Oracle DBA Ppt

September 28, 2017 | Author: api-3702030 | Category: Oracle Database, Cache (Computing), Database Transaction, Databases, Pl/Sql
Share Embed Donate


Short Description

Download Oracle DBA Ppt...

Description

Oracle Database Administration I Lesson 1 Oracle Server Architecture

Overview u

Set of data to store and access information

u

Based on a relational model of rows and columns stored in tables

u

Also Object-oriented (OO) structures

u

Contains these components:

n

Abstract datatypes and methods

n

Physical

n

Memory

n

Process

2

Oracle’s Overall Role u

Retrieve data

u

File I/O

u

Space Management

u

Change Management

u

Access Management

3

Oracle Database Administration I 1

Database Structure u

Data file(s)

u

Control file(s)

u

Redo logs

u

Init.ora (spfile.ora – 9i)

u

Trace

u

Alert log

u

Password

4

Instance Structure u

Memory structures are allocated n

n

Collectively known as System Global Area. 95% defined by data block buffer cache, Shared SQL Pool, Large Pool and Java Pool.

u

Oracle background processes are started.

u

Single database accessible by multiple instances – RAC (Real Application Cluster) a.k.a. parallel server

5

Instance Defined u

Defined by initialization parameter(s) that determine the size and composition

u

Can be dynamically altered

u

initSID.ora (ascii file)

u

spfileSID.ora (binary file)

u

configSID.ora (usually only used to create a database – not widely used)

6

Oracle Database Administration I 2

Oracle Instance u

Composed of: n

SGA (System Global Area)

n

PGA (Program Global Area)

n

Oracle BACKGROUND processes

7

System Global Area (SGA) u

u u

Shared memory region allocated by Oracle for an Oracle database Allocated when the Oracle database is started The SGA should be in non-paged, non-swapped memory

8

SGA Composition u

Buffer cache

u

Shared SQL Pool

u

Large pool (optional)

u

Java pool

u

Redo log buffer

u

Dictionary cache

u

Other miscellaneous items

9

Oracle Database Administration I 3

PGA Composition u

u

Non-shared memory area to which a process (server or background) can write Allocated by Oracle when a user connects to an Oracle database and a session is created

10

Oracle Instance u

Required Background Processes: n

DBWn

n

LGWR

n

SMON

n

PMON

n

CKPT (9i)

11

Oracle Instance u

Optional Background Processes: (not all inclusive) n

ARCn

n

CKPT (prior to 9i)

n

RECO

n

Lock (LCK0)

n

Job Queue (SNPn)

n

Queue Monitor (QMNn)

n

Dispatcher (Dnnn)

n

Server (Snnn – for dedicated MTS servers)

12

Oracle Database Administration I 4

Oracle Instance More Details

SGA u

Buffer Cache

u

Redo Log BUFFER

u

Shared SQL Pool

u

Dynamic (as of Oracle 9i)

14

Dynamic SGA u

Defined in Granules n

SGA < 128mb

4mb size

n

SGA > 128mb

16mb size

u

Can be modified on the fly (9i)

u

Establish an overall maximum

u

Initially allocated – 4 for small, 3 for large (fixed SGA, buffer cache, Shared pool)

15

Oracle Database Administration I 5

Data Buffer Cache Structure u

Can be defined in two ways: n

By block db_block_buffers

n

By byte

db_cache_size

u

Was divided into blocks the same size as the blocks in the datafiles

u

As of 9i, multiple buffer cache introduced (depends on block size of each tablespace)

u

Size and number defined in the initialization Parameter File

u

Holds copies of data blocks read from disk

16

Data Buffer Cache Contents u

Stores the most recently accessed BLOCKS OF DATA Contains PINNED buffers

u

Contains DIRTY buffers

u

FREE buffers

u

Two lists, write and LRU

u

n

n

Data being accessed Data that has been MODIFIED, but not written to disk

17

REDO Log Buffers u

Stores the REDO ENTRIES (changes to the database)

u

Default is four times the OS block size

u

Larger reduces log I/O and uncommented redo to online redo logs

u

Changed data is moved from the database buffer cache to the redo log buffer then to the redo log files

18

Oracle Database Administration I 6

Shared Pool u

Can be dynamically modified (9i)

u

Must be an integer multiple of the granule size

u

Managed by LRU algorithm

u

Contains:

u

Oracle will round up if not

n

Library Cache

n

Data Dictionary Cache

n

Control structures

n

Reusable Runtime Memory

19

Shared Pool

20

Shared Pool u

Library Cache n

n

SHARED by all users for commonly used SQL statements Shared and Private SQL areas for executed statements

n

PL/SQL Procedures and Packages

n

Allocation and Reuse of Memory

21

Oracle Database Administration I 7

Library Cache u

u

Shared SQL n

PARSE TREES for SQL statements

n

EXECUTION plans for SQL statements

n

Size dependent on complexity

Private SQL n

Each session has one

n

Persistent and Runtime areas

n

Cursors

22

Library Cache u

PL/SQL Program Units n

u

Procedures, functions, Packages, anonymous blocks and database triggers

Allocation and Reuse of Memory n

Every SQL statement submitted, Oracle automatically allocates memory u

Checks for existence

u

Allocate private SQL area

u

May flush the shared pool

23

PGA

24

Oracle Database Administration I 8

PGA u

Varies depending if dedicated or Shared servers (MTS) are used

u

Stack space

u

Session information (PGA verses Shared Pool)

u

Memory allocated to hold a session’s variables and arrays

u

Automatically managed in 9i with the SQL memory management

25

Questions u

What is the name of Oracle’s memory structure?

u

What are its contents?

u

How is it divided?

u

If I have 150 mb SGA, why does Oracle change the size?

u

Can you vary sizes of Oracle blocks? n

If so, how?

26

Oracle Database u

Composed of two structures: n

Physical (Operating System view)

n

Logical (Oracle’s view)

27

Oracle Database Administration I 9

Physical View Files

Physical Structure u

Made up of: n

Data files

n

Redo Log Files – two or more with members

n

One or more Control Files

n

One Parameter File

n

Trace and alert log files

n

One Password file

29

Datafile u

Disk space for a tablespace

u

One or more per tablespace

u

Associated with only one tablespace

u

Consists of segments: n

UNDO, Temporary, Data, index, undo, LOB and cache (for the most part)

30

Oracle Database Administration I 10

Redo Log Files u

Characteristics n

Record changes made to the data by various transactions

n

Help RECOVER the data in case of a failure

n

Streamline the process of how data is written to disk

31

Control Files u

u u

Record of the overall architecture and status of the database Easily moved and recovered Contain the following: n n n

Database NAME Datafiles NAMES and LOCATIONS Redo log file NAMES, Log sequence number and LOCATIONS

32

Parameter File u

Attributes of an instance are defined through an Oracle Parameter File

u

Determines the size and characteristics of the instance

u

Stored in an ASCII file or housed with the database in a binary file

33

Oracle Database Administration I 11

Parameter File u

u

u

The only Oracle file that is ASCII All other files are binary and not directly changeable by the DBA Read-only when the instance starts n

Most changes require a stop and restart of the instance

34

Trace and Alert Logs u

u

Trace files contain information about significant events Alert log records the commands and results of major events in the life of the database n

Monitor daily

n

Rename for historical purposes

35

Logical View Structures

Oracle Database Administration I 12

Logical View Structures u

Tablespace(s)

u

Schema objects

u

Segments

u

Extents

u

Data blocks

37

Tablespace(s) u

Logically divides a database

u

One or more datafiles are explicity created for each one

u

Logically divided into segments that are further divided into extents and blocks

u

Can be defined as read-only

u

A unit of space to store a schema’s objects

38

Object(s) u

Schema(s)

u

Object(s)

n

n

A collection of objects owned by one Oracle user Tables, indexes, views, sequences, stored procedures, functions, packages, UNDO segments

39

Oracle Database Administration I 13

Extents and Blocks u u u u

A collection of the smallest object in a database An extent can be of a varying size Extents MUST be contiguous Blocks are the finest collection of space in an Oracle database

40

Questions u

What are the physical files of a database system?

u

What are the logical entities of a database?

u

What is the smallest structure?

u

Which structure MUST be contiguous?

u

Which structure will tell you event information?

41

Background Processes Review

Oracle Database Administration I 14

Background Processes n

n

n

Every instance has BACKGROUND PROCESSES BACKGROUND PROCESSES perform I/O, handle process cleanup and monitor the ORACLE database Provide support, increase performance, assist in recovery and make the database more reliable

43

Background Processes u

DBW0 (DBWn)

u

LGWR

u

PMON

u

SMON

u

CKPT

u

ARCn

44

Database Buffer u

After the changed data (redo entries) are written to the online redo log files, the changed data will be written to disk

u

These changed data are called ‘dirty’

u

Dirty data are moved to the ‘write’ list

u

Dirty data can be on the ‘write’ list and on the LRU list

45

Oracle Database Administration I 15

DBWn u

u

At some time after the redo entries have been written into the online redo logs, the database writer (DBWn) writes the dirty buffer back to the database This is called ‘delayed write’ and is based on initialization parameters

46

DBWn (Database Writer) u

Can have one or more running n

n

u

Only available on systems with Asynch I/O Can use I/O slaves to duplicate the above on systems without it

Performs all WRITES to the database n

Keeps the BUFFER CACHE clean and free

47

When does the DBWR write? u

The dirty list reaches a threshold length

u

A DBWR timeout

u

LGWR issues a checkpoint

48

Oracle Database Administration I 16

LGWR (Log Writer) u

u

u

Writes the REDO log entries (located in the REDO LOG BUFFER) to the REDO LOG files Only the changed data, not the entire Oracle block(s) is written to the redo logs Issues checkpoints

49

Online Redo Log Files u

u

u

The online redo log files hold the ‘redo entries’ Only the changed bytes are written to the online redo log file The entire data block is not written to these logs

50

Online Redo Log Files u

u u

There is a fixed number of online redo log file groups Defined at database creation time Can add or drop groups or members (discussed later)

51

Oracle Database Administration I 17

Online Redo Log Files u

Redo log file groups cycle

u

If there are three redo log file groups: n

n

n

When the first group is full, LGWR starts writing to the second group When the second group is full, LGWR writes to the third group When the third group is full, LGWR writes to the first group

52

LGWR (Log Writer) u

What causes the LGWR to clear the REDO LOG BUFFER and transfer the transactions to disk? n

When a user process COMMITS a TRANSACTION

n

TIME-OUT (caused every three seconds)

n

When the redo log buffer becomes 1/3 FULL

n

When the DBWR writes the dirty buffers to disk

53

LGWR (Log Writer) u

LGWR can be bypassed n

n

n

Use the UNRECOVERABLE ‘key word’ This is to be used very carefully. No redo entries will ever exist after this point Best used for temporary object creation

54

Oracle Database Administration I 18

PMON u

Cleans up after failed server processes by releasing system resources

u

FREEs resource locks

u

Rolls back aborted processes

u

Restarts dispatchers and shared-server processes

55

SMON u

INSTANCE RECOVERY performed at startup

u

CLEANS up temp segment(s) no longer in use

u

Can coalesce fragmented tablespaces

56

CKPT u

Updates the header record of the data files with a SCN (System Change Number)

u

This SCN is used for synchronization of all files

u

Does this on behalf of the LGWR

u

Can be a source of I/O contention with the LGWR

57

Oracle Database Administration I 19

Archive Mode u

u

u

Saves the online redo log files as archived redo log files A database in archive log mode can be restored to the last committed transaction Production databases are run in archive log mode

58

ARCn u

Copies the REDO logs to the ARCHIVE storage when the REDO logs become filled n

n

Process was optional before 9i, but now is automatically started when archivelog mode is set. Must be turned on

59

ARCn u

u

u

ARCn copies a filled online redo log file to an archived redo log file ARCn gives each archived redo log file a unique name ARCn must be finished copying the online redo log before it is overwritten

60

Oracle Database Administration I 20

Process Questions u

u

u

Which process can cause the DBWR to write to disk? Which process can coalesce the free space in a tablespace? Which process ‘wakes up’ to take care of shared servers?

61

How does this all fit together?

Instance and Database u

The instance is started

u

The instance mounts the database

u

The database opens n

Users may now use the database

63

Oracle Database Administration I 21

User Process u

In network access mode (web or client/server), a user process utilizes the Transparent Network Substrate (TNS) that allow the client applications (i.e., ORACLE tools) to communicate with the server processes

u

Initiates a session on the PC that connects to a dedicated server process

64

Session u

u

The activity of a user from the time the user connects to the database to the time the user disconnects from the database Can execute multiple transactions

65

User Starts Transaction u

A user application on the PC talks to SQL*Net

u

SQL*Net talks to the user server process

u

The server process ‘parses’ the SQL statement and validates it

66

Oracle Database Administration I 22

A Transaction is Started u

A logical unit of work n

u

One or more SQL statements that must all be saved (committed) or discarded (rolled back) as a group

Begins with the first executable SQL statement

67

A Transaction is Started u

u

Ends with a COMMIT or ROLLBACK SQL statement n

Explicitly with a COMMIT or ROLLBACK

n

Implicitly when a DDL statement is issued

The EXIT statement will do a commit by default

68

Dedicated Server •

Assume for now that we have a Dedicated Server Architecture (Multi Threaded Server, MTS will be discussed later) n

Each user has one server process

n

Each server process works for only one user

n

Session information is stored in the PGA

69

Oracle Database Administration I 23

Dedicated Server u

The user process on the PC communicates to the server through Oracle’s SQL*NET

u

A network listener process is created

u

A dedicated server process is created

70

Server Process u

An OS process that works on behalf of the user

u

Reads the data from disk into the buffer cache

u

Communicates with the database for the user n

User processes do not connect directly to the database

71

What does the server process do?

Oracle Database Administration I 24

SGA Activity u

u

The server process reads data from the database datafiles and stores it into the data buffer cache The user SQL statement changes the data in the data buffer cache

73

PGA (Program Global Area) u

An area in memory that contains data and controls information for a single user n

n

Memory is ALLOCATED when a user process connects to the database Extra memory is allocated for session management if in dedicated server mode

74

PGA (Program Global Area) u

What does the PGA hold? n

Variables

n

Arrays

n

Other User information for a particular user

75

Oracle Database Administration I 25

Physical and Logical reads u u

u

Physical reads get data from the datafiles Logical reads get data from memory (The SGA data buffer cache) All managed by the server process(es)

76

The SQL Statement u

u

The server process receives the SQL statement. Processed either by: n

If an identical SQL statement is found in the shared pool, it uses it

n

If not found in the shared pool, a new shared SQL area is allocated

There are three phases to a SQL statement: n

PARSE, EXECUTE and FETCH

77

PARSE u

CHECKS the statement for syntactic and semantic validity

u

Ensures the processes issuing the command has the RIGHTS to execute the command

u

ALLOCATES a private SQL area for the statement ( PGA )

u

SCANS existing SQL area for matching statement

n

Data Dictionary

78

Oracle Database Administration I 26

PARSE TREE u

Method Oracle uses to find the specific data in the database n

Two Types u

Cost Optimization

u

Rule Optimization n

Banner uses rule

79

EXECUTE u

Will only execute if the PARSE is successful

u

APPLIES the PARSE TREE to the data

u

PERFORM physical and logical reads

80

EXECUTE u

CHANGES data where necessary

u

Performs constraint CHECKING

u

FETCH RETURNS rows of data for a SELECT statement

81

Oracle Database Administration I 27

UNDO Segments u

The data before it was changed is written to the UNDO segments n

u

These segments are in a tablespace

If the user rolls back the data, the UNDO segments are used to restore the old data

82

Redo Log Buffer u u

u

The changed data is placed in the redo log buffer If the data is committed, the LGWR writes the changed data to the online redo log files The commit is completed after the data is written to the redo log

83

SGA Review Buffer Cache Shared Pool Redo Log Buffer

Oracle Database Administration I 28

Buffer Cache u

Consists of buffers the size of the data blocks (only option prior to 9i) or in bytes

u

Two purposes:

u

n

To improve performance for repeated statements usage

n

To allow users to make changes quickly in memory

Contains two lists: n

LRU

n

WRITE

85

LRU (Least Recently Used) u

Data retained in SGA is by time order n

Newest to oldest information

n

Longer it sits, older it becomes

n

When new space is needed or a CKPT (checkpoint) has occurred: u

DIRTY buffers are written to disk and removed from memory

u

Oldest data in the SGA can be written over

86

Parts of the Buffer lists u

FREE

u

DIRTY

n

n

u

Empty section of memory ready for data

Section of memory that CONTAINS data that has been modified, but not yet written to disk

PINNED n

Data that is currently in use and has been locked

87

Oracle Database Administration I 29

Redo Log Buffer u

Written to when a user modifies data

u

The server process moves the changed data from user memory to this buffer

u

Contains only the redo entries

u

LGWR writes the redo entries to the online redo log file

88

Shared Pool u

u

Has two mandatory structures: n

Library Cache

n

Dictionary Cache

One optional structure n

Large Pool

89

Mandatory Contents u

Data Dictionary cache (also called row cache) n

u

Dictionary row information recently accessed

Library cache n

Parsed statements

n

Execution plans

90

Oracle Database Administration I 30

Read Consistency How Oracle maintains a ‘Consistent’ view of the data for each transaction

UNDO Segments u

Main purpose n

Read consistency

n

Transaction rollback u

User initiated ROLLBACK

u

Abnormal termination

u

Abnormal database termination

92

UNDO Segments u

Contains n

Block Information

n

File names and block ID

n

Data as it existed before a transaction

n

Transaction numbers

93

Oracle Database Administration I 31

UNDO (Rollback) Segments u

u

u

Stores the data before it was changed by a transaction If the user cancels a transaction (rolls back the data), the UNDO segments are used to restore the old data Discussed in a later section

94

UNDO Segments u

Record the transaction that occurred on the data n

Should an error occur during a modification of data, the record retained by the UNDO SEGMENT will restore the data prior to the modification attempt

95

Read Consistency u

u

Ensures data seen by a statement is consistent with respect to a point-in-time Even data changed by another transaction is not seen during the transaction

96

Oracle Database Administration I 32

Read Consistency u

Basic principles n

Readers can not lock data blocks

n

Readers can not block other readers

n

Readers can not block writers

n

Writers can not block readers

n

Writers can block writers

97

COMMIT u

When a statement is executed and saved

u

Can be explicitly or implicitly commited

u

Ends the current transaction

u

Generates a System Change Number (SCN)

98

COMMIT u

What happens when a COMMIT is made? n

n

n

Modification becomes PERMANENT A copy of the transaction is placed in the REDO BUFFER Redo buffer is FLUSHED to the REDO LOGS

99

Oracle Database Administration I 33

COMMIT u

When a COMMIT is made: n

User is NOTIFIED

n

Resource locks are RELEASED

n

DBW0 may WRITE the data back to the database file u

Note: Issuing a COMMIT does not guarantee that a transaction has been written back to the DATAFILE

100

Redo Log Files u

When a REDO BUFFER is flushed, its information is stored in the REDO LOG FILES n

n

Hold records of all transactions that have been applied to the database With these entries, a database can be reconstructed during a database crash

101

Redo Log Files u

REDO LOG FILES n n

n

REDO LOG FILES are circular When a transaction is COMMITTED (data modified), the LGWR transfers the statement from the REDO LOG BUFFER to the REDO LOG FILES A SCN (System Change Number) is also associated to each COMMITTED transaction that is written to a REDO LOG FILE

102

Oracle Database Administration I 34

Redo Log Files u

When a REDO LOG FILE becomes full, the LGWR moves to the next file n

n

If there are no new REDO LOG FILES, the old files are reused If these other files were not archived, all data before this point can no longer be recovered

103

Archiving Redo Logs u

If ARCHIVELOG is ENABLED, redo log files can be stored

u

Archiving can be duplexed

u

Standby databases can use these same archives

104

Checkpoint Variables in Parameter File u

LOG_CHECKPOINT_INTERVAL (will be obsoleted in 10i) n

Number of filled REDO LOG FILE blocks written between consecutive CHECKPOINTS (OS-dependent) u

u

LOG_CHECKPOINT_TIMEOUT n

u

NOTE: Do not make this value larger than the REDO LOG FILE. If it is larger, the CKPT only occurs when switching logs

Maximum amount of time before another CHECKPOINT occurs (default 900 sec)

LOG_CHECKPOINT_TO_ALERT n

Puts the checkpoint information in the alert_SID.ora file.

105

Oracle Database Administration I 35

SWITCHING LOG FILES u

Occur in Two ways n

n

Filled REDO LOG Forced by DBA with the ALTER SYSTEM SWITCH LOGFILE command

106

Multiplexing Redo Log Files u

Increase the security of the Oracle database n

n

n

Groups must contain identical sets of logfiles (names should be different) Place on different disks to help increase the REDO LOG files chances of survival should there be a computer failure When the REDO buffers are flushed to the REDO LOG files, the information to be stored is mirrored to a log file in both groups

107

Multiplexing Redo Log Files

1,3,5,.. A_LOG1

LGWR

B_LOG1 B_LOG2

A_LOG2 2,4,6,..

Group 1 Group 2

108

Oracle Database Administration I 36

CONTROL FILE u

A binary file that is necessary for the database to run n

Should remain read/write to the database

n

File is constantly updated u

NOTE: It is an excellent idea to have backup copies of this file, in case something should happen to it

109

CONTROL FILE u

Contains n

DATABASE NAME

n

TIMESTAMP of database creation

n

TIMESTAMP of last access

n

NAMES and LOCATIONS of databases and redo log files

n

Current LOG SEQUENCE number

110

TRANSACTION u

Logical unit of work n

One or more SQL statements executed by a single user

111

Oracle Database Administration I 37

TRANSACTION u

u

A TRANSACTION starts when a user executes a SQL statement The TRANSACTION ends when: n

SQL statement is COMMITTED

n

A user ends the session unexpectedly

n

A user EXITS the database

112

TRANSACTION u

The TRANSACTION is aborted when: n

A ROLLBACK occurs

n

User TERMINATES

n

ABNORMAL user exit

n

Processor FAILURE

n

Media FAILURE

113

Parameter File u

initSID.ora

u

configSID.ora

114

Oracle Database Administration I 38

Data Buffer Cache Parameters u

u

DB_CACHE_SIZE (9i) u

Number of blocks in the data block buffer cache (3000 to 10,000)

u

Can have five different block sizes

u

DB_#K_CACHE_SIZE

u

Cannot exceed the MAX_SGA_SIZE

DB_BLOCK_SIZE (bytes) u

Specifies the size of a Oracle block

u

Cannot be changed except by rebuilding the database/tablespace (2k, 4k or 8k)

115

Log Buffer Parameters u

log_buffer (bytes) n

Default value is: u

256k

116

Shared Pool Parameter u

Shared_pool_size (bytes) n

75,000,000 is minimum for Banner

n

250,000,000 or more for production is suggested

117

Oracle Database Administration I 39

Archiving Parameters u

log_archive_start (true / false) n

u

log_archive_dest (directory path) n

u

Starts automatic archiving

The disk location of the archived redo log files

log_archive_format (format of the name of the archive redo log files)

118

Archiving Parameters u

Standby_archive_dest

u

Log_archive_dest_n

u

n

As of 9i can be up to 10 locations

n

(SERVICE=tns_service | LOCATION= local location)

n

MANDATORY | OPTIONAL

Log_archive_dest_state_n n

Used for managing the 1-10 archive destinations

119

Archiving Parameters u

Log_archive_duplex_dest

u

Log_archive_min_succeed_dest n

V$archive_dest

n

V$archive

n

V$logs

120

Oracle Database Administration I 40

Checkpoint Parameter u

Checkpoints should be avoided in an OLTP system like Banner

u

Larger redo log files will reduce checkpoints

u

Longer checkpoint intervals, larger redo gaps

u

Parameters

n

‘How much are you willing to lose?’

n

log_checkpoint_interval (blocks)

n

log_checkpoint_timeout (seconds) u

0 value will turn it off

121

CKPT Background Process u

Background Process that helps LGWR at log switch

u

This process updates the data file header files

u

CKPT_PROCESS = TRUE n

n

n

Used only in Oracle systems prior to 9i In 9i, remove this parameter from any init.ora. It will cause an error. Automatically started in 9i

122

Other Banner Parameters u u

dml_locks (1500 to 2000) processes (number of user plus oracle background processes)

u

open_cursors = 1024 (2048 is better)

u

optimizer_mode = rule (Banner requirement)

123

Oracle Database Administration I 41

More to life than a DEDICATED server

Server Configurations u

Three types n

DEDICATED server

n

MULTITHREAD server

n

COMBINED user/server process

125

DEDICATED server u

Two tasks n

n

n

USER process and SERVER process If the two processes are on the same machine, the program interface is handled by the LOCAL MACHINE'S I/O If the two processes are on different machines, the program interface is handled by a COMMUNICATION MECHANISM (SQL*Net/Net80)

126

Oracle Database Administration I 42

DEDICATED server

127

MULTITHREADED server u

Allows many user processes to share a server process n

This allows the system resources to be freed, but can cause decreased response time for heavy users

128

MULTITHREADED Server Application Code

Client Workstation Database Server

Dispatcher Processes

Oracle Server Code

System Global Area Request queue

Response Queues

129

Oracle Database Administration I 43

DISPATCHER u

The USER process connects to a DISPATCHER n

n

n

The DISPATCHER routes the USER request to the Request Queue The SERVER process checks the queue for new requests (FIFO) The SERVER process then places the response on the calling dispatcher's response queue, and then back to the application

130

Parameter Settings - MTS u

Mts_servers = n

u

Mts_max_servers = n

u

Mts_dispatchers =

“(protocol=ipc/tcp) (dispatchers=N)” u

Mts_max_dispatchers = n

131

Summary u

Oracle database

u

Oracle Instance

n

n

n

Data, redo log, control, trace, alert log and parameter files

The set of background processes which access data, log, and control files. An Oracle Instance is defined by one or more Parameter Files that is read at startup time

132

Oracle Database Administration I 44

Oracle INSTANCE u

Processes that control n

DATAFILES

n

REDO LOG FILES

n

CONTROL FILES

133

Physical structure u

One or more DATA files that contain data

u

Two or more REDO files

u

One or more CONTROL files

u

One or more Parameter Files

134

DATAFILE u

How is a DATAFILE used? n

Data is read into stored memory cache

n

Can manipulate, view, or change the data

n

After you complete the transaction, the data is written back to the DATAFILE

135

Oracle Database Administration I 45

REDO log files u

When do they help? n

n n

When a system failure has prevented Oracle from updating DATA Allows the transaction to be recalled Prevents existing data from becoming corrupted through an incomplete transaction by restoring the original information

136

CONTROL FILES u

Why does Oracle need them? n

n

n

When an Oracle database is started, the CONTROL file that is listed first in the parameter file is read Identifies the database Opens the redo logs to allow the database to function

137

SETTING BUFFERS u

Parameter File

u

Data buffers n

DB_CACHE_SIZE u

u

Cannot be used with db_block_buffers

Redo log n

LOG_BUFFER

138

Oracle Database Administration I 46

PGA (Program Global Area) u

MULTITHREADED PGA n

u

The SGA is responsible for allocating the memory to the user sessions

DEDICATED PGA n

PGA allocates the memory to the user sessions as needed

139

BACKGROUND PROCESSES u

DBWn (Database Writer)

u

PMON (Process Monitor)

u

LGWR (Log Writer)

u

ARCn (Archiver)

u

CKPT (Check Point)

u

RECO (Recover)

u

SMON (System Monitor)

u

Dnnn (Dispatcher)

u

S### (Server)

u

LCKn (Lock)

140

RECO u

Resolves in-doubt transactions in distributed database systems

141

Oracle Database Administration I 47

Dnnn u

Used for MULTITHREADED server n

n

An optional feature The Dispatcher is used to TRANSLATE communications from one protocol to another

142

LCKn u

Used with the PARALLEL (RAC – 9i) server option n

It instantly LOCKS data to prevent data corruption caused by simultaneous access of data by different processes

143

CKPT u

Primary goal n

Make sure all modified data buffers get written to files

n

FORCES DBWR to clean the BUFFER CACHE

n

CAUSES the switching of REDO LOG FILES

n

FLUSHES the REDO LOG BUFFER to disk

144

Oracle Database Administration I 48

CKPT u

PROBLEMS n

n

u

The CKPT processes will put more overhead on the server May cause a considerable slowdown

Parameter File n

In 9i, the CKPT process is predefined and started.

n

In earlier version, to activate CKPT: u

CHECKPOINT_PROCESS=TRUE

145

Oracle Database Administration I Lesson 2 Starting and Stopping an Oracle Instance

Starting and Stopping an Oracle Database u

Agenda n

n

n

Application(s) used in starting a database Required environment settings to startup a database Various levels of a database startup and shutdown

147

Oracle Database Administration I 49

Starting an Oracle Database u

u

After the installation of Oracle, the DBA configures, creates and starts a database for user access Before you can create a database, you must start an application to begin

148

Packages to Use for Startup u

SQLPLUS

u

Use a database management tool (Enterprise Manager, TOAD)

u

Scripts

u

Oracle Universal Installer

u

RMAN (Recovery Manager – not discussed in this course)

149

SQLPLUS u

The replacement for Server Manager (svrmgrl) starting with release 8.1.5

u

With Password file n

Sqlplus /nolog n

n

u

Then issue connect / as sysdba (9i) Connect internal as sysdba (8i – to be desupported after 9i)

Without password file n

Sqlplus “/ as sysdba”

150

Oracle Database Administration I 50

Database Management tools u

Oracle Enterprise Manager (OEM) n

Has become more sophisticated

n

Comes with the Enterprise Edition

n

Use the Instance Manager as INTERNAL or AS SYSDBA

u

TOAD

u

Many other types

n

Downloadable version - minimal

151

Starting an Oracle Database u

Scripts n

Unix: csh, sh, perl

n

VMS: dcl, perl

n

NT: perl u

All require several environment variables to be set prior to running any Oracle application

152

Environment Variable - UNIX u

$ORACLE_HOME

u

$ORACLE_SID

u

u

Set to the directory that Oracle is installed under

Set to the name of the database the DBA wants to startup/shutdown

u

$LD_LIBRARY_PATH

u

(optional) $PATH

u

u

Set to $ORACLE_HOME/lib

Should include $ORACLE_HOME/bin

153

Oracle Database Administration I 51

Setting Environment - UNIX u

Executing the script oraenv, typically located in /usr/local/bin, automatically sets all environment variables

u

Or manually at the command prompt n

Examples

u

n

ORACLE_HOME = /u01/app/oracle/9.0.1/bin

n

ORACLE_SID=TEST

NOTE: Oracle account should set variables in $ORACLE_HOME/bin with no application-specific definitions

154

Environment Variable - VMS u

ORA_DB u

u

ORA_SID u

u

Directory location for database parameter, configuration and dump files

Set to the name of the database the DBA wants to startup/shutdown

ORA_ROOTDIR u

Oracle’s home directory

155

Setting Environment -VMS u

Running the command file ORAUSER_.COM, located under ORA_ROOT:[db_], automatically sets all logicals and symbols correctly u

@orauser_.com

156

Oracle Database Administration I 52

Environment Variable - NT u

Registry values are defined and a service entry is created when the database is created

u

Registry values are automatically set when you use OEM or during installation n

Run regedit u

HKEY_LOCAL_MACHINE/SOFTWARE/ORACLE

157

Setting Environment - NT u

ORADIM – can be used to create it n

Oradim –NEW –SID sid –SRVC service u

u

Please refer to the documentation for full syntax

CMD – at the DOS prompt setting n

SET ORACLE_HOME=d:\oracle\ora91\bin

n

SET ORACLE_SID=TEST

158

Local Database Startup u

Once the proper environment variables are set, the DBA then needs to invoke the local database management utility sqlplus /nolog connect / as sysdba Or connect “/ as sysdba” n

NT has other options: u

MANUAL or AUTOMATIC service

u

ORADIM

159

Oracle Database Administration I 53

Connection Example C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation. reserved.

All rights

SQL> connect sys/systest as sysdba Connected to an idle instance. SQL>

160

Startup by OS u

User must have OS PRIVILEGES: n

n

n

Unix: group DBA(defined in /etc/groups) VMS: Rights identifier ORA__DBA (defined in sys$system:authorize) NT: be in the group ORA_DBA

161

Startup using ORAPWD u u

u

As of 8i, Oracle introduced the password file Grant sysdba, sysoper for remote or local connection More in DBA II

162

Oracle Database Administration I 54

Why use AS SYSDBA/INTERNAL? u

When the database is shut down, there is no way to verify username and password

u It

is necessary to find a way for an individual to log onto the database

u Once

connected, the user has sys privileges

163

What Options are there? u

Once the DBA has connected to the database, he/she can proceed to: u

Startup the database in several modes

u

Shutdown the database in several modes

u

Or create a database

164

Let’s ‘Start a database’ u

There are several ways to start the database's ‘instance’

u

We will look at: n

Nomount

n

Mount

n

Open

n

Restrict

n

Force

165

Oracle Database Administration I 55

Start the Instance u

Starting the instance involves: n n n n

n

Reading a parameter file (text - init.ora, binary – spfile.ora) Allocating SGA (system global area) in memory Creating background processes Reading the control files for system information (for existing databases only) Open files for read and/or read-write

166

NOMOUNT u u

u

Typically used during database creation Starts the background processes and allocates memory Also used in recovery

167

Nomount - example C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation.

All rights reserved.

SQL> connect sys/systest as sysdba Connected to an idle instance. SQL> startup nomount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers

135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes

SQL>

168

Oracle Database Administration I 56

MOUNT u

Mounting the database involves: n

n

n

Associating the database with the started instance Opening the control file, reading it, obtaining the names of the redo log and data files Verify checksum value (if enabled) and/or SCN synchronization

169

Mount - example C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation.

All rights reserved.

SQL> connect sys/systest as sysdba Connected to an idle instance. SQL> startup mount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers

135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes

Database mounted. SQL>

170

OPEN u

Opening the database involves: n

Opening the data file(s) and online redo logs for read-write

n

Allowing regular users to connect to the database

n

Attempts to acquire one or more UNDO segments

n

Performs automatic crash recovery if database was shutdown abnormally

171

Oracle Database Administration I 57

OPEN -Example SQL> startup open ORACLE instance started.

Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers

135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes

Database mounted. Database opened. SQL>

172

STARTUP – No Arguments u

Oracle assumes that STARTUP with no arguments implies a STARTUP OPEN

u

It is also assumed that the current SID environment variable is what will be used.

u

PFILE or SPFILE must be defined and accessible or it will fail

u

DBA must have SYSDBA or OSDBA

n

DBAs must ALWAYS be sure that the proper environment is set

173

Starting an instance u

NOMOUNT, MOUNT, and OPEN are different stages of an Oracle database startup n

When a STARTUP OPEN is issued, the database first startups in a NOMOUNT state, then proceeds to a MOUNT state, and finally proceeds to an OPEN state

174

Oracle Database Administration I 58

RESTRICT u

STARTUP RESTRICT

u

Opens the database, but only allows users with RESTRICTED SESSION privilege to access the database

u

Why start a database in a restricted mode? u

Maintenance (database upgrades)

u

Exporting and importing data

175

RESTRICT - Example SQL> startup restrict ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers

4199600 bytes 42028 bytes 4026500 bytes 122880 bytes 8192 bytes

Database mounted. Database opened. SQL>

176

FORCE u

STARTUP FORCE is used for troubleshooting a failed or failure to open database

u

If the database is closed, forces the database open

u

If the database is open, it will abort the database and then open it Example: To shutdown the current instance, restart it without mounting or opening and allow only DBA access: STARTUP FORCE NOMOUNT RESTRICT

177

Oracle Database Administration I 59

Other Startup Options u

Parallel/Shared (RAC – 9i) (Shared is a synonym for Parallel) n

Allows multiple instances to access the database

n

Cannot be used with EXCLUSIVE or NOMOUNT

n

u

Invalid if initialization parameter SINGLE_PROCESS is set to TRUE

Retry n

n

Automatically restarts every five seconds if the instance is busy being recovered Will not retry for any other reason - parallel mode only

178

Other Startup Options u

STARTUP RECOVER n

Specifies that media recovery be performed

n

Has same effect as issuing RECOVER DATABASE

n

The recovery processes u

Enable log archiving for media recovery

u

Perform complete database recovery

u

Perform partial database recovery

179

Other Startup Commands u

Pfile = parameterfilename n

A site-specific parameter file to initialize an instance at startup.

n

If not specified, Oracle searches for it in: u

UNIX -$ORACLE_HOME/dbs/init.ora

u

VMS - ORA_ROOT:[db_]__init.ora

u

NT - HOME#\admin\\init.ora

180

Oracle Database Administration I 60

Changing the startup state of a database u

u

The DBA can change the current state of a database using the ALTER DATABASE SQL command The syntax is on the next slide

181

Changing the startup state of a database ALTER DATABASE [MOUNT | OPEN] SQL> startup nomount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers SQL> alter database mount; Statement processed. SQL> alter database open; Statement processed. SQL>

4199600 42028 4026500 122880 8192

bytes bytes bytes bytes bytes

182

Changing the startup state of a database u

The ALTER DATABASE SQL command only moves the startup state of the database to a higher level n

For example, the ALTER DATABASE SQL command cannot change the startup state from OPEN to MOUNT u

In this case, the DBA must first shutdown the database and then issue a STARTUP MOUNT command

183

Oracle Database Administration I 61

Database shutdown u

u

A database shutdown stops an instance and makes the database unavailable to users Syntax SHUTDOWN [ABORT|IMMEDIATE|NORMAL|TRANSACTIONAL]

184

Commonly Used Shutdown Options u

SHUTDOWN NORMAL n

u

Flushes all buffered writes to the disk, waits for all sessions to disconnect and then terminates the instance

SHUTDOWN IMMEDIATE n

Flushes all buffered writes to the disk, kills all user connections, performs a rollback on all uncommitted transactions, then terminates the instance

185

Shutdown Immediate - example C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Sun Apr 6 13:16:30 2003 Copyright (c) 1982, 2002, Oracle Corporation.

All rights reserved.

SQL> connect sys/systest as sysdba Connected. SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. SQL>

186

Oracle Database Administration I 62

Database shutdown u

SHUTDOWN ABORT n

Should only be used in emergency situations, such as when the DBA detects a media failure, power failure, or security breach to the database

187

Shutdown Abort u

SHUTDOWN ABORT n

Immediately terminates the Oracle instance

n

All buffered writes are NOT flushed to disk

n

Does not perform a rollback on uncommitted transactions

n

An instance recovery is required on the next database startup (performed automatically)

188

Database shudown u

SHUTDOWN TRANSACTIONAL (new with Oracle 8i) n

All current sessions in a transaction are allowed to complete

n

No new sessions are allowed to start

n

Any connected sessions are disconnected either by issuing a new transaction or once all transactions are committed or aborted

189

Oracle Database Administration I 63

Database shutdown u

SHUTDOWN NORMAL, SHUTDOWN TRANSACTIONAL and SHUTDOWN IMMEDIATE are either the usual or safest shutdown commands n

The following steps occur during a shutdown (See next slide)

190

Database shutdown u

(SHUTDOWN IMMEDIATE) USER CONNECTIONS ARE TERMINATED

u

All database data in the SGA is written back to the database files

u

All redo log buffer data is written back to the redo log files

u

Database is dismounted

u

The control files are closed

u

The SGA is removed from memory and the background processes are closed

191

Shutdown – States illustrated

192

Oracle Database Administration I 64

Views u

V$database

u

V$instance

n

n

Contains database information from the control file

Gives the state of the current instance

193

Questions? u

Which OEM manager can use to start up a database?

u

How must you connect to startup a database?

u

Which shutdown command satisfies these conditions? u

The database shuts down when the last user logs off

u

Force the database to close with users connected and disconnects their transactions midstream

u

Force the database to close with users connected, but let transactions complete

194

Summary u

Start an Oracle DATABASE n

u

u

Log onto the host O/S, set up the proper environment and then run sqlplus /nolog

A database startup proceeds in three stages: n

Starting the instance (NOMOUNT)

n

Opening the controlfile(s) (MOUNT)

n

Opening the datafiles and redo logfiles (OPEN)

Ways to shutdown a database: n

Abort, Immediate, Normal and transactional

195

Oracle Database Administration I 65

Oracle Database Administration I Lesson 3 Creating and Managing Tablespaces

Creating and Managing Tablespaces u

Agenda n

Describe Oracle tablespaces

n

Create and modify tablespaces

n

Manage tablespaces by querying the appropriate data dictionary views

197

Creating and Managing Tablespaces u

All schema objects within the database (tables, views, packages, functions) are stored in segments and collectively stored in tablespaces n

n

n

A tablespace is a logical unit of storage that is defined within Oracle Each tablespace corresponds to one or more operating-system level datafiles Each segment is contained in a single tablespace

198

Oracle Database Administration I 66

Creating and Managing Tablespaces

199

Creating and Managing Tablespaces u

u

A tablespace can be in several states while the database is open n

Online or Offline

n

Read-only or read-write

A tablespace can be altered back and forth between these options as needed n

Conditions must be tested before each alter (no current transactions may be active)

200

Creating and Managing Tablespaces u

Each database must be created with at least one tablespace (SYSTEM). n

u

This holds all data dictionary objects and built-in PL/SQL program units (procedures, functions, packages and triggers)

Each tablespace can contain one or more schemas and each schema can have one or more objects n

Each object can span more than one datafile per tablespace

201

Oracle Database Administration I 67

Creating and Managing Tablespaces u

When the Oracle Universal Installer (OUI) or OEM creates a database, it creates several tablespaces by default. For example: n

SYSTEM - contains system definitions (Required)

n

TEMP - used for sorting

n

RBS/UNDO - used for rollback/UNDO segments

n

TOOLS - used for storing PL/SQL program units

n

USERS - used as default tablespace for users

202

Creating and Managing Tablespaces u

Prior to creating a tablespace, the DBA will need to consider (covered extensively in Lesson 5): n

Tablespace storage

n

Segment storage

n

Disk contention

n

Free space and segment fragmentation

u

This includes the type of data file to create

203

Tablespace Storage u

Tablespace Storage considerations n

System limitation on datafile size

n

Database limitation when database is created (maxdatafiles)

n

Data file management u

Autoextend feature on an existing datafile

u

Manually adding a datafile

204

Oracle Database Administration I 68

Data File Types and Behavior u

Permanent

u

Temporary

u

Oracle Managed Files (OMF)

u

Extent management n

Dictionary

n

Locally u

Uniform extent

u

autoallocated

205

Tablespace Storage u

Each tablespace contains object segment(s)

u

Each segment is subdivided into logical units of storage called EXTENTS u

When a user creates an object (such as tables, views, sequences) within the database, Oracle allocates an extent(s) within a tablespace in which to store the object’s segment(s)

206

Tablespace Storage

207

Oracle Database Administration I 69

Segment Storage u

Segments can span across datafiles, but extents cannot

u

Each segment can be composed of one or more extents

u

Each extent is further subdivided into units of storage called DATABASE BLOCKS

u

Extents must be made up of contiguous DATABASE BLOCKS

208

Database Blocks u

u

u

Not identical to operating system-level file blocks A logical database block may span multiple system level blocks Should be created to either fit into an OS-level file block or be the same

209

Database Blocks u

The size of each database block is determined by the parameter DB_BLOCK_SIZE in the initialization parameter file

u

This size is fixed during database creation time. Cannot be changed unless the database is re-created

u

The default DB_BLOCK_SIZE is 2048 bytes

210

Oracle Database Administration I 70

Tablespace Storage u

Logical storage hierarchy: n

Tablespace u

Object segment u

Extents u

Oracle Blocks

211

Dictionary vs. Local u

Starting with 8i, you can now create tablespaces that are managed locally within the header file of the tablespace

u

If you specify local in a create tablespace, you cannot specify default storage, minextents, nor temporary clause

u

Local allows two types of management: uniform extent or autoallocate

212

Create Tablespace (dictionary) u

Create a tablespace using the CREATE TABLESPACE SQL command.

u

The syntax for dictionary managed is: CREATE TABLESPACE datafile '‘size [M|K] [autoextend_clause] DEFAULT STORAGE () [online|offline];

213

Oracle Database Administration I 71

Create Tablespace (local) u

Create locally managed tablespace syntax: CREATE TABLESPACE datafile '' size [M|K] EXTENT MANAGEMENT LOCAL UNIFORM SIZE [M|K];

214

Create Tablespace (OMF) u

Create an Oracle Managed File in a default location for datafile creation with defaults of 100M size and unlimited autoextensible maximum size: alter system set db_create_file_dest

=

‘’ CREATE TABLESPACE ;

215

Datafile Naming u

The datafile name must contain the absolute path n

u

No UNIX/NT variable names nor VMS logicals should be specified in the datafile name

The directory that contains the datafile MUST have write permissions for the Oracle software owner

216

Oracle Database Administration I 72

UNIX Naming u

Example n

n

n

Create a tablespace called DEVELOPMENT Specify a datafile '/u01/oradata/SEED/SEED_DEVELOPMENT_01.dbf' with a size of 300 Megabytes Make this tablespace available to all users immediately

217

UNIX Naming Example u

The answer is:

SQL> create tablespace development 2>

datafile '/u01/oradata/SEED/SEED_DEVELOPMENT_01.dbf'

3>

size 300M;

Tablespace created.

218

VMS Naming u

Example: n

n

n

Create a tablespace called RBS Specify a datafile 'dka300:[oradata.seed]seed_rbs_01.dbf' with a size of 300 Megabytes Make this tablespace available to all users immediately and autoextensible at 500k increments to a maximum of 400 megabytes

219

Oracle Database Administration I 73

VMS Naming Example u

The answer is:

SQL> create tablespace rbs 2>

datafile 'dka300:[oradata.seed]seed_rbs_01.dbf’

3>

size 300M

4>

autoextend on next 500k maxsize 400M;

Tablespace created.

220

NT Naming u

Example n

n

n

Create a tablespace called NEWDATA Specify a datafile ‘d:\oradata\seed\seed_newdata_01.dbf' with a size of 900 Kilobytes Make this tablespace unavailable to users. u

Extra credit – what is missing with the final statement and assumed?

221

NT Naming Example u

The answer is:

SQL> create tablespace newdata 2>

datafile ‘d:\oradata\seed\seed_newdata_01.dbf’

3>

size 900K offline;

Tablespace created.

222

Oracle Database Administration I 74

Creating and Managing Tablespaces u

u

When creating datafiles for tablespaces, adopt a common file naming convention Most Oracle file types are named as follows (see next slides)

223

Creating and Managing Tablespaces u

DATAFILES __.dbf

u

Example n

The third datafile of the SYSTEM tablespace belonging to the SEED database system_SEED_03.dbf

224

Creating and Managing Tablespaces u

Use the ALTER DATABASE SQL command to modify the characteristics of an existing tablespace n

Add/rename/change the state of a datafile

n

Change a tablespace to read-only

n

Take a tablespace offline/online

n

Change the storage parameters

n

To begin/end online hot backups

n

Coalesce free space

225

Oracle Database Administration I 75

Alter Tablespace Syntax

226

Datafile Options

227

Creating and Managing Tablespaces u

Example: n

n

Add a second 100 MB datafile to the system tablespace Place the datafile under /u01/oradata/SEED/SYSTEM_SEED_02.dbf

n

Make it readily available

228

Oracle Database Administration I 76

Example Alter Tablespace SQL> alter tablespace system 2 add datafile '/u01/oradata/SEED/system_SEED_02.dbf’ 3 size 100M; Tablespace altered.

229

Creating and Managing Tablespaces u

Example n

n

Change the development tablespace to read-only mode The syntax is:

SQL> alter tablespace development read only; Tablespace altered.

230

Creating and Managing Tablespaces u

Adding a datafile to a tablespace n

n

n

Space from the new file is automatically allocated to the tablespace The new datafile can reside on a separate disk Oracle treats this and all datafiles belonging to a tablespace as a single logical entity

231

Oracle Database Administration I 77

Creating and Managing Tablespaces

Tablespace

Datafile #1

n

Datafile #2

Once a datafile is added to a tablespace, you cannot delete it unless the tablespace is first dropped

232

Creating and Managing Tablespaces u

u

To drop any tablespace (except SYSTEM) use the DROP TABLESPACE SQL command The syntax is:

DROP TABLESPACE [INCLUDING CONTENTS [CASCADE CONSTRAINTS]]

233

Creating and Managing Tablespaces u

A tablespace that contains data cannot be dropped unless the INCLUDING CONTENTS option is specified n

If constraints exist between objects in the tablespace to be dropped and objects in another tablespace, the CASCADE CONSTRAINTS option must be specified along with the INCLUDING CONTENTS option

234

Oracle Database Administration I 78

Creating and Managing Tablespaces u

Once a tablespace is dropped, the datafile(s) associated with the tablespace must be deleted on the operating system level n

n

n

The DROP command only removes that tablespace from the data dictionary Cannot drop the SYSTEM tablespace because it contains the data dictionary Once a drop is executed, it cannot be undone

235

Creating and Managing Tablespaces u

Example n

n

Drop the DEVELOPMENT tablespace, including all contents The syntax is:

SQL> drop tablespace development including contents; Tablespace dropped.

236

OEM

237

Oracle Database Administration I 79

Summary u

Steps to creating and managing tablespaces n

Prepare the operating system

n

Determine storage options

n

n

Execute the CREATE TABLESPACE SQL and ALTER TABLESPACE command Ways to manage the stored data

238

Oracle Database Administration I Lesson 4 Creating an Oracle Database

Creating an Oracle Database u

Agenda n

n

n

n

Methods of creation Set up the proper operating system environment prior to creating a database Execute the CREATE DATABASE SQL command Execute the proper scripts that build the data dictionary and PL/SQL procedures

240

Oracle Database Administration I 80

Creation Methods u

OEM – Database configuration assistant

u

When the Oracle software is installed

u

Manually, either with scripts or by command line

241

Creating an Oracle Database u

Six general steps to creating a database n

Preparing the Operating System

n

Creating a parameter file

n

Starting the instance

n

Creating the database

n

Building the data dictionary

n

Building the system PL/SQL procedures

242

Creating an Oracle Database u

Preparing the Operating System n

n

n

n

An Oracle database consists of datafiles, redo log files, and control files Prior to creating a database, the location(s) of these files should be thought out carefully Space will need to be allocated for the files The system administrator will need to create the appropriate directories and set the proper permissions for these files

243

Oracle Database Administration I 81

Creating an Oracle database u

All systems n

n

The owner of the directories should be the Oracle software owner (typically "oracle"). u

On Unix systems, the dba group will also be the group owner of the directory.

u

On VMS, the user must have the ORA_DB rights identifier

u

ON NT, the user must be in the group ORA_DBA

The Oracle software owner should be the only user that has write access to these directories

244

Create the Oracle User environment UNIX u

Unix n

(as root)

Bash# cd /u01 bash# mkdir oradata bash# chown oracle:dba oradata bash# chmod 755 oradata

245

Create the Oracle User Environment VMS u

VMS n

(as SYSTEM)

$ Set default dka300:[000000] $ create/dir [.oradata] $ set file/own=oracle oracle.dir $ set prot=(S:RWED,O:RWED,G:RE,O:RE) oracle.dir

246

Oracle Database Administration I 82

Create the Oracle User Environment NT u

NT n

n

(As administrator) Use Administrative tools in 'Settings' or the Manage option in 'My Computer' u

Create the partitions

u

Define a user with administrative privileges.

247

Setting the Database Name u

Setting the name of the database: n

UNIX – Enter the new name in /var/opt/oracle/oratab

n

VMS – Run ora_find_sid.com to register the database

n

NT – Run oradim to create a new database service

n

Labels each database with a unique identifier u

Known as the ORACLE SYSTEM IDENTIFIER

u

Referred to as the ORACLE SID

248

Defining the Oracle SID u

Identifies which database a user will connect to upon executing an Oracle application u

Unix/NT - ORACLE SID is designated by an environment variable, $ORACLE_SID

u

VMS – Oracle SID is a logical, ORA_SID

249

Oracle Database Administration I 83

Setting the Oracle SID u

Now that a SID is defined: n

n

Set the SID in the proper manner for the OS u

UNIX

export ORACLE_SID=TRNG

u

VMS

define ora_sid trng

u

NT

set ORACLE_SID=TRNG

Once the ORACLE SID is set, all subsequent Oracle I/O affects the associated database

250

Creating the Parameter file u

Defines and configures the ‘parameters’ that configure the database

u

All parameters are customizable by the DBA

u

Read at instance startup

u

First created as an ASCII file (initSID.ora)

u

As of 9i, a binary (spfileSID.ora) file can be created and be managed once the instance is started

251

Parameter File u

u

Great care should be taken in the sizing of each parameter If a parameter is not defined, Oracle will provide defaults n

To view all defined and defaulted values, run sqlplus as sys or system and issue: Show parameters

u

or

view v$parameter

See example in the workbook.

252

Oracle Database Administration I 84

Default Parameter File Location u

Unix n

Oracle looks for the associated parameter file under $ORACLE_HOME/dbs/init.ora u

u

This is usually a link to the real init.ora

VMS n

Oracle looks for the associated parameter file under ORA_ROOT:[db_]__init.ora

u

NT n

Oracle looks under $ORACLE_HOME\database\init.ora

253

Creating an Oracle database u

Oracle provides a template init.ora located under: n n n

u

$ORACLE_HOME/dbs (Unix) ORA_RDBMS (VMS) $ORACLE_HOME\admin\sample\pfile (nt)

For example, n

If you have a database with a SID of SEED, Oracle looks for the associated parameter file under: u

$ORACLE_HOME/dbs/initSEED.ora (Unix)

u

ORA_ROOT:[db_seed]PLUTO_SEED_init.ora (VMS)

254

Questions? u

Refer to the workbook for a sample init.ora file n

What is the default block size?

n

Is the buffer cached defined in blocks or bytes?

n

n

Can you have more than one value for the service_names value? Which control file is read when the database is opened?

255

Oracle Database Administration I 85

Creating an Oracle database u

Most associated parameters take default values if they are not explicitly defined

u

The values that MUST be defined in each file are: n

db_name (set to the same value as the ORACLE SID)

n

control_files (should point to the location of the control files)

256

Which type of Data File? u

Dictionary managed

u

Locally managed

n

u

Default storage clause used

n

Uniform extent

n

Autoallocate

Oracle managed files (OMF) n

Oracle manages the allocation, growth and removal

n

Default file location defined in the init.ora

257

Creating an Oracle database u

Invoke Oracle as: sqlplus /nolog

u

Connect to the database as the sysdba user

u

Start the Oracle instance (nomount) n

Only allowable startup level since control files, redo log files, and datafiles do not exist at this point

258

Oracle Database Administration I 86

Creating an Oracle database

u

The workbook illustrates how to start a database in nomount mode

259

Creating an Oracle database u

Once the Oracle instance is started, execute a CREATE DATABASE SQL command. Below is an abridged syntax:

CREATE DATABASE DATAFILE '' size M LOGFILE GROUP '' size M

260

Creating an Oracle database u

The datafile defined becomes the first datafile of the SYSTEM TABLESPACE

u

Each database MUST have at least two logfile groups

u

For additional options of the CREATE DATABASE SQL command, consult the ORACLE SERVER ADMINISTRATOR'S GUIDE

261

Oracle Database Administration I 87

Creating an Oracle database SQL> create database SEED 2> datafile '/oradata/SEED/system_SEED_01.dbf' size 200M 3> logfile group 1 '/oradata/SEED/log_SEED_01.rdo' size 3M, 4> group 2 '/oradata/SEED/log_SEED_02.rdo' size 3M 5> / Statement processed.

262

Creating an Oracle database u

Once the CREATE DATABASE command is executed, a new database is created n

The control files associated with this database are also created in the location(s) designated in the parameter file

263

Creating an Oracle database u

u

Now the data dictionary and PL/SQL packages need to be built The scripts catalog.sql, catproc.sql need to run against the database n

The former script MUST be run first

264

Oracle Database Administration I 88

Creating an Oracle database u

These scripts are located under: n

$ORACLE_HOME/rdbms/admin (unix/NT)

n

ORA_ROOT:[rdbms] (VMS)

SQL> @?/rdbms/admin/catalog SQL> @?/rdbms/admin/catproc

265

Creating an Oracle database u

u

Once these scripts have run, two default users are created in the database n

SYS (initial password change_on_install)

n

SYSTEM (initial password MANAGER)

Both users have DBA authority over the database n

These users should NEVER be deleted from the database

266

Data dictionary u

Composed of a set of tables and views

u

Read-only

u

u

Provides information about the associated database Created by SQL script catalog.sql

267

Oracle Database Administration I 89

Data dictionary u

Data dictionary contains the following: n

Usernames of the associated database

n

Security

n

Names and definitions of scheme objects

n

Space allocation for database objects

n

Auditing information

n

Triggers, functions, packages, and stored procedures

268

Data dictionary u

Scripts that construct the data dictionary n

CATALOG.SQL

n

CATPROC.SQL

n

NOTE: The owner of the data dictionary is SYS

u

u

Commonly used data dictionary views

Scripts for PL/SQL on server

269

Data dictionary views u

Display basic information about Oracle accounts

u

Display DBA information

u

Rollback segments and their status

n

n

n

n

SQL> select * from all_users;

SQL> select * from dba_users;

SQL> select segment_name, status 2>

from dba_rollback_segs;

270

Oracle Database Administration I 90

Summary u

Steps to creating an Oracle database n

Preparing the O/S

n

Determining the ORACLE SID

n

Creating a parameter file

n

Starting the instance

n

Executing the CREATE DATABASE SQL command

n

Building the data dictionary and PL/SQL packages

271

Oracle Database Administration I Lesson 5 Space Management

Basics of Storage u

Tablespace - Logical storage area within an Oracle Database that subdivides the database n

u

The placement and composition of a tablespace are critical for optimization

Data File - Physical files that make up a tablespace n

Size and structure should be well planned out

273

Oracle Database Administration I 91

Space Components u

u u

Database block - smallest unit of storage within an Oracle database Extent - Contiguous allocation of database blocks Segment - Logical collection of extents that make up a table, cluster, index, temporary segment, or UNDO segment

274

Segment Storage Attributes u

Each of these extent options should be reviewed individually n

Initial -

Allocates the first extent of space

n

Next -

Size of the extent allocated after the initial

n

Minextents -

Number of extents allocated during the initial creation of the segment

n

Maxextents -

Limits the total number of extents the segment can create

275

Additional Storage Options u

Pctincrease - controls the rate of growth of extents beyond the second

u

PCTFREE - reserved portion of the data block that is used for later updates to rows in that block

u

PCTUSED- percentage of space in a data block used before allocating another block

u

A block is kept on the free list until it reaches PCTFREE

u

A block stays off the free list until PCTUSED is reached

n

If UNDO segments are being configured, this is not an option

276

Oracle Database Administration I 92

Segment Creation Options u u

u

Tablespace - The tablespace to store the segments Partitioning - Feature of Oracle8 that allows a segment to be separated into multiple segments, each existing in a single or multiple tablespaces Optimal - sets the optimal size in bytes for a rollback segment (not used with UNDO)

277

Example Create table EMP ( EMPID NUMBER, F_Name

VARCHAR2(25),

L_Name

VARCHAR2(25),

MI

VARCHAR2(1),

SSN

VARCHAR2(11)

) Pctfree 10 Pctused 40 storage (Initial 2K Next 2K Pctincrease 0 unlimited)

Maxextents

Tablespace USERS;

278

Storage Considerations u

Object creation parameters override tablespace default storage parameters with the exception of locally managed tablespaces as of Oracle8i

u

Locally managed tablespaces enforce the use of uniform extent size or the size that has been autoallocated by Oracle n

One exception -- import (discussed in DBAII)

279

Oracle Database Administration I 93

Local vs. Dictionary Managed u

Two DBA philosophies: n

n

Dictionary managed u

Grouping of tables are by schema, not table

u

Can take schema offline (ie, bad blocks, recovery)

Locally managed u

Never have tablespace fragmentation with uniform extents

u

Never have to worry about extent growth with autoallocate

280

Physical Database Attributes u

Autoextend vs adding datafiles n

n

Both can be executed when the database is up Both can extend the tablespace and be ready for use immediately

u

Autoextending an existing datafile can alleviate DBA worries, but adversely can waste space

u

Adding a datafile is under your control Alter tablespace add datafile ‘/u01/oradata/seed/newfile_seed_02.dbf’ size 500M;

281

RAID u

RAID n

Important to have for an Oracle system

n

Jbod – Lowest data cost – low overhead

n

0 – low data cost – load balancing

n

1, 0+1 – high data cost – most expensive

n

5 – Highest data cost – safe u

It takes four I/Os for one write (read data, read parity,write data, write parity)

u

Minimum of three disks, plus 66-87% of space

u

The more disks, the higher the gain

282

Oracle Database Administration I 94

Questions u

u

u

What are the two ways to use the autoextend clause? Which segment type does not use the pctincrease storage clause? What would you think would be less problematic in regards to objects needing extents?

283

Storage issues u

Disk contention n

u

Segment fragmentation n

u

Background process content for data access

Seek time is reduced

Free space fragmentation n

Cannot allocate a contiguous extent

284

Disk Contention u

Too many heavily used segments on a single disk slows down access time and causes degradation in database performance

u

System (Data Dictionary), TEMP and UNDO segment tablespaces are used constantly u

Keeping these tablespaces on separate disks ensures the best access time

285

Oracle Database Administration I 95

Fragmentation Issues u

Fragmentation n

n

n

Frequent writes to a tablespace lead to greater fragmentation Fragmented tablespaces run slower and require more disk activity then non-fragmented tablespaces Thus, objects should be grouped into tablespaces based on their activity and size

286

Levels of Fragmentation u

Levels of fragmentation n

Application Interim Segment

n

UNDO Segments

u

u

n

Data changes are moderate, allowing for some fragmentation

Used regularly with constant changes to data. Fragmentation is high

Temporary Segments u

Data is swapped in and out constantly. Fragmentation is highest

287

Free Space vs. Segment u

u

Free space fragmentation is determined by the number of contiguous free space chunks within a tablespace Segment fragmentation is determined by the number of extents relative to the number of segments within a tablespace

288

Oracle Database Administration I 96

Free Space Fragmentation u

Caused by dropping or truncating segments

u

Categorized as usable or unusable n

n

A usable free space chunk is large enough to be used by the growth of an existing segment An unusable free space chunk is too small to be used by an existing segment

289

Segment Fragmentation u u

u

Caused by segments requiring multiple extents Using a uniform extent size (i.e. locally managed tablespaces) will alleviate this Manage this by monitoring dba_segments and dba_free_space

290

Common Methodologies u

Uniform Extent sizes n

Eliminates unusable free space fragmentation

n

Does not eliminate segment fragmentation

n

Minimizes maintenance efforts

n

Extent sizes should be carefully chosen to achieve best performance

291

Oracle Database Administration I 97

Common Methodologies u

u

Appropriate sizing of segments n

Often complicated and time-consuming

n

Bound to a finite period of time for growing tables

Rebuilds (imp/exp) n

Eliminate existing fragmentation by using imp/exp (discussed further in DBAII)

292

Common Methodologies u

Using Pctincrease 100 n

Minimizes segment fragmentation

n

Minimizes maintenance efforts

n

Extent sizes grow exponentially

n

Requires large free space chunks to be available

293

Dictionary Views u

DBA_FREE_SPACE n

u

DBA_SEGMENTS n

u

How much free space is available

Information about all segments

DBA_EXTENTS n

Describes the extents of all objects

294

Oracle Database Administration I 98

Summary u

Basics of Space Storage

u

Storage Parameters

u

Default Storage Parameters

u

Fragmentation

u

Methodologies for maintaining

295

Oracle Database Administration I Lesson 6 Creating and Managing UNDO Segments

Creating and Managing Rollback/UNDO Segments u

Agenda n

Theory behind rollback/UNDO segments

n

Rollback/UNDO segments within an Oracle Database

n

Rollback/UNDO segments used in transactions

n

Rollback/UNDO segments used in read-consistency

297

Oracle Database Administration I 99

UNDO Segments u

Database objects that record old values of data before the data are modified by transactions

u

Used to recover the database

u

Provide read consistency

u

Allow certain transactions to be undone (rolled back)

298

UNDO Segments u

Undo management is new term for rollback

u

Two options under 9i n

Manual undo management

n

Automatic undo management

u

u

Oracle7/8i/9i rollback segments

AKA Automatic Undo Management (AUM) or System Managed Undo (SMU)

299

What are UNDO segments for? u

Three purposes for undo n

Read consistency

n

Transaction rollback

n

Transaction recovery u

New purpose in 9i

300

Oracle Database Administration I 10 0

Types of Undo Segments u

SYSTEM

u

Non-SYSTEM

n

n

u

Used for objects in SYSTEM tablespace

Used for objects in other tablespaces u

Automatic (UNDO)

u

Manual (rollback segments)

Deferred n

Used for offline tablespace

301

Why Use AUM? u

Easier to administer n

u

In a recent Oracle benchmark, 400 rollback segments were replaced by one undo tablespace

Reduced chance of common errors n

“snapshot too old”

n

“unable to extend rollback segment”

u

u

DBA selected retention period Dynamic extent transfer

302

Dynamic Extent Transfer u

Extents within undo tablespace may switch ownership from one segment to another

u

Prevents single large transaction from affecting other users

u

Space reuse is more efficient, so errors are less likely

u

Eliminates need for managing rollback space for online and batch differently

303

Oracle Database Administration I 10 1

Automatic Undo Management u

New initialization parameters UNDO_MANAGEMENT n

n

AUTO u

Undo segments managed internally

u

No CREATE, DROP, ALTER

u

Automatic creation, shrinking, etc.

MANUAL u

Default; DBA-managed rollback segments

304

UNDO values u

UNDO_TABLESPACE n

u

Defines the name of the tablespace used to hold the undo segments

UNDO_RETENTION n

Controls amount of undo data to retain u

Specify in seconds

u

Read consistency and Oracle Flashback

305

UNDO Segments u

Discrete database objects n

u

Reside within a specific tablespace

Each segment allocates extents within a tablespace to store table data before the data are modified

306

Oracle Database Administration I 10 2

UNDO Segments u

u

u

Can hold data for multiple transactions A single transaction must be contained in a single segment Provided maximum number of extents has not been reached

307

Creating UNDO Tablespace u

The tablespace is all that needs to be created with AUM.

u

Usually created at database creation time as part of the CREATE DATABASE statement: UNDO TABLESPACE undotbs datafile '/u02/oradata/SEED/undodbs_seed_01.dbf' size 200m autoextend off

308

SYSTEM Rollback Segment u

Default rollback segment is automatically created during database creation

u

Cannot be deleted

u

Segment resides in the SYSTEM tablespace

u

Can only be used for SYSTEM objects

u

Create a second one for creating the tablespaces during creation of a database

309

Oracle Database Administration I 10 3

SYSTEM Rollback Segment u

u

Additional rollback/UNDO segments must be created to hold rollback data for objects in nonSystem tablespaces The size and number of segments must be monitored: n

v$rollstat, dba_segments

310

Create a Rollback Segment u

CREATE ROLLBACK SEGMENT SQL command syntax:

CREATE ROLLBACK SEGMENT TABLESPACE [STORAGE |OPTIMAL]

NOTE: this is not required with 9i

311

Storage clause u

u

u

Allows the DBA to set the sizing of the rollback segment(s) The DBA may allow Oracle to size the rollback segment automatically MINEXTENTS for rollback segments must be ≥ 2

312

Oracle Database Administration I 10 4

Create a Rollback Segment u

Must reside in a rollback tablespace n

Example with Default storage parameters chosen:

SQL >create rollback segment rbs1 2 >tablespace rbs / Rollback segment created.

313

ALTER ROLLBACK SEGMENT u

Once the rollback segment is created, It must be brought online before it can store transaction information

u

An entry must be made in the initSID.ora file to be brought online each time the instance is start

u

Use the rule of four to estimate: n

# rollback = transactions/4

314

ALTER ROLLBACK SEGMENT ALTER ROLLBACK SEGMENT ONLINE|OFFLINE u

u

ONLINE n

Brings rollback segment online

n

Available for subsequent transactions

OFFLINE n

Takes rollback segment offline

n

Unavailable for subsequent transactions

n

Will not go offline until all transactions have completed

315

Oracle Database Administration I 10 5

When the database is shut down and restarted u

Only the SYSTEM rollback segment is brought online

u

Only the segment names in the ROLLBACK_SEGMENTS parameter in the initialization parameter file are brought online

u

Query the data dictionary view to check the status of all rollback segments:

ROLLBACK_SEGMENTS=(RBS1,RBS2)

sys.dba_rollback_segs

316

Rollback Information Stored u

u

u

Each time a transaction is executed against the database, Oracle automatically allocates an available UNDO segment Unchanged data is stored for transaction and session rollback To ensure that each user has a consistent view of the data they are working on.

317

Request a Rollback Segment u

Programmatically, you can specify the rollback segment to use n

n

Prior to executing the SQL statement, execute: SET TRANSACTION USE ROLLBACK SEGMENT Example:

SQL>SET TRANSACTION USE ROLLBACK SEGMENT RBS1; Transaction set.

318

Oracle Database Administration I 10 6

Example EMPNO | ENAME

| DEPTNO |

SAL

----------------------------------------00100 | John Doe

| 001

|

15000

00200 | Sue Smith

| 001

|

15000

00300 | Jane Goodall

| 001

|

15000

00400 | Sam Tyson

| 001

|

15000

00500 | Mike Jones

| 001

|

15000

u

The Emp table holds this information prior to the transaction

u

Before the statement is applied, a free UNDO segment is obtained

319

Statement is Executed SQL> update emp set sal=30000 where empno=0500; 1 row updated.

u

The user executes this SQL statement

u

If the user commits, the rollback/UNDO segment is released

320

Rollback Statement u

To undo changes n

n

Execute a ROLLBACK SQL statement This undoes the update statement and copies information back into the table

SQL> rollback; Statement processed.

321

Oracle Database Administration I 10 7

Oracle Flashback u

Consistent view of database at past point n

Read-only

n

Export and query

n

Protection against user error u

n

“Uh, I just deleted 1,000 rows from SPRIDEN. Can you restore it for me?”

Must be using AUM in order to use Flashback u

UNDO_RETENTION parameter

322

Using Flashback u

User needs execute on DBMS_FLASHBACK

u

Retention time must be long enough to be useful

u

Query as usual after enabling Flashback CALL dbms_flashback.enable_AT_time ('25-MAR-02:08:00:00'); SELECT * FROM emp; CALL dbms_flashback_disable();

323

Dictionary Views u

u

V$rollstat n

Number of times a rollback segment has wrapped

n

Number of times it has extended

n

Number of times it has shrunk

V$rollname n

Maps the rollback segment to its name by USN

324

Oracle Database Administration I 10 8

Data Dictionary Language (DDL) statements u

u

u

Change the internal structure of the database They do not use rollback/UNDO segments during processing Once SQL statements are executed, they cannot be rolled back!

325

Summary u

UNDO segments provide the user the ability to undo DML statements within the database

u

UNDO segments also provide read-consistency within the database

u

UNDO is a special type of segment

u

Rollback segments are kept for backwards compatiblity

326

Oracle Database Administration I Lesson 7 Creating and Managing Database Users

Oracle Database Administration I 10 9

Creating and Managing Database Users u

Agenda n

Create new Database Users

n

Modify existing Database Users

n

Monitor information about Database Users

n

Drop Database Users

n

Terminate user sessions

328

Creating and Managing Database Users u

u

Creating users under Oracle n

Created within the database or OEM

n

Not defined in the underlying operating system

Oracle stores internal user account information within the data dictionary in an encrypted format

329

CREATE USER SQL

330

Oracle Database Administration I 11 0

Create User Considerations u

If you do not specify a default tablespace, the user is assigned to SYSTEM

u

If not explicitly specified, users have a QUOTA of 0 on all tablespaces

u

By default, the account is not locked and the password is not pre-expired

331

Default Temporary Tablespace u

If you do not specify a temporary tablespace, temporary segments default to the SYSTEM tablespace

u

In 9i, if you create the default temporary tablespace for everyone you do not need to worry about this

u

To use this new feature, create it at database creation time or later

u

It must be of type temporary

332

Create a User u

Example: n

n

Create a user SAISUSR with a password of u_pick_it Assign a default tablespace of USERS and a quota of 100KB on the DEVELOPMENT tablespace

n

Specify the temporary tablespace to be TEMP

n

(Syntax is on the next slide.)

333

Oracle Database Administration I 11 1

Example of Creating a User SQL> create user saisusr identified by u_pick_it 2> default tablespace USERS 3> temporary tablespace TEMP 4> quota 100K on development 5> / Statement Processed.

334

User Passwords u

u

During the CREATE USER command, the assigned password echoes on the screen u

Note that the password is stored in encrypted form

u

The encryption algorithm is DES-128 bit

Oracle passwords are NOT case-sensitive

335

Password Aging u

You can use Password Management n

u

Run the script utlpwmg.sql to start

You can set u

Password attempts

u

Grace periods

u

History

u

Many more!

336

Oracle Database Administration I 11 2

Object Ownership u

As with an OS account, Oracle assigns an ownership to all database objects that you create in the database n

u

This ownership is known as a user's SCHEMA

When a user creates an object in the database, it is created under that user's SCHEMA

337

Joe Creates a Table u

Example n

User joe creates a table dept within the database

n

This table is created under joe's ownership or schema

SQL> create table dept 2> (deptno number(25), 3> dname varchar2(100)) / Table created.

338

Creating and Managing Database Users u

Now, connect to the database as chris. SQL> connect chris/u_pick_it Connected.

u

chris cannot see joe's table unless he specifies the appropriate schema.

u

The syntax for specifying objects in another schema is .

339

Oracle Database Administration I 11 3

Creating and Managing Database Users u

If a schema is omitted, Oracle assumes the object is in your own schema. If not found there, it will search for a synonym

SQL> desc joe.dept Column Name

Null?

Type

---------------------- -------- ---DEPTNO

NUMBER(25)

DNAME

VARCHAR2(100)

340

Creating and Managing Database Users u

u

If the object is not yours, the only way you can see the object(s) is for you to have been granted rights to it. This includes the synonym short name. n

Grants will be discussed later

341

Creating and Managing Database Users u

During an Oracle install, default user accounts are created. The important ones are: SYS and SYSTEM (INTERNAL will be desupported in 10i) n

All accounts are DBA accounts

n

To connect to sys, you must have SYSDBA privileges

n

However, all data dictionary objects will be created under the SYS schema

342

Oracle Database Administration I 11 4

Creating and Managing Database Users u

To prevent damage to the data dictionary, most DBA tasks should be done as SYSTEM n

The default password assigned to SYS is change_on_install

n

The default password for SYSTEM is manager

n

Change both passwords immediately after database creation

n

If you create a database in the Database Configuration Assistant, you will be prompted to change the passwords

343

Creating and Managing Database Users u

Unix n

u

VMS n

u

Can connect as SYSDBA only if the user is in the DBA group (defined under /etc/group) Can connect as SYSDBA only if the user is granted the ORA__DBA identifier under SYS$SYSTEM:AUTHORIZE

NT n

Can connect as SYSDBA only if the user is in the ORA_DBA group

344

Altering Users u

u

Purpose: To change the authentication or database resource characteristics of a database user Several ways to make the change: n

ALTER USER SQL command

n

OEM Management Console

n

Other third-party tools

345

Oracle Database Administration I 11 5

Alter User SQL Example u

Example n

n

Change the password of the user saisusr to monitor4all Modify the quota this user has to UNLIMITED on the USERS tablespace

SQL > alter user saisusr 2> identified by monitor4all quota unlimited on users; User altered.

346

OEM Security Section

347

Dropping a User u

u

Drop a database user with the DROP USER SQL statement and to optionally to remove the users’s objects: Again, this can be done with OEM and SQL DROP USER [CASCADE]

348

Oracle Database Administration I 11 6

Creating and Managing Database Users u

If the user has objects in his/her schema, Oracle will not drop a user n

u

To override this, specify the CASCADE option

Example n

Drop the user saisusr and include all objects in this user's schema

349

Drop User Does Not Drop Everything u

Oracle will invalidate, not drop, any objects referencing the dropped objects n

u

This includes packages, procedures, views, etc.

All roles created by the dropped user will remain

350

Creating and Managing Database Users u

Can view user information in the data dictionary, which stores information on all users n

DBA_USERS

n

ALL_USERS

n

DBA_TS_QUOTAS

351

Oracle Database Administration I 11 7

Creating and Managing Database Users u

View information about all users in the database with the DBA_USERS data dictionary view SQL> select * from dba_users USERNAME

USER_ID

PASSWORD

------------------

----------

-----------------------------

TEMPORARY_TABLESPACE

DEFAULT_TABLESPACE ------------------

CREATED

PROFILE

------------------------------------------------- ---------------------- --------SYS

0

D4C5016086B2DC6A

TEMP SYSTEM

SYSTEM

26-APR-01 5

D4DF7931AB130E37

TEMP

DEFAULT TOOLS

26-APR-01

DEFAULT

2 rows selected. SQL> exit

352

Creating and Managing Database Users u

Display tablespace quotas for all users with the DBA_TS_QUOTAS data dictionary view n

The user sam has a quota of 100KB on the SYSTEM tablespace (see example on next slide)

353

Creating and Managing Database Users SQL> select * from dba_ts_quotas;

TABLESPACE_NAME

USERNAME

BYTES

------------------------------ ---------------------- -------MAX_BYTES

BLOCKS

MAX_BLOCKS

------------------------------ --------------------

----------

SYSTEM

SAM

102

400

0

50

354

Oracle Database Administration I 11 8

Creating and Managing Database Users u

When necessary, terminate a user's session while the user is logged on to the database n

Use an ALTER SYSTEM KILL SESSION SQL statement

n

Or use the OEM’s Oracle Enterprise Manager Console

355

OEM

356

Creating and Managing Database Users u

Killing a user session n

Prevents the user from issuing further database calls

n

Frees locked resources

n

Issues rollback on all uncommitted transactions

357

Oracle Database Administration I 11 9

Creating and Managing Database Users u

To terminate a user session: n

n

DBA must first determine serial number and the session ID for the session Both values can be determined from the the data dictionary view v$session

358

Creating and Managing Database Users u

Example: n

n

The DBA wants to kill the session owned by joe The DBA must first determine the serial number and session ID

359

Creating and Managing Database Users SQL> select sid, serial#,username from v$session 2>

where username='JOE'

3> /

SID

SERIAL#USERNAME

---

------------------------

13

9

JOE

360

Oracle Database Administration I 12 0

Creating and Managing Database Users u

Use these values in the ALTER SYSTEM KILL SESSION command

SQL> alter system 2> kill session '13,9'; System altered.

361

Creating and Managing Database Users u

Note that ALL user sessions are killed when the DBA issues a SHUTDOWN IMMEDIATE

362

Summary n

Create new Database Users

n

Modify existing Database Users

n

Monitor information about Database Users

n

Drop Database Users

n

Terminate user sessions

363

Oracle Database Administration I 12 1

Oracle Database Administration I Lesson 8 Managing Resources

Managing Resources u

Agenda n

Control system and database resource usage

n

Password management

365

Profiles u

Can be used to limit system and database resources available to a user

u

Define a set of resource limits

u

Useful in large multi-user systems

u

Simplifies resource management

366

Oracle Database Administration I 12 2

Profile Resource limits u

Resource Options: SESSION_PER_USER

CPU_PER_SESSION

CPU_PER_CALL

CONNECT_TIME

IDLE_TIME

PRIVATE_SGA(MTS only)

COMPOSITE_LIMIT

FAILED_LOGINS_ATTEMPTS

LOGICAL_READS_PER_SESSION LOGICAL_READS_PER_CALL

367

Profile Password Restrictions u

Password options: n

PASSWORD_LIFE_TIME

n

PASSWORD_REUSE_TIME

n

PASSWORD_REUSE_MAX

n

PASSWORD_LOCK_TIME

n

PASSWORD_GRACE_TIME

n

PASSWORD_VERIFY_FUNCTION

368

Enable Resource Limits u

To enable profiles, set the initialization parameter RESOURCE_LIMIT in the database parameter file, init.ora

u

A value of TRUE enables resource enforcement

u

A value of FALSE(default) disables all profiles

u

Once this value is modified, either restart the database or use the ALTER SYSTEM command for the changes to take effect

369

Oracle Database Administration I 12 3

Alter System Example u

Example n

Enforce resource limits for the database

SQL> alter system set resource_limit=true; System altered.

370

Managing Resources u

When resource limits are enabled for a database, the system creates a profile called DEFAULT n

n

n

n

Users who are not explicitly assigned a profile are assigned to DEFAULT All unspecified limits in later profile definitions have the corresponding value of DEFAULT Initially, all DEFAULT values are unlimited DEFAULT profile should not be modified. It will also affect SYS and SYSTEM!

371

OEM Profile tool

372

Oracle Database Administration I 12 4

Managing Resources u

Using profiles, resources may be controlled at both the session or call (statement) level n

Lists of resources controlled at the session level and at the call (statement) level may be found in the workbook

373

Managing Resources u

Example n

Create a profile called developer_profile

n

Maximum of five concurrent sessions

n

Unlimited CPU time for a call

n

Maximum idle of 60 minutes

n

(Syntax on next slide.)

374

Managing Resources SQL> create profile developer_profile limit 2> sessions_per_call 5 3> cpu_per_call unlimited 4> idle_time 60 / Profile created.

375

Oracle Database Administration I 12 5

Managing Resources u

u

Once you create a profile, assign users to it To assign a new user to a profile, specify the profile name in the CREATE USER SQL statement n

(Syntax on next slide.)

376

Managing Resources SQL> create user eddie identified by vanhalen 2> default tablespace users 3> temporary tablespace temp 4> profile developer_profile / User created.

377

Managing Resources u

Can change an existing user's profile in an ALTER USER SQL statement

SQL> alter user sue profile developer_profile / User altered.

378

Oracle Database Administration I 12 6

Managing Resources u

u

Profile assignments only affect a user's subsequent transactions Each user is assigned one (and only one) profile

379

Managing Resources u

When a session-level resource limit has been exceeded: n

n

The user’s current statement stops executing, and all changes are rolled back Only a COMMIT, ROLLBACK, or disconnect is allowed

380

Managing Resources u

When a call-level resource limit has been exceeded: n

Processing of the statement is halted

n

Statement is rolled back

n

Only a COMMIT, ROLLBACK, or disconnect is allowed

381

Oracle Database Administration I 12 7

Managing Resources u

In both cases, the user is notified of the resource he/she has exceeded SQL> delete from saturn.spriden / ORA-02393 exceeded call limit on CPU usage

382

Alter Profile SQL u

To modify characteristics of an existing profile, use the ALTER PROFILE SQL statement n

u

Refer to the workbook for the syntax.

Changes to a profile affect subsequent sessions ONLY

383

Alter Profile Limits u

Alter the values of existing limits in an existing profile

SQL> alter profile developer_profile limit 2> sessions_per_user 2 3> cpu_per_session 30000 4> idle_time 30 5> logical_reads_per_call 1000 / Profile altered.

384

Oracle Database Administration I 12 8

Managing Resources u

Example n

n

Alter the profile developer_profile to specify a maximum of two sessions, 30000 hundredths of a second CPU time for a session, idle time of 30 minutes and 1000 logical reads per call. (Syntax is on the next slide.)

385

Managing Resources u

Alter the default profile n

Specify a maximum of 5 sessions, and 30 minutes of idle time

SQL> alter profile default limit 2> sessions_per_user 5 3> idle_time 30 / Profile altered.

386

Resource Composites u

Total resource usage may be limited through the use of composite limits n

n

A composite weighted sum can only be used on these resource limits: n

CPU_PER_SESSION

n

CONNECT_TIME

n

PRIVATE_SGA(MTS only)

n

LOGICAL_READS_PER_SESSION

Used to limit total resource usage for a session

387

Oracle Database Administration I 12 9

Managing Resources u

Using a composite limit n

n

The DBA must first define the weighting factors for each resource that is used This is done using an ALTER RESOURCE COST SQL statement

388

Managing Resources u

Example: n

n

u

The DBA wants to set a composite limit of 1000 for the above quantities He/she wants to weight each quantity equally

The DBA must first define the weights of the quantities n

(Syntax is on the next slide.)

389

Managing Resources SQL> alter resource cost 2> cpu_per_session 1 3> connect_time 1 4> logical_reads_per_session 1 5> / Statement processed. SQL>

390

Oracle Database Administration I 13 0

Managing Resources u

A composite profile can now be defined using the above weighting factors

SQL> create profile user_profile limit 2> composite_limit 2000 3> idle_time 60 4> / Statement processed. SQL>

391

Managing Resources u

In this example, if the total cpu_per_session, connect_time and logical_reads_per_session exceeds 2000, then a user exceeds his/her profile limits

392

Managing Resources u

To remove a profile from the database, use the DROP PROFILE SQL statement DROP PROFILE [CASCADE]

393

Oracle Database Administration I 13 1

Managing Resources u

Cannot drop profiles if they are still assigned to users n

n

u

To override this, specify the CASCADE option Any users assigned to a dropped profile will be reassigned to the DEFAULT profile

The DEFAULT profile cannot be dropped

394

Managing Resources u

Example n

Drop the profile developer_profile, and reassign all users that had this profile to the DEFAULT profile.

SQL> drop profile developer_profile cascade / Profile dropped.

395

Managing Resources u

Query the data dictionary to view information about profiles defined in the database

u

Views that hold information about profiles defined in the database include: n

DBA_USERS

n

DBA_PROFILES (What values)

(What profiles)

n

RESOURCE_COST (Composite limits)

n

USER_RESOURCE_LIMITS (User limits)

396

Oracle Database Administration I 13 2

Managing Resources u

Example n

Determine the profiles of all users in the database

SQL> select username, profile from dba_users; USERNAME

PROFILE

------------------------------ -----------------SYS

DEFAULT

SYSTEM

DEFAULT

SAM

DEFAULT

3 rows selected. SQL>

397

Managing Resources u

Example n

n

Determine the resource limits of the default profile Refer to the workbook for an example of looking up the values

398

Password Limits u

Use for login attempts

u

Password history

u

Account management

u

May need to run utlpwdmg.sql to set up password management

399

Oracle Database Administration I 13 3

Password History u

u

A mechanism must be in place for you to alter their password PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME are mutually exclusive u

One can be set, the other UNLIMITED

400

Other Options u

Resource Consumer Groups n

u

Can give one set of user 75% CPU usage, another 25% (*more in DBAII)

SQL*plus command restrictions n

n

Use product_user_profile Restrict access to items like HOST, SET , etc.

401

Summary n

Control resource usage within the database

n

Restrict and limit system and call level controls

n

Manage user password and login attempts

402

Oracle Database Administration I 13 4

Oracle Database Administration I Lesson 9 Control Database Privileges

Control Database Privileges u

Agenda n

Define database privileges

n

Grant and control system privileges

n

Grant and control object privileges

n

Grant and control roles

404

Control Database Privileges u

Oracle allows the DBA and users to control access levels for objects within the database n

Similar to OS file access controls

n

Objects stored within the database u

Tables, views

u

Packages, procedures

u

Functions, sequences, synonyms

405

Oracle Database Administration I 13 5

Control Database Privileges u

PRIVILEGES can be grouped into two categories: n

OBJECT Level privileges u

n

Gives you the ability to perform some operation on various objects

SYSTEM Level privileges u

Lets you execute specific sets of commands

406

Object vs. System privileges u

Object privileges are the easiest to remember. There are eight to remember: Select

insert

update

delete

alter

index

References

execute

Other less common:

u

n

debug (java)

n

Read/write (on directories)

n

query rewrite/on commit refresh (materialized views)

n

Dequeue/enqueue (advanced queueing)

All other privileges are for system privileges

407

Why Grant Privileges? u

u

u

Users will need system and object privileges to access the database and to manipulate data When a user is created, no object nor system privileges are available Privileges can be GRANTed to users, roles and to PUBLIC

408

Oracle Database Administration I 13 6

Control System Privileges GRANT {system priv | role | all [privilege]} [, {system priv | role | all [privileges]}…] to {user | role}[,{user | role}]… [identified by password] [with admin option]; u

All grants the user or role all privileges (except SELECT ANY DICTIONARY)

u

WITH ADMIN OPTION permits the grantee to bestow the privilege to other user(s) or role n

Roles discussed in Lesson 10

409

Control Database Privileges u

Example: n

Grant the user scott the privilege to select from any table

SQL> grant select any table to scott; Statement processed.

410

Viewing Granted Privileges u

DBA_SYS_PRIVS lists what privileges have been granted to a grantee. n

A grantee can be a user or a role.

n

Refer to the workbook for examples

411

Oracle Database Administration I 13 7

Control Database Privileges u

Revoking system privileges n

To remove a privilege from a user, use the REVOKE SQL statement

REVOKE | FROM | | PUBLIC

412

Control Database Privileges u

Example: n

Remove SELECT ANY TABLE PRIVILEGE from the user john

SQL> revoke select any table from john; Statement processed.

413

Control Database Privileges u

Example: n

Remove SELECT ANY TABLE PRIVILEGE from all users in the database

SQL> revoke select any table from public; Statement processed.

414

Oracle Database Administration I 13 8

Control Database Privileges u

Effects of REVOKE on GRANT ... WITH ADMIN OPTION n

n

n

User A has system privilege Q with ADMIN OPTION. He/she then grants privilege Q to user B The DBA then revokes system privilege Q from user A The revocation of system privileges does NOT cascade down. After the revoke of privilege Q for user A, user B STILL has privilege Q

415

Control Database Privileges u

Disabling logons to the database n

n

n

Once a user is created in the database, he/she still needs CREATE SESSION system privileges in order to logon to the database To disable a user account without dropping the user, simply revoke the user's CREATE SESSION system privilege Refer to the workbook for the syntax

416

Control Object Privileges GRANT {object priv | all [privilege]} [(column [, column]…)] on object

to {user | role}

[with grant option];

u

All grants all object level privileges.

u

WITH GRANT OPTION allows the grantee to grant this privilege to other users in the database

417

Oracle Database Administration I 13 9

Control Database Privileges

u

Example n

Allow sue to insert into the table emp

SQL> grant insert on emp to sue; Statement processed.

418

Control Database Privileges u

The user executing the grant MUST have the object in his/her SCHEMA unless the grant WITH GRANT OPTION has been previously granted

u

For example, john cannot grant select on table emp to sue unless he owns the table or a grant WITH GRANT OPTION has been granted to him

419

Control Database Privileges u

Example n

Grant the users sue and rich the privilege to query the accounts table

SQL> grant select on accounts to sue, rich; Statement processed.

420

Oracle Database Administration I 14 0

Control Database Privileges u

Example n

Grant the user jeff the privilege to insert on spriden_pidm column of the SPRIDEN table n

(only options are insert, update and references)

SQL> grant insert(spriden_pidm) on spriden to jeff; Statement processed.

421

Control Database Privileges u

Grant WITH GRANT OPTION n

An object privilege that is granted using WITH GRANT OPTION can be passed on to other users and roles by the GRANTEE

SQL> grant select on accounts to sue with grant option; Statement processed.

422

Control Database Privileges u

Now sue will be able to grant this privilege to other users n

Refer to the workbook for an illustration

423

Oracle Database Administration I 14 1

Control Database Privileges u

To remove a privilege from a user, use the REVOKE SQL statement REVOKE ON FROM | | PUBLIC

424

Control Database Privileges u

Example: n

Remove SELECT ON DEVEL PRIVILEGE from john

SQL> revoke select on devel from john; Statement processed.

425

Control Database Privileges u

Example: n

Remove SELECT ON DEVEL PRIVILEGE from all users in the database

SQL> revoke select on devel from public; Statement processed.

426

Oracle Database Administration I 14 2

Control Database Privileges u

Unlike revoking system privileges, revoking object privileges has a cascading effect. Investigate the effects before doing so n

n

n

Suppose that the DBA revokes the SELECT ON ACCOUNTS object privilege from sue... This revoke will remove the privilege from sue AND from all users to whom sue granted that privilege Refer to the workbook for the syntax

427

Control Database Privileges u

View all object privileges granted to users by querying the data dictionary

View Name

Description

DBA_TAB_PRIVS

All privileges on objects in the database

DBA_COL_PRIVS

All privileges on columns in the database

428

Summary u

Define database privileges

u

Grant and control system privileges

u

Grant and control object privileges

429

Oracle Database Administration I 14 3

Oracle Database Administration I Lesson 10 Role Management

Role Management u

Agenda n

Describe roles

n

Creating and modifying roles

n

Manage roles

431

Role Management u

Privilege management can be tedious n

n

For example, if you have 100 users that each require the following privileges: u

CREATE SESSION

u

CREATE TABLE

u

DROP TABLE

u

SELECT ANY TABLE

To assign these privileges, the DBA must execute each grant for all 100 users

432

Oracle Database Administration I 14 4

Grant with no Roles SQL> grant create session to user1; Statement processed. SQL> grant create table to user1; Statement processed. SQL> grant drop table to user1; Statement processed. SQL> grant select any table to user1; Statement processed. (Same for user 2, etc.)

433

Users Need Object Privileges u

Object permissions must be executed for each user. n

n

For example, the DBA also wants each user to have update privileges on the SPRIDEN table The DBA must now execute the appropriate grant for EACH user

434

Grant the Object Privilege SQL> grant update on spriden to user1; Statement processed. SQL> grant update on spriden to user2; Statement processed. SQL> grant update on spriden to user3; Statement processed. . . . (etc.)

435

Oracle Database Administration I 14 5

What are Roles? u

A collection of system and/or object level privileges

u

Allows predefined collections of privileges to be modified and assigned

u

Simplifies privilege management

u

Once defined, may be granted to other users, roles and/or PUBLIC Granting a role to a user grants ALL associated privileges to that user

u

436

Role management Privilege CREATE SESSION

Role Normal User

SELECT ANY TABLE UPDATE ANY TABLE

User Joeuser

437

Role management u

Create roles using the CREATE ROLE SQL statement CREATE ROLE [not identified | identified {by password | using [schema.]package | externally | globally}]

438

Oracle Database Administration I 14 6

Create Role - example u

Example n

Create a role called standard_user

SQL> create role standard_user; Statement processed.

439

Create Role Protected - example u

Example n

Create a role called power_user

n

Protect this role with the password xxx2q

SQL> create role power_user identified by xxx2q; Statement processed.

440

Role management u

After a role is created: n

n

n

Privileges may be assigned to roles in the same manner they are assigned to users The assignments are done through GRANT SQL statements (See next slide for syntax.)

441

Oracle Database Administration I 14 7

Role management SQL> grant create session to standard_user; Statement processed. SQL> grant create table to standard_user; Statement processed. SQL> grant drop table to standard_user; Statement processed. SQL> grant select any table to standard_user; Statement processed.

442

Role management u

Once defined, a role can then be granted to users n

n

A role grant to a user grants all associated privileges to the user (See next slide for syntax.)

443

Role management SQL> grant standard_user to user1; Statement processed. SQL> grant standard_user to user2; Statement processed. SQL> grant standard_user to user3; Statement processed. . . . (etc)

444

Oracle Database Administration I 14 8

Role management u

A role may be modified to have more or fewer privileges n

n

n

Make these changes through GRANT or REVOKE SQL statements Any changes to roles immediately cascade down to all grantees of the role (See next slide for syntax.)

445

Role management SQL> grant update on spriden to standard_user; Statement processed.

u

The above statement gives all grantees of standard_user the ability to update on the SPRIDEN table

446

Role management u

Roles may also be granted to other roles

SQL> grant standard_user to power_user; Statement processed.

u

The above statement causes all associated privileges of standard_user to be granted to power_user

447

Oracle Database Administration I 14 9

Role management u

Subsequent privileges may then be granted to power_user

SQL> grant alter any table to power_user; Statement processed.

u

What will happen if you grant subsequent privileges to standard_user?

448

Role management u

The exception to this is that no role can be granted to itself, even indirectly n

If Role A is granted to Role B, and Role B is granted to Role C, then Role C cannot be granted back to Role A

449

Default Roles u u

u

Users can have none or many default roles If no default role is assigned, all roles granted to the user will be in effect throughout their session If a user has a default role and wants to set another role, the user must issue the set role command

450

Oracle Database Administration I 15 0

Set Default Roles u

Default roles are set for a user using the ALTER USER SQL statement

SQL> alter user joe default role standard_user; User altered. u

View dba_role_privs to see what roles are default roles.

451

Setting Roles u

A user may activate another role that he/she has previously been granted using a SET ROLE SQL statement

u

User Joe can set any role that he was granted during his session. u

Refer to the workbook for the syntax

452

Role management u

u

If joe has a default role set for his user account, then that role will be active for his entire session. If joe does not have a default role set for his account, then the more powerful role will always be active. n

So long as he was granted default roles...

453

Oracle Database Administration I 15 1

Role management u

u

When a user logs into a database, the default role is what is available. If more than one role is granted as default, the more powerful will take precidence.

454

Role management - question u

If joe has standard_user set as a default role, then he has to issue a SET ROLE SQL statement to activate any other role.

u

If Joe wants to delete all the roles from table SPRIDEN, can he simply log in and do this?

u

If not, what must Joe do to give him the privilege? n

Hint: refer to your workbook.

455

Effects of Conflicting Roles u

Suppose that the user joe has been granted two roles with conflicting privileges...

SQL> grant all on spiden to power_user; Statement processed. SQL> grant select on spriden to standard_user; Statement processed. SQL> grant power_user, standard_user to joe; Statement processed.

456

Oracle Database Administration I 15 2

Role Authorization u

The DBA can change the authorization of a role using the ALTER ROLE SQL statement n

n

n

NOT IDENTIFIED - removes the password associated to a role IDENTIFIED BY - assigns a password to a role EXTERNALLY – Tied to the operating system (not discussed here)

ALTER ROLE NOT IDENTIFIED | IDENTIFIED BY | EXTERNALLY

457

Role Password Management u u

View dba_roles to see what roles are passworded To remove/alter a password option, use the alter role command:

SQL> alter role power_user not identified; Role altered.

458

Password Protected Roles u

A password-protected role may be invoked using a SET ROLE ... IDENTIFIED BY SQL statement

SQL> set role power_user identified by xxx2q; Statement processed.

u

To set a non-defaulted password role, the user must have the password and explicitly set it.

459

Oracle Database Administration I 15 3

Role management u

If a password-protected role is granted to a user as the default role, Oracle skips the password checking and invokes the role as the user logs on

u

If no default role is defined for a user, Oracle assumes that ALL granted roles for a user are the default and skips password checking for ALL granted roles

u

Thus, ALL USERS NEED TO BE ASSIGNED DEFAULT ROLES

460

Role management u

Banner Security n

Password-protected roles are the key to security in Banner

n

In Banner, three roles are created : u

BAN_DEFAULT_CONNECT

u

BAN_DEFAULT_Q

u

BAN_DEFAULT_M

461

Role management u

BAN_DEFAULT_CONNECT n

Role consisting of the CREATE SESSION privilege u

Allows users to only connect to the database, but not to have access to ANY objects

462

Oracle Database Administration I 15 4

Role management u

BAN_DEFAULT_Q n

u

Allows select / executes on all objects

BAN_DEFAULT_M n

Allows select / execute / insert / delete / update on all objects

463

Role management u

All three roles are granted to EACH Banner user with BAN_DEFAULT_CONNECT set as the default role n

See the next slide for the syntax.

464

Role management SQL> grant ban_default_connect to saisusr; Statement processed. SQL> grant ban_default_q to saisusr; Statement processed. SQL> grant ban_default_m to saisusr; Statement processed. SQL> alter user saisusr default role ban_default_connect; Statement processed.

465

Oracle Database Administration I 15 5

Role management u

Users with BAN_DEFAULT_M or BAN_DEFAULT_Q roles are not able to invoke the associated privileges, since they will not know the underlying passwords

u

The passwords for invoking these roles are stored in encrypted format in each Banner form

466

Role management u

These roles are invoked ONLY when the user executes the appropriate form n

n

Thus, users can only change information within the database through a Banner form Consult the Banner Security Manual (Chapter 2 of the technical reference) for additional information

467

Cautions u

As described earlier, be aware of default roles

u

Another one is if you grant a role with a system privilege with admin option: n

A user with the role grants the system privilege to another user

n

The role was dropped

n

The new user with the system privilege will still have that privilege!

468

Oracle Database Administration I 15 6

Other DBA Views u

Role_role_privs

u

Role_sys_privs

u

Role_tab_privs

n

n

n

Roles granted other roles and admin

Roles granted system privileges

Roles granted object privileges

469

Summary n

Describe roles

n

Creating and modifying roles

n

How Banner utilizes roles

n

Methods of combining privileges for user group activies

470

Oracle Database Administration I Lesson 11 Oracle Net

Oracle Database Administration I 15 7

Oracle Net u

Agenda n

Describe the purpose and goal of Oracle Net

n

Setup Oracle Net listeners on the database host

n

Setup Oracle Net clients that connect to other Oracle servers

472

Purpose of Oracle Net u

Networks

u

Traditionally, database connections have been local connections

u

Server-based applications force support of both the application and database

u

Client/server technology helped to separate this load

n

n

We all need to use them, internet and intranets

CPU and IO loads

473

Local Connections u

Local connections are useful in some circumstances, such as DBA tasks

u

Local connections in many other cases are less useful. They require that: n

n

An account is set up on the operating system level for all Oracle users. This is a serious security problem, especially under UNIX where numerous security holes exist with shell (/bin/sh, /bin/ksh) level The client resides on the same machine as the database server. This reduces performance of the database server

474

Oracle Database Administration I 15 8

Tier Architecture u

Two-task processing introduced the beginning of separating clients from applications and servers

u

Two-tier architecture required a fat client with lots of RAM and disk space

u

Configuration management was a nightmare!

475

N-tier Applications u

Distributes the workload associated to database applications

u

Introduced the N-tier Architecture

u

Thin clients were now able to run applications

u

Oracle Net allowed for distribution of the workload across the network

476

Thin clients u

u

u

The client has now been transferred to a middle tier The application load can now be spread over the network Browser-based connections have now eliminated fat PC requirements

477

Oracle Database Administration I 15 9

Oracle Net u

Heterogeneous database connections are now common

u

Transparent Network Substrate (TNS) n

Client and server can use different communications protocols

n

Multi-vendor applications can now communicate

n

Can transfer data to an asynchronous receiver

478

Oracle Net u

An IP networking protocol

u

Must be installed on both client and server machines before remote connections can take place

u

Defined as a session-level protocol that runs on top of network and transport layers u

Under the OSI(Open Systems Interconnect) theoretical network model

479

OSI Theoretical Network Model

480

Oracle Database Administration I 16 0

TCP/IP u

TCP/IP (Transmission Control Protocol / Internet Protocol) n

n n n

Developed by the US Defense Department for high speed data transfer between WANs Protocol used on the Internet Routable between subnets Supports a uniform network numbering scheme throughout the world

481

Oracle Net u

u

Installed to run under TCP/IP, since it is present on virtually all machine types Easily configured n

Manually with any text editor

n

Using a configuration assistant

482

Connection configuration u

Oracle Net Configuration Assistant

483

Oracle Database Administration I 16 1

Listener.ora u

An Oracle LISTENER must first be set up on the database server prior to remote connections to any database

u

The Listener.ora file configures u

A unique listener name

u

Protocol addresses that it is accepting connection requests on

u

Services it is listening for

484

Oracle Net u

u

Either located in $ORACLE_HOME/network/admin or in the location that is defined by the system n

$ORACLE_HOME/network/admin (Unix)

n

TNS_ADMIN (VMS/NT)

Does not require identification of the database service

485

Service Name(s) u

u

Registered by PMON which provides: n

Service name(s) for each running database

n

Instance names of the databases

n

Service Handlers, dedicated or dispatcher

PMON also checks on dispatcher and server processes, and restarts them if necessary

486

Oracle Database Administration I 16 2

Oracle Net u

A sample listener.ora file is shown in the workbook. n

n

n

Defines a TCP listener named MYLISTENER that runs on port 1526. (Note that on Unix systems ports under 1024 are reserved for root access only.) Hostname of the database server is my.test.edu MYLISTENER attaches to the databases SEED, TEST, and PROD, which run from the directory /u01/oracle/product/8.1.6.#

487

Oracle Net u

The executable that controls the listener is called lsnrctl n

When you invoke this application you should see something similar to:

LSNRCTL for Unix: Version 2.3.3.0.0 - Production on 18-MAY-98 23:51:31 Copyright (c) Oracle Corporation 1994.

All rights reserved.

Welcome to LSNRCTL, type "help" for information. LSNRCTL>

488

Oracle Net u

To start or stop a particular listener, you can either enter the command at the prompt: lsnrctl start

u

Or you can invoke the program and type: lsnrctl > start

489

Oracle Database Administration I 16 3

Oracle Net u

u

The program lsnrctl calls another executable, tnslsnr, which actually starts the daemon At this point, the databases SEED, TEST, and PROD are ready to accept remote connections from the network

490

Oracle Net u

To stop a listener, invoke lsnrctl and enter the following: LSNRCTL> stop

u

In the case of MYLISTENER: LSNRCTL> stop MYLISTENER The command completed successfully LSNRCTL> exit $

491

Oracle Net u

u

Typically, the Oracle software owner starts/stop the listener, although anyone in the dba group can do so If someone other than ORACLE starts it, the log file will be produced where the user is logged in at

492

Oracle Database Administration I 16 4

Oracle Net u

Multiple listeners n

n

The previous syntax defined a single listener that attaches to the SEED, TEST, and PROD databases Under this setup, users can remotely log into any of the three databases attached to the daemon while MYLISTENER is running

493

Oracle Net u

Multiple listeners (cont.) n

n

n

If the DBA needs to restrict users from remotely logging into specific databases while the databases are open, the databases should be attached to separate listeners Databases remain remotely inaccessible as long as the listeners that attach to it are not running The DBA can configure as many as needed so long as each one is defined on a separate port

494

Oracle Net u

The listener.ora file shown in the workbook defines: n

Three listeners: FIRSTLISTENER, SECONDLISTENER, and THIRDLISTENER

n

Run from ports 1526, 1527 and 1528, respectively

n

Attach to the databases SEED, TEST, and PROD

495

Oracle Database Administration I 16 5

Oracle Net u

With multiple listeners, each must be started individually under lsnrctl n

This allows the DBA greater control over database access

496

Oracle Net u

u

To prevent users from remotely logging to the TEST, for example, the DBA can shut down SECONDLISTENER However, keep in mind that more listeners take up more system resources

497

Client Oracle Net u

In addtion to setting up Oracle Net on the database server, Oracle Net must also be properly configured on each Oracle client

u

Several ASCII configuration files exist for setting up Oracle Net on the Oracle client n

sqlnet.ora

n

names.ora

n

tnsnames.ora

498

Oracle Database Administration I 16 6

Client Configuration u

Each file defines a different component of Oracle Net clients n

u

However, tnsnames.ora is critical for remote database connections

As with listener.ora, Oracle recommends you generate these files with Oracle Net Manager, but you can edit them directly

499

Connection Management u

Oracle Net Manager

500

Oracle Net u

u

The tnsnames.ora file consists of a series of database connect/host string definitions. Each string defines a specific database which the client can connect to. The basic syntax of these strings is shown in the workbook.

501

Oracle Database Administration I 16 7

Oracle Net u

Each host string entry defines: n

Hostname of the database server

n

Port that the listener is running on

n

Oracle SID of the desired database

502

Oracle Net u

While the DBA is free to choose any name she/he wants as the host string, each value in the string MUST match those defined in the corresponding Oracle listener u

Port

u

Host

u

SID or Service Name

503

Oracle Net u

For an example of using the latter listener.ora file, the workbook ilustrates the configuration association of these.

504

Oracle Database Administration I 16 8

Oracle Net u

Once these files are properly set up, you are ready to connect to a remote database

u

On Windows2000/NT you can pre-define the connect string with the LOCAL registry value. This assumes only one database on the server.

u

You can pre-set connect_strings in any environment by creating an individual tnsnames.ora for each database.

u

Each of these assist the user in entering as little as possible

505

Oracle Net u

Oracle clients require three parameters for remote connects: n

Username and password for the Oracle logon

n

Connect string that defines the database

506

Oracle Net u

From the command line, setting up a remote connection is very similar to that of a local connection n

n

Start the desired Oracle client as before During the database logon specify a username followed by an "@" during the username prompt

507

Oracle Database Administration I 16 9

Oracle Net u

For example, to remotely connect as SYSTEM into the SEED database using SQL*PLUS

u

You can also connect another database in the sqlplus program without disconnecting

n

n

Sqlplus system/[email protected]

Connect general/[email protected]

508

Oracle Net u

For example, to connect to SQL*PLUS from a GUI-based session, you would enter the following:

509

Oracle Net u

The Oracle client first takes the host string specified in the login and attempts to find a matching string in tnsnames.ora n

n

n

If it finds a match, it attempts to find a listener running at the specified host and port If an Oracle listener is found, the client application attempts to locate a database with the SID as specified in the host string If the client finds this database, it takes the username and password and attempts to login

510

Oracle Database Administration I 17 0

Oracle Net u

Troubleshooting Oracle Net n

n

Setting up remote database connections is a complicated process, that requires numerous components to be properly functioning The workbook lists common errors that can arise, along with their likely resolutions

511

Oracle Net u

Any Oracle system account can test the connect string with TNSPING. This will test to see if the host machine is listening and recognizes the connect string

u

Sometimes DNS resolution gets in the way, you can specify an IP for the HOST= parameter. It is faster

512

Log and trace files u

Sqlnet.log will be very beneficial in trouble shooting connections

u

To identify the relevant part of the problem, you will need to turn on tracing

u

There are three main areas to trace: n

1. The SQL*NET client

n

2. The ‘listener’ process

n

3. The SQL*NET ‘server’

513

Oracle Database Administration I 17 1

Trace file levels u

Establishing a connection

Client----à Listener ---à Server 1 u

2

3

An established connection Client ---à Server 1

3

514

Client Level Tracing Add in the file sqlnet.ora n

Trace_level_client=##

n

Trace_file_client=filename

n

Trace_directory_client=/tmp

n

Trace_unique_client=true

u

This will turn on FULL tracing for your user account.

u

Output in /tmp/filename_.trc

515

Listener Level Tracing u

u

Add in the file Listener.ora n

Trace_level_listener=##

n

Trace_file_listener=filename

n

Trace_directory_listener=/tmp

This defines FULL tracing in /tmp/filename.trc

516

Oracle Database Administration I 17 2

Server Level Tracing u

Add in the file sqlnet.ora.

u

Output sent to /tmp/filename_. n

Trace_level_server=##

n

Trace_file_server =filename

n

Trace_directory_server =/tmp

517

Tuning u

Packet transferring n

SDU

n

TDU

u

Server and dispatchers

u

Connect time

u

queuesize

518

Summary n

Describe the purpose and goal of Oracle Net

n

Setup Oracle Net servers on the database host

n

Setup Oracle Net clients that connect to Oracle Net servers

519

Oracle Database Administration I 17 3

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF