based multiple sessions
application context reuse
. , global .

- oracle Virtual Private Database(VPD) capability
.
CF. ..
. oracle security policy
.

- application server database scott user
multiple connections .
CF. KIM JANG web
ID application
. client KIM,
JANG return client



unique client id (
ID ) client web
browser return . (cookie ..)
application server .


SQL> grant unlimited tablespace to scott ;

SQL> grant create table to scott ;

SQL> grant create any context to scott ;

SQL> grant drop any context to scott ;

SQL> grant create procedure to scott ;


SQL> create context emp_info using init accessed globally ;

SQL> create table emp (emp_id varchar2(10), emp_name varchar2(10), dept_id varchar2(10)) ;

SQL> create table dept (dept_id varchar2(10), dept_name varchar2(10)) ;

SQL> insert into dept values ('SAL01', 'SALES');

SQL> insert into dept values ('SYS01', 'SYSTEM');

SQL> insert into dept values ('MAR01', 'MARKET');

SQL> insert into emp values ('A1998001', 'KIM', 'SAL01');

SQL> insert into emp values ('B2002003', 'JANG', 'SYS01');

SQL> insert into emp values ('C2001003', 'LEE', 'MAR01');

SQL> create or replace package init as
2 procedure create_cont (as_empid string, as_client string);
3 procedure set_id (as_client string);
4 procedure clear_id;
5 procedure clear_cont (as_client string);
6 end init;
7 /

- test stored procedure “init”
context globally access .

- stored procedure ‘init” package context creation,
id setting, id clearing, context clearing sub
procedure .
package body .

jkspark@hanafos.com - 10 -


SQL> create or replace package body init as
2 procedure create_cont (as_empid string, as_client string) is
3 vs_dbuser string(30);
4 vs_empuser string(30);
5 vs_deptname string(30);
6 begin
7 select sys_context('userenv','session_user')
8 into vs_dbuser from dual;
9 select e.emp_name, d.dept_name
10 into vs_empuser, vs_deptname
11 from emp e, dept d
12 where e.dept_id = d.dept_id and e.emp_id = as_empid;
13 dbms_session.set_context('EMP_INFO', 'NAME', vs_empuser, vs_dbuser, as_client);
14 dbms_session.set_context('EMP_INFO', 'DEPT', vs_deptname, vs_dbuser, as_client);
15 end;
16 procedure set_id (as_client string) is
17 begin
18 dbms_session.set_identifier(as_client);
19 end;
20 procedure clear_id is
21 begin
22 dbms_session.clear_identifier;
23 end;
24 procedure clear_cont (as_client string) is
25 begin
26 dbms_session.clear_context('EMP_INFO', as_client);
27 end;
28 end init;
29 /

- CASE1 : KIM ID A1998001
server . application server client
unique id web browser id
application context initialize .(
id 10121
call init procedure with id '10121')
SQL> exec init.create_cont('A1998001', '10121');

- CASE2 : JANG ID B2002003
server . application server client
unique id web browser id
application context initialize .(
id 10133
call init procedure with id '10133')
SQL> exec init.create_cont('B2002003', '10133');

- CASE3) KIM web browser application
call . context value ? context
global ,
session .




SQL> exec init.set_id('10121');

SQL> select sys_context('EMP_INFO', 'NAME') name,
2 sys_context('EMP_INFO', 'DEPT') dept
3 from dual ;

NAME DEPT
-------------------- --------------------
KIM SALES


SQL> select sys_context('EMP_INFO', 'NAME') name,
2 sys_context('EMP_INFO', 'DEPT') dept
3 from dual ;

NAME DEPT
-------------------- --------------------
JANG SYSTEM

SQL> exec init.clear_id;

SQL> select sys_context('EMP_INFO', 'NAME') from dual ;

SYS_CONTEXT('EMP_INFO','NAME')
--------------------------------------------------------------------------------

- global application context session SGA
. ,
"clear_identifier('id')" clear client id
.
clear_identifier argument procedure .

- current session context
id clear remove
set_identifier context reuse .

- . context . context
dbms_session
clear_context context

- clear
SQL> exec init.clear_cont('10133');



--------------------------------------------------------------------------------
clear context .



- clear context .


--------------------------------------------------------------------------------
KIM

clear context .

- , context , set_context
clear_context context
stored procedure .
dbms_session
. init package
.

enhanced fine-grained access control (FGAC)

data security 8i fgac all user
groups rows access .

partitioned fgac

- from 9i application policy
.( partitioned fgac )

- fgac

1. design application context(called a driving context)

2. setting policy

3. table or view access

4. fgac looks up driving context

5. determine policy group

6. apply

- oracle9i fgac .

.

- table policy group
init context driving
context policy .



default policy 2 policy
predicate clause test .

- CASE1 : KIM, LEE sales, marketing
policy . group
basic_grp . JANG system
system policy
data . gruop
system_grp . ,
order_hstry check curnt_flg 'Y'
data .

SQL> alter table emp add grp_policy varchar2(10) ;

SQL> update emp set grp_policy = 'BASIC_GRP' where dept_id = 'SAL01' ;

SQL> update emp set grp_policy = 'SYSTEM_GRP' where dept_id = 'SYS01' ;

SQL> update emp set grp_policy = 'BASIC_GRP' where dept_id = 'MAR01' ;

SQL> select * from emp ;

EMP_ID EMP_NAME DEPT_ID GRP_POLICY
---------- ---------- ---------- ----------
A1998001 KIM SAL01 BASIC_GRP
B2002003 JANG SYS01 SYSTEM_GRP
C2001003 LEE MAR01 BASIC_GRP

SQL> create table order_hstry (
2 company varchar2(10), dept_name varchar2(10), goods varchar2(10),
3 amount number, curnt_flg varchar2(1) default 'Y');

SQL> insert into order_hstry values ('ACOM', 'SALES', 'RACKET', 1000, 'Y') ;

SQL> insert into order_hstry values ('BCOM', 'SALES', 'RACKET', 1000, 'N') ;

SQL> insert into order_hstry values ('BCOM', 'SYSTEM', 'CABLE', 4000, 'N') ;

SQL> insert into order_hstry values ('ECOM', 'SYSTEM', 'COMPUTER', 10000, 'Y') ;

SQL> insert into order_hstry values ('FCOM', 'MARKET', 'SHEET', 400, 'Y');

SQL> insert into order_hstry values ('GCOM', 'MARKET', 'BOX', 500, 'N');

SQL> commit ;



- CASE2 : application context KIM
login application .
policy .

SQL> exec dbms_session.set_identifier('10121');

SQL> select sys_context('EMP_INFO', 'NAME') name from dual ;

NAME
----
KIM

SQL> select * from order_hstry ;

COMPANY DEPT_NAME GOODS AMOUNT C
---------- ---------- ---------- ---------- -
ACOM SALES RACKET 1000 Y
BCOM SALES RACKET 1000 N
BCOM SYSTEM CABLE 4000 N
ECOM SYSTEM COMPUTER 10000 Y
FCOM MARKET SHEET 400 Y
GCOM MARKET BOX 500 N



- CASE3 : policy driving context procedure
application context initialize package
policy group context policy
context table add . case1
3 policy 3 procedure .

SQL> create or replace package body init as
2 procedure create_cont (as_empid string, as_client string) is
3 vs_dbuser string(30);
4 vs_empuser string(30);
5 vs_deptname string(30);
6 vs_policy string(30);
7 begin
8 select sys_context('userenv','session_user')
9 into vs_dbuser from dual;
10 select e.emp_name, d.dept_name, e.grp_policy
11 into vs_empuser, vs_deptname, vs_policy
12 from emp e, dept d
13 where e.dept_id = d.dept_id and e.emp_id = as_empid;
14 dbms_session.set_context('EMP_INFO', 'NAME', vs_empuser, vs_dbuser, as_client);
15 dbms_session.set_context('EMP_INFO', 'DEPT', vs_deptname, vs_dbuser, as_client);
16 dbms_session.set_context('EMP_INFO', 'POLICY', vs_policy, vs_dbuser, as_client);
17 end;
18 procedure set_id (as_client string) is
19 begin
20 dbms_session.set_identifier(as_client);
21 end;
22 procedure clear_id is
23 begin
24 dbms_session.clear_identifier;
25 end;
26 procedure clear_cont (as_client string) is
27 begin
28 dbms_session.clear_context('EMP_INFO', as_client);
29 end;
30 end init;
/


SQL> grant execute on dbms_rls to scott ;


SQL> exec dbms_rls.add_policy_context('scott', 'order_hstry', 'emp_info', 'policy') ;

SQL> create or replace function order_standard (t_owner varchar2, t_name varchar2) return varchar2
is
2 begin
3 return 'curnt_flg = ''Y''';
4 end;
5 /
SQL> create or replace function order_basic (t_owner varchar2, t_name varchar2) return varchar2 is
2 begin
3 return 'dept_name = sys_context(''emp_info'', ''dept'')';
4 end;
5 /



SQL> create or replace function order_system (t_owner varchar2, t_name varchar2) return varchar2 is
2 begin
3 return 'dept_name <> sys_context(''emp_info'', ''dept'')';
4 end;
5 /

SQL> exec dbms_rls.add_grouped_policy('scott', 'order_hstry', 'SYS_DEFAULT', 'for_standard', 'scott',
'order_standard') ;

- "sys_default" default group
add_policy . policy drop drop_policy
. group
drop_grouped_policy group
drop_grouped_policy
delete_policy_group .

SQL> exec dbms_rls.create_policy_group('scott', 'order_hstry', 'basic_grp') ;

SQL> exec dbms_rls.add_grouped_policy('scott', 'order_hstry', 'basic_grp', 'for_basic', 'scott',
'order_basic') ;

SQL> exec dbms_rls.create_policy_group('scott', 'order_hstry', 'system_grp') ;

SQL> exec dbms_rls.add_grouped_policy('scott', 'order_hstry', 'system_grp', 'for_system', 'scott',
'order_system') ;

- CASE 4 : context test
context initialize identifier .

SQL> exec init.clear_cont('10121');

SQL> exec init.create_cont('A1998001', '10121');

SQL> exec init.create_cont('B2002003', '10133');


SQL> select sys_context('emp_info','policy') from dual ;

SYS_CONTEXT('EMP_INFO','POLICY
--------------------------------------------------------------------------------
BASIC_GRP

- policy basic_grp . sql
oracle default policy sys_default
for_standard policy(order_standard function)
basic_grp for_basic policy(order_basic function)
sql return .
no rows selected
no data found . .



- user KIM sales sys_default
curnt_flg 'Y' data basic_grp
'SALES' data , .
?


COMPANY DEPT_NAME GOODS AMOUNT C
---------- ---------- ---------- ---------- -
ACOM SALES RACKET 1000 Y

- oracle iTAR .
"This was recently reported as a known bug, 2635664 Testcase
established two policy groups, each with an associated policy.
When running with no context, no rows were returned as both
policies were in effect (correct) and the predicates they
generated were mutually exclusive. Changing the context to
either one or the other valid groups resulted in still no rows
being returned as both policies were still being applied
(wrong) rather than just the only valid policy. You may see
some relief as a workaround to flush the shared pool after
changing the driving context, see if this helps. Solution for this
issue is to apply the 9.2.0.4 patchset as this contains the fix."

- upgrade
.

fine-grained audit (FGA)

row auditing

- from 9i row level tracking auditing
.

- dbms_fga package (add, drop, enable,
disable_policy) policy (dba_audit_policies)
dba_fga_audit_trail view . , policy
(invoke procedure) "select with a where clause for
only one audit column" event handler audit feature
.
CF. select trigger user
fetch data audit condition data
.

- fga .

1. design audit policy

2. create audit event handler(if you want to call stored
procedure whenever users call audited data)



3. add policy

4. check dba_fga_audit_trail, alert.log(if you call the stored
procedure with writing function to alert.log)

- order_hstry table fga .
9i fga .
.

- CASE1 : "SYSTEM"
(dept_id = 'SYS01') access auditing
.


SQL> grant execute on dbms_fga to scott ;


SQL> exec dbms_fga.add_policy('scott', 'emp', 'policy_emp', 'dept_id = ''SYS01'' ', 'emp_id');

SQL> select object_schema, object_name, policy_name, policy_text from dba_audit_policies ;

OBJECT_SCH OBJECT_NAM POLICY_NAM POLICY_TEXT
---------- ---------- ---------- --------------------
SCOTT EMP POLICY_EMP dept_id = 'SYS01'

SQL> select emp_name from emp where dept_id = 'SYS01' ;

EMP_NAME
----------
JANG

SQL> select count(*) from emp ;

COUNT(*)
----------
3

SQL> select count(*) from emp where dept_id = 'SYS01' ;

COUNT(*)
----------
1

SQL> select session_id, timestamp, object_schema, object_name, policy_name
2 from dba_fga_audit_trail ;

no rows selected

- 3 SQL dept_id = 'SYS01' audit
column emp_id access audit .



SQL> select emp_id from emp ;

EMP_ID
----------
A1998001
B2002003
C2001003

SQL> select emp_id from emp where dept_id = 'MAR01';

EMP_ID
----------
C2001003

SQL> select emp_name from emp where emp_id = 'C2001003' ;

EMP_NAME
----------
LEE


SESSION_ID TIMESTAMP OBJECT_SCH OBJECT_NAM POLICY_NAM
---------- --------- ---------- ---------- ----------
198 18-AUG-03 SCOTT EMP POLICY_EMP

- 3 sql audit
data (where ) .
auditing . .

SQL> analyze table emp compute statistics;

SQL> select emp_name from emp where emp_id = 'C2001003' ;

EMP_NAME
----------
LEE

SQL> select emp_id from emp where dept_id = 'MAR01';

EMP_ID
----------
C2001003

SQL> select emp_id from emp where dept_id = 'SYS01' ;

EMP_ID
----------
B2002003


---------- --------- ---------- ---------- ----------



- 3 SQL audit
. . , analyze
.

SQL> select emp_name from emp where emp_id = 'B2002003' ;

EMP_NAME
----------
JANG


---------- --------- ---------- ---------- ----------

- emp_id select where policy dept_id =
'SYS01' emp_id access auditing
. , policy audit
column access (select ) auditing
.

- CASE2 : session alert
message auditing . , policy
handle procedure alert message auditing
. (application developer's guide 9i
util_alert_pager call alert log auditing
.
procedure .
.


SQL> grant execute on dbms_alert to scott ;


SQL> create or replace procedure trail_emp
2 (ud_schema varchar2, ud_table varchar2, ud_policy varchar2) is
3 pragma autonomous_transaction;
4 begin
5 dbms_alert.signal('alert_emp', to_char(sysdate, 'YYYYMMDD HH24:MI:SS') || ud_schema || ':' ||
ud_table || ':' || ud_policy);
6 commit;
7 end;
8 /

SQL> select object_schema, object_name, policy_name, policy_text, pf_schema, pf_function
2 from dba_audit_policies ;

OBJECT_SCH OBJECT_NAM POLICY_NAM POLICY_TEXT PF_SCHEMA PF_FUNCTIO
---------- ---------- ---------- ----------------- ---------- ----------
SCOTT EMP POLICY_EMP dept_id = 'SYS01' SCOTT TRAIL_EMP



- auditing procedure .
pf_function procedure .
procedure pragma
autotnomous_transaction dbms_alert
signal commit select
application commit
. (autonomous_transaction
oracle8i new features )

- (terminal #2)
SQL> var status number
SQL> var message varchar2(2000)
SQL> exec dbms_alert.waitone('alert_emp', :message, :status);
….waiting….

alert message .
, auditing procedure trail_emp
waiting . .
waiting
package dbms_pipe
( polling )
.

- (terminal #1)
sql auditing terminal #2
waiting prompt
.

SQL> select emp_name, emp_id from emp where dept_id = 'SYS01' ;

EMP_NAME EMP_ID
---------- ----------
JANG B2002003


---------- ---------- ---------- ---------- ----------



- terminal #2

SQL> exec dbms_alert.waitone('alert_emp', :message, :status);


SQL> print :message

MESSAGE
--------------------------------------------------------------------------------
20030818 16:38:50SCOTT:EMP:POLICY_EMP
auditing message .

SQL> print :status

STATUS
----------
0
-

- 0 .0 alert , auditing
1 timeout
.

- CASE2 : CASE2 9i new feature fga
procedure auditing
. alert
auditing .

- dbms_alert dbms_pipe
. table
trigger dbms_alert dml auditing
.

- (terminal #2) auditing
data . auditing data
. . sys
login disable .

SQL> conn / as sysdba

SQL> delete from dba_fga_audit_trail ;

SQL> commit ;


SQL> exec dbms_fga.disable_policy('scott', 'emp', 'policy_emp');

SQL> exit



- (terminal #1) auditing
.

SQL> select policy_name, enabled from dba_audit_policies ;

POLICY_NAME ENA
------------------------------ ---
POLICY_EMP NO


no rows selected

SQL> select emp_name, emp_id from emp where dept_id = 'SYS01' ;

EMP_NAME EMP_ID
---------- ----------
JANG B2002003


no rows selected

- auditing data . disable .

encryption enhancements

9i

.

9i dbms_obfuscation_toolkit package data
encryption and decryption .
oracle
encryption and decryption package
.

DES, MD5, DES3

- , DES(Data Encryption
Standard), MD5(Message Digest 5)
DES DES3(Triple DES) .

- dbms_obfuscation_toolkit 3
DES .
CF. 9i .

- CASE : DES input data
encryption and decryption (private) key
.



CF. DES3 key 3

.

- procedure
dbms_obfuscation_toolkit desencryption procedure
call key data
desdecryption procedure call key
.

SQL> create or replace procedure pwd_encdec (pwd varchar2, key varchar2) is
2 vr_inraw raw(128) := utl_raw.cast_to_raw(pwd);
3 vr_keyraw raw(128) := utl_raw.cast_to_raw(key);
4 vr_encraw raw(2048);
5 vr_decraw raw(2048);
6 begin
7 dbms_output.put_line('----------------------------------------------');
8 dbms_output.put_line('your pwd (converted with to raw type) : ' ||
utl_raw.cast_to_varchar2(vr_inraw));
9 dbms_output.put_line('your key (converted with to raw type) : ' ||
utl_raw.cast_to_varchar2(vr_keyraw));
11 dbms_obfuscation_toolkit.desencrypt( input => vr_inraw, key => vr_keyraw, encrypted_data =>
vr_encraw);
12 dbms_output.put_line('encrypted hex value : ' || rawtohex(vr_encraw));
13 dbms_obfuscation_toolkit.desdecrypt( input => vr_encraw, key => vr_keyraw, decrypted_data
=> vr_decraw);
14 dbms_output.put_line('decrypted pwd : ' || utl_raw.cast_to_varchar2(vr_decraw));
16 end;
17 /

SQL> exec pwd_encdec('pwd12345', 'key56789');
----------------------------------------------
your pwd (converted with to raw type) : pwd12345
your key (converted with to raw type) : key56789
----------------------------------------------
encrypted hex value : 8AE1B93004764662
decrypted pwd : pwd12345
----------------------------------------------

- encrypted value raw type sqlplus
hexvalue .

- data 'pwd12345' key value 'key56789'
encryption key decryption
.

- . error case .
error .



SQL> exec pwd_encdec('pwd1234', 'key56789');
----------------------------------------------
your pwd (converted with to raw type) : pwd1234
your key (converted with to raw type) : key56789
----------------------------------------------
BEGIN pwd_encdec('pwd1234', 'key56789'); END;

*
ERROR at line 1:
ORA-28232: invalid input length for obfuscation toolkit
ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI", line 0
ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT", line 99
ORA-06512: at "SCOTT.PWD_ENCDEC", line 11
ORA-06512: at line 1

- error . encryption data 7
. , DES
.
.

- DES Restriction :

1. DES symmetric key algorithm
, key
key
.

2. DES 64bit data block 56bit key
encryption data 8 (multiple of 8
bytes)
.

3. key 56-bit key
.
CF. DES data
.(
)

others

9i new features
optional 9i database
.

oracle label security

- feature trusted oracle
pl/sql policy .
vpd(virtual private database)



connection user row label
.
CF. 9i feature
optional product . , database
features .

- . oracle oracle
policy manager gui .
optional
.

- , vpd policy
policy application context
data data access
.
CF. label hidden column data
access .

oracle login server

- oracle oid(oracle internet directory) single sign-on
. 9i application server
database connection
.

- web application multiple database
.



2. General High Availability Technology

minimal I/O recovery (only instance or crash recovery)

unplanned down database restart
oracle instance recovery database
open .

to 8i instance recovery

- 3 .

1. rolling forward(redo log applying)
.
failure check point redo log
read ( )
datafile read/write (
)

2. database open

3. rolling back (by smon)

from 9i : rolling forward two-pass recovery

- rolling forward datafile read/write
time .

- two-pass recovery :

1. failure checkpoint redo log
read(sequential read) pga recovery
block keeping

2. pga keeping recovery block
applying ( dbwr deferred write
)

3. redo log two-pass .

4. block recovery
. 9i redo log block dirty
in the buffer cache
.

- instance or crash recovery dba
oracle .



CF. instance or crash single instance
rac(ops) .

fast-start time-based recovery limit

recovery performance
recovery , redo
.

oracle checkpoint rba(redo byte address) control
file recovery checkpoint rba
oracle instance
. checkpoint rba failure
recovery . mttr
.

mttr(mean time to recover)

- dba recovery time
.
checkpoint rba ,
datafile dirty block write ,
checkpoint dba
.

- log_checkpoint_interval or
fast_start_io_target parameter
.

- new parameter fast_start_mttr_target
crash recovery time .
dynamic parameter fast_start_io_target
log_checkpoint_interval
.
CF. rac crash recovery time open
instances sum of fast_start_mttr_target
. node failure node
recovery
.

- 0 ~ 3600 0
. recommended value sga size
site service level agreement (sla) .

recovery time parameter

- recovery time 4 parameter



1. db_block_max_dirty_target (obsoleted from 9i)

2. fast_start_io_target

3. log_checkpoint_interval

4. log_checkpoint_timeout (no change)

- from 9i fast_start_mttr_target
fast_start_io_target, log_checkpoint_interval
. fast_start_io_target,
log_checkpoint_interval
fast_start_mttr_target override .

new 3 columns in v$instance_recovery for recovery time
information

- oracle 30 mttr .

1. TARGET_MTTR : oracle mttr
value . dba system
monitoring
fast_start_mttr_target
.

2. ESTIMATED_MTTR : instance failure recovery time

3. CKPT_BLOCK_WRITES : checkpoint
db block write

flashback (managing by smon)

consistent view
.

, data
time machine
query .
(
8i rollback segment
. .)

- scn
.
data scn mapping .



- 5
5 data .
( wall-clock time .
scn flashback
query scn generation 5
)

flashback feature

- flashback dml flashback query
flashback disable .( pl/sql block
)

- flashback query 9i new feature undo management
.

- rollback segment 9i undo
management (automatic undo)
flashback query .

- flashback query
undo 3 initial parameter
manual rollback segment
.

1. undo_management = auto

2. undo_tabelspace = tablespace_name

3. undo_retention = 6000

- 3 setting undo mechanism
tablespace_name undo data
retention undo
flashback query .( flashback query
undo_retention value )

- flashback query session level smon
scn time mapping smon_scn_time table

- flashback enable session dml
flashback disabling open pl/sql cursor dml
.( data
flashback )

- dbms_flashback.enable active transaction
sys user . (session
level ).



example

- table 3 rows table
1 row delete data
.


SQL> sho parameter undo_retention

NAME TYPE VALUE
------------------------------------ ---------- ------------------------------
undo_retention integer 1200

SQL> grant execute on dbms_flashback to scott ;


SQL> set time on
16:50:39 SQL> create table emp_flash as select * from emp ;

16:50:57 SQL> select * from emp_flash ;

---------- ---------- ---------- ----------

16:51:03 SQL> select sysdate, dbms_flashback.get_system_change_number from dual ;

SYSDATE GET_SYSTEM_CHANGE_NUMBER
----------------- ------------------------
20030901 16:51:21 718931

16:51:21 SQL> select sysdate, 'wait for 5 miniutes!' from dual ;

SYSDATE 'WAITFOR5MINIUTES!'
----------------- --------------------------------
20030901 16:51:57 wait for 5 miniutes!

16:51:57 SQL> select sysdate, 'wait for 5 miniutes!' from dual ;

SYSDATE 'WAITFOR5MINIUTES!'
----------------- --------------------------------
20030901 16:57:15 wait for 5 miniutes!

16:57:15 SQL> delete from emp_flash where grp_policy = 'SYSTEM_GRP' ;

16:57:52 SQL> commit ;


---------- ---------- ---------- ----------

16:58:01 SQL> select sysdate, dbms_flashback.get_system_change_number from dual ;

SYSDATE GET_SYSTEM_CHANGE_NUMBER
----------------- ------------------------
20030901 16:59:37 719095



16:59:37 SQL> exec dbms_flashback.enable_at_time(to_timestamp('20030901 16:57:01', -
17:01:15 > 'YYYYMMDD HH24:MI:SS')) ;



---------- ---------- ---------- ----------

17:02:09 SQL> delete from emp_flash ;
delete from emp_flash
*
ERROR at line 1:
ORA-08182: operation not supported while in Flashback mode

17:02:35 SQL> exec dbms_flashback.disable ;




- flashback cursor open flashback
mode disable flashback data dml
.

- , open flashback mode disable flashback
mode cursor fetch .

17:02:36 SQL> set time off
SQL> declare
2 vr_emp emp_flash%rowtype;
3 cursor c_emp_flash is
4 select * from emp_flash where grp_policy = 'SYSTEM_GRP' ;
5 begin
6 dbms_flashback.enable_at_time(to_timestamp('20030901 16:57:01', 'YYYYMMDD
HH24:MI:SS')) ;
7 open c_emp_flash;
8 dbms_flashback.disable;
9 loop
10 fetch c_emp_flash into vr_emp;
11 exit when c_emp_flash%notfound;
12 dbms_output.put_line(vr_emp.emp_id || ' ' || vr_emp.grp_policy);
13 insert into emp_flash values (vr_emp.emp_id, vr_emp.emp_name, vr_emp.dept_id,
vr_emp.grp_policy);
14 end loop;
15 close c_emp_flash;
16 end;
17 /
B2002003 SYSTEM_GRP


SQL> commit ;

SQL> select * from emp_flash;

---------- ---------- ---------- ----------

- test
undo_retention time 1200 , 20
flashback query .
transaction undo overwrite
flashback query . ,
parameter 1200 oracle maximum flashback
query static
.



flashback & logminer

what is the difference?

- logminer flashback
.( )
.

- , flashback logminer .
undo space undo_retention
. ( . database
flashback )

data logminer
.

- ...

1. flashback : data
data

2. logminer : data data
( 9i gui
. , logminer
data type )

CF. oracle 10g row flashback
database level table(or index) level flashback .
10g .

resumable space allocation

. large operation
space rollback
extent , size data table
tablespace .
hang large
operation time cost
. ! 9i .

job suspending and resume

- tablespace
suspending
. 3
case .

1. out-of-space : tablespace



2. space limit : max extents

3. user tablespace quota

-

1. session level control

2. suspend alert.log

3. system event trigger after suspend on database trigger
firing

-

1. select temporary tablespace

2. dml, imp/exp(using resumable optoin),
sql*loader(using resumable option), ddl

how long can you wait?

- large operation
. (timeout
occurs) abort . default
7200
.

- alter session enable resumable timeout 3000 ;
CF. [name "xxx"] option resumable
.

- exec dbms_resumable.set_session_timeout(session_id, 3000) ;

- exec dbms_resumable.set_timeout(3000) ;

- create or replace trigger resume_timeout after suspend on
database
begin
dbms_resumable.set_timeout(3000);
end;
/
CF. trigger
resumable case .
statement suspend trigger datafile resize
or add scripts
, dba message
.
CF. , trigger suspending transaction
(ddl or dml) ( ,
commit ) pragma
autonomous_transaction .



example

- tablespace insert
.


SQL> grant resumable to scott;

SQL> create tablespace tbs_test
2 datafile '/app/oracle/oradata/NEWSVC/resume.dbf' size 88K
3 autoextend off ;


SQL> create table resumable_test
2 tablespace tbs_test
3 as select * from all_objects where rownum < 1 ;

SQL> select * from resumable_test ;

no rows selected

SQL> insert into resumable_test select * from all_objects ;
.. waiting ..
prompt suspending .
alert.log .

[NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/bdump> tail -f alert_NEWSVC.log
............
............
Tue Sep 2 16:11:42 2003 timeout
.
statement in resumable session 'User SCOTT(61), Session 8, Instance 1' was suspended due to
ORA-01653: unable to extend table SCOTT.RESUMABLE_TEST by 8 in tablespace TBS_TEST
, data
alert log error message tbs_test .
time machine
[NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/bdump> sqlplus system/manager
SQL> alter database datafile '/app/oracle/oradata/NEWSVC/resume.dbf' resize 10M ;
Database altered.

suspending sql return .

SQL> insert into resumable_test select * from all_objects ;

23659 rows created.

SQL> commit ;

resumable package and view

- dbms_resumable package

1. abort : suspending statement abort

2. get_session_timeout(session_id) :

3. get_timeout



4. set_session_timeout(session_id, timeout)

5. set_timeout

6. space_error_info ( argument )

- dba_resumable view : suspending
dba_resumable
view session id

1. sql ( 1000 bytes)

2. resumable

3. time .

exp/imp enhancements

import and statistics

- to 8i import
analyze and recalculate_statistics parameter
.

- from 9i statistics parameter
.

1. always : import .(
default questionable )

2. safe : import .( ,
questionable , safe )

3. recalculate : import import
.

4. none : import recalculate

CF. questionable dump file export error
. error dump
file safe .

- export parameter 8i tablespace transport
tablespace . from 9i
tablespace object export option
. , list of tablespaces to transport list
objects of tablespaces to export .

- export parameter
user exp_full_database privilege



.
CF. , import

example

- partition table 9i new feature list partitioned
table . .

SQL> system/manager

SQL> create tablespace tbs_test2 datafile
2 '/app/oracle/oradata/NEWSVC/expimp_test.dbf' size 5M ;


SQL> create table sale_part (id number, name varchar2(30), addr varchar2(2),
2 amount number, hiredata date)
3 partition by list(addr)
4 (
5 partition sale_east values ('ea', 'eb'),
6 partition sale_west values ('wa', 'wb'),
7 partition sale_south values ('sa', 'sb') tablespace tbs_test,
8 partition sale_north values ('na', 'nb') tablespace tbs_test2
9 );

SQL> insert into sale_part values (10, 'JANG', 'ea', 100, sysdate -1);
SQL> insert into sale_part values (20, 'CHOI', 'wb', 200, sysdate -2);
SQL> insert into sale_part values (30, 'LEE', 'sa', 300, sysdate -3);
SQL> insert into sale_part values (40, 'JUN', 'nb', 400, sysdate -4);
SQL> commit ;

SQL> create index resumable_test_i_object_id on resumable_test(object_id)
2 tablespace tbs_test2 ;

SQL> select segment_name, partition_name from user_segments
2 where tablespace_name = 'TBS_TEST' ;

SEGMENT_NAME PARTITION_NAME
-------------------- --------------------
RESUMABLE_TEST
SALE_PART SALE_SOUTH

SQL> grant exp_full_database to scott ;
SQL> grant imp_full_database to scott ;
SQL> exit

[NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/work> exp userid=scott/tiger tablespaces=tbs_test
.......
About to export selected tablespaces ...
For tablespace TBS_TEST ...
. exporting cluster definitions
. exporting table definitions
. . exporting table RESUMABLE_TEST 23659 rows exported
. . exporting table SALE_PART
. . exporting partition SALE_EAST 1 rows exported
. . exporting partition SALE_WEST 1 rows exported
. . exporting partition SALE_SOUTH 1 rows exported
. . exporting partition SALE_NORTH 1 rows exported
. exporting referential integrity constraints
. exporting triggers
Export terminated successfully without warnings.




SQL> select segment_name, partition_name, tablespace_name
2 from user_segments where tablespace_name in ('USERS', 'TBS_TEST', 'TBS_TEST2') ;

SEGMENT_NAME PARTITION_NAME TABLESPACE
-------------------------- -------------- ----------
SALE_PART SALE_NORTH TBS_TEST2
RESUMABLE_TEST_I_OBJECT_ID TBS_TEST2
RESUMABLE_TEST TBS_TEST
SALE_PART SALE_SOUTH TBS_TEST
EMP USERS
DEPT USERS
ORDER_HSTRY USERS
EMP_FLASH USERS
SALE_PART SALE_EAST USERS
SALE_PART SALE_WEST USERS

- import tablespace
partition tbs_test index
export tablespace import
. , tablespace objects
tablespace objects export/import .

- resumable exp/imp parameter
. option
resumable command
. parameter .

1. resumable=y/n

2. resumable_name=name

3. resumable_timeout=timeout seconds
(default 7200 )

- flashback exp/imp
parameter . parameter .

1. flashback_scn=scn

2. flashback_timeout=time

CF. . parameter error .
( flashback )



3. LogMiner Enhancements

ddl support

Logminer and ddl

- to 8i ddl logminer
ddl command oracle internal dml
ddl
.

- from 9i ddl log oracle internal
dml ddl .

- .

1. v$logmnr_contents operation column "ddl"
.

2. v$logmnr_contents sql_redo column ddl
.

3. 9i version log file .
( . ddl 9i logging
)

4. ddl support recovery
. (drop truncate row data
)

example

- . . redo log
database restart
.

- logminer 9i online data
dictionary
build .

SQL> conn sys/manager
system user package .
SQL> grant execute on dbms_logmnr to scott ;

SQL> create public synonym dbms_logmnr for dbms_logmnr ;
.



SQL> select member from v$logfile where group# =
2 (select group# from v$log where status = 'CURRENT');

MEMBER
--------------------------------------------------------------------------------
/app/oracle/oradata/NEWSVC/redoNEWSVC01a.log
/app/oracle/oradata/NEWSVC/redoNEWSVC01b.log
current log DDL .

SQL> create table logtest (t number);

SQL> truncate table logtest ;

SQL> drop table logtest ;

SQL> select member from v$logfile where group# =
2 (select group# from v$log where status = 'CURRENT') ;

MEMBER
--------------------------------------------------------------------------------
/app/oracle/oradata/NEWSVC/redoNEWSVC01a.log
/app/oracle/oradata/NEWSVC/redoNEWSVC01b.log
current log redo log .

SQL> exec dbms_logmnr.add_logfile('/app/oracle/oradata/NEWSVC/redoNEWSVC01a.log') ;

SQL> exec dbms_logmnr.start_logmnr(options => dbms_logmnr.dict_from_online_catalog) ;
onlie data dictionary build .

SQL> select sql_redo from v$logmnr_contents
2 where username = 'SCOTT' and operation = 'DDL' and seg_name = 'LOGTEST' ;

SQL_REDO
----------------------------------------
create table logtest (t number);
truncate table logtest ; ( . truncate dml )
drop table logtest ;

data dictionary access

new data dictionary access

- 8i dictionary access flat file
.

- redo log
table,
column
.( 8i )

- ( 3 )
dictionary


Oracle History #6

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (13)

En vedette

En vedette (7)

Similaire à Oracle History #6

Similaire à Oracle History #6 (20)

Plus de Kyung Sang Jang

Plus de Kyung Sang Jang (14)

Dernier

Dernier (20)

Oracle History #6