This document discusses new architecture and security features in Oracle Database 12c. It introduces container databases (CDBs) which allow for multiple pluggable databases (PDBs). It describes how common and local users, privileges, roles, and data dictionaries are implemented and managed across CDBs and PDBs. It also covers new PL/SQL privilege checking, code-based access control, unplugging and plugging PDBs into different CDBs, cloning PDBs, and upgrading databases to 12c.
This is a high level presentation I delivered at BIWA Summit. It's just some high level thoughts related to today's NoSQL and Hadoop SQL engines (not deeply technical).
Current big data technology scope overview prepared for V.I.Tech and Wellcentive companies. Answers questions why we are taking these products and what do we really do with them on very high level.
Pi Day 2022 - from IoT to MySQL HeatWave Database ServiceFrederic Descamps
Â
HeatWave is a massively parallel, high performance, in-memory query accelerator for Oracle MySQL Database Service that accelerates MySQL performance by orders of magnitude for analytics and mixed workloads. But how do you collect data from an Internet of Things Environment so you can use HeatWave to process it? In one hour you will see how data collected by a Raspberry PI or other Internet of Things device can be uploaded to the MySQL Database Service and then processed by HeatWave.
This is a high level presentation I delivered at BIWA Summit. It's just some high level thoughts related to today's NoSQL and Hadoop SQL engines (not deeply technical).
Current big data technology scope overview prepared for V.I.Tech and Wellcentive companies. Answers questions why we are taking these products and what do we really do with them on very high level.
Pi Day 2022 - from IoT to MySQL HeatWave Database ServiceFrederic Descamps
Â
HeatWave is a massively parallel, high performance, in-memory query accelerator for Oracle MySQL Database Service that accelerates MySQL performance by orders of magnitude for analytics and mixed workloads. But how do you collect data from an Internet of Things Environment so you can use HeatWave to process it? In one hour you will see how data collected by a Raspberry PI or other Internet of Things device can be uploaded to the MySQL Database Service and then processed by HeatWave.
JDBC Next: A New Asynchronous API for Connecting to a Database Yolande Poirier
Â
This new API is completely nonblocking. It is not intended to be an extension to, or a replacement for, JDBC but, rather, an entirely separate API that provides completely nonblocking access to the same databases as JDBC.
Oracle ACE Director Dan Morgan presented those slides about migrating to database 12c and how to get it right. For more information, visit www.perftuning.com
Between 2015 and 2017 a large percentage of Oracle's existing customer base will be upgrading their existing databases to the new version 12cR1. Most of the time when upgrades happen the only benefits organizations receive are the satisfaction of having survived the upgrade unscathed. In general, the new database, other than having a new version number, provides little in the way of tangible benefits.
With the re-architecture that can come with a 12cR1 upgrade it is, for the first time, possible to plan for and receive substantial measurable benefits, and possible to make costly mistakes that could create substantial liabilities that are both business and financial.
Oracle ACE Director and industry veteran Dan Morgan, in a presentation targeted to IT/IS management explores both the benefits and the risks and provide a guideline for "getting it right."
This Performance Tuning's Lunch & Learn event focuses on management, planning, and budgeting, not features and technology, and provides you and your management teams the information they need to perform the next database upgrade or migration cycle.
First slide of Hadoop:
* Introduction to Big Data and Hadoop:
- Presenting and defining big data
- Introducing Hadoop and History
- Hadoop - how it works?
- HDFS
Changes in WebLogic 12.1.3 Every Administrator Must KnowBruno Borges
Â
WebLogic 12c has evolved quite a lote since its first release (12.1.1). Now on 12.1.3 it has more to offer, optimizations for Exalogic, support of some Java EE 7 APIs and more.
Deep Dive into Automating Oracle GoldenGate Using the New MicroservicesKal BO
Â
Oracle open Word 2017 , please download it
in this session learn from Oracle Development and Product Management how to automate and embed Oracle GoldenGate using the new Oracle GoldenGate microservices. Learn how to embed and orchestrate Oracle GoldenGate for your use case similar to how Oracle Database sharding embeds and automates Oracle GoldenGate. Learn how to use the new conflict detection and resolution for active-active environments using the new integration with the database to automate this functionality.
Integrated Cloud Platform: Database, Integration
Code: CON6569
Session Type: Conference Session
SPEAKERS
Nick Wagner, Oracle
Volker Kuhr, Senior Principle Product Manager, Oracle
Jing Liu, Director, Development, Oracle
This isnât a talk about microservices, NO-SQL, Container solutions or hip new frameworks. This talk will show some of the standard Java APIs that are part of Java since version 5, 6, 7 or 8. All this features are very helpful to create maintainable and future-proof applications, regardless of whether JavaEE, Spring, JavaFX or any other framework is used. The talk will give an overview of some important standard concepts and APIs of Java like annotations, null values and concurrency. Based on an overview of this topics and some samples the talk will answer questions like:
- How can I create my own annotations?
- How can I create a plugin structure without using frameworks like OSGI?
- Whatâs the best way to handle NullPointerExceptions?
- How can I write concurrent code that is still maintainable?
JDBC Next: A New Asynchronous API for Connecting to a Database Yolande Poirier
Â
This new API is completely nonblocking. It is not intended to be an extension to, or a replacement for, JDBC but, rather, an entirely separate API that provides completely nonblocking access to the same databases as JDBC.
Oracle ACE Director Dan Morgan presented those slides about migrating to database 12c and how to get it right. For more information, visit www.perftuning.com
Between 2015 and 2017 a large percentage of Oracle's existing customer base will be upgrading their existing databases to the new version 12cR1. Most of the time when upgrades happen the only benefits organizations receive are the satisfaction of having survived the upgrade unscathed. In general, the new database, other than having a new version number, provides little in the way of tangible benefits.
With the re-architecture that can come with a 12cR1 upgrade it is, for the first time, possible to plan for and receive substantial measurable benefits, and possible to make costly mistakes that could create substantial liabilities that are both business and financial.
Oracle ACE Director and industry veteran Dan Morgan, in a presentation targeted to IT/IS management explores both the benefits and the risks and provide a guideline for "getting it right."
This Performance Tuning's Lunch & Learn event focuses on management, planning, and budgeting, not features and technology, and provides you and your management teams the information they need to perform the next database upgrade or migration cycle.
First slide of Hadoop:
* Introduction to Big Data and Hadoop:
- Presenting and defining big data
- Introducing Hadoop and History
- Hadoop - how it works?
- HDFS
Changes in WebLogic 12.1.3 Every Administrator Must KnowBruno Borges
Â
WebLogic 12c has evolved quite a lote since its first release (12.1.1). Now on 12.1.3 it has more to offer, optimizations for Exalogic, support of some Java EE 7 APIs and more.
Deep Dive into Automating Oracle GoldenGate Using the New MicroservicesKal BO
Â
Oracle open Word 2017 , please download it
in this session learn from Oracle Development and Product Management how to automate and embed Oracle GoldenGate using the new Oracle GoldenGate microservices. Learn how to embed and orchestrate Oracle GoldenGate for your use case similar to how Oracle Database sharding embeds and automates Oracle GoldenGate. Learn how to use the new conflict detection and resolution for active-active environments using the new integration with the database to automate this functionality.
Integrated Cloud Platform: Database, Integration
Code: CON6569
Session Type: Conference Session
SPEAKERS
Nick Wagner, Oracle
Volker Kuhr, Senior Principle Product Manager, Oracle
Jing Liu, Director, Development, Oracle
This isnât a talk about microservices, NO-SQL, Container solutions or hip new frameworks. This talk will show some of the standard Java APIs that are part of Java since version 5, 6, 7 or 8. All this features are very helpful to create maintainable and future-proof applications, regardless of whether JavaEE, Spring, JavaFX or any other framework is used. The talk will give an overview of some important standard concepts and APIs of Java like annotations, null values and concurrency. Based on an overview of this topics and some samples the talk will answer questions like:
- How can I create my own annotations?
- How can I create a plugin structure without using frameworks like OSGI?
- Whatâs the best way to handle NullPointerExceptions?
- How can I write concurrent code that is still maintainable?
New applications are producing more data than ever, challenging enterprises to adopt a simpler, more streamlined and cost-effective approach to storage. Review this infographic to learn how hypervisor-converged storage addresses the challenges facing traditional storage solutions.
EMC VSPEX BLUE is an all-in-one Hyper-Converged Infrastructure Appliance powered by Intel processor technology and VMware EVO:RAIL software.
It simplifies and automates deployment, provides and intuitive management dashboard that embeds the VSPEX BLUE Manager to simplify operations, upgrades and patches.
With a software designed building block approach, capacity and performance scale linearly â eliminating the need for pre-planned infrastructure purchases and reducing your upfront investments.
All wrapped with a single point of global support from EMC for both hardware and software
Automatiza el despliegue de tus aplicaciones atlassian con dockeratSistemas
Â
En este webinar, empezaremos explorando las ventajas clave del uso de contenedores y sus diferencias respecto a la virtualizaciĂłn, para seguidamente abordar la automatizaciĂłn del despliegue de aplicaciones Atlassian con Docker.
Explicaremos cĂłmo dar los primeros pasos con Docker y trabajar con imĂĄgenes de aplicaciones, contenedores y repositorios.
6 to 106 in 4 years - The story of the Atlassian Design teamAlastair Simpson
Â
4 years ago Atlassian had 6 designers. Fast forward to today and the design team numbers 106. Building and managing a design team of this size is one thing, integrating it successfully into a traditionally engineering led organisation is another. Alastair Simpson (Head of DesignâââConfluence) will share how Atlassian has successfully embraced design as a first class discipline and is changing from being an engineering, to an experience led company. At the end of the session, youâll be armed with a basic playbook for how to manage your team of designers to affect meaningful change within any organisation. Come for the practical tips about how to grow and manage design as you scale, and hear some of the road bumps along the way as we grew from 6 to 106 designers in just 4 years.
An overview in garment industry (dept. wise)negatve
Â
It's just an overview in a garment industry for a beginner.
Here in this slide I just showed how a garment industry works.
What are there dept. wise procedure to make a complete garment from order to shipment.
You can have a general idea about how a garment industry produce garment (like pant) from some pieces of fabrics.
Good Luck.
Have you ever used Oracle WebLogic Server? If the answer is no, this presentation is for you. We explain core WebLogic Server concepts and perform a live walkthrough of the console covering core administration areas that include managed servers, JVM servers, JMS resources, logs, data sources, application deployments, and more.
This document describe step by step how to configure Oracle Gateway to create Database link between oracle and MySQL On Solaris 11.1 , The same steps can be done on Linux or Unix.
A presentation about new features and enhancements related to indexes and indexing in Oracle 12c.
See also the related post: http://db-oriented.com/2015/07/03/indexes-and-indexing-in-oracle-12c
The Making of the Oracle R2DBC Driver and How to Take Your Code from Synchron...VMware Tanzu
Â
SpringOne 2021
Session Title:The Making of the Oracle R2DBC Driver and How to Take Your Code from Synchronous to Reactive
Speakers: Kuassi Mensah, Director of Product Management at Oracle; Michael McMahon, Principal Member of Technical Staff at Oracle
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Â
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Â
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
Â
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Â
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
đ Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
Â
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties â USA
Expansion of bot farms â how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks â Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Enhancing Performance with Globus and the Science DMZGlobus
Â
ESnet has led the way in helping national facilitiesâand many other institutions in the research communityâconfigure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
Â
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Â
Clients donât know what they donât know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clientsâ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
Â
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Â
Building better applications for business users with SAP Fiori.
⢠What is SAP Fiori and why it matters to you
⢠How a better user experience drives measurable business benefits
⢠How to get started with SAP Fiori today
⢠How SAP Fiori elements accelerates application development
⢠How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
⢠How SAP Fiori paves the way for using AI in SAP apps
1. parallel
Architecture Changes and New Security
Features in Oracle Database 12c
Zoran PavloviÄ, Security Team Lead, Parallel
Maja Veselica, Security Consultant, Parallel
2. parallel
About the Authors
Zoran PavloviÄ, Security Team Lead
Zoran Pavlovic works for Parallel as a security team
leader. He has worked as an external instructor for
Oracle University across EMEA region. As an active
member of the Oracle community and a long-time
database security enthusiast, Zoran frequently delivers
technical presentations and demonstrations about
Oracle technologies in Serbia, Croatia, Bulgaria, and
online across the Globe. He is an Oracle Certified
Professional, Oracle Certified Expert and Oracle
Certified Specialist for Database, Security and Java.
When Zoran is not helping customers solve various
problems in Oracle Database, he enjoys learning more
about how Oracle Database works and (beta) testing
Oracle products
Twitter: @orclarchitect
3. parallel
About the Authors
Maja Veselica, Security Consultant
Maja Veselica, MSc in Software Engineering, works
for Parallel d.o.o. Belgrade, as Security Consultant and
Education Manager. She is an instructor for numerous
Oracle courses and a regular speaker at Oracle User
Group conferences (SrOUG, HrOUG, BGOUG). She
possesses several Oracle certificates, such as: Oracle
Certified Professional, Oracle Certified Expert and
Oracle Certified Specialist for Database, Security and
Java. When Maja is not helping customers solve
various challenges using Oracle technologies, she
enjoys (beta) testing Oracle products.
Twitter: @orapassion
11. parallel
Create PDB from Seed
$ sqlplus / as sysdba
SQL*Plus: Release 12.1.0.1.0 Production on Fri May 04 19:45:12 2013
Copyright (c) 1982, 2012, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining, Real Application Testing and
Unified Auditing options
SQL> CREATE PLUGGABLE DATABASE pdb1 ADMIN USER pdb1_admin
2 IDENTIFIED BY oracle_4U ROLES=(CONNECT)
3 FILE_NAME_CONVERT=('/u01/app/oracle/oradata/cdb1/pdbseed'
4 ,'/u01/app/oracle/oradata/cdb1/pdb1');
Pluggable database created.
cdb1
root pdb1seed Clone
12. parallel
Unplug PDB from CDB
SQL> ALTER PLUGGABLE DATABASE pdb1 UNPLUG INTO âpdb1.xmlâ;
cdb1
root seed pdb1Unplug
pdb1.xml
SQL> DROP PLUGGABLE DATABASE pdb1 KEEP DATAFILES;
pdb1
SQL> ALTER PLUGGABLE DATABASE pdb1 OPEN READ ONLY;
13. parallel
Plug Unplugged PDB in CDB
cdb2
root seed
pdb1.xml
pdb1 pdb1Plug-In
SQL> DBMS_PDB.CHECK_PLUG_COMPATIBILITY(pdb_descr_file =>
â/stage/pdb1.xmlâ, store_report => TRUE);
SQL> CREATE PLUGGABLE DATABASE pdb1 USING '/stage/pdb1.xml'
NOCOPY;
SQL> ALTER PLUGGABLE DATABASE pdb1 OPEN READ WRITE;
18. parallel
CDB
root pdb1
Common and Local Users
pdb2
c##zoransys loc_usr1 loc_usr2
c##zoran
sys
c##zoran
sys
Common users are users
created in root container,
that have same identity
across all containers.
Local users are users
that are created and exist
in only one PDB. They
canât be created in root.
19. parallel
cdb1
root pdb1
Common and Local Users
c##zoransys
mgrc##zoran
sys
SQL> CONNECT / AS SYSDBA
Connected.
SQL> CREATE USER c##zoran
IDENTIFIED BY oracle1
CONTAINER = ALL;
User created.
SQL> CONNECT
c##zoran/oracle1@pdb1
Connected.
SQL> CREATE USER mgr
IDENTIFIED BY oracle1
CONTAINER = CURRENT;
User created.
loc_usr1
Common user created by common user:
Local user created by common user:
SQL> CONNECT
mgr/oracle1@pdb1
Connected.
SQL> CREATE USER loc_usr1
IDENTIFIED BY password;
User created.
Local user created by local user:
20. parallel
CDB
root pdb1
Common and Local Privileges
pdb2
c##zoran loc_usr1c##zoran
Common privileges are
privileges, that when
granted can be exercised
across all containers.
Local privileges are
privileges, that when
granted can be exercised
in context of a single PDB.
loc_usr2c##zoran
21. parallel
cdb1
Common and Local Privileges
SQL> CONNECT / AS SYSDBA
Connected.
SQL> GRANT SELECT ANY TABLE
TO c##zoran CONTAINER = ALL;
Grant succeeded.
SQL> CONNECT
sys/oracle1@pdb1 AS
SYSDBA
Connected.
SQL> GRANT UPDATE ANY
TABLE TO c##zoran
CONTAINER = CURRENT;
Grant succeeded.
Common privilege granted by common
user to common user:
Local privilege granted by common
user to common user:
SQL> CONNECT
mgr/oracle1@pdb1
Connected.
SQL> GRANT UPDATE ANY
TABLE TO loc_usr1;
Grant succeeded.
Local privilege granted by local user
to local user:
root pdb1
c##zoran loc_usr1c##zoran
22. parallel
Common and Local Roles
Local roles are roles created in
PDB that exist in only one
container. These roles can be
granted only locally to either
common or local users or roles.
Common roles are roles created in
root container, that exist in all
containers. These roles can have
different set of privileges in different
containers, and can be granted to
either common or local users or roles.
CDB
root pdb1 pdb2
c##role1 c##role1
loc_role1
c##role1
loc_role2
23. parallel
cdb1
Adding Privs to Common and Local Roles
SQL> CREATE ROLE c##role1
CONTAINER = ALL;
Role created.
SQL> GRANT SELECT ANY TABLE TO
c##role1 CONTAINER = ALL;
Grant succeeded.
SQL> GRANT CREATE TABLE TO
c##role1;
SQL> CREATE ROLE loc_role1
CONTAINER = CURRENT;
Role created.
SQL> GRANT UPDATE ANY TABLE TO
loc_role1;
Grant succeeded.
SQL> GRANT ALTER USER TO
c##role1;
Grant succeeded.
SQL> GRANT loc_role1 TO
c##role1 CONTAINER = CURRENT;
Grant succeeded.
SQL> GRANT c##role1 TO
loc_role2 CONTAINER = CURRENT;
Grant succeeded.
root pdb1
in root container:
in pdb1 container:
24. parallel
cdb1
Granting Common and Local Roles
SQL> GRANT c##role1 to
c##zoran CONTAINER = ALL;
Grant succeeded.
SQL> GRANT c##role2 to
c##zoran CONTAINER = CURRENT;
Grant succeeded.
SQL> GRANT c##role2 to
c##zoran CONTAINER =
CURRENT;
Grant succeeded.
SQL> GRANT loc_role to
c##zoran CONTAINER =
CURRENT;
Grant succeeded.
SQL> GRANT c##role2 to
loc_usr1 CONTAINER =
CURRENT;
Grant succeeded.
GRANT loc_role to loc_usr1
CONTAINER = CURRENT;
Grant succeeded.
root pdb1
25. parallel
SQL> connect / as sysdba
Connected.
SQL> create user c##zoran identified by oracle1 container=all;
User created.
SQL> grant create session, drop any synonym to c##zoran container=all;
Grant succeeded.
SQL> connect sys/oracle1@pdb1 as sysdba
Connected.
SQL> grant drop any table to c##zoran container=current;
Grant succeeded.
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> drop synonym customers_syn;
Synonym dropped.
SQL> drop table gldb.customers;
Table dropped.
SQL> connect c##zoran/oracle1@pdb2
Connected.
SQL> drop synonym test_syn;
Synonym dropped.
SQL> drop table test.a;
drop table test.a
*
ERROR at line 1:
ORA-00942: table or view does not exist
27. parallel
SQL> connect zoran/oracle1
Connected.
SQL> create user maja identified by oracle1;
User created.
SQL> grant create session, create procedure to maja;
Grant succeeded.
SQL> connect maja/oracle1;
Connected.
SQL> select * from session_roles;
No rows selected.
SQL> create or replace procedure evil_proc
3 authid current_user
4 as
5 pragma autonomous_transaction;
6 begin
9 execute immediate 'grant dba to majaâ;
10 end;
11 /
Procedure created.
SQL> grant execute on evil_proc to zoran;
Grant succeeded.
SQL> connect zoran/oracle1
Connected.
SQL> exec maja.evil_proc;
29. parallel
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> create user maja identified by oracle1 container=current;
User created.
SQL> grant create session, create procedure to maja container=current;
Grant succeeded.
SQL> connect maja/oracle1@pdb1;
Connected.
SQL> select * from session_roles;
No rows selected.
SQL> create or replace procedure evil_proc
3 authid current_user
4 as
5 pragma autonomous_transaction;
6 begin
9 execute immediate 'grant dba to majaâ;
10 end;
11 /
Procedure created.
SQL> grant execute on evil_proc to c##zoran;
Grant succeeded.
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> exec maja.evil_proc;
30. parallel
SQL> exec maja.evil_proc;
ERROR at line 1:
ORA-06598: insufficient INHERIT PRIVILEGES privilege
ORA-06512: at âMAJA.EVIL_PROC", line 1
ORA-06512: at line 1
SQL> grant inherit privileges on user c##zoran to maja;
Grant succeeded.
SQL> exec maja.evil_proc;
PL/SQL procedure successfully completed.
SQL> connect maja/oracle1
Connected.
SQL> select * from session_roles;
ROLE
------------------------------
DBA
SELECT_CATALOG_ROLE
...
19 rows selected.
Inherit Privileges
31. parallel
New PL/SQL Privilege Checking
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
maja
c##zoran
32. parallel
New PL/SQL Privilege Checking
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
maja
c##zoran
SQL> GRANT EXECUTE ON MAJA.EVIL_PROC TO
c##zoran;
33. parallel
New PL/SQL Privilege Checking
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
maja
c##zoran
EXECUTE
34. parallel
New PL/SQL Privilege Checking
EXECUTE
ERROR at line 1:
ORA-06598: insufficient INHERIT PRIVILEGES privilege
ORA-06512: at âmaja.evil_proc", line 1
ORA-06512: at line 1
maja
c##zoran
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
35. parallel
New PL/SQL Privilege Checking
SQL> GRANT INHERIT PRIVILEGES ON USER c##zoran TO
maja;
maja
c##zoran
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
36. parallel
New PL/SQL Privilege Checking
EXECUTE
maja
SQL> create or replace procedure evil_proc
2 authid current_user
3 as
4 pragma autonomous_transaction;
5 begin
6 execute immediate 'grant dba to majaâ;
7 end;
8 /
c##zoran
38. parallel
SQL> connect zoran/oracle1
Connected.
SQL> create user mike identified by oracle1;
User created.
SQL> create role proc_role;
Role created.
SQL> grant create session, create procedure, create table to proc_role;
Grant succeeded.
SQL> grant proc_role to mike;
Grant succeeded.
SQL> connect mike/oracle1
Connected.
SQL> create or replace procedure c_table
2 as
3 begin
4 execute immediate âcreate table test(a int)â;
5 end;
6 /
Procedure created.
SQL> exec c_table;
Code Based Access Control
39. parallel
SQL> exec c_table;
BEGIN c_table; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at âMIKE.C_TABLE", line 4
ORA-06512: at line 1
Code Based Access Control
40. parallel
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> create user mike identified by oracle1 container=current;
User created.
SQL> create role proc_role container=current;
Role created.
SQL> grant create session, create procedure, create table to proc_role;
Grant succeeded.
SQL> grant proc_role to mike;
Grant succeeded.
SQL> connect mike/oracle1@pdb1
Connected.
SQL> create or replace procedure c_table
2 as
3 begin
4 execute immediate âcreate table test(a int)â;
5 end;
6 /
Procedure created.
SQL> exec c_table;
Code Based Access Control
41. parallel
SQL> exec c_table;
BEGIN c_table; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at âMIKE.C_TABLE", line 4
ORA-06512: at line 1
SQL> grant proc_role to procedure c_table;
Grant succeeded.
SQL> exec c_table;
PL/SQL procedure successfully completed.
SQL> desc test
Name Null? Type
----------------- -------- ------------
A NUMBER(38)
Code Based Access Control
42. parallel
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> create or replace procedure test
2 authid current_user
3 as
4 begin
5 execute immediate âcreate table tjohn(z int)â;
6 end;
7 /
Procedure created.
SQL> create user john identified by oracle1 container=current;
User created.
SQL> grant create session to john;
Grant succeeded.
SQL> create role test_role container=current;
Role created.
SQL> grant create table to test_role;
Grant succeeded.
SQL> grant test_role to procedure test;
Grant succeeded.
SQL> grant execute on test to john;
Grant succeeded.
Code Based Access Control
43. parallel
SQL> connect john/oracle1@pdb1
Connected.
SQL> exec c##zoran.test;
PL/SQL procedure successfully completed.
SQL> desc tjohn
Name Null? Type
----------------- -------- ------------
Z NUMBER(38)
Code Based Access Control
45. parallel
Data Redaction - Full
DBMS_REDACT.ADD_POLICY
(object_schema => âGLDBâ,
object_name => âCUSTOMERSâ,
policy_name => âCCN_POLICY',
column_name => âCREDIT_CARD',
function_type => DBMS_REDACT.FULL,
expression => â7=7');
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
CUSTOMERS
NAME CREDIT_CARD
tom 0
mike 0
john 0
SQL> SELECT * FROM CUSTOMERS;
46. parallel
Data Redaction - Partial
DBMS_REDACT.ADD_POLICY
(object_schema => âGLDBâ,
object_name => âCUSTOMERSâ,
policy_name => âCCN_POLICY',
column_name => âCREDIT_CARD',
function_type => DBMS_REDACT.PARTIAL,
function_parameters => 'VVVVVVVVVVVVVVVV,
VVVV-VVVV-VVVV-VVVV, #,1,12â
expression => â7=7');
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
CUSTOMERS
SQL> SELECT * FROM CUSTOMERS;
NAME CREDIT_CARD
tom ####-####-####-9132
mike ####-####-####-5691
john ####-####-####-5806
47. parallel
Data Redaction - Exemptions
DBMS_REDACT.ADD_POLICY
(object_schema => âGLDBâ,
object_name => âCUSTOMERSâ,
policy_name => âCCN_POLICY',
column_name => âCREDIT_CARD',
function_type =>
DBMS_REDACT.FULL,
expression => â7=7');
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
CUSTOMERS
RMAN> BACKUP TABLESPACE gltbs;
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
48. parallel
Data Redaction - Exemptions
DBMS_REDACT.ADD_POLICY
(object_schema => âGLDBâ,
object_name => âCUSTOMERSâ,
policy_name => âCCN_POLICY',
column_name => âCREDIT_CARD',
function_type => DBMS_REDACT.FULL,
expression => â7=7');
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
CUSTOMERS
NAME CREDIT_CARD
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
SQL> SELECT * FROM CUSTOMERS;
User with EXEMPT REDUCTION POLICY
49. parallel
SQL> connect c##zoran/oracle1@pdb1
Connected.
SQL> BEGIN
2 DBMS_REDACT.ADD_POLICY (object_schema => âGLDBâ,
3 object_name => âCUSTOMERSâ,
4 policy_name => âCCN_POLICY',
5 column_name => âCREDIT_CARD',
6 function_type => DBMS_REDACT.PARTIAL,
7 function_parameters => 'VVVVVVVVVVVVVVVV, VVVV-VVVV-VVVV-VVVV,
#,1,12â
8 expression => â7=7');
9 END;
10 /
PL/SQL procedure successfully completed.
SQL> select * from gldb.customers;
NAME CREDIT_CARD
---------------- --------------------
tom 3455647456589132
mike 3734982321225691
john 3472586894975806
SQL> grant select on gldb.customers to maja;
Grant succeeded.
Data Redaction - Example
50. parallel
SQL> connect maja/oracle1@pdb1
Connected.
SQL> select * from gldb.customers;
NAME CREDIT_CARD
---------------- --------------------
tom ####-####-####-9132
mike ####-####-####-5691
john ####-####-####-5806
SQL> select * from gldb.customers where credit_card like â3472%â;
NAME CREDIT_CARD
---------------- --------------------
john ####-####-####-5806
Data Redaction - Example
51. parallel
None
⢠Reduction is
NOT
applied
Full
⢠Columns
are
redacted to
constant
values
depending
on column
data type
Partial
⢠User-
specified
positions
are replaced
by a user-
specified
character
Regular
Expression
⢠Pattern for
matching
and
replacing is
defined and
used for
reduction
Random
⢠Preserves
data types
⢠Randomizes
output
Available Reduction Types
53. parallel
New Administrative Privileges
PRIVILEGE USERNAME DUTIES
SYSBACKUP SYSBACKUP
Backup and
recovery
operations in
RMAN and SQL.
SYSDG SYSDG
Managing Data
Guard with Data
Guard Broker.
SYSKM SYSKM
Managing keys for
TDE.
Password file
format_12c
54. parallel
New SYSBACKUP Privilege
SQL> connect / as SYSBACKUP
Connected.
SQL> show user
USER is "SYSBACKUP"
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
SYSBACKUP
SELECT ANY TRANSACTION
SELECT ANY DICTIONARY
RESUMABLE
CREATE ANY DIRECTORY
ALTER DATABASE
AUDIT ANY
CREATE ANY CLUSTER
CREATE ANY TABLE
UNLIMITED TABLESPACE
DROP TABLESPACE
ALTER TABLESPACE
ALTER SESSION
ALTER SYSTEM
14 rows selected.
SQL>
55. parallel
New SYSBACKUP Privilege
$ rman target ââzoran/passwd@orcldb AS SYSBACKUP"â
Recovery Manager: Release 12.1.0.1.0 - Beta on Tue
May 07 17:41:37 2013
Copyright (c) 1982, 2012, Oracle and/or its
affiliates. All rights reserved. connected to
target database: ORCLDB (DBID=1625181741)
RMAN> select user from dual;
using target database control file instead of
recovery catalog
USER
------------------------------
SYSBACKUP
RMAN>
SQL> connect / as SYSBACKUP
Connected.
SQL> SELECT TABLE_NAME FROM DBA_TABLES
2 WHERE OWNER = âGLDBâ;
TABLE_NAME
----------------------------------------
CUSTOMERS
ORDERS
SQL> SELECT * FROM GLDB.CUSTOMERS;
SELECT * FROM GLDB.CUSTOMERS
*
ERROR at line 1:
ORA-01031: insufficient privileges
56. parallel
New SYSDG Privilege
SQL> connect / as SYSDG
Connected.
SQL> show user
USER is âSYSDG"
SQL> select * from session_privs;
PRIVILEGE
---------------------------------------
-
SYSDG
ALTER SYSTEM
ALTER SESSION
ALTER DATABASE
SELECT ANY DICTIONARY
5 rows selected.
SQL>
57. parallel
New SYSKM Privilege
SQL> connect / as SYSKM
Connected.
SQL> show user
USER is âSYSKM"
SQL> select * from session_privs;
PRIVILEGE
----------------------------------------
SYSKM
ADMINISTER KEY MANAGEMENT
2 rows selected.
SQL>
59. parallel
Invisible columns
SQL> create table t(a int);
Table created.
SQL> desc t
Name Null? Type
----------------- -------- ------------
A NUMBER(38)
SQL> insert into t(a) values(1);
1 rows inserted.
SQL> alter table add(b int invisible);
Table altered.
SQL> desc t
Name Null? Type
----------------- -------- ------------
A NUMBER(38)
SQL> select * from t;
A
------------
1
60. parallel
SQL> insert into t(a,b) values(3,5);
1 rows inserted.
SQL> select a,b from t;
A B
------------ -------------
1
3 5
SQL> alter table t modify(b visible);
Table altered.
SQL> desc t
Name Null? Type
----------------- -------- ------------
A NUMBER(38)
B NUMBER(38)
Invisible columns