Oracle History #6

1,506 views

Published on

Oracle New Features for Version 9i

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,506
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Oracle History #6

  1. 1. New Features forAdministrators(Oracle9i) November, 2003 CloudBox Jang Kyung Sang
  2. 2. Oracle9i New Features http://www.ggola.comOracle9i New Features for Administratorscourse Preface 1. Oracle Server Security 2. General High Availability Technology 3. LogMiner Enhancements 4. Backup and Recovery 5. Data Guard 6. Database Resource Manager 7. Online Operation 8. Advanced Partition and Segment Management Enhancement 9. Automatic Segment and Advanced Index Management Enhancement 10. Advanced Performance Features for Index, Cursor, Optimizing and Statistics 11. Scalable Session Management 12. Real Application Cluster 13. Oracle Managed Files 14. New Tablespace Management 15. New Memory Management 16. Oracle Enterprise Manager 17. New and Standard SQL 18. Globalization Support 19. Workspace Management 20. Advanced Replication OCP9i New Features check .jkspark@hanafos.com -2-
  3. 3. Oracle9i New Features http://www.ggola.comPreface oracle9i new features oracle version . . PIII 512M PC Redhat Linux 7 . test user scott directory oracle OFA . pc , linux server (hostname) “LIRACLE” oracle instance “NEWSVC” . oem, rman globalization support chapter oracle version . ocp ocm paper . ocm paper . ( 60 ) (2004.01) 2 . 9i (new features ..) . iSQL*Plus - sql*plus 2tier client pc sql*net(net*?i ) . - from 9i client web browser oracle database oracle http server sql*plus . CF. , web browser oracle http rdbmsjkspark@hanafos.com -3-
  4. 4. Oracle9i New Features http://www.ggola.com sample schema - scott/tiger oracle sample schema 5 schema . database example . (demo schema “$ORACLE_HOME/demo/schema” ) - oracle HR, OE/OC, QS, PM, SH schema QS QS_ user . CF. test : AIX 9iR2 OC redhat 9iR2 OE . oracle install option scripts . - 350M ~ 400M disk space . CF. users partition, replication, advanced queuing example .( )jkspark@hanafos.com -4-
  5. 5. Oracle9i New Features http://www.ggola.com1. Oracle Server Securityconnection to database oracle new version . from 9i svrmgrl remove shell svrmgrl . to 8i sqlplus internal . remote password login file (orapw) . internal connection - 1: [NEWSVC]LIRACLE:/oracle/app/oracle/admin/NEWSVC/ work> sqlplus /nolog SQL> conn / as sysdba SQL> - 2: [NEWSVC]LIRACLE:/oracle/app/oracle/admin/NEWSVC/ work> sqlplus "/as sysdba" SQL> - 3: [NEWSVC]LIRACLE:/oracle/app/oracle/admin/NEWSVC/ work> sqlplus Enter user-name: /as sysdba SQL>default security default security oracle privilege rule . oracle grant, revoke privilege role mechanism default security from 9i . initial parameter O7_DICTIONARY_ACCESSIBILITY - to 8i select any table privilege users object . jkspark@hanafos.com -5-
  6. 6. Oracle9i New Features http://www.ggola.com - from 9i sysdba data dictionary rule . - , select any table privilege object initial parameter O7_DICTIONARY_ACCESSIBILITY TRUE . oracle default parameter FALSE setting . - . SQL> sho parameter o7 NAME TYPE VALUE -------------------------------------------------------------------------------- O7_DICTIONARY_ACCESSIBILITY boolean FALSE SQL> conn system/manager SQL> grant select any table to qs ; SQL> conn qs/qs SQL> desc v$session ERROR: ORA-04043: object "SYS"."V_$SESSION" does not exist SQL> shutdown & restart after change parameter SQL> sho parameter o7 NAME TYPE VALUE -------------------------------------------------------------------------------- O7_DICTIONARY_ACCESSIBILITY boolean TRUE SQL> conn qs/qs SQL> desc v$session Name Null? Type ---------------------------- -------- ------- SADDR RAW(4) SID NUMBER ………… dbca (database creation assistant) - oracle oui runinstaller gui database . CF. “$ORACLE_HOME/bin/dbca” . - database initial parameter , . dbca scripts . CF. ! dbcajkspark@hanafos.com -6-
  7. 7. Oracle9i New Features http://www.ggola.com . - dbca database oracle default security restriction . 1. oracle user default password user lock . 2. database users . SQL> alter user hr account unlock ; SQL> alter user hr identified by <password> ;secure application role role (control in application level) - role "set role" or "dbms_session.set_role" hidden password . pl/sql block identification application level role control . - "scott" user role enable . SQL> conn system/manager SQL> create user scott identified by tiger default tablespace users 2 temporary tablespace temp ; SQL> grant create session to scott ; SQL> grant alter session to scott ; SQL> sho parameter o7 NAME TYPE VALUE -------------------------------------------------------------------------------- O7_DICTIONARY_ACCESSIBILITY boolean TRUE SQL> create role marketing identified using system.sales_market ; SQL> select * from dba_application_roles ; ROLE SCHEMA PACKAGE -------------------- -------------------- -------------------- MARKETING SYSTEM SALES_MARKET SQL> grant select any table to marketing ; jkspark@hanafos.com -7-
  8. 8. Oracle9i New Features http://www.ggola.com SQL> create or replace procedure sales_market 2 authid current_user is 3 vs_user string(30); 4 begin 5 select sys_context(userenv, session_user) 6 into vs_user from dual; 7 if vs_user != SCOTT then 8 dbms_output.put_line(you are an invalid user!); 9 return; 10 end if; 11 dbms_session.set_role(MARKETING); 12 end; 13 / SQL> grant marketing to scott, scott2 ; SQL> grant execute on sales_market to scott, scott2 ; SQL> conn scott/tiger SQL> desc v$session Name Null? Type ----------------------------------------- -------- ------- SADDR RAW(4) SID NUMBER ........ SQL> set role none ; SQL> desc v$session ; ERROR: ORA-04043: object "SYS"."V_$SESSION" does not exist SQL> set role marketing ; set role marketing * ERROR at line 1: ORA-01979: missing or invalid password for role MARKETING SQL> set serveroutput on SQL> exec system.sales_market; pl/sql procedure successfully completed. SQL> desc v$session Name Null? Type ----------------------------------------- -------- ------- SADDR RAW(4) SID NUMBER ........ SQL> conn scott2/tiger SQL> desc v$session Name Null? Type ----------------------------------------- -------- ------- SADDR RAW(4) SID NUMBER ........jkspark@hanafos.com -8-
  9. 9. Oracle9i New Features http://www.ggola.com SQL> set role none ; SQL> desc v$session ; ERROR: ORA-04043: object "SYS"."V_$SESSION" does not exist SQL> set role marketing ; set role marketing * ERROR at line 1: ORA-01979: missing or invalid password for role MARKETING SQL> set serveroutput on SQL> exec system.sales_market; you are an invalid user! pl/sql procedure successfully completed. SQL> desc v$session ERROR: ORA-04043: object "SYS"."V_$SESSION" does not exist;global application context application context and global - oracle8i application context session user session application context setup time . , session context setup . ( oracle8i new features application context ) - 9i global application context setup time , web based multiple sessions application context reuse . , global . - oracle Virtual Private Database(VPD) capability . CF. .. . oracle security policy . - application server database scott user multiple connections . CF. KIM JANG web ID application . client KIM, JANG return client jkspark@hanafos.com -9-
  10. 10. Oracle9i New Features http://www.ggola.com unique client id ( ID ) client web browser return . (cookie ..) application server . SQL> conn system/manager SQL> grant unlimited tablespace to scott ; SQL> grant create table to scott ; SQL> grant create any context to scott ; SQL> grant drop any context to scott ; SQL> grant create procedure to scott ; SQL> conn scott/tiger SQL> create context emp_info using init accessed globally ; SQL> create table emp (emp_id varchar2(10), emp_name varchar2(10), dept_id varchar2(10)) ; SQL> create table dept (dept_id varchar2(10), dept_name varchar2(10)) ; SQL> insert into dept values (SAL01, SALES); SQL> insert into dept values (SYS01, SYSTEM); SQL> insert into dept values (MAR01, MARKET); SQL> insert into emp values (A1998001, KIM, SAL01); SQL> insert into emp values (B2002003, JANG, SYS01); SQL> insert into emp values (C2001003, LEE, MAR01); SQL> create or replace package init as 2 procedure create_cont (as_empid string, as_client string); 3 procedure set_id (as_client string); 4 procedure clear_id; 5 procedure clear_cont (as_client string); 6 end init; 7 / - test stored procedure “init” context globally access . - stored procedure ‘init” package context creation, id setting, id clearing, context clearing sub procedure . package body .jkspark@hanafos.com - 10 -
  11. 11. Oracle9i New Features http://www.ggola.com SQL> create or replace package body init as 2 procedure create_cont (as_empid string, as_client string) is 3 vs_dbuser string(30); 4 vs_empuser string(30); 5 vs_deptname string(30); 6 begin 7 select sys_context(userenv,session_user) 8 into vs_dbuser from dual; 9 select e.emp_name, d.dept_name 10 into vs_empuser, vs_deptname 11 from emp e, dept d 12 where e.dept_id = d.dept_id and e.emp_id = as_empid; 13 dbms_session.set_context(EMP_INFO, NAME, vs_empuser, vs_dbuser, as_client); 14 dbms_session.set_context(EMP_INFO, DEPT, vs_deptname, vs_dbuser, as_client); 15 end; 16 procedure set_id (as_client string) is 17 begin 18 dbms_session.set_identifier(as_client); 19 end; 20 procedure clear_id is 21 begin 22 dbms_session.clear_identifier; 23 end; 24 procedure clear_cont (as_client string) is 25 begin 26 dbms_session.clear_context(EMP_INFO, as_client); 27 end; 28 end init; 29 / - CASE1 : KIM ID A1998001 server . application server client unique id web browser id application context initialize .( id 10121 call init procedure with id 10121) SQL> exec init.create_cont(A1998001, 10121); - CASE2 : JANG ID B2002003 server . application server client unique id web browser id application context initialize .( id 10133 call init procedure with id 10133) SQL> exec init.create_cont(B2002003, 10133); - CASE3) KIM web browser application call . context value ? context global , session .jkspark@hanafos.com - 11 -
  12. 12. Oracle9i New Features http://www.ggola.com SQL> conn scott/tiger SQL> exec init.set_id(10121); SQL> select sys_context(EMP_INFO, NAME) name, 2 sys_context(EMP_INFO, DEPT) dept 3 from dual ; NAME DEPT -------------------- -------------------- KIM SALES SQL> exec init.set_id(10133); SQL> select sys_context(EMP_INFO, NAME) name, 2 sys_context(EMP_INFO, DEPT) dept 3 from dual ; NAME DEPT -------------------- -------------------- JANG SYSTEM SQL> exec init.clear_id; SQL> select sys_context(EMP_INFO, NAME) from dual ; SYS_CONTEXT(EMP_INFO,NAME) -------------------------------------------------------------------------------- - global application context session SGA . , "clear_identifier(id)" clear client id . clear_identifier argument procedure . - current session context id clear remove set_identifier context reuse . - . context . context dbms_session clear_context context - clear SQL> exec init.clear_cont(10133); SQL> exec init.set_id(10133); SQL> select sys_context(EMP_INFO, NAME) from dual ; SYS_CONTEXT(EMP_INFO,NAME) -------------------------------------------------------------------------------- clear context .jkspark@hanafos.com - 12 -
  13. 13. Oracle9i New Features http://www.ggola.com - clear context . SQL> exec init.set_id(10121); SQL> select sys_context(EMP_INFO, NAME) from dual ; SYS_CONTEXT(EMP_INFO,NAME) -------------------------------------------------------------------------------- KIM clear context . - , context , set_context clear_context context stored procedure . dbms_session . init package .enhanced fine-grained access control (FGAC) data security 8i fgac all user groups rows access . partitioned fgac - from 9i application policy .( partitioned fgac ) - fgac 1. design application context(called a driving context) 2. setting policy 3. table or view access 4. fgac looks up driving context 5. determine policy group 6. apply - oracle9i fgac . . - table policy group init context driving context policy .jkspark@hanafos.com - 13 -
  14. 14. Oracle9i New Features http://www.ggola.com default policy 2 policy predicate clause test . - CASE1 : KIM, LEE sales, marketing policy . group basic_grp . JANG system system policy data . gruop system_grp . , order_hstry check curnt_flg Y data . SQL> alter table emp add grp_policy varchar2(10) ; SQL> update emp set grp_policy = BASIC_GRP where dept_id = SAL01 ; SQL> update emp set grp_policy = SYSTEM_GRP where dept_id = SYS01 ; SQL> update emp set grp_policy = BASIC_GRP where dept_id = MAR01 ; SQL> select * from emp ; EMP_ID EMP_NAME DEPT_ID GRP_POLICY ---------- ---------- ---------- ---------- A1998001 KIM SAL01 BASIC_GRP B2002003 JANG SYS01 SYSTEM_GRP C2001003 LEE MAR01 BASIC_GRP SQL> create table order_hstry ( 2 company varchar2(10), dept_name varchar2(10), goods varchar2(10), 3 amount number, curnt_flg varchar2(1) default Y); SQL> insert into order_hstry values (ACOM, SALES, RACKET, 1000, Y) ; SQL> insert into order_hstry values (BCOM, SALES, RACKET, 1000, N) ; SQL> insert into order_hstry values (BCOM, SYSTEM, CABLE, 4000, N) ; SQL> insert into order_hstry values (ECOM, SYSTEM, COMPUTER, 10000, Y) ; SQL> insert into order_hstry values (FCOM, MARKET, SHEET, 400, Y); SQL> insert into order_hstry values (GCOM, MARKET, BOX, 500, N); SQL> commit ;jkspark@hanafos.com - 14 -
  15. 15. Oracle9i New Features http://www.ggola.com - CASE2 : application context KIM login application . policy . SQL> exec dbms_session.set_identifier(10121); SQL> select sys_context(EMP_INFO, NAME) name from dual ; NAME ---- KIM SQL> select * from order_hstry ; COMPANY DEPT_NAME GOODS AMOUNT C ---------- ---------- ---------- ---------- - ACOM SALES RACKET 1000 Y BCOM SALES RACKET 1000 N BCOM SYSTEM CABLE 4000 N ECOM SYSTEM COMPUTER 10000 Y FCOM MARKET SHEET 400 Y GCOM MARKET BOX 500 Njkspark@hanafos.com - 15 -
  16. 16. Oracle9i New Features http://www.ggola.com - CASE3 : policy driving context procedure application context initialize package policy group context policy context table add . case1 3 policy 3 procedure . SQL> create or replace package body init as 2 procedure create_cont (as_empid string, as_client string) is 3 vs_dbuser string(30); 4 vs_empuser string(30); 5 vs_deptname string(30); 6 vs_policy string(30); 7 begin 8 select sys_context(userenv,session_user) 9 into vs_dbuser from dual; 10 select e.emp_name, d.dept_name, e.grp_policy 11 into vs_empuser, vs_deptname, vs_policy 12 from emp e, dept d 13 where e.dept_id = d.dept_id and e.emp_id = as_empid; 14 dbms_session.set_context(EMP_INFO, NAME, vs_empuser, vs_dbuser, as_client); 15 dbms_session.set_context(EMP_INFO, DEPT, vs_deptname, vs_dbuser, as_client); 16 dbms_session.set_context(EMP_INFO, POLICY, vs_policy, vs_dbuser, as_client); 17 end; 18 procedure set_id (as_client string) is 19 begin 20 dbms_session.set_identifier(as_client); 21 end; 22 procedure clear_id is 23 begin 24 dbms_session.clear_identifier; 25 end; 26 procedure clear_cont (as_client string) is 27 begin 28 dbms_session.clear_context(EMP_INFO, as_client); 29 end; 30 end init; / SQL> conn system/manager SQL> grant execute on dbms_rls to scott ; SQL> conn scott/tiger SQL> exec dbms_rls.add_policy_context(scott, order_hstry, emp_info, policy) ; SQL> create or replace function order_standard (t_owner varchar2, t_name varchar2) return varchar2 is 2 begin 3 return curnt_flg = Y; 4 end; 5 / SQL> create or replace function order_basic (t_owner varchar2, t_name varchar2) return varchar2 is 2 begin 3 return dept_name = sys_context(emp_info, dept); 4 end; 5 /jkspark@hanafos.com - 16 -
  17. 17. Oracle9i New Features http://www.ggola.comSQL> create or replace function order_system (t_owner varchar2, t_name varchar2) return varchar2 is 2 begin 3 return dept_name <> sys_context(emp_info, dept); 4 end; 5 /SQL> exec dbms_rls.add_grouped_policy(scott, order_hstry, SYS_DEFAULT, for_standard, scott,order_standard) ; - "sys_default" default group add_policy . policy drop drop_policy . group drop_grouped_policy group drop_grouped_policy delete_policy_group .SQL> exec dbms_rls.create_policy_group(scott, order_hstry, basic_grp) ;SQL> exec dbms_rls.add_grouped_policy(scott, order_hstry, basic_grp, for_basic, scott,order_basic) ;SQL> exec dbms_rls.create_policy_group(scott, order_hstry, system_grp) ;SQL> exec dbms_rls.add_grouped_policy(scott, order_hstry, system_grp, for_system, scott,order_system) ; - CASE 4 : context test context initialize identifier .SQL> exec init.clear_cont(10121);SQL> exec init.create_cont(A1998001, 10121);SQL> exec init.create_cont(B2002003, 10133);SQL> exec init.set_id(10121);SQL> select sys_context(emp_info,policy) from dual ;SYS_CONTEXT(EMP_INFO,POLICY--------------------------------------------------------------------------------BASIC_GRP - policy basic_grp . sql oracle default policy sys_default for_standard policy(order_standard function) basic_grp for_basic policy(order_basic function) sql return . SQL> select * from order_hstry ; no rows selected no data found . .jkspark@hanafos.com - 17 -
  18. 18. Oracle9i New Features http://www.ggola.com - user KIM sales sys_default curnt_flg Y data basic_grp SALES data , . ? SQL> select * from order_hstry ; COMPANY DEPT_NAME GOODS AMOUNT C ---------- ---------- ---------- ---------- - ACOM SALES RACKET 1000 Y - oracle iTAR . "This was recently reported as a known bug, 2635664 Testcase established two policy groups, each with an associated policy. When running with no context, no rows were returned as both policies were in effect (correct) and the predicates they generated were mutually exclusive. Changing the context to either one or the other valid groups resulted in still no rows being returned as both policies were still being applied (wrong) rather than just the only valid policy. You may see some relief as a workaround to flush the shared pool after changing the driving context, see if this helps. Solution for this issue is to apply the 9.2.0.4 patchset as this contains the fix." - upgrade .fine-grained audit (FGA) row auditing - from 9i row level tracking auditing . - dbms_fga package (add, drop, enable, disable_policy) policy (dba_audit_policies) dba_fga_audit_trail view . , policy (invoke procedure) "select with a where clause for only one audit column" event handler audit feature . CF. select trigger user fetch data audit condition data . - fga . 1. design audit policy 2. create audit event handler(if you want to call stored procedure whenever users call audited data)jkspark@hanafos.com - 18 -
  19. 19. Oracle9i New Features http://www.ggola.com 3. add policy 4. check dba_fga_audit_trail, alert.log(if you call the stored procedure with writing function to alert.log) - order_hstry table fga . 9i fga . . - CASE1 : "SYSTEM" (dept_id = SYS01) access auditing . SQL> conn system/manager SQL> grant execute on dbms_fga to scott ; SQL> conn scott/tiger SQL> exec dbms_fga.add_policy(scott, emp, policy_emp, dept_id = SYS01 , emp_id); SQL> select object_schema, object_name, policy_name, policy_text from dba_audit_policies ; OBJECT_SCH OBJECT_NAM POLICY_NAM POLICY_TEXT ---------- ---------- ---------- -------------------- SCOTT EMP POLICY_EMP dept_id = SYS01 SQL> select emp_name from emp where dept_id = SYS01 ; EMP_NAME ---------- JANG SQL> select count(*) from emp ; COUNT(*) ---------- 3 SQL> select count(*) from emp where dept_id = SYS01 ; COUNT(*) ---------- 1 SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; no rows selected - 3 SQL dept_id = SYS01 audit column emp_id access audit .jkspark@hanafos.com - 19 -
  20. 20. Oracle9i New Features http://www.ggola.com SQL> select emp_id from emp ; EMP_ID ---------- A1998001 B2002003 C2001003 SQL> select emp_id from emp where dept_id = MAR01; EMP_ID ---------- C2001003 SQL> select emp_name from emp where emp_id = C2001003 ; EMP_NAME ---------- LEE SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; SESSION_ID TIMESTAMP OBJECT_SCH OBJECT_NAM POLICY_NAM ---------- --------- ---------- ---------- ---------- 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP - 3 sql audit data (where ) . auditing . . SQL> analyze table emp compute statistics; SQL> select emp_name from emp where emp_id = C2001003 ; EMP_NAME ---------- LEE SQL> select emp_id from emp where dept_id = MAR01; EMP_ID ---------- C2001003 SQL> select emp_id from emp where dept_id = SYS01 ; EMP_ID ---------- B2002003 SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; SESSION_ID TIMESTAMP OBJECT_SCH OBJECT_NAM POLICY_NAM ---------- --------- ---------- ---------- ---------- 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMPjkspark@hanafos.com - 20 -
  21. 21. Oracle9i New Features http://www.ggola.com - 3 SQL audit . . , analyze . SQL> select emp_name from emp where emp_id = B2002003 ; EMP_NAME ---------- JANG SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; SESSION_ID TIMESTAMP OBJECT_SCH OBJECT_NAM POLICY_NAM ---------- --------- ---------- ---------- ---------- 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP - emp_id select where policy dept_id = SYS01 emp_id access auditing . , policy audit column access (select ) auditing . - CASE2 : session alert message auditing . , policy handle procedure alert message auditing . (application developers guide 9i util_alert_pager call alert log auditing . procedure . . SQL> conn system/manager SQL> grant execute on dbms_alert to scott ; SQL> conn scott/tiger SQL> create or replace procedure trail_emp 2 (ud_schema varchar2, ud_table varchar2, ud_policy varchar2) is 3 pragma autonomous_transaction; 4 begin 5 dbms_alert.signal(alert_emp, to_char(sysdate, YYYYMMDD HH24:MI:SS) || ud_schema || : || ud_table || : || ud_policy); 6 commit; 7 end; 8 / SQL> select object_schema, object_name, policy_name, policy_text, pf_schema, pf_function 2 from dba_audit_policies ; OBJECT_SCH OBJECT_NAM POLICY_NAM POLICY_TEXT PF_SCHEMA PF_FUNCTIO ---------- ---------- ---------- ----------------- ---------- ---------- SCOTT EMP POLICY_EMP dept_id = SYS01 SCOTT TRAIL_EMPjkspark@hanafos.com - 21 -
  22. 22. Oracle9i New Features http://www.ggola.com - auditing procedure . pf_function procedure . procedure pragma autotnomous_transaction dbms_alert signal commit select application commit . (autonomous_transaction oracle8i new features ) - (terminal #2) SQL> var status number SQL> var message varchar2(2000) SQL> exec dbms_alert.waitone(alert_emp, :message, :status); ….waiting…. alert message . , auditing procedure trail_emp waiting . . waiting package dbms_pipe ( polling ) . - (terminal #1) sql auditing terminal #2 waiting prompt . SQL> select emp_name, emp_id from emp where dept_id = SYS01 ; EMP_NAME EMP_ID ---------- ---------- JANG B2002003 SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; SESSION_ID TIMESTAMP OBJECT_SCH OBJECT_NAM POLICY_NAM ---------- ---------- ---------- ---------- ---------- 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMP 198 18-AUG-03 SCOTT EMP POLICY_EMPjkspark@hanafos.com - 22 -
  23. 23. Oracle9i New Features http://www.ggola.com - terminal #2 SQL> exec dbms_alert.waitone(alert_emp, :message, :status); pl/sql procedure successfully completed. SQL> print :message MESSAGE -------------------------------------------------------------------------------- 20030818 16:38:50SCOTT:EMP:POLICY_EMP auditing message . SQL> print :status STATUS ---------- 0 - - 0 .0 alert , auditing 1 timeout . - CASE2 : CASE2 9i new feature fga procedure auditing . alert auditing . - dbms_alert dbms_pipe . table trigger dbms_alert dml auditing . - (terminal #2) auditing data . auditing data . . sys login disable . SQL> conn / as sysdba SQL> delete from dba_fga_audit_trail ; SQL> commit ; SQL> conn scott/tiger SQL> exec dbms_fga.disable_policy(scott, emp, policy_emp); SQL> exitjkspark@hanafos.com - 23 -
  24. 24. Oracle9i New Features http://www.ggola.com - (terminal #1) auditing . SQL> select policy_name, enabled from dba_audit_policies ; POLICY_NAME ENA ------------------------------ --- POLICY_EMP NO SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; no rows selected SQL> select emp_name, emp_id from emp where dept_id = SYS01 ; EMP_NAME EMP_ID ---------- ---------- JANG B2002003 SQL> select session_id, timestamp, object_schema, object_name, policy_name 2 from dba_fga_audit_trail ; no rows selected - auditing data . disable .encryption enhancements 9i . 9i dbms_obfuscation_toolkit package data encryption and decryption . oracle encryption and decryption package . DES, MD5, DES3 - , DES(Data Encryption Standard), MD5(Message Digest 5) DES DES3(Triple DES) . - dbms_obfuscation_toolkit 3 DES . CF. 9i . - CASE : DES input data encryption and decryption (private) key .jkspark@hanafos.com - 24 -
  25. 25. Oracle9i New Features http://www.ggola.com CF. DES3 key 3 . - procedure dbms_obfuscation_toolkit desencryption procedure call key data desdecryption procedure call key . SQL> create or replace procedure pwd_encdec (pwd varchar2, key varchar2) is 2 vr_inraw raw(128) := utl_raw.cast_to_raw(pwd); 3 vr_keyraw raw(128) := utl_raw.cast_to_raw(key); 4 vr_encraw raw(2048); 5 vr_decraw raw(2048); 6 begin 7 dbms_output.put_line(----------------------------------------------); 8 dbms_output.put_line(your pwd (converted with to raw type) : || utl_raw.cast_to_varchar2(vr_inraw)); 9 dbms_output.put_line(your key (converted with to raw type) : || utl_raw.cast_to_varchar2(vr_keyraw)); 10 dbms_output.put_line(----------------------------------------------); 11 dbms_obfuscation_toolkit.desencrypt( input => vr_inraw, key => vr_keyraw, encrypted_data => vr_encraw); 12 dbms_output.put_line(encrypted hex value : || rawtohex(vr_encraw)); 13 dbms_obfuscation_toolkit.desdecrypt( input => vr_encraw, key => vr_keyraw, decrypted_data => vr_decraw); 14 dbms_output.put_line(decrypted pwd : || utl_raw.cast_to_varchar2(vr_decraw)); 15 dbms_output.put_line(----------------------------------------------); 16 end; 17 / SQL> set serveroutput on SQL> exec pwd_encdec(pwd12345, key56789); ---------------------------------------------- your pwd (converted with to raw type) : pwd12345 your key (converted with to raw type) : key56789 ---------------------------------------------- encrypted hex value : 8AE1B93004764662 decrypted pwd : pwd12345 ---------------------------------------------- - encrypted value raw type sqlplus hexvalue . - data pwd12345 key value key56789 encryption key decryption . - . error case . error .jkspark@hanafos.com - 25 -
  26. 26. Oracle9i New Features http://www.ggola.com SQL> exec pwd_encdec(pwd1234, key56789); ---------------------------------------------- your pwd (converted with to raw type) : pwd1234 your key (converted with to raw type) : key56789 ---------------------------------------------- BEGIN pwd_encdec(pwd1234, key56789); END; * ERROR at line 1: ORA-28232: invalid input length for obfuscation toolkit ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT_FFI", line 0 ORA-06512: at "SYS.DBMS_OBFUSCATION_TOOLKIT", line 99 ORA-06512: at "SCOTT.PWD_ENCDEC", line 11 ORA-06512: at line 1 - error . encryption data 7 . , DES . . - DES Restriction : 1. DES symmetric key algorithm , key key . 2. DES 64bit data block 56bit key encryption data 8 (multiple of 8 bytes) . 3. key 56-bit key . CF. DES data .( )others 9i new features optional 9i database . oracle label security - feature trusted oracle pl/sql policy . vpd(virtual private database)jkspark@hanafos.com - 26 -
  27. 27. Oracle9i New Features http://www.ggola.com connection user row label . CF. 9i feature optional product . , database features . - . oracle oracle policy manager gui . optional . - , vpd policy policy application context data data access . CF. label hidden column data access . oracle login server - oracle oid(oracle internet directory) single sign-on . 9i application server database connection . - web application multiple database .jkspark@hanafos.com - 27 -
  28. 28. Oracle9i New Features http://www.ggola.com2. General High Availability Technologyminimal I/O recovery (only instance or crash recovery) unplanned down database restart oracle instance recovery database open . to 8i instance recovery - 3 . 1. rolling forward(redo log applying) . failure check point redo log read ( ) datafile read/write ( ) 2. database open 3. rolling back (by smon) from 9i : rolling forward two-pass recovery - rolling forward datafile read/write time . - two-pass recovery : 1. failure checkpoint redo log read(sequential read) pga recovery block keeping 2. pga keeping recovery block applying ( dbwr deferred write ) 3. redo log two-pass . 4. block recovery . 9i redo log block dirty in the buffer cache . - instance or crash recovery dba oracle .jkspark@hanafos.com - 28 -
  29. 29. Oracle9i New Features http://www.ggola.com CF. instance or crash single instance rac(ops) .fast-start time-based recovery limit recovery performance recovery , redo . oracle checkpoint rba(redo byte address) control file recovery checkpoint rba oracle instance . checkpoint rba failure recovery . mttr . mttr(mean time to recover) - dba recovery time . checkpoint rba , datafile dirty block write , checkpoint dba . - log_checkpoint_interval or fast_start_io_target parameter . - new parameter fast_start_mttr_target crash recovery time . dynamic parameter fast_start_io_target log_checkpoint_interval . CF. rac crash recovery time open instances sum of fast_start_mttr_target . node failure node recovery . - 0 ~ 3600 0 . recommended value sga size site service level agreement (sla) . recovery time parameter - recovery time 4 parameterjkspark@hanafos.com - 29 -
  30. 30. Oracle9i New Features http://www.ggola.com 1. db_block_max_dirty_target (obsoleted from 9i) 2. fast_start_io_target 3. log_checkpoint_interval 4. log_checkpoint_timeout (no change) - from 9i fast_start_mttr_target fast_start_io_target, log_checkpoint_interval . fast_start_io_target, log_checkpoint_interval fast_start_mttr_target override . new 3 columns in v$instance_recovery for recovery time information - oracle 30 mttr . 1. TARGET_MTTR : oracle mttr value . dba system monitoring fast_start_mttr_target . 2. ESTIMATED_MTTR : instance failure recovery time 3. CKPT_BLOCK_WRITES : checkpoint db block writeflashback (managing by smon) consistent view . , data time machine query . ( 8i rollback segment . .) - scn . data scn mapping .jkspark@hanafos.com - 30 -
  31. 31. Oracle9i New Features http://www.ggola.com - 5 5 data . ( wall-clock time . scn flashback query scn generation 5 ) flashback feature - flashback dml flashback query flashback disable .( pl/sql block ) - flashback query 9i new feature undo management . - rollback segment 9i undo management (automatic undo) flashback query . - flashback query undo 3 initial parameter manual rollback segment . 1. undo_management = auto 2. undo_tabelspace = tablespace_name 3. undo_retention = 6000 - 3 setting undo mechanism tablespace_name undo data retention undo flashback query .( flashback query undo_retention value ) - flashback query session level smon scn time mapping smon_scn_time table - flashback enable session dml flashback disabling open pl/sql cursor dml .( data flashback ) - dbms_flashback.enable active transaction sys user . (session level ).jkspark@hanafos.com - 31 -
  32. 32. Oracle9i New Features http://www.ggola.com example - table 3 rows table 1 row delete data . SQL> conn system/manager SQL> sho parameter undo_retention NAME TYPE VALUE ------------------------------------ ---------- ------------------------------ undo_retention integer 1200 SQL> grant execute on dbms_flashback to scott ; SQL> conn scott/tiger SQL> set time on 16:50:39 SQL> create table emp_flash as select * from emp ; 16:50:57 SQL> select * from emp_flash ; EMP_ID EMP_NAME DEPT_ID GRP_POLICY ---------- ---------- ---------- ---------- A1998001 KIM SAL01 BASIC_GRP B2002003 JANG SYS01 SYSTEM_GRP C2001003 LEE MAR01 BASIC_GRP 16:51:03 SQL> select sysdate, dbms_flashback.get_system_change_number from dual ; SYSDATE GET_SYSTEM_CHANGE_NUMBER ----------------- ------------------------ 20030901 16:51:21 718931 16:51:21 SQL> select sysdate, wait for 5 miniutes! from dual ; SYSDATE WAITFOR5MINIUTES! ----------------- -------------------------------- 20030901 16:51:57 wait for 5 miniutes! 16:51:57 SQL> select sysdate, wait for 5 miniutes! from dual ; SYSDATE WAITFOR5MINIUTES! ----------------- -------------------------------- 20030901 16:57:15 wait for 5 miniutes! 16:57:15 SQL> delete from emp_flash where grp_policy = SYSTEM_GRP ; 16:57:52 SQL> commit ; 16:57:55 SQL> select * from emp_flash ; EMP_ID EMP_NAME DEPT_ID GRP_POLICY ---------- ---------- ---------- ---------- A1998001 KIM SAL01 BASIC_GRP C2001003 LEE MAR01 BASIC_GRP 16:58:01 SQL> select sysdate, dbms_flashback.get_system_change_number from dual ; SYSDATE GET_SYSTEM_CHANGE_NUMBER ----------------- ------------------------ 20030901 16:59:37 719095jkspark@hanafos.com - 32 -
  33. 33. Oracle9i New Features http://www.ggola.com 16:59:37 SQL> exec dbms_flashback.enable_at_time(to_timestamp(20030901 16:57:01, - 17:01:15 > YYYYMMDD HH24:MI:SS)) ; pl/sql procedure successfully completed. 17:01:24 SQL> select * from emp_flash ; EMP_ID EMP_NAME DEPT_ID GRP_POLICY ---------- ---------- ---------- ---------- A1998001 KIM SAL01 BASIC_GRP B2002003 JANG SYS01 SYSTEM_GRP C2001003 LEE MAR01 BASIC_GRP 17:02:09 SQL> delete from emp_flash ; delete from emp_flash * ERROR at line 1: ORA-08182: operation not supported while in Flashback mode 17:02:35 SQL> exec dbms_flashback.disable ; pl/sql procedure successfully completed.jkspark@hanafos.com - 33 -
  34. 34. Oracle9i New Features http://www.ggola.com - flashback cursor open flashback mode disable flashback data dml . - , open flashback mode disable flashback mode cursor fetch . 17:02:36 SQL> set time off SQL> set serveroutput on SQL> declare 2 vr_emp emp_flash%rowtype; 3 cursor c_emp_flash is 4 select * from emp_flash where grp_policy = SYSTEM_GRP ; 5 begin 6 dbms_flashback.enable_at_time(to_timestamp(20030901 16:57:01, YYYYMMDD HH24:MI:SS)) ; 7 open c_emp_flash; 8 dbms_flashback.disable; 9 loop 10 fetch c_emp_flash into vr_emp; 11 exit when c_emp_flash%notfound; 12 dbms_output.put_line(vr_emp.emp_id || || vr_emp.grp_policy); 13 insert into emp_flash values (vr_emp.emp_id, vr_emp.emp_name, vr_emp.dept_id, vr_emp.grp_policy); 14 end loop; 15 close c_emp_flash; 16 end; 17 / B2002003 SYSTEM_GRP pl/sql procedure successfully completed. SQL> commit ; SQL> select * from emp_flash; EMP_ID EMP_NAME DEPT_ID GRP_POLICY ---------- ---------- ---------- ---------- A1998001 KIM SAL01 BASIC_GRP C2001003 LEE MAR01 BASIC_GRP B2002003 JANG SYS01 SYSTEM_GRP - test undo_retention time 1200 , 20 flashback query . transaction undo overwrite flashback query . , parameter 1200 oracle maximum flashback query static .jkspark@hanafos.com - 34 -
  35. 35. Oracle9i New Features http://www.ggola.comflashback & logminer what is the difference? - logminer flashback .( ) . - , flashback logminer . undo space undo_retention . ( . database flashback ) data logminer . - ... 1. flashback : data data 2. logminer : data data ( 9i gui . , logminer data type ) CF. oracle 10g row flashback database level table(or index) level flashback . 10g .resumable space allocation . large operation space rollback extent , size data table tablespace . hang large operation time cost . ! 9i . job suspending and resume - tablespace suspending . 3 case . 1. out-of-space : tablespacejkspark@hanafos.com - 35 -
  36. 36. Oracle9i New Features http://www.ggola.com 2. space limit : max extents 3. user tablespace quota - 1. session level control 2. suspend alert.log 3. system event trigger after suspend on database trigger firing - 1. select temporary tablespace 2. dml, imp/exp(using resumable optoin), sql*loader(using resumable option), ddl how long can you wait? - large operation . (timeout occurs) abort . default 7200 . - alter session enable resumable timeout 3000 ; CF. [name "xxx"] option resumable . - exec dbms_resumable.set_session_timeout(session_id, 3000) ; - exec dbms_resumable.set_timeout(3000) ; - create or replace trigger resume_timeout after suspend on database begin dbms_resumable.set_timeout(3000); end; / CF. trigger resumable case . statement suspend trigger datafile resize or add scripts , dba message . CF. , trigger suspending transaction (ddl or dml) ( , commit ) pragma autonomous_transaction .jkspark@hanafos.com - 36 -
  37. 37. Oracle9i New Features http://www.ggola.com example - tablespace insert . SQL> conn system/manager SQL> grant resumable to scott; SQL> create tablespace tbs_test 2 datafile /app/oracle/oradata/NEWSVC/resume.dbf size 88K 3 autoextend off ; SQL> conn scott/tiger SQL> create table resumable_test 2 tablespace tbs_test 3 as select * from all_objects where rownum < 1 ; SQL> select * from resumable_test ; no rows selected SQL> insert into resumable_test select * from all_objects ; .. waiting .. prompt suspending . alert.log . [NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/bdump> tail -f alert_NEWSVC.log ............ ............ Tue Sep 2 16:11:42 2003 timeout . statement in resumable session User SCOTT(61), Session 8, Instance 1 was suspended due to ORA-01653: unable to extend table SCOTT.RESUMABLE_TEST by 8 in tablespace TBS_TEST , data alert log error message tbs_test . time machine [NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/bdump> sqlplus system/manager SQL> alter database datafile /app/oracle/oradata/NEWSVC/resume.dbf resize 10M ; Database altered. suspending sql return . SQL> insert into resumable_test select * from all_objects ; 23659 rows created. SQL> commit ; resumable package and view - dbms_resumable package 1. abort : suspending statement abort 2. get_session_timeout(session_id) : 3. get_timeoutjkspark@hanafos.com - 37 -
  38. 38. Oracle9i New Features http://www.ggola.com 4. set_session_timeout(session_id, timeout) 5. set_timeout 6. space_error_info ( argument ) - dba_resumable view : suspending dba_resumable view session id 1. sql ( 1000 bytes) 2. resumable 3. time .exp/imp enhancements import and statistics - to 8i import analyze and recalculate_statistics parameter . - from 9i statistics parameter . 1. always : import .( default questionable ) 2. safe : import .( , questionable , safe ) 3. recalculate : import import . 4. none : import recalculate CF. questionable dump file export error . error dump file safe . - export parameter 8i tablespace transport tablespace . from 9i tablespace object export option . , list of tablespaces to transport list objects of tablespaces to export . - export parameter user exp_full_database privilegejkspark@hanafos.com - 38 -
  39. 39. Oracle9i New Features http://www.ggola.com . CF. , import example - partition table 9i new feature list partitioned table . . SQL> system/manager SQL> create tablespace tbs_test2 datafile 2 /app/oracle/oradata/NEWSVC/expimp_test.dbf size 5M ; SQL> conn scott/tiger SQL> create table sale_part (id number, name varchar2(30), addr varchar2(2), 2 amount number, hiredata date) 3 partition by list(addr) 4 ( 5 partition sale_east values (ea, eb), 6 partition sale_west values (wa, wb), 7 partition sale_south values (sa, sb) tablespace tbs_test, 8 partition sale_north values (na, nb) tablespace tbs_test2 9 ); SQL> insert into sale_part values (10, JANG, ea, 100, sysdate -1); SQL> insert into sale_part values (20, CHOI, wb, 200, sysdate -2); SQL> insert into sale_part values (30, LEE, sa, 300, sysdate -3); SQL> insert into sale_part values (40, JUN, nb, 400, sysdate -4); SQL> commit ; SQL> create index resumable_test_i_object_id on resumable_test(object_id) 2 tablespace tbs_test2 ; SQL> select segment_name, partition_name from user_segments 2 where tablespace_name = TBS_TEST ; SEGMENT_NAME PARTITION_NAME -------------------- -------------------- RESUMABLE_TEST SALE_PART SALE_SOUTH SQL> conn system/manager SQL> grant exp_full_database to scott ; SQL> grant imp_full_database to scott ; SQL> exit [NEWSVC]LIRACLE:/app/oracle/admin/NEWSVC/work> exp userid=scott/tiger tablespaces=tbs_test ....... About to export selected tablespaces ... For tablespace TBS_TEST ... . exporting cluster definitions . exporting table definitions . . exporting table RESUMABLE_TEST 23659 rows exported . . exporting table SALE_PART . . exporting partition SALE_EAST 1 rows exported . . exporting partition SALE_WEST 1 rows exported . . exporting partition SALE_SOUTH 1 rows exported . . exporting partition SALE_NORTH 1 rows exported . exporting referential integrity constraints . exporting triggers Export terminated successfully without warnings.jkspark@hanafos.com - 39 -
  40. 40. Oracle9i New Features http://www.ggola.com SQL> conn scott/tiger SQL> select segment_name, partition_name, tablespace_name 2 from user_segments where tablespace_name in (USERS, TBS_TEST, TBS_TEST2) ; SEGMENT_NAME PARTITION_NAME TABLESPACE -------------------------- -------------- ---------- SALE_PART SALE_NORTH TBS_TEST2 RESUMABLE_TEST_I_OBJECT_ID TBS_TEST2 RESUMABLE_TEST TBS_TEST SALE_PART SALE_SOUTH TBS_TEST EMP USERS DEPT USERS ORDER_HSTRY USERS EMP_FLASH USERS SALE_PART SALE_EAST USERS SALE_PART SALE_WEST USERS - import tablespace partition tbs_test index export tablespace import . , tablespace objects tablespace objects export/import . - resumable exp/imp parameter . option resumable command . parameter . 1. resumable=y/n 2. resumable_name=name 3. resumable_timeout=timeout seconds (default 7200 ) - flashback exp/imp parameter . parameter . 1. flashback_scn=scn 2. flashback_timeout=time CF. . parameter error . ( flashback )jkspark@hanafos.com - 40 -
  41. 41. Oracle9i New Features http://www.ggola.com3. LogMiner Enhancementsddl support Logminer and ddl - to 8i ddl logminer ddl command oracle internal dml ddl . - from 9i ddl log oracle internal dml ddl . - . 1. v$logmnr_contents operation column "ddl" . 2. v$logmnr_contents sql_redo column ddl . 3. 9i version log file . ( . ddl 9i logging ) 4. ddl support recovery . (drop truncate row data ) example - . . redo log database restart . - logminer 9i online data dictionary build . SQL> conn sys/manager system user package . SQL> grant execute on dbms_logmnr to scott ; SQL> create public synonym dbms_logmnr for dbms_logmnr ; . SQL> conn scott/tigerjkspark@hanafos.com - 41 -

×