KEMBAR78
Oracle DBA | PDF | Oracle Database | Database Transaction
100% found this document useful (3 votes)
8K views173 pages

Oracle DBA

RAC (real application cluster) a.k.a. Parallel server Instance Defined u defined by initialization parameter(s) that determine the size and composition can be dynamically altered initSID.ora (ascii file) spfilesid.ora is used to initialize a database instance.

Uploaded by

api-3702030
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (3 votes)
8K views173 pages

Oracle DBA

RAC (real application cluster) a.k.a. Parallel server Instance Defined u defined by initialization parameter(s) that determine the size and composition can be dynamically altered initSID.ora (ascii file) spfilesid.ora is used to initialize a database instance.

Uploaded by

api-3702030
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 173

Oracle Database Administration I

Lesson 1
Oracle Server Architecture

Overview
u Set of data to store and access information
u Based on a relational model of rows and columns stored in tables
u Also Object-oriented (OO) structures
n Abstract datatypes and methods
u Contains these components:
n Physical
n Memory
n Process

Oracle’s Overall Role


u Retrieve data
u File I/O
u Space Management
u Change Management
u Access Management

Oracle Database Administration I


1
Database Structure
u Data file(s)
u Control file(s)
u Redo logs
u Init.ora (spfile.ora – 9i)
u Trace
u Alert log
u Password

Instance Structure
u Memory structures are allocated
n Collectively known as System Global Area.
n 95% defined by data block buffer cache, Shared SQL Pool, Large Pool
and Java Pool.
u Oracle background processes are started.
u Single database accessible by multiple instances – RAC (Real
Application Cluster) a.k.a. parallel server

Instance Defined
u Defined by initialization parameter(s) that determine the size
and composition
u Can be dynamically altered
u initSID.ora (ascii file)
u spfileSID.ora (binary file)
u configSID.ora (usually only used to create a database – not
widely used)

Oracle Database Administration I


2
Oracle Instance
u Composed of:
n SGA (System Global Area)
n PGA (Program Global Area)
n Oracle BACKGROUND processes

System Global Area (SGA)


u Shared memory region allocated by Oracle for an
Oracle database
u Allocated when the Oracle database is started
u The SGA should be in non-paged, non-swapped
memory

SGA Composition
u Buffer cache
u Shared SQL Pool
u Large pool (optional)
u Java pool
u Redo log buffer
u Dictionary cache
u Other miscellaneous items

Oracle Database Administration I


3
PGA Composition
u Non-shared memory area to which a process
(server or background) can write
u Allocated by Oracle when a user connects to an
Oracle database and a session is created

10

Oracle Instance
u Required Background Processes:
n DBWn
n LGWR
n SMON
n PMON
n CKPT (9i)

11

Oracle Instance
u Optional Background Processes:
(not all inclusive)
n ARCn
n CKPT (prior to 9i)
n RECO
n Lock (LCK0)
n Job Queue (SNPn)
n Queue Monitor (QMNn)
n Dispatcher (Dnnn)
n Server (Snnn – for dedicated MTS servers)

12

Oracle Database Administration I


4
Oracle Instance
More Details

SGA
u Buffer Cache
u Redo Log BUFFER
u Shared SQL Pool
u Dynamic (as of Oracle 9i)

14

Dynamic SGA
u Defined in Granules
n SGA < 128mb 4mb size
n SGA > 128mb 16mb size
u Can be modified on the fly (9i)
u Establish an overall maximum
u Initially allocated – 4 for small, 3 for large
(fixed SGA, buffer cache, Shared pool)

15

Oracle Database Administration I


5
Data Buffer Cache Structure
u Can be defined in two ways:
n By block db_block_buffers
n By byte db_cache_size
u Was divided into blocks the same size as the blocks in the
datafiles
u As of 9i, multiple buffer cache introduced (depends on
block size of each tablespace)
u Size and number defined in the initialization Parameter File
u Holds copies of data blocks read from disk

16

Data Buffer Cache Contents


u Stores the most recently accessed BLOCKS OF DATA
u Contains PINNED buffers
n Data being accessed
u Contains DIRTY buffers
n Data that has been MODIFIED, but not written to disk
u FREE buffers
u Two lists, write and LRU

17

REDO Log Buffers


u Stores the REDO ENTRIES (changes to the database)
u Default is four times the OS block size
u Larger reduces log I/O and uncommented redo to online
redo logs
u Changed data is moved from the database buffer cache to
the redo log buffer then to the redo log files

18

Oracle Database Administration I


6
Shared Pool
u Can be dynamically modified (9i)
u Must be an integer multiple of the granule size
u Oracle will round up if not
u Managed by LRU algorithm
u Contains:
n Library Cache
n Data Dictionary Cache
n Control structures
n Reusable Runtime Memory

19

Shared Pool

20

Shared Pool
u Library Cache
n SHARED by all users for commonly used SQL
statements
n Shared and Private SQL areas for executed
statements
n PL/SQL Procedures and Packages
n Allocation and Reuse of Memory

21

Oracle Database Administration I


7
Library Cache
u Shared SQL
n PARSE TREES for SQL statements
n EXECUTION plans for SQL statements
n Size dependent on complexity
u Private SQL
n Each session has one
n Persistent and Runtime areas
n Cursors

22

Library Cache
u PL/SQL Program Units
n Procedures, functions, Packages, anonymous blocks and
database triggers
u Allocation and Reuse of Memory
n Every SQL statement submitted, Oracle automatically allocates
memory
u Checks for existence
u Allocate private SQL area
u May flush the shared pool

23

PGA

24

Oracle Database Administration I


8
PGA
u Varies depending if dedicated or Shared servers (MTS) are
used
u Stack space
u Session information (PGA verses Shared Pool)
u Memory allocated to hold a session’s variables and arrays
u Automatically managed in 9i with the SQL memory
management

25

Questions
u What is the name of Oracle’s memory structure?
u What are its contents?
u How is it divided?
u If I have 150 mb SGA, why does Oracle change the size?
u Can you vary sizes of Oracle blocks?
n If so, how?

26

Oracle Database
u Composed of two structures:
n Physical (Operating System view)

n Logical (Oracle’s view)

27

Oracle Database Administration I


9
Physical View
Files

Physical Structure
u Made up of:
n Data files
n Redo Log Files – two or more with members
n One or more Control Files
n One Parameter File
n Trace and alert log files
n One Password file

29

Datafile

u Disk space for a tablespace


u One or more per tablespace
u Associated with only one tablespace
u Consists of segments:
n UNDO, Temporary, Data, index, undo, LOB and cache (for the most
part)

30

Oracle Database Administration I


10
Redo Log Files
u Characteristics
n Record changes made to the data by various transactions

n Help RECOVER the data in case of a failure

n Streamline the process of how data is written to disk

31

Control Files
u Record of the overall architecture and status of the
database
u Easily moved and recovered
u Contain the following:
n Database NAME
n Datafiles NAMES and LOCATIONS
n Redo log file NAMES, Log sequence number and LOCATIONS

32

Parameter File
u Attributes of an instance are defined through an Oracle
Parameter File

u Determines the size and characteristics of the instance

u Stored in an ASCII file or housed with the database in a


binary file

33

Oracle Database Administration I


11
Parameter File
u The only Oracle file that is ASCII
u All other files are binary and not directly
changeable by the DBA
u Read-only when the instance starts
n Most changes require a stop and restart of the
instance

34

Trace and Alert Logs


u Trace files contain information about significant
events
u Alert log records the commands and results of
major events in the life of the database
n Monitor daily
n Rename for historical purposes

35

Logical View
Structures

Oracle Database Administration I


12
Logical View Structures
u Tablespace(s)
u Schema objects
u Segments
u Extents
u Data blocks

37

Tablespace(s)
u Logically divides a database
u One or more datafiles are explicity created for each one
u Logically divided into segments that are further divided into
extents and blocks
u Can be defined as read-only
u A unit of space to store a schema’s objects

38

Object(s)
u Schema(s)
n A collection of objects owned by one Oracle user
u Object(s)
n Tables, indexes, views, sequences, stored
procedures, functions, packages, UNDO segments

39

Oracle Database Administration I


13
Extents and Blocks
u A collection of the smallest object in a database
u An extent can be of a varying size
u Extents MUST be contiguous
u Blocks are the finest collection of space in an
Oracle database

40

Questions
u What are the physical files of a database system?
u What are the logical entities of a database?
u What is the smallest structure?
u Which structure MUST be contiguous?
u Which structure will tell you event information?

41

Background Processes
Review

Oracle Database Administration I


14
Background Processes
n Every instance has BACKGROUND PROCESSES
n BACKGROUND PROCESSES perform I/O, handle
process cleanup and monitor the ORACLE database
n Provide support, increase performance, assist in
recovery and make the database more reliable

43

Background Processes
u DBW0 (DBWn)
u LGWR
u PMON
u SMON
u CKPT
u ARCn

44

Database Buffer
u After the changed data (redo entries) are written to the
online redo log files, the changed data will be written to disk
u These changed data are called ‘dirty’
u Dirty data are moved to the ‘write’ list
u Dirty data can be on the ‘write’ list and on the LRU list

45

Oracle Database Administration I


15
DBWn
u At some time after the redo entries have been
written into the online redo logs, the database
writer (DBWn) writes the dirty buffer back to the
database
u This is called ‘delayed write’ and is based on
initialization parameters

46

DBWn (Database Writer)


u Can have one or more running
n Only available on systems with
Asynch I/O
n Can use I/O slaves to duplicate the above on
systems without it
u Performs all WRITES to the database
n Keeps the BUFFER CACHE clean and free

47

When does the DBWR write?


u The dirty list reaches a threshold length
u A DBWR timeout
u LGWR issues a checkpoint

48

Oracle Database Administration I


16
LGWR (Log Writer)
u Writes the REDO log entries (located in the REDO
LOG BUFFER) to the REDO LOG files
u Only the changed data, not the entire Oracle
block(s) is written to the redo logs
u Issues checkpoints

49

Online Redo Log Files


u The online redo log files hold the
‘redo entries’
u Only the changed bytes are written to the online
redo log file
u The entire data block is not written to these logs

50

Online Redo Log Files


u There is a fixed number of online redo log file
groups
u Defined at database creation time
u Can add or drop groups or members (discussed
later)

51

Oracle Database Administration I


17
Online Redo Log Files
u Redo log file groups cycle
u If there are three redo log file groups:
n When the first group is full, LGWR starts writing to
the second group
n When the second group is full, LGWR writes to the
third group
n When the third group is full, LGWR writes to the first
group

52

LGWR (Log Writer)


u What causes the LGWR to clear the REDO LOG BUFFER
and transfer the transactions to disk?
n When a user process COMMITS a TRANSACTION
n TIME-OUT (caused every three seconds)
n When the redo log buffer becomes 1/3 FULL
n When the DBWR writes the dirty buffers to disk

53

LGWR (Log Writer)


u LGWR can be bypassed
n Use the UNRECOVERABLE ‘key word’
n This is to be used very carefully. No redo entries will
ever exist after this point
n Best used for temporary object creation

54

Oracle Database Administration I


18
PMON
u Cleans up after failed server processes by releasing system
resources
u FREEs resource locks
u Rolls back aborted processes
u Restarts dispatchers and shared-server processes

55

SMON
u INSTANCE RECOVERY performed at startup
u CLEANS up temp segment(s) no longer in use
u Can coalesce fragmented tablespaces

56

CKPT
u Updates the header record of the data files with a SCN
(System Change Number)
u This SCN is used for synchronization of all files
u Does this on behalf of the LGWR
u Can be a source of I/O contention with the LGWR

57

Oracle Database Administration I


19
Archive Mode
u Saves the online redo log files as archived redo
log files
u A database in archive log mode can be restored to
the last committed transaction
u Production databases are run in archive log mode

58

ARCn
u Copies the REDO logs to the ARCHIVE storage
when the REDO logs become filled
n Process was optional before 9i, but now is
automatically started when archivelog mode is set.
n Must be turned on

59

ARCn
u ARCn copies a filled online redo log file to an
archived redo log file
u ARCn gives each archived redo log file a unique
name
u ARCn must be finished copying the online redo
log before it is overwritten

60

Oracle Database Administration I


20
Process Questions
u Which process can cause the DBWR to write to
disk?
u Which process can coalesce the free space in a
tablespace?
u Which process ‘wakes up’ to take care of shared
servers?

61

How does this all fit together?

Instance and Database


u The instance is started
u The instance mounts the database
u The database opens
n Users may now use the database

63

Oracle Database Administration I


21
User Process
u In network access mode (web or client/server), a user
process utilizes the Transparent Network Substrate (TNS)
that allow the client applications (i.e., ORACLE tools) to
communicate with the server processes
u Initiates a session on the PC that connects to a dedicated
server process

64

Session
u The activity of a user from the time the user
connects to the database to the time the user
disconnects from the database
u Can execute multiple transactions

65

User Starts Transaction


u A user application on the PC talks to SQL*Net
u SQL*Net talks to the user server process
u The server process ‘parses’ the SQL statement
and validates it

66

Oracle Database Administration I


22
A Transaction is Started
u A logical unit of work
n One or more SQL statements that must all be saved
(committed) or discarded (rolled back) as a group
u Begins with the first executable SQL statement

67

A Transaction is Started
u Ends with a COMMIT or ROLLBACK SQL
statement
n Explicitly with a COMMIT or ROLLBACK
n Implicitly when a DDL statement is issued

u The EXIT statement will do a commit by default

68

Dedicated Server
• Assume for now that we have a Dedicated Server
Architecture
(Multi Threaded Server, MTS will be discussed later)
n Each user has one server process
n Each server process works for only one user
n Session information is stored in the PGA

69

Oracle Database Administration I


23
Dedicated Server
u The user process on the PC communicates to the
server through Oracle’s SQL*NET
u A network listener process is created
u A dedicated server process is created

70

Server Process
u An OS process that works on behalf of the user
u Reads the data from disk into the buffer cache
u Communicates with the database for the user
n User processes do not connect directly to the database

71

What does the server process do?

Oracle Database Administration I


24
SGA Activity
u The server process reads data from the database
datafiles and stores it into the data buffer cache
u The user SQL statement changes the data in the
data buffer cache

73

PGA (Program Global Area)


u An area in memory that contains data and controls
information for a single user
n Memory is ALLOCATED when a user process connects to the
database
n Extra memory is allocated for session management if in
dedicated server mode

74

PGA (Program Global Area)


u What does the PGA hold?
n Variables

n Arrays

n Other User information for a particular user

75

Oracle Database Administration I


25
Physical and Logical reads
u Physical reads get data from the datafiles
u Logical reads get data from memory (The SGA
data buffer cache)
u All managed by the server process(es)

76

The SQL Statement


u The server process receives the SQL statement. Processed
either by:
n If an identical SQL statement is found in the shared pool, it uses it
n If not found in the shared pool, a new shared SQL area is allocated

u There are three phases to a SQL statement:


n PARSE, EXECUTE and FETCH

77

PARSE
u CHECKS the statement for syntactic and semantic validity
n Data Dictionary
u Ensures the processes issuing the command has the
RIGHTS to execute the command
u ALLOCATES a private SQL area for the statement ( PGA )
u SCANS existing SQL area for matching statement

78

Oracle Database Administration I


26
PARSE TREE
u Method Oracle uses to find the specific data in the
database
n Two Types
u Cost Optimization
u Rule Optimization
n Banner uses rule

79

EXECUTE
u Will only execute if the PARSE is successful
u APPLIES the PARSE TREE to the data
u PERFORM physical and logical reads

80

EXECUTE
u CHANGES data where necessary

u Performs constraint CHECKING

u FETCH RETURNS rows of data for a SELECT


statement

81

Oracle Database Administration I


27
UNDO Segments
u The data before it was changed is written to the
UNDO segments
n These segments are in a tablespace
u If the user rolls back the data, the UNDO segments
are used to restore the old data

82

Redo Log Buffer


u The changed data is placed in the redo log buffer
u If the data is committed, the LGWR writes the
changed data to the online redo log files
u The commit is completed after the data is written
to the redo log

83

SGA Review
Buffer Cache
Shared Pool
Redo Log Buffer

Oracle Database Administration I


28
Buffer Cache
u Consists of buffers the size of the data blocks (only option
prior to 9i) or in bytes
u Two purposes:
n To improve performance for repeated statements usage
n To allow users to make changes quickly in memory

u Contains two lists:


n LRU
n WRITE

85

LRU (Least Recently Used)


u Data retained in SGA is by time order
n Newest to oldest information
n Longer it sits, older it becomes
n When new space is needed or a CKPT (checkpoint) has
occurred:
u DIRTY buffers are written to disk and removed from memory
u Oldest data in the SGA can be written over

86

Parts of the Buffer lists


u FREE
n Empty section of memory ready for data
u DIRTY
n Section of memory that CONTAINS data that has been modified,
but not yet written to disk
u PINNED
n Data that is currently in use and has been locked

87

Oracle Database Administration I


29
Redo Log Buffer
u Written to when a user modifies data
u The server process moves the changed data from user
memory to this buffer
u Contains only the redo entries
u LGWR writes the redo entries to the online redo log file

88

Shared Pool
u Has two mandatory structures:
n Library Cache
n Dictionary Cache
u One optional structure
n Large Pool

89

Mandatory Contents
u Data Dictionary cache (also called
row cache)
n Dictionary row information recently accessed
u Library cache
n Parsed statements
n Execution plans

90

Oracle Database Administration I


30
Read Consistency
How Oracle maintains a ‘Consistent’ view of the
data for each transaction

UNDO Segments
u Main purpose
n Read consistency
n Transaction rollback
u User initiated ROLLBACK
u Abnormal termination
u Abnormal database termination

92

UNDO Segments
u Contains
n Block Information
n File names and block ID
n Data as it existed before a transaction
n Transaction numbers

93

Oracle Database Administration I


31
UNDO (Rollback) Segments
u Stores the data before it was changed by a
transaction
u If the user cancels a transaction (rolls back the
data), the UNDO segments are used to restore the
old data
u Discussed in a later section

94

UNDO Segments
u Record the transaction that occurred on the data
n Should an error occur during a modification of data,
the record retained by the UNDO SEGMENT will
restore the data prior to the modification attempt

95

Read Consistency
u Ensures data seen by a statement is consistent
with respect to a point-in-time
u Even data changed by another transaction is not
seen during the transaction

96

Oracle Database Administration I


32
Read Consistency
u Basic principles
n Readers can not lock data blocks
n Readers can not block other readers
n Readers can not block writers
n Writers can not block readers
n Writers can block writers

97

COMMIT
u When a statement is executed and saved
u Can be explicitly or implicitly commited
u Ends the current transaction
u Generates a System Change Number (SCN)

98

COMMIT
u What happens when a COMMIT is made?
n Modification becomes PERMANENT
n A copy of the transaction is placed in the REDO
BUFFER
n Redo buffer is FLUSHED to the REDO LOGS

99

Oracle Database Administration I


33
COMMIT
u When a COMMIT is made:
n User is NOTIFIED
n Resource locks are RELEASED
n DBW0 may WRITE the data back to the database file
u Note: Issuing a COMMIT does not guarantee that a
transaction has been written back to the DATAFILE

100

Redo Log Files


u When a REDO BUFFER is flushed, its information
is stored in the REDO LOG FILES
n Hold records of all transactions that have been
applied to the database
n With these entries, a database can be reconstructed
during a database crash

101

Redo Log Files


u REDO LOG FILES
n REDO LOG FILES are circular
n When a transaction is COMMITTED (data modified), the LGWR
transfers the statement from the REDO LOG BUFFER to the
REDO LOG FILES
n A SCN (System Change Number) is also associated to each
COMMITTED transaction that is written to a REDO LOG FILE

102

Oracle Database Administration I


34
Redo Log Files
u When a REDO LOG FILE becomes full, the LGWR
moves to the next file
n If there are no new REDO LOG FILES, the old files
are reused
n If these other files were not archived, all data before
this point can no longer be recovered

103

Archiving Redo Logs


u If ARCHIVELOG is ENABLED, redo log files can be
stored
u Archiving can be duplexed
u Standby databases can use these same archives

104

Checkpoint Variables in Parameter


File

u LOG_CHECKPOINT_INTERVAL (will be obsoleted in 10i)


n Number of filled REDO LOG FILE blocks written between
consecutive CHECKPOINTS (OS-dependent)
u NOTE: Do not make this value larger than the REDO LOG
FILE. If it is larger, the CKPT only occurs when switching
logs
u LOG_CHECKPOINT_TIMEOUT
n Maximum amount of time before another CHECKPOINT occurs
(default 900 sec)
u LOG_CHECKPOINT_TO_ALERT
n Puts the checkpoint information in the alert_SID.ora file.

105

Oracle Database Administration I


35
SWITCHING LOG FILES
u Occur in Two ways
n Filled REDO LOG
n Forced by DBA with the ALTER SYSTEM SWITCH
LOGFILE command

106

Multiplexing Redo Log Files


u Increase the security of the Oracle database
n Groups must contain identical sets of logfiles (names should
be different)
n Place on different disks to help increase the REDO LOG files
chances of survival should there be a computer failure
n When the REDO buffers are flushed to the REDO LOG files, the
information to be stored is mirrored to a log file in both groups

107

Multiplexing Redo Log Files

1,3,5,..
A_LOG1 B_LOG1 Group 1
LGWR
A_LOG2 B_LOG2
Group 2
2,4,6,..

108

Oracle Database Administration I


36
CONTROL FILE
u A binary file that is necessary for the database to
run
n Should remain read/write to the database
n File is constantly updated
u NOTE: It is an excellent idea to have backup copies of
this file, in case something should happen to it

109

CONTROL FILE
u Contains
n DATABASE NAME
n TIMESTAMP of database creation
n TIMESTAMP of last access
n NAMES and LOCATIONS of databases and redo log files
n Current LOG SEQUENCE number

110

TRANSACTION
u Logical unit of work
n One or more SQL statements executed by a single
user

111

Oracle Database Administration I


37
TRANSACTION
u A TRANSACTION starts when a user executes a
SQL statement
u The TRANSACTION ends when:
n SQL statement is COMMITTED
n A user ends the session unexpectedly
n A user EXITS the database

112

TRANSACTION
u The TRANSACTION is aborted when:
n A ROLLBACK occurs
n User TERMINATES
n ABNORMAL user exit
n Processor FAILURE
n Media FAILURE

113

Parameter File
u initSID.ora
u configSID.ora

114

Oracle Database Administration I


38
Data Buffer Cache
Parameters
u DB_CACHE_SIZE (9i)
u Number of blocks in the data block buffer cache (3000 to
10,000)
u Can have five different block sizes
u DB_#K_CACHE_SIZE
u Cannot exceed the MAX_SGA_SIZE
u DB_BLOCK_SIZE (bytes)
u Specifies the size of a Oracle block
u Cannot be changed except by rebuilding the
database/tablespace (2k, 4k or 8k)

115

Log Buffer Parameters


u log_buffer (bytes)
n Default value is:
u 256k

116

Shared Pool Parameter


u Shared_pool_size (bytes)
n 75,000,000 is minimum for Banner
n 250,000,000 or more for production is suggested

117

Oracle Database Administration I


39
Archiving Parameters
u log_archive_start (true / false)
n Starts automatic archiving
u log_archive_dest (directory path)
n The disk location of the archived redo log files
u log_archive_format (format of the name of the
archive redo log files)

118

Archiving Parameters
u Standby_archive_dest
u Log_archive_dest_n
n As of 9i can be up to 10 locations
n (SERVICE=tns_service | LOCATION= local location)
n MANDATORY | OPTIONAL
u Log_archive_dest_state_n
n Used for managing the 1-10 archive destinations

119

Archiving Parameters
u Log_archive_duplex_dest
u Log_archive_min_succeed_dest
n V$archive_dest
n V$archive
n V$logs

120

Oracle Database Administration I


40
Checkpoint Parameter
u Checkpoints should be avoided in an OLTP system like
Banner
u Larger redo log files will reduce checkpoints
u Longer checkpoint intervals, larger redo gaps
n ‘How much are you willing to lose?’

u Parameters
n log_checkpoint_interval (blocks)
n log_checkpoint_timeout (seconds)
u 0 value will turn it off

121

CKPT Background Process


u Background Process that helps LGWR at log switch
u This process updates the data file header files
u CKPT_PROCESS = TRUE
n Used only in Oracle systems prior to 9i
n In 9i, remove this parameter from any init.ora. It will cause an
error.
n Automatically started in 9i

122

Other Banner Parameters


u dml_locks (1500 to 2000)
u processes (number of user plus oracle
background processes)
u open_cursors = 1024 (2048 is better)
u optimizer_mode = rule (Banner requirement)

123

Oracle Database Administration I


41
More to life than a DEDICATED server

Server Configurations
u Three types
n DEDICATED server
n MULTITHREAD server
n COMBINED user/server process

125

DEDICATED server
u Two tasks
n USER process and SERVER process
n If the two processes are on the same machine, the program
interface is handled by the LOCAL MACHINE'S I/O
n If the two processes are on different machines, the program
interface is handled by a COMMUNICATION MECHANISM
(SQL*Net/Net80)

126

Oracle Database Administration I


42
DEDICATED server

127

MULTITHREADED server
u Allows many user processes to share a server
process
n This allows the system resources to be freed, but
can cause decreased response time for heavy users

128

MULTITHREADED Server

Application
Code

Client Workstation

Database Server
Dispatcher Processes

Oracle
Server Code

System Global Area

Request Response
queue Queues

129

Oracle Database Administration I


43
DISPATCHER
u The USER process connects to a DISPATCHER
n The DISPATCHER routes the USER request to the Request
Queue

n The SERVER process checks the queue for new requests


(FIFO)

n The SERVER process then places the response on the calling


dispatcher's response queue, and then back to the application

130

Parameter Settings - MTS


u Mts_servers = n
u Mts_max_servers = n
u Mts_dispatchers =
“(protocol=ipc/tcp) (dispatchers=N)”
u Mts_max_dispatchers = n

131

Summary
u Oracle database
n Data, redo log, control, trace, alert log and parameter files
u Oracle Instance
n The set of background processes which access data, log, and
control files.
n An Oracle Instance is defined by one or more Parameter Files
that is read at startup time

132

Oracle Database Administration I


44
Oracle INSTANCE
u Processes that control
n DATAFILES

n REDO LOG FILES

n CONTROL FILES

133

Physical structure
u One or more DATA files that contain data

u Two or more REDO files

u One or more CONTROL files

u One or more Parameter Files

134

DATAFILE
u How is a DATAFILE used?
n Data is read into stored memory cache

n Can manipulate, view, or change the data

n After you complete the transaction, the data is


written back to the DATAFILE

135

Oracle Database Administration I


45
REDO log files
u When do they help?
n When a system failure has prevented Oracle from
updating DATA
n Allows the transaction to be recalled
n Prevents existing data from becoming corrupted
through an incomplete transaction by restoring the
original information

136

CONTROL FILES
u Why does Oracle need them?
n When an Oracle database is started, the CONTROL
file that is listed first in the parameter file is read
n Identifies the database
n Opens the redo logs to allow the database to
function

137

SETTING BUFFERS
u Parameter File
u Data buffers
n DB_CACHE_SIZE
u Cannot be used with db_block_buffers
u Redo log
n LOG_BUFFER

138

Oracle Database Administration I


46
PGA (Program Global Area)
u MULTITHREADED PGA
n The SGA is responsible for allocating the memory to
the user sessions

u DEDICATED PGA
n PGA allocates the memory to the user sessions as
needed

139

BACKGROUND PROCESSES
u DBWn (Database Writer) u PMON (Process Monitor)
u LGWR (Log Writer) u ARCn (Archiver)
u CKPT (Check Point) u RECO (Recover)
u SMON (System Monitor) u Dnnn (Dispatcher)

u S### (Server) u LCKn (Lock)

140

RECO
u Resolves in-doubt transactions in distributed
database systems

141

Oracle Database Administration I


47
Dnnn
u Used for MULTITHREADED server
n An optional feature
n The Dispatcher is used to TRANSLATE
communications from one protocol to another

142

LCKn
u Used with the PARALLEL (RAC – 9i) server option
n It instantly LOCKS data to prevent data corruption
caused by simultaneous access of data by different
processes

143

CKPT
u Primary goal
n Make sure all modified data buffers get written to files
n FORCES DBWR to clean the BUFFER CACHE
n CAUSES the switching of REDO LOG FILES
n FLUSHES the REDO LOG BUFFER to disk

144

Oracle Database Administration I


48
CKPT
u PROBLEMS
n The CKPT processes will put more overhead on the
server
n May cause a considerable slowdown
u Parameter File
n In 9i, the CKPT process is predefined and started.
n In earlier version, to activate CKPT:
u CHECKPOINT_PROCESS=TRUE

145

Oracle Database Administration I


Lesson 2
Starting and Stopping
an Oracle Instance

Starting and Stopping


an Oracle Database

u Agenda
n Application(s) used in starting a database
n Required environment settings to startup a
database
n Various levels of a database startup and
shutdown

147

Oracle Database Administration I


49
Starting an Oracle Database
u After the installation of Oracle, the DBA
configures, creates and starts a database
for user access
u Before you can create a database, you must
start an application to begin

148

Packages to Use for Startup


u SQLPLUS
u Use a database management tool (Enterprise Manager,
TOAD)
u Scripts
u Oracle Universal Installer
u RMAN (Recovery Manager – not discussed in this course)

149

SQLPLUS
u The replacement for Server Manager (svrmgrl) starting
with release 8.1.5
u With Password file
n Sqlplus /nolog
n Then issue
connect <username>/<syspassword> as sysdba (9i)
n Connect internal as sysdba (8i – to be desupported after
9i)

u Without password file


n Sqlplus “/ as sysdba”

150

Oracle Database Administration I


50
Database Management tools
u Oracle Enterprise Manager (OEM)
n Has become more sophisticated
n Comes with the Enterprise Edition
n Use the Instance Manager as INTERNAL or AS SYSDBA

u TOAD
n Downloadable version - minimal

u Many other types

151

Starting an Oracle Database


u Scripts
n Unix: csh, sh, perl
n VMS: dcl, perl
n NT: perl
u All require several environment variables to be set
prior to running any Oracle application

152

Environment Variable - UNIX


u $ORACLE_HOME
u Set to the directory that Oracle is installed under
u $ORACLE_SID
u Set to the name of the database the DBA wants to
startup/shutdown
u $LD_LIBRARY_PATH
u Set to $ORACLE_HOME/lib
u (optional) $PATH
u Should include $ORACLE_HOME/bin

153

Oracle Database Administration I


51
Setting Environment - UNIX
u Executing the script oraenv, typically located in
/usr/local/bin, automatically sets all environment variables
u Or manually at the command prompt
n Examples
n ORACLE_HOME = /u01/app/oracle/9.0.1/bin
n ORACLE_SID=TEST
u NOTE: Oracle account should set variables in
$ORACLE_HOME/bin with no application-specific definitions

154

Environment Variable - VMS


u ORA_DB
u Directory location for database parameter,
configuration and dump files
u ORA_SID
u Set to the name of the database the DBA wants to
startup/shutdown
u ORA_ROOTDIR
u Oracle’s home directory

155

Setting Environment -VMS


u Running the command file ORAUSER_<SID>.COM,
located under ORA_ROOT:[db_<SID>],
automatically sets all logicals and symbols
correctly
u @orauser_<SID>.com

156

Oracle Database Administration I


52
Environment Variable - NT
u Registry values are defined and a service entry is created
when the database is created
u Registry values are automatically set when you use OEM or
during installation
n Run regedit
u HKEY_LOCAL_MACHINE/SOFTWARE/ORACLE

157

Setting Environment - NT
u ORADIM – can be used to create it
n Oradim –NEW –SID sid –SRVC service
u Please refer to the documentation for full syntax

u CMD – at the DOS prompt setting


n SET ORACLE_HOME=d:\oracle\ora91\bin
n SET ORACLE_SID=TEST

158

Local Database Startup


u Once the proper environment variables are set, the DBA
then needs to invoke the local database management utility
sqlplus /nolog
connect <username>/<password> as sysdba
Or
connect “/ as sysdba”
n NT has other options:
u MANUAL or AUTOMATIC service
u ORADIM

159

Oracle Database Administration I


53
Connection Example
C:\Documents and Settings\vdevore>sqlplus /nolog

SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52


2003

Copyright (c) 1982, 2002, Oracle Corporation. All rights


reserved.

SQL> connect sys/systest as sysdba


Connected to an idle instance.
SQL>

160

Startup by OS
u User must have OS PRIVILEGES:
n Unix: group DBA(defined in /etc/groups)

n VMS: Rights identifier ORA_<SID>_DBA (defined in


sys$system:authorize)

n NT: be in the group ORA_DBA

161

Startup using ORAPWD


u As of 8i, Oracle introduced the password file
u Grant sysdba, sysoper for remote or local
connection
u More in DBA II

162

Oracle Database Administration I


54
Why use AS SYSDBA/INTERNAL?
u When the database is shut down, there is no way
to verify username and password
u It is necessary to find a way for an individual to log
onto the database
u Once connected, the user has sys privileges

163

What Options are there?


u Once the DBA has connected to the database,
he/she can proceed to:
u Startup the database in several modes
u Shutdown the database in several modes
u Or create a database

164

Let’s ‘Start a database’


u There are several ways to start the database's ‘instance’
u We will look at:
n Nomount
n Mount
n Open
n Restrict
n Force

165

Oracle Database Administration I


55
Start the Instance
u Starting the instance involves:
n Reading a parameter file (text - init.ora, binary – spfile.ora)
n Allocating SGA (system global area) in memory
n Creating background processes
n Reading the control files for system information (for existing
databases only)
n Open files for read and/or read-write

166

NOMOUNT
u Typically used during database creation
u Starts the background processes and allocates
memory
u Also used in recovery

167

Nomount - example
C:\Documents and Settings\vdevore>sqlplus /nolog

SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL> connect sys/systest as sysdba


Connected to an idle instance.
SQL> startup nomount
ORACLE instance started.

Total System Global Area 135338868 bytes


Fixed Size 453492 bytes
Variable Size 109051904 bytes
Database Buffers 25165824 bytes
Redo Buffers 667648 bytes
SQL>

168

Oracle Database Administration I


56
MOUNT
u Mounting the database involves:
n Associating the database with the started instance
n Opening the control file, reading it, obtaining the names of the
redo log and data files
n Verify checksum value (if enabled) and/or
SCN synchronization

169

Mount - example
C:\Documents and Settings\vdevore>sqlplus /nolog

SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL> connect sys/systest as sysdba


Connected to an idle instance.
SQL> startup mount
ORACLE instance started.

Total System Global Area 135338868 bytes


Fixed Size 453492 bytes
Variable Size 109051904 bytes
Database Buffers 25165824 bytes
Redo Buffers 667648 bytes
Database mounted.
SQL>

170

OPEN
u Opening the database involves:
n Opening the data file(s) and online redo logs for read-write
n Allowing regular users to connect to the database
n Attempts to acquire one or more UNDO segments
n Performs automatic crash recovery if database was shutdown
abnormally

171

Oracle Database Administration I


57
OPEN -Example
SQL> startup open
ORACLE instance started.

Total System Global Area 135338868 bytes


Fixed Size 453492 bytes
Variable Size 109051904 bytes
Database Buffers 25165824 bytes
Redo Buffers 667648 bytes
Database mounted.
Database opened.
SQL>

172

STARTUP – No Arguments
u Oracle assumes that STARTUP with no arguments implies a
STARTUP OPEN
u It is also assumed that the current SID environment variable
is what will be used.
n DBAs must ALWAYS be sure that the proper environment is set
u PFILE or SPFILE must be defined and accessible or it will
fail
u DBA must have SYSDBA or OSDBA

173

Starting an instance
u NOMOUNT, MOUNT, and OPEN are different
stages of an Oracle database startup
n When a STARTUP OPEN is issued, the database first
startups in a NOMOUNT state, then proceeds to a
MOUNT state, and finally proceeds to an OPEN state

174

Oracle Database Administration I


58
RESTRICT
u STARTUP RESTRICT
u Opens the database, but only allows users with
RESTRICTED SESSION privilege to access the database
u Why start a database in a restricted mode?
u Maintenance (database upgrades)
u Exporting and importing data

175

RESTRICT - Example
SQL> startup restrict
ORACLE instance started.
Total System Global Area 4199600 bytes
Fixed Size 42028 bytes
Variable Size 4026500 bytes
Database Buffers 122880 bytes
Redo Buffers 8192 bytes
Database mounted.
Database opened.
SQL>

176

FORCE
u STARTUP FORCE is used for troubleshooting a failed or
failure to open database
u If the database is closed, forces the database open
u If the database is open, it will abort the database and then
open it
Example:
To shutdown the current instance, restart it without mounting or
opening and allow only DBA access:
STARTUP FORCE NOMOUNT RESTRICT

177

Oracle Database Administration I


59
Other Startup Options
u Parallel/Shared (RAC – 9i)
(Shared is a synonym for Parallel)
n Allows multiple instances to access the database
n Cannot be used with EXCLUSIVE or NOMOUNT
n Invalid if initialization parameter SINGLE_PROCESS is set to
TRUE
u Retry
n Automatically restarts every five seconds if the instance is
busy being recovered
n Will not retry for any other reason - parallel mode only

178

Other Startup Options


u STARTUP RECOVER
n Specifies that media recovery be performed
n Has same effect as issuing RECOVER DATABASE
n The recovery processes
u Enable log archiving for media recovery
u Perform complete database recovery
u Perform partial database recovery

179

Other Startup Commands


u Pfile = parameterfilename
n A site-specific parameter file to initialize an instance at startup.

n If not specified, Oracle searches for it in:


u UNIX -$ORACLE_HOME/dbs/init<SID>.ora
u VMS - ORA_ROOT:[db_<SID>]<NODE>_<SID>_init.ora
u NT - HOME#\admin\<SID>\init<SID>.ora

180

Oracle Database Administration I


60
Changing the startup state of a
database
u The DBA can change the current state of a
database using the ALTER DATABASE SQL
command

u The syntax is on the next slide

181

Changing the startup state of a


database
ALTER DATABASE [MOUNT | OPEN]
SQL> startup nomount
ORACLE instance started.
Total System Global Area 4199600 bytes
Fixed Size 42028 bytes
Variable Size 4026500 bytes
Database Buffers 122880 bytes
Redo Buffers 8192 bytes
SQL> alter database mount;
Statement processed.
SQL> alter database open;
Statement processed.
SQL>

182

Changing the startup state of a


database
u The ALTER DATABASE SQL command only moves the
startup state of the database to a higher level
n For example, the ALTER DATABASE SQL command cannot
change the startup state from OPEN to MOUNT

u In this case, the DBA must first shutdown the database and
then issue a STARTUP MOUNT command

183

Oracle Database Administration I


61
Database shutdown
u A database shutdown stops an instance and
makes the database unavailable to users

u Syntax
SHUTDOWN [ABORT|IMMEDIATE|NORMAL|TRANSACTIONAL]

184

Commonly Used Shutdown Options


u SHUTDOWN NORMAL
n Flushes all buffered writes to the disk, waits for all sessions to
disconnect and then terminates the instance
u SHUTDOWN IMMEDIATE
n Flushes all buffered writes to the disk, kills all user connections,
performs a rollback on all uncommitted transactions, then
terminates the instance

185

Shutdown Immediate - example


C:\Documents and Settings\vdevore>sqlplus /nolog

SQL*Plus: Release 9.2.0.1.0 - Production on Sun Apr 6 13:16:30 2003

Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.

SQL> connect sys/systest as sysdba


Connected.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL>

186

Oracle Database Administration I


62
Database shutdown
u SHUTDOWN ABORT
n Should only be used in emergency situations, such
as when the DBA detects a media failure, power
failure, or security breach to the database

187

Shutdown Abort
u SHUTDOWN ABORT
n Immediately terminates the Oracle instance
n All buffered writes are NOT flushed to disk
n Does not perform a rollback on uncommitted transactions
n An instance recovery is required on the next database startup
(performed automatically)

188

Database shudown
u SHUTDOWN TRANSACTIONAL
(new with Oracle 8i)
n All current sessions in a transaction are allowed to complete
n No new sessions are allowed to start
n Any connected sessions are disconnected either by issuing a
new transaction or once all transactions are committed or
aborted

189

Oracle Database Administration I


63
Database shutdown
u SHUTDOWN NORMAL, SHUTDOWN
TRANSACTIONAL and SHUTDOWN IMMEDIATE
are either the usual or safest shutdown commands
n The following steps occur during a shutdown (See
next slide)

190

Database shutdown
u (SHUTDOWN IMMEDIATE) USER CONNECTIONS ARE
TERMINATED
u All database data in the SGA is written back to the database files
u All redo log buffer data is written back to the redo log files
u Database is dismounted
u The control files are closed
u The SGA is removed from memory and the background processes
are closed

191

Shutdown – States illustrated

192

Oracle Database Administration I


64
Views
u V$database
n Contains database information from the control file
u V$instance
n Gives the state of the current instance

193

Questions?
u Which OEM manager can use to start up a database?
u How must you connect to startup a database?
u Which shutdown command satisfies these conditions?
u The database shuts down when the last user logs off
u Force the database to close with users connected and disconnects
their transactions midstream
u Force the database to close with users connected, but let
transactions complete

194

Summary
u Start an Oracle DATABASE
n Log onto the host O/S, set up the proper environment and then run
sqlplus /nolog
u A database startup proceeds in three stages:
n Starting the instance (NOMOUNT)
n Opening the controlfile(s) (MOUNT)
n Opening the datafiles and redo logfiles (OPEN)
u Ways to shutdown a database:
n Abort, Immediate, Normal and transactional

195

Oracle Database Administration I


65
Oracle Database Administration I
Lesson 3
Creating and Managing Tablespaces

Creating and Managing Tablespaces


u Agenda
n Describe Oracle tablespaces
n Create and modify tablespaces
n Manage tablespaces by querying the appropriate
data dictionary views

197

Creating and Managing Tablespaces


u All schema objects within the database (tables, views,
packages, functions) are stored in segments and
collectively stored in tablespaces
n A tablespace is a logical unit of storage that is defined within
Oracle

n Each tablespace corresponds to one or more operating-system


level datafiles

n Each segment is contained in a single tablespace

198

Oracle Database Administration I


66
Creating and Managing
Tablespaces

199

Creating and Managing Tablespaces


u A tablespace can be in several states while the database is
open
n Online or Offline
n Read-only or read-write

u A tablespace can be altered back and forth between these


options as needed
n Conditions must be tested before each alter (no current
transactions may be active)

200

Creating and Managing Tablespaces


u Each database must be created with at least one tablespace
(SYSTEM).
n This holds all data dictionary objects and built-in PL/SQL
program units (procedures, functions, packages and triggers)
u Each tablespace can contain one or more schemas and
each schema can have one or more objects
n Each object can span more than one datafile per tablespace

201

Oracle Database Administration I


67
Creating and Managing Tablespaces
u When the Oracle Universal Installer (OUI) or OEM creates a
database, it creates several tablespaces by default. For
example:
n SYSTEM - contains system definitions (Required)
n TEMP - used for sorting
n RBS/UNDO - used for rollback/UNDO segments
n TOOLS - used for storing PL/SQL program units
n USERS - used as default tablespace for users

202

Creating and Managing Tablespaces


u Prior to creating a tablespace, the DBA will need to consider
(covered extensively in Lesson 5):

n Tablespace storage
u This includes the type of data file to create
n Segment storage
n Disk contention
n Free space and segment fragmentation

203

Tablespace Storage
u Tablespace Storage considerations
n System limitation on datafile size

n Database limitation when database is created (maxdatafiles)

n Data file management

u Autoextend feature on an existing datafile

u Manually adding a datafile

204

Oracle Database Administration I


68
Data File Types and Behavior
u Permanent
u Temporary
u Oracle Managed Files (OMF)
u Extent management
n Dictionary
n Locally
u Uniform extent
u autoallocated

205

Tablespace Storage
u Each tablespace contains object segment(s)

u Each segment is subdivided into logical units of storage


called EXTENTS
u When a user creates an object (such as tables, views,
sequences) within the database, Oracle allocates an extent(s)
within a tablespace in which to store the object’s segment(s)

206

Tablespace Storage

207

Oracle Database Administration I


69
Segment Storage
u Segments can span across datafiles, but extents cannot
u Each segment can be composed of one or more extents

u Each extent is further subdivided into units of storage


called DATABASE BLOCKS
u Extents must be made up of contiguous DATABASE
BLOCKS

208

Database Blocks
u Not identical to operating system-level file blocks
u A logical database block may span multiple
system level blocks
u Should be created to either fit into an OS-level file
block or be the same

209

Database Blocks
u The size of each database block is determined by the
parameter DB_BLOCK_SIZE in the initialization parameter
file
u This size is fixed during database creation time. Cannot be
changed unless the database is re-created
u The default DB_BLOCK_SIZE is 2048 bytes

210

Oracle Database Administration I


70
Tablespace Storage
u Logical storage hierarchy:
n Tablespace
u Object segment
u Extents
u Oracle Blocks

211

Dictionary vs. Local


u Starting with 8i, you can now create tablespaces that are
managed locally within the header file of the tablespace
u If you specify local in a create tablespace, you cannot
specify default storage, minextents, nor temporary clause
u Local allows two types of management: uniform extent or
autoallocate

212

Create Tablespace (dictionary)


u Create a tablespace using the CREATE TABLESPACE SQL
command.
u The syntax for dictionary managed is:
CREATE TABLESPACE <tablespace name>
datafile '<datafile location>‘size <datafile size> [M|K]
[autoextend_clause]
DEFAULT STORAGE (<storage_clause>)
[online|offline];

213

Oracle Database Administration I


71
Create Tablespace (local)
u Create locally managed tablespace syntax:
CREATE TABLESPACE <tablespace name>
datafile '<datafile location>' size <datafile size> [M|K]
EXTENT MANAGEMENT LOCAL UNIFORM SIZE <extent size> [M|K];

214

Create Tablespace (OMF)


u Create an Oracle Managed File in a default location for
datafile creation with defaults of 100M size and unlimited
autoextensible maximum size:
alter system set db_create_file_dest =
‘<datafile location>’
CREATE TABLESPACE <tablespace name>;

215

Datafile Naming
u The datafile name must contain the absolute path
n No UNIX/NT variable names nor VMS logicals should be
specified in the datafile name

u The directory that contains the datafile MUST have write


permissions for the Oracle software owner

216

Oracle Database Administration I


72
UNIX Naming
u Example
n Create a tablespace called DEVELOPMENT

n Specify a datafile '/u01/oradata/SEED/SEED_DEVELOPMENT_01.dbf'


with a size of 300 Megabytes
n Make this tablespace available to all users immediately

217

UNIX Naming Example


u The answer is:

SQL> create tablespace development


2> datafile '/u01/oradata/SEED/SEED_DEVELOPMENT_01.dbf'
3> size 300M;
Tablespace created.

218

VMS Naming
u Example:
n Create a tablespace called RBS

n Specify a datafile 'dka300:[oradata.seed]seed_rbs_01.dbf'


with a size of 300 Megabytes
n Make this tablespace available to all users immediately and
autoextensible at 500k increments to a maximum of 400
megabytes

219

Oracle Database Administration I


73
VMS Naming Example
u The answer is:

SQL> create tablespace rbs


2> datafile 'dka300:[oradata.seed]seed_rbs_01.dbf’
3> size 300M
4> autoextend on next 500k maxsize 400M;
Tablespace created.

220

NT Naming
u Example
n Create a tablespace called NEWDATA

n Specify a datafile ‘d:\oradata\seed\seed_newdata_01.dbf' with a


size of 900 Kilobytes
n Make this tablespace unavailable to users.

u Extra credit – what is missing with the final statement and


assumed?

221

NT Naming Example
u The answer is:

SQL> create tablespace newdata


2> datafile ‘d:\oradata\seed\seed_newdata_01.dbf’
3> size 900K offline;
Tablespace created.

222

Oracle Database Administration I


74
Creating and Managing Tablespaces
u When creating datafiles for tablespaces, adopt a
common file naming convention

u Most Oracle file types are named as follows (see


next slides)

223

Creating and Managing Tablespaces


u DATAFILES
<TABLESPACE NAME>_<SID NAME>_<FILE ID>.dbf

u Example
n The third datafile of the SYSTEM tablespace
belonging to the SEED database

system_SEED_03.dbf

224

Creating and Managing Tablespaces


u Use the ALTER DATABASE SQL command to modify the
characteristics of an existing tablespace
n Add/rename/change the state of a datafile
n Change a tablespace to read-only
n Take a tablespace offline/online
n Change the storage parameters
n To begin/end online hot backups
n Coalesce free space

225

Oracle Database Administration I


75
Alter Tablespace Syntax

226

Datafile Options

227

Creating and Managing Tablespaces


u Example:
n Add a second 100 MB datafile to the system
tablespace
n Place the datafile under
/u01/oradata/SEED/SYSTEM_SEED_02.dbf

n Make it readily available

228

Oracle Database Administration I


76
Example Alter Tablespace

SQL> alter tablespace system


2 add datafile '/u01/oradata/SEED/system_SEED_02.dbf’
3 size 100M;
Tablespace altered.

229

Creating and Managing Tablespaces


u Example
n Change the development tablespace to read-only
mode
n The syntax is:

SQL> alter tablespace development read only;


Tablespace altered.

230

Creating and Managing Tablespaces


u Adding a datafile to a tablespace
n Space from the new file is automatically allocated to
the tablespace
n The new datafile can reside on a separate disk
n Oracle treats this and all datafiles belonging to a
tablespace as a single logical entity

231

Oracle Database Administration I


77
Creating and Managing Tablespaces

Tablespace

Datafile #1 Datafile #2

n Once a datafile is added to a tablespace, you cannot


delete it unless the tablespace is first dropped

232

Creating and Managing Tablespaces


u To drop any tablespace (except SYSTEM) use the
DROP TABLESPACE SQL command
u The syntax is:
DROP TABLESPACE <tablespace name
> [INCLUDING CONTENTS [CASCADE CONSTRAINTS]]

233

Creating and Managing Tablespaces


u A tablespace that contains data cannot be dropped unless
the INCLUDING CONTENTS option is specified
n If constraints exist between objects in the tablespace to be
dropped and objects in another tablespace, the CASCADE
CONSTRAINTS option must be specified along with the
INCLUDING CONTENTS option

234

Oracle Database Administration I


78
Creating and Managing Tablespaces
u Once a tablespace is dropped, the datafile(s) associated
with the tablespace must be deleted on the operating
system level
n The DROP command only removes that tablespace from the
data dictionary
n Cannot drop the SYSTEM tablespace because it contains the
data dictionary
n Once a drop is executed, it cannot be undone

235

Creating and Managing Tablespaces


u Example
n Drop the DEVELOPMENT tablespace, including all
contents
n The syntax is:

SQL> drop tablespace development including contents;


Tablespace dropped.

236

OEM

237

Oracle Database Administration I


79
Summary
u Steps to creating and managing tablespaces
n Prepare the operating system
n Determine storage options
n Execute the CREATE TABLESPACE SQL and ALTER
TABLESPACE command
n Ways to manage the stored data

238

Oracle Database Administration I


Lesson 4
Creating an Oracle Database

Creating an Oracle Database


u Agenda
n Methods of creation
n Set up the proper operating system environment prior to
creating a database
n Execute the CREATE DATABASE SQL command
n Execute the proper scripts that build the data dictionary and
PL/SQL procedures

240

Oracle Database Administration I


80
Creation Methods
u OEM – Database configuration assistant
u When the Oracle software is installed
u Manually, either with scripts or by command line

241

Creating an Oracle Database


u Six general steps to creating a database
n Preparing the Operating System
n Creating a parameter file
n Starting the instance
n Creating the database
n Building the data dictionary
n Building the system PL/SQL procedures

242

Creating an Oracle Database


u Preparing the Operating System
n An Oracle database consists of datafiles, redo log files, and
control files
n Prior to creating a database, the location(s) of these files
should be thought out carefully
n Space will need to be allocated for the files
n The system administrator will need to create the appropriate
directories and set the proper permissions for these files

243

Oracle Database Administration I


81
Creating an Oracle database
u All systems
n The owner of the directories should be the Oracle software
owner (typically "oracle").
u On Unix systems, the dba group will also be the group
owner of the directory.
u On VMS, the user must have the ORA_DB rights identifier
u ON NT, the user must be in the group ORA_DBA
n The Oracle software owner should be the only user that has
write access to these directories

244

Create the Oracle User environment -


UNIX
u Unix
n (as root)
Bash# cd /u01
bash# mkdir oradata
bash# chown oracle:dba oradata
bash# chmod 755 oradata

245

Create the Oracle User Environment -


VMS
u VMS
n (as SYSTEM)
$ Set default dka300:[000000]
$ create/dir [.oradata]
$ set file/own=oracle oracle.dir
$ set prot=(S:RWED,O:RWED,G:RE,O:RE) oracle.dir

246

Oracle Database Administration I


82
Create the Oracle User Environment -
NT
u NT
n (As administrator)
n Use Administrative tools in 'Settings' or the Manage
option in 'My Computer'
u Create the partitions
u Define a user with administrative privileges.

247

Setting the Database Name


u Setting the name of the database:
n UNIX – Enter the new name in /var/opt/oracle/oratab
n VMS – Run ora_find_sid.com to register the database
n NT – Run oradim to create a new database service
n Labels each database with a unique identifier
u Known as the ORACLE SYSTEM IDENTIFIER
u Referred to as the ORACLE SID

248

Defining the Oracle SID


u Identifies which database a user will connect to
upon executing an Oracle application
u Unix/NT - ORACLE SID is designated by an
environment variable, $ORACLE_SID
u VMS – Oracle SID is a logical, ORA_SID

249

Oracle Database Administration I


83
Setting the Oracle SID
u Now that a SID is defined:
n Set the SID in the proper manner for the OS
u UNIX export ORACLE_SID=TRNG
u VMS define ora_sid trng
u NT set ORACLE_SID=TRNG
n Once the ORACLE SID is set, all subsequent Oracle I/O affects
the associated database

250

Creating the Parameter file


u Defines and configures the ‘parameters’ that configure the
database
u All parameters are customizable by the DBA
u Read at instance startup
u First created as an ASCII file (initSID.ora)
u As of 9i, a binary (spfileSID.ora) file can be created and be
managed once the instance is started

251

Parameter File
u Great care should be taken in the sizing of each
parameter
u If a parameter is not defined, Oracle will provide
defaults
n To view all defined and defaulted values, run sqlplus as sys or
system and issue:
Show parameters or view v$parameter

u See example in the workbook.

252

Oracle Database Administration I


84
Default Parameter File Location
u Unix
n Oracle looks for the associated parameter file under
$ORACLE_HOME/dbs/init<SID>.ora
u This is usually a link to the real init<SID>.ora
u VMS
n Oracle looks for the associated parameter file under
ORA_ROOT:[db_<SID>]<NODE>_<SID>_init.ora

u NT
n Oracle looks under
$ORACLE_HOME\database\init<SID>.ora

253

Creating an Oracle database


u Oracle provides a template init.ora located under:
n $ORACLE_HOME/dbs (Unix)
n ORA_RDBMS (VMS)
n $ORACLE_HOME\admin\sample\pfile (nt)

u For example,
n If you have a database with a SID of SEED, Oracle looks for the
associated parameter file under:
u $ORACLE_HOME/dbs/initSEED.ora (Unix)
u ORA_ROOT:[db_seed]PLUTO_SEED_init.ora (VMS)

254

Questions?
u Refer to the workbook for a sample init.ora file
n What is the default block size?
n Is the buffer cached defined in blocks or bytes?
n Can you have more than one value for the service_names
value?
n Which control file is read when the database is opened?

255

Oracle Database Administration I


85
Creating an Oracle database
u Most associated parameters take default values if they are
not explicitly defined
u The values that MUST be defined in each file are:
n db_name (set to the same value as the ORACLE SID)
n control_files (should point to the location of the control files)

256

Which type of Data File?


u Dictionary managed
n Default storage clause used
u Locally managed
n Uniform extent
n Autoallocate
u Oracle managed files (OMF)
n Oracle manages the allocation, growth and removal
n Default file location defined in the init.ora

257

Creating an Oracle database


u Invoke Oracle as: sqlplus /nolog
u Connect to the database as the sysdba user
u Start the Oracle instance (nomount)
n Only allowable startup level since control files, redo log files,
and datafiles do not exist at this point

258

Oracle Database Administration I


86
Creating an Oracle database

u The workbook illustrates how to start a database


in nomount mode

259

Creating an Oracle database


u Once the Oracle instance is started, execute a
CREATE DATABASE SQL command. Below is an
abridged syntax:
CREATE DATABASE <database name>
DATAFILE '<full path to datafile>' size <datafile size>M
LOGFILE GROUP <group number> '<full path to logfile>' size <logfile
size>M

260

Creating an Oracle database


u The datafile defined becomes the first datafile of the
SYSTEM TABLESPACE
u Each database MUST have at least two logfile groups
u For additional options of the CREATE DATABASE SQL
command, consult the ORACLE SERVER
ADMINISTRATOR'S GUIDE

261

Oracle Database Administration I


87
Creating an Oracle database

SQL> create database SEED


2> datafile '/oradata/SEED/system_SEED_01.dbf' size 200M
3> logfile group 1 '/oradata/SEED/log_SEED_01.rdo' size 3M,
4> group 2 '/oradata/SEED/log_SEED_02.rdo' size 3M
5> /
Statement processed.

262

Creating an Oracle database


u Once the CREATE DATABASE command is
executed, a new database is created
n The control files associated with this database are
also created in the location(s) designated in the
parameter file

263

Creating an Oracle database


u Now the data dictionary and PL/SQL packages
need to be built
u The scripts catalog.sql, catproc.sql need to run
against the database
n The former script MUST be run first

264

Oracle Database Administration I


88
Creating an Oracle database
u These scripts are located under:
n $ORACLE_HOME/rdbms/admin (unix/NT)
n ORA_ROOT:[rdbms] (VMS)

SQL> @?/rdbms/admin/catalog
SQL> @?/rdbms/admin/catproc

265

Creating an Oracle database


u Once these scripts have run, two default users are created
in the database
n SYS (initial password change_on_install)
n SYSTEM (initial password MANAGER)

u Both users have DBA authority over the database


n These users should NEVER be deleted from the database

266

Data dictionary
u Composed of a set of tables and views

u Read-only

u Provides information about the associated


database

u Created by SQL script catalog.sql

267

Oracle Database Administration I


89
Data dictionary
u Data dictionary contains the following:
n Usernames of the associated database
n Security
n Names and definitions of scheme objects
n Space allocation for database objects
n Auditing information
n Triggers, functions, packages, and stored procedures

268

Data dictionary
u Scripts that construct the data dictionary
n CATALOG.SQL
u Commonly used data dictionary views
n CATPROC.SQL
u Scripts for PL/SQL on server
n NOTE: The owner of the data dictionary is SYS

269

Data dictionary views


u Display basic information about Oracle accounts
n SQL> select * from all_users;
u Display DBA information
n SQL> select * from dba_users;
u Rollback segments and their status
n SQL> select segment_name, status
n 2> from dba_rollback_segs;

270

Oracle Database Administration I


90
Summary
u Steps to creating an Oracle database
n Preparing the O/S
n Determining the ORACLE SID
n Creating a parameter file
n Starting the instance
n Executing the CREATE DATABASE SQL command
n Building the data dictionary and PL/SQL packages

271

Oracle Database Administration I


Lesson 5
Space Management

Basics of Storage
u Tablespace - Logical storage area within an Oracle
Database that subdivides the database
n The placement and composition of a tablespace are
critical for optimization
u Data File - Physical files that make up a tablespace
n Size and structure should be well planned out

273

Oracle Database Administration I


91
Space Components
u Database block - smallest unit of storage within an
Oracle database
u Extent - Contiguous allocation of database blocks
u Segment - Logical collection of extents that make
up a table, cluster, index, temporary segment, or
UNDO segment

274

Segment Storage Attributes


u Each of these extent options should be reviewed
individually
n Initial - Allocates the first extent of space
n Next - Size of the extent allocated after the initial
n Minextents - Number of extents allocated during the initial
creation of the segment
n Maxextents - Limits the total number of extents the
segment can create

275

Additional Storage Options


u Pctincrease - controls the rate of growth of extents
beyond the second
n If UNDO segments are being configured, this is not an option

u PCTFREE - reserved portion of the data block that is


used for later updates to rows in that block
u PCTUSED- percentage of space in a data block used
before allocating another block
u A block is kept on the free list until it reaches
PCTFREE
u A block stays off the free list until PCTUSED is reached

276

Oracle Database Administration I


92
Segment Creation Options
u Tablespace - The tablespace to store the segments
u Partitioning - Feature of Oracle8 that allows a
segment to be separated into multiple segments,
each existing in a single or multiple tablespaces
u Optimal - sets the optimal size in bytes for a
rollback segment (not used with UNDO)

277

Example

Create table EMP (


EMPID NUMBER,
F_Name VARCHAR2(25),
L_Name VARCHAR2(25),
MI VARCHAR2(1),
SSN VARCHAR2(11)
) Pctfree 10 Pctused 40
storage (Initial 2K Next 2K Pctincrease 0 Maxextents
unlimited)
Tablespace USERS;

278

Storage Considerations
u Object creation parameters override tablespace default
storage parameters with the exception of locally managed
tablespaces as of Oracle8i
u Locally managed tablespaces enforce the use of uniform
extent size or the size that has been autoallocated by Oracle
n One exception -- import (discussed in DBAII)

279

Oracle Database Administration I


93
Local vs. Dictionary Managed
u Two DBA philosophies:
n Dictionary managed
u Grouping of tables are by schema, not table
u Can take schema offline (ie, bad blocks, recovery)

n Locally managed
u Never have tablespace fragmentation with uniform extents
u Never have to worry about extent growth with autoallocate

280

Physical Database Attributes


u Autoextend vs adding datafiles
n Both can be executed when the database is up
n Both can extend the tablespace and be ready for use
immediately
u Autoextending an existing datafile can alleviate DBA
worries, but adversely can waste space
u Adding a datafile is under your control
Alter tablespace add datafile ‘/u01/oradata/seed/newfile_seed_02.dbf’ size
500M;

281

RAID
u RAID
n Important to have for an Oracle system
n Jbod – Lowest data cost – low overhead
n 0 – low data cost – load balancing
n 1, 0+1 – high data cost – most expensive
n 5 – Highest data cost – safe
u It takes four I/Os for one write (read data, read parity,write
data, write parity)
u Minimum of three disks, plus 66-87% of space
u The more disks, the higher the gain

282

Oracle Database Administration I


94
Questions
u What are the two ways to use the autoextend
clause?
u Which segment type does not use the pctincrease
storage clause?
u What would you think would be less problematic in
regards to objects needing extents?

283

Storage issues
u Disk contention
n Background process content for data access
u Segment fragmentation
n Seek time is reduced
u Free space fragmentation
n Cannot allocate a contiguous extent

284

Disk Contention
u Too many heavily used segments on a single disk slows
down access time and causes degradation in database
performance

u System (Data Dictionary), TEMP and UNDO segment


tablespaces are used constantly
u Keeping these tablespaces on separate disks ensures the
best access time

285

Oracle Database Administration I


95
Fragmentation Issues
u Fragmentation
n Frequent writes to a tablespace lead to greater fragmentation

n Fragmented tablespaces run slower and require more disk


activity then non-fragmented tablespaces
n Thus, objects should be grouped into tablespaces based on
their activity and size

286

Levels of Fragmentation
u Levels of fragmentation
n Application Interim Segment
u Data changes are moderate, allowing for some fragmentation

n UNDO Segments
u Used regularly with constant changes to data. Fragmentation is
high
n Temporary Segments
u Data is swapped in and out constantly. Fragmentation is highest

287

Free Space vs. Segment


u Free space fragmentation is determined by the
number of contiguous free space chunks within a
tablespace
u Segment fragmentation is determined by the
number of extents relative to the number of
segments within a tablespace

288

Oracle Database Administration I


96
Free Space Fragmentation
u Caused by dropping or truncating segments
u Categorized as usable or unusable
n A usable free space chunk is large enough to be
used by the growth of an existing segment
n An unusable free space chunk is too small to be
used by an existing segment

289

Segment Fragmentation
u Caused by segments requiring multiple extents
u Using a uniform extent size (i.e. locally managed
tablespaces) will alleviate this
u Manage this by monitoring dba_segments and
dba_free_space

290

Common Methodologies
u Uniform Extent sizes
n Eliminates unusable free space fragmentation
n Does not eliminate segment fragmentation
n Minimizes maintenance efforts
n Extent sizes should be carefully chosen to achieve
best performance

291

Oracle Database Administration I


97
Common Methodologies
u Appropriate sizing of segments
n Often complicated and time-consuming
n Bound to a finite period of time for growing tables
u Rebuilds (imp/exp)
n Eliminate existing fragmentation by using imp/exp
(discussed further in DBAII)

292

Common Methodologies
u Using Pctincrease 100
n Minimizes segment fragmentation
n Minimizes maintenance efforts
n Extent sizes grow exponentially
n Requires large free space chunks to be available

293

Dictionary Views
u DBA_FREE_SPACE
n How much free space is available
u DBA_SEGMENTS
n Information about all segments
u DBA_EXTENTS
n Describes the extents of all objects

294

Oracle Database Administration I


98
Summary
u Basics of Space Storage
u Storage Parameters
u Default Storage Parameters
u Fragmentation
u Methodologies for maintaining

295

Oracle Database Administration I


Lesson 6
Creating and Managing UNDO Segments

Creating and Managing


Rollback/UNDO Segments

u Agenda
n Theory behind rollback/UNDO segments
n Rollback/UNDO segments within an Oracle Database
n Rollback/UNDO segments used in transactions
n Rollback/UNDO segments used in read-consistency

297

Oracle Database Administration I


99
UNDO Segments
u Database objects that record old values of data
before the data are modified by transactions
u Used to recover the database
u Provide read consistency
u Allow certain transactions to be undone (rolled
back)

298

UNDO Segments
u Undo management is new term for rollback
u Two options under 9i
n Manual undo management
u Oracle7/8i/9i rollback segments
n Automatic undo management
u AKA Automatic Undo Management (AUM) or System
Managed Undo (SMU)

299

What are UNDO segments for?


u Three purposes for undo
n Read consistency
n Transaction rollback
n Transaction recovery
u New purpose in 9i

300

Oracle Database Administration I


100
Types of Undo Segments
u SYSTEM
n Used for objects in SYSTEM tablespace
u Non-SYSTEM
n Used for objects in other tablespaces
u Automatic (UNDO)
u Manual (rollback segments)
u Deferred
n Used for offline tablespace

301

Why Use AUM?


u Easier to administer
n In a recent Oracle benchmark, 400 rollback segments were
replaced by one undo tablespace
u Reduced chance of common errors
n “snapshot too old”
u DBA selected retention period
n “unable to extend rollback segment”
u Dynamic extent transfer

302

Dynamic Extent Transfer


u Extents within undo tablespace may switch ownership from
one segment to another
u Prevents single large transaction from affecting other users
u Space reuse is more efficient, so errors are less likely
u Eliminates need for managing rollback space for online and
batch differently

303

Oracle Database Administration I


101
Automatic Undo Management
u New initialization parameters UNDO_MANAGEMENT
n AUTO
u Undo segments managed internally
u No CREATE, DROP, ALTER
u Automatic creation, shrinking, etc.
n MANUAL
u Default; DBA-managed rollback segments

304

UNDO values
u UNDO_TABLESPACE
n Defines the name of the tablespace used to hold the
undo segments
u UNDO_RETENTION
n Controls amount of undo data to retain
u Specify in seconds
u Read consistency and Oracle Flashback

305

UNDO Segments
u Discrete database objects
n Reside within a specific tablespace

u Each segment allocates extents within a


tablespace to store table data before the data are
modified

306

Oracle Database Administration I


102
UNDO Segments
u Can hold data for multiple transactions
u A single transaction must be contained in a single
segment
u Provided maximum number of extents has not
been reached

307

Creating UNDO Tablespace


u The tablespace is all that needs to be created with AUM.
u Usually created at database creation time as part of the
CREATE DATABASE statement:
UNDO TABLESPACE undotbs datafile
'/u02/oradata/SEED/undodbs_seed_01.dbf'
size 200m autoextend off

308

SYSTEM Rollback Segment


u Default rollback segment is automatically created during
database creation

u Cannot be deleted

u Segment resides in the SYSTEM tablespace

u Can only be used for SYSTEM objects


u Create a second one for creating the tablespaces during
creation of a database

309

Oracle Database Administration I


103
SYSTEM Rollback Segment
u Additional rollback/UNDO segments must be
created to hold rollback data for objects in non-
System tablespaces
u The size and number of segments must be
monitored:
n v$rollstat, dba_segments

310

Create a Rollback Segment


u CREATE ROLLBACK SEGMENT SQL command
syntax:

CREATE ROLLBACK SEGMENT <SEGMENT NAME>


TABLESPACE <TABLESPACE NAME>
[STORAGE <STORAGE_CLAUSE>|OPTIMAL]

NOTE: this is not required with 9i

311

Storage clause
u Allows the DBA to set the sizing of the rollback
segment(s)
u The DBA may allow Oracle to size the rollback
segment automatically
u MINEXTENTS for rollback segments must be ≥ 2

312

Oracle Database Administration I


104
Create a Rollback Segment
u Must reside in a rollback tablespace
n Example with Default storage parameters chosen:
SQL >create rollback segment rbs1
2 >tablespace rbs
/
Rollback segment created.

313

ALTER ROLLBACK SEGMENT


u Once the rollback segment is created, It must be brought
online before it can store transaction information
u An entry must be made in the initSID.ora file to be brought
online each time the instance is start
u Use the rule of four to estimate:
n # rollback = transactions/4

314

ALTER ROLLBACK SEGMENT


ALTER ROLLBACK SEGMENT <ROLLBACK SEGMENT NAME>
ONLINE|OFFLINE
u ONLINE
n Brings rollback segment online
n Available for subsequent transactions
u OFFLINE
n Takes rollback segment offline
n Unavailable for subsequent transactions
n Will not go offline until all transactions have completed

315

Oracle Database Administration I


105
When the database is shut
down and restarted

u Only the SYSTEM rollback segment is brought online


u Only the segment names in the ROLLBACK_SEGMENTS
parameter in the initialization parameter file are brought
online
ROLLBACK_SEGMENTS=(RBS1,RBS2)

u Query the data dictionary view to check the status of all


rollback segments:
sys.dba_rollback_segs

316

Rollback Information Stored


u Each time a transaction is executed against the
database, Oracle automatically allocates an
available UNDO segment
u Unchanged data is stored for transaction and
session rollback
u To ensure that each user has a consistent view of
the data they are working on.

317

Request a Rollback Segment


u Programmatically, you can specify the rollback segment to
use
n Prior to executing the SQL statement, execute: SET
TRANSACTION USE ROLLBACK SEGMENT <ROLLBACK SEGMENT NAME>
n Example:
SQL>SET TRANSACTION USE ROLLBACK SEGMENT RBS1;
Transaction set.

318

Oracle Database Administration I


106
Example
EMPNO | ENAME | DEPTNO | SAL
-----------------------------------------
00100 | John Doe | 001 | 15000
00200 | Sue Smith | 001 | 15000
00300 | Jane Goodall | 001 | 15000
00400 | Sam Tyson | 001 | 15000
00500 | Mike Jones | 001 | 15000

u The Emp table holds this information prior to the transaction


u Before the statement is applied, a free UNDO segment is obtained

319

Statement is Executed
SQL> update emp set sal=30000 where empno=0500;
1 row updated.

u The user executes this SQL statement


u If the user commits, the rollback/UNDO segment is released

320

Rollback Statement
u To undo changes
n Execute a ROLLBACK SQL statement
n This undoes the update statement and copies information back
into the table

SQL> rollback;
Statement processed.

321

Oracle Database Administration I


107
Oracle Flashback
u Consistent view of database at past point
n Read-only
n Export and query
n Protection against user error
u “Uh, I just deleted 1,000 rows from SPRIDEN. Can you
restore it for me?”
n Must be using AUM in order to use Flashback
u UNDO_RETENTION parameter

322

Using Flashback
u User needs execute on DBMS_FLASHBACK
u Retention time must be long enough to be useful
u Query as usual after enabling Flashback

CALL dbms_flashback.enable_AT_time
('25-MAR-02:08:00:00');
SELECT * FROM emp;
CALL dbms_flashback_disable();

323

Dictionary Views
u V$rollstat
n Number of times a rollback segment has wrapped
n Number of times it has extended
n Number of times it has shrunk
u V$rollname
n Maps the rollback segment to its name by USN

324

Oracle Database Administration I


108
Data Dictionary Language (DDL)
statements
u Change the internal structure of the database

u They do not use rollback/UNDO segments during


processing

u Once SQL statements are executed, they cannot


be rolled back!

325

Summary
u UNDO segments provide the user the ability to undo DML
statements within the database

u UNDO segments also provide read-consistency within the


database

u UNDO is a special type of segment

u Rollback segments are kept for backwards compatiblity

326

Oracle Database Administration I


Lesson 7
Creating and Managing Database Users

Oracle Database Administration I


109
Creating and Managing
Database Users

u Agenda
n Create new Database Users
n Modify existing Database Users
n Monitor information about Database Users
n Drop Database Users
n Terminate user sessions

328

Creating and Managing


Database Users

u Creating users under Oracle


n Created within the database or OEM
n Not defined in the underlying operating system
u Oracle stores internal user account information
within the data dictionary in an encrypted format

329

CREATE USER SQL

330

Oracle Database Administration I


110
Create User Considerations
u If you do not specify a default tablespace, the user is
assigned to SYSTEM

u If not explicitly specified, users have a


QUOTA of 0 on all tablespaces
u By default, the account is not locked and the password is
not pre-expired

331

Default Temporary Tablespace


u If you do not specify a temporary tablespace, temporary
segments default to the SYSTEM tablespace
u In 9i, if you create the default temporary tablespace for
everyone you do not need to worry about this
u To use this new feature, create it at database creation time
or later
u It must be of type temporary

332

Create a User
u Example:
n Create a user SAISUSR with a password of u_pick_it
n Assign a default tablespace of USERS and a quota of 100KB on
the DEVELOPMENT tablespace
n Specify the temporary tablespace to be TEMP
n (Syntax is on the next slide.)

333

Oracle Database Administration I


111
Example of Creating a User
SQL> create user saisusr identified by u_pick_it
2> default tablespace USERS
3> temporary tablespace TEMP
4> quota 100K on development
5> /
Statement Processed.

334

User Passwords
u During the CREATE USER command, the assigned
password echoes on the screen
u Note that the password is stored in encrypted form
u The encryption algorithm is DES-128 bit

u Oracle passwords are NOT case-sensitive

335

Password Aging
u You can use Password Management
n Run the script utlpwmg.sql to start
u You can set
u Password attempts
u Grace periods
u History
u Many more!

336

Oracle Database Administration I


112
Object Ownership
u As with an OS account, Oracle assigns an ownership to all
database objects that you create in the database

n This ownership is known as a user's SCHEMA

u When a user creates an object in the database, it is created


under that user's SCHEMA

337

Joe Creates a Table


u Example
n User joe creates a table dept within the database
n This table is created under joe's ownership or schema
SQL> create table dept
2> (deptno number(25),
3> dname varchar2(100))
/
Table created.

338

Creating and Managing


Database Users
u Now, connect to the database as chris.

SQL> connect chris/u_pick_it


Connected.

u chris cannot see joe's table unless he specifies the


appropriate schema.

u The syntax for specifying objects in another schema is


<SCHEMA>.<OBJECT>

339

Oracle Database Administration I


113
Creating and Managing
Database Users

u If a schema is omitted, Oracle assumes the object


is in your own schema. If not found there, it will
search for a synonym

SQL> desc joe.dept


Column Name Null? Type
---------------------- -------- ----
DEPTNO NUMBER(25)
DNAME VARCHAR2(100)

340

Creating and Managing


Database Users

u If the object is not yours, the only way you can see
the object(s) is for you to have been granted rights
to it.

u This includes the synonym short name.

n Grants will be discussed later

341

Creating and Managing


Database Users

u During an Oracle install, default user accounts are created.


The important ones are: SYS and SYSTEM (INTERNAL will
be desupported in 10i)
n All accounts are DBA accounts
n To connect to sys, you must have SYSDBA privileges

n However, all data dictionary objects will be created under the


SYS schema

342

Oracle Database Administration I


114
Creating and Managing
Database Users
u To prevent damage to the data dictionary, most DBA tasks
should be done as SYSTEM
n The default password assigned to SYS is change_on_install
n The default password for SYSTEM is manager
n Change both passwords immediately after database creation
n If you create a database in the Database Configuration Assistant, you
will be prompted to change the passwords

343

Creating and Managing


Database Users

u Unix
n Can connect as SYSDBA only if the user is in the DBA group
(defined under /etc/group)
u VMS
n Can connect as SYSDBA only if the user is granted the
ORA_<sid>_DBA identifier under SYS$SYSTEM:AUTHORIZE
u NT
n Can connect as SYSDBA only if the user is in the ORA_DBA
group

344

Altering Users
u Purpose: To change the authentication or
database resource characteristics of a database
user
u Several ways to make the change:
n ALTER USER SQL command
n OEM Management Console
n Other third-party tools

345

Oracle Database Administration I


115
Alter User SQL Example
u Example
n Change the password of the user saisusr to monitor4all
n Modify the quota this user has to UNLIMITED on the USERS
tablespace
SQL > alter user saisusr
2> identified by monitor4all quota unlimited on
users;
User altered.

346

OEM Security Section

347

Dropping a User
u Drop a database user with the DROP USER SQL
statement and to optionally to remove the users’s
objects:
u Again, this can be done with OEM and SQL
DROP USER <username>
[CASCADE]

348

Oracle Database Administration I


116
Creating and Managing
Database Users

u If the user has objects in his/her schema, Oracle


will not drop a user
n To override this, specify the CASCADE option

u Example
n Drop the user saisusr and include all objects in this
user's schema

349

Drop User Does Not Drop Everything


u Oracle will invalidate, not drop, any objects
referencing the dropped objects
n This includes packages, procedures, views, etc.
u All roles created by the dropped user will remain

350

Creating and Managing


Database Users

u Can view user information in the data dictionary,


which stores information on all users
n DBA_USERS
n ALL_USERS
n DBA_TS_QUOTAS

351

Oracle Database Administration I


117
Creating and Managing
Database Users
u View information about all users in the database with the
DBA_USERS data dictionary view
SQL> select * from dba_users
USERNAME USER_ID PASSWORD DEFAULT_TABLESPACE
------------------ ---------- ----------------------------- ------------------
TEMPORARY_TABLESPACE CREATED PROFILE
------------------------------------------------- ---------------------- ---------
SYS 0 D4C5016086B2DC6A SYSTEM
TEMP 26-APR-01 DEFAULT

SYSTEM 5 D4DF7931AB130E37 TOOLS


TEMP 26-APR-01 DEFAULT
2 rows selected.
SQL> exit

352

Creating and Managing


Database Users

u Display tablespace quotas for all users with the


DBA_TS_QUOTAS data dictionary view
n The user sam has a quota of 100KB on the SYSTEM
tablespace (see example on next slide)

353

Creating and Managing


Database Users
SQL> select * from dba_ts_quotas;

TABLESPACE_NAME USERNAME BYTES


------------------------------ ---------------------- --------
MAX_BYTES BLOCKS MAX_BLOCKS
------------------------------ -------------------- ----------
SYSTEM SAM 102
400 0 50

354

Oracle Database Administration I


118
Creating and Managing
Database Users
u When necessary, terminate a user's session while the user
is logged on to the database

n Use an ALTER SYSTEM KILL SESSION SQL statement

n Or use the OEM’s Oracle Enterprise Manager Console

355

OEM

356

Creating and Managing


Database Users

u Killing a user session


n Prevents the user from issuing further database
calls

n Frees locked resources

n Issues rollback on all uncommitted transactions

357

Oracle Database Administration I


119
Creating and Managing
Database Users

u To terminate a user session:

n DBA must first determine serial number and the


session ID for the session

n Both values can be determined from the the data


dictionary view v$session

358

Creating and Managing


Database Users

u Example:

n The DBA wants to kill the session owned by joe

n The DBA must first determine the serial number and


session ID

359

Creating and Managing


Database Users
SQL> select sid, serial#,username from v$session
2> where username='JOE'
3> /

SID SERIAL#USERNAME
--- ------------------------
13 9 JOE

360

Oracle Database Administration I


120
Creating and Managing
Database Users

u Use these values in the ALTER SYSTEM KILL


SESSION command

SQL> alter system


2> kill session '13,9';
System altered.

361

Creating and Managing


Database Users

u Note that ALL user sessions are killed when the


DBA issues a SHUTDOWN IMMEDIATE

362

Summary
n Create new Database Users
n Modify existing Database Users
n Monitor information about Database Users
n Drop Database Users
n Terminate user sessions

363

Oracle Database Administration I


121
Oracle Database Administration I
Lesson 8
Managing Resources

Managing Resources
u Agenda

n Control system and database resource usage

n Password management

365

Profiles
u Can be used to limit system and database
resources available to a user
u Define a set of resource limits
u Useful in large multi-user systems
u Simplifies resource management

366

Oracle Database Administration I


122
Profile Resource limits
u Resource Options:
SESSION_PER_USER CPU_PER_SESSION
CPU_PER_CALL CONNECT_TIME
IDLE_TIME PRIVATE_SGA(MTS only)
COMPOSITE_LIMIT FAILED_LOGINS_ATTEMPTS
LOGICAL_READS_PER_SESSION
LOGICAL_READS_PER_CALL

367

Profile Password Restrictions


u Password options:
n PASSWORD_LIFE_TIME
n PASSWORD_REUSE_TIME
n PASSWORD_REUSE_MAX
n PASSWORD_LOCK_TIME
n PASSWORD_GRACE_TIME
n PASSWORD_VERIFY_FUNCTION

368

Enable Resource Limits


u To enable profiles, set the initialization parameter
RESOURCE_LIMIT in the database parameter file,
init<SID>.ora
u A value of TRUE enables resource enforcement
u A value of FALSE(default) disables all profiles
u Once this value is modified, either restart the database or
use the ALTER SYSTEM command for the changes to take
effect

369

Oracle Database Administration I


123
Alter System Example
u Example
n Enforce resource limits for the database
SQL> alter system set resource_limit=true;
System altered.

370

Managing Resources
u When resource limits are enabled for a database, the
system creates a profile called DEFAULT
n Users who are not explicitly assigned a profile are assigned to
DEFAULT
n All unspecified limits in later profile definitions have the
corresponding value of DEFAULT
n Initially, all DEFAULT values are unlimited
n DEFAULT profile should not be modified. It will also affect SYS
and SYSTEM!

371

OEM Profile tool

372

Oracle Database Administration I


124
Managing Resources
u Using profiles, resources may be controlled at
both the session or call (statement) level
n Lists of resources controlled at the session level
and at the call (statement) level may be found in
the workbook

373

Managing Resources
u Example
n Create a profile called developer_profile
n Maximum of five concurrent sessions
n Unlimited CPU time for a call
n Maximum idle of 60 minutes
n (Syntax on next slide.)

374

Managing Resources

SQL> create profile developer_profile limit


2> sessions_per_call 5
3> cpu_per_call unlimited
4> idle_time 60
/
Profile created.

375

Oracle Database Administration I


125
Managing Resources
u Once you create a profile, assign users to it

u To assign a new user to a profile, specify the


profile name in the CREATE USER SQL statement
n (Syntax on next slide.)

376

Managing Resources

SQL> create user eddie identified by vanhalen


2> default tablespace users
3> temporary tablespace temp
4> profile developer_profile
/
User created.

377

Managing Resources
u Can change an existing user's profile in an ALTER
USER SQL statement

SQL> alter user sue profile developer_profile


/
User altered.

378

Oracle Database Administration I


126
Managing Resources
u Profile assignments only affect a user's
subsequent transactions

u Each user is assigned one (and only one) profile

379

Managing Resources
u When a session-level resource limit has been
exceeded:
n The user’s current statement stops executing, and
all changes are rolled back

n Only a COMMIT, ROLLBACK, or disconnect is


allowed

380

Managing Resources
u When a call-level resource limit has been
exceeded:
n Processing of the statement is halted

n Statement is rolled back

n Only a COMMIT, ROLLBACK, or disconnect is


allowed

381

Oracle Database Administration I


127
Managing Resources
u In both cases, the user is notified of the resource
he/she has exceeded

SQL> delete from saturn.spriden


/
ORA-02393 exceeded call limit on CPU usage

382

Alter Profile SQL


u To modify characteristics of an existing profile,
use the ALTER PROFILE SQL statement

n Refer to the workbook for the syntax.

u Changes to a profile affect subsequent sessions


ONLY

383

Alter Profile Limits


u Alter the values of existing limits in an existing profile
SQL> alter profile developer_profile limit
2> sessions_per_user 2
3> cpu_per_session 30000
4> idle_time 30
5> logical_reads_per_call 1000
/
Profile altered.

384

Oracle Database Administration I


128
Managing Resources
u Example
n Alter the profile developer_profile to specify a
maximum of two sessions, 30000 hundredths of a
second CPU time for a session, idle time of 30
minutes and 1000 logical reads per call.
n (Syntax is on the next slide.)

385

Managing Resources
u Alter the default profile
n Specify a maximum of 5 sessions, and 30 minutes of
idle time
SQL> alter profile default limit

2> sessions_per_user 5
3> idle_time 30
/
Profile altered.

386

Resource Composites
u Total resource usage may be limited through the use of
composite limits
n A composite weighted sum can only be used on these resource
limits:
n CPU_PER_SESSION
n CONNECT_TIME
n PRIVATE_SGA(MTS only)
n LOGICAL_READS_PER_SESSION
n Used to limit total resource usage for a session

387

Oracle Database Administration I


129
Managing Resources
u Using a composite limit
n The DBA must first define the weighting factors for
each resource that is used

n This is done using an ALTER RESOURCE COST SQL


statement

388

Managing Resources
u Example:
n The DBA wants to set a composite limit of 1000 for the above
quantities

n He/she wants to weight each quantity equally

u The DBA must first define the weights of the quantities


n (Syntax is on the next slide.)

389

Managing Resources
SQL> alter resource cost
2> cpu_per_session 1
3> connect_time 1
4> logical_reads_per_session 1
5> /
Statement processed.
SQL>

390

Oracle Database Administration I


130
Managing Resources
u A composite profile can now be defined using the
above weighting factors
SQL> create profile user_profile limit
2> composite_limit 2000
3> idle_time 60
4> /
Statement processed.
SQL>

391

Managing Resources
u In this example, if the total cpu_per_session,
connect_time and logical_reads_per_session
exceeds 2000, then a user exceeds his/her profile
limits

392

Managing Resources
u To remove a profile from the database, use the
DROP PROFILE SQL statement

DROP PROFILE <profile name> [CASCADE]

393

Oracle Database Administration I


131
Managing Resources
u Cannot drop profiles if they are still assigned to users

n To override this, specify the CASCADE option

n Any users assigned to a dropped profile will be reassigned to


the DEFAULT profile

u The DEFAULT profile cannot be dropped

394

Managing Resources
u Example
n Drop the profile developer_profile, and reassign all
users that had this profile to the DEFAULT profile.

SQL> drop profile developer_profile cascade


/
Profile dropped.

395

Managing Resources
u Query the data dictionary to view information about profiles
defined in the database
u Views that hold information about profiles defined in the
database include:
n DBA_USERS (What profiles)
n DBA_PROFILES (What values)
n RESOURCE_COST (Composite limits)
n USER_RESOURCE_LIMITS (User limits)

396

Oracle Database Administration I


132
Managing Resources
u Example
n Determine the profiles of all users in the database
SQL> select username, profile from dba_users;
USERNAME PROFILE
------------------------------ ------------------
SYS DEFAULT
SYSTEM DEFAULT
SAM DEFAULT
3 rows selected.
SQL>

397

Managing Resources
u Example

n Determine the resource limits of the default profile

n Refer to the workbook for an example of looking up


the values

398

Password Limits
u Use for login attempts
u Password history
u Account management
u May need to run utlpwdmg.sql to set up password
management

399

Oracle Database Administration I


133
Password History
u A mechanism must be in place for you to alter
their password
u PASSWORD_REUSE_MAX and
PASSWORD_REUSE_TIME are mutually exclusive
u One can be set, the other UNLIMITED

400

Other Options
u Resource Consumer Groups
n Can give one set of user 75% CPU usage, another 25%
(*more in DBAII)
u SQL*plus command restrictions
n Use product_user_profile
n Restrict access to items like HOST,
SET <set command>, etc.

401

Summary
n Control resource usage within the database

n Restrict and limit system and call level controls

n Manage user password and login attempts

402

Oracle Database Administration I


134
Oracle Database Administration I
Lesson 9
Control Database Privileges

Control Database Privileges


u Agenda
n Define database privileges
n Grant and control system privileges
n Grant and control object privileges
n Grant and control roles

404

Control Database Privileges


u Oracle allows the DBA and users to control access levels
for objects within the database
n Similar to OS file access controls
n Objects stored within the database
u Tables, views
u Packages, procedures
u Functions, sequences, synonyms

405

Oracle Database Administration I


135
Control Database Privileges
u PRIVILEGES can be grouped into two categories:
n OBJECT Level privileges

u Gives you the ability to perform some operation on various


objects
n SYSTEM Level privileges
u Lets you execute specific sets of commands

406

Object vs. System privileges


u Object privileges are the easiest to remember. There are
eight to remember:
Select insert update delete
alter index References execute
Other less common:
n debug (java)
n Read/write (on directories)
n query rewrite/on commit refresh (materialized views)
n Dequeue/enqueue (advanced queueing)

u All other privileges are for system privileges

407

Why Grant Privileges?


u Users will need system and object privileges to
access the database and to manipulate data
u When a user is created, no object nor system
privileges are available
u Privileges can be GRANTed to users, roles and to
PUBLIC

408

Oracle Database Administration I


136
Control System Privileges
GRANT {system priv | role | all [privilege]}
[, {system priv | role | all [privileges]}…]
to {user | role}[,{user | role}]…
[identified by password]
[with admin option];
u All grants the user or role all privileges (except SELECT ANY
DICTIONARY)
u WITH ADMIN OPTION permits the grantee to bestow the privilege
to other user(s) or role
n Roles discussed in Lesson 10

409

Control Database Privileges


u Example:
n Grant the user scott the privilege to select from any
table

SQL> grant select any table to scott;


Statement processed.

410

Viewing Granted Privileges


u DBA_SYS_PRIVS lists what privileges have been
granted to a grantee.

n A grantee can be a user or a role.

n Refer to the workbook for examples

411

Oracle Database Administration I


137
Control Database Privileges
u Revoking system privileges
n To remove a privilege from a user, use the REVOKE
SQL statement

REVOKE <system privilege> | <role> FROM <user> | <role> |


PUBLIC

412

Control Database Privileges


u Example:
n Remove SELECT ANY TABLE PRIVILEGE from the
user john

SQL> revoke select any table from john;


Statement processed.

413

Control Database Privileges


u Example:
n Remove SELECT ANY TABLE PRIVILEGE from all
users in the database

SQL> revoke select any table from public;


Statement processed.

414

Oracle Database Administration I


138
Control Database Privileges
u Effects of REVOKE on GRANT ... WITH ADMIN OPTION
n User A has system privilege Q with ADMIN OPTION. He/she
then grants privilege Q
to user B
n The DBA then revokes system privilege Q from user A
n The revocation of system privileges does NOT cascade down.
After the revoke of privilege Q for user A, user B STILL has
privilege Q

415

Control Database Privileges


u Disabling logons to the database
n Once a user is created in the database, he/she still needs
CREATE SESSION system privileges in order to logon to the
database

n To disable a user account without dropping the user, simply


revoke the user's CREATE SESSION system privilege
n Refer to the workbook for the syntax

416

Control Object Privileges


GRANT {object priv | all [privilege]}
[(column [, column]…)]
on object to {user | role}
[with grant option];

u All grants all object level privileges.


u WITH GRANT OPTION allows the grantee to grant this
privilege to other users in the database

417

Oracle Database Administration I


139
Control Database Privileges

u Example
n Allow sue to insert into the table emp

SQL> grant insert on emp to sue;


Statement processed.

418

Control Database Privileges


u The user executing the grant MUST have the object in
his/her SCHEMA unless the grant WITH GRANT OPTION has
been previously granted
u For example, john cannot grant select on table emp to sue
unless he owns the table or a grant WITH GRANT OPTION
has been granted to him

419

Control Database Privileges


u Example
n Grant the users sue and rich the privilege to query
the accounts table

SQL> grant select on accounts to sue, rich;


Statement processed.

420

Oracle Database Administration I


140
Control Database Privileges
u Example
n Grant the user jeff the privilege to insert on spriden_pidm
column of the SPRIDEN table
n (only options are insert, update and references)

SQL> grant insert(spriden_pidm) on spriden to jeff;


Statement processed.

421

Control Database Privileges


u Grant WITH GRANT OPTION
n An object privilege that is granted using WITH
GRANT OPTION can be passed on to other users
and roles by the GRANTEE

SQL> grant select on accounts to sue with grant option;


Statement processed.

422

Control Database Privileges


u Now sue will be able to grant this privilege to other
users

n Refer to the workbook for an illustration

423

Oracle Database Administration I


141
Control Database Privileges
u To remove a privilege from a user, use the
REVOKE SQL statement

REVOKE <privilege> ON <object> FROM <user> | <role> | PUBLIC

424

Control Database Privileges


u Example:
n Remove SELECT ON DEVEL PRIVILEGE from john

SQL> revoke select on devel from john;


Statement processed.

425

Control Database Privileges


u Example:
n Remove SELECT ON DEVEL PRIVILEGE from all
users in the database

SQL> revoke select on devel from public;


Statement processed.

426

Oracle Database Administration I


142
Control Database Privileges
u Unlike revoking system privileges, revoking object
privileges has a cascading effect. Investigate the effects
before doing so
n Suppose that the DBA revokes the SELECT ON ACCOUNTS
object privilege from sue...
n This revoke will remove the privilege from sue AND from all
users to whom sue granted that privilege
n Refer to the workbook for the syntax

427

Control Database Privileges


u View all object privileges granted to users by
querying the data dictionary

View Name Description


DBA_TAB_PRIVS All privileges on objects in the database
DBA_COL_PRIVS All privileges on columns in the database

428

Summary
u Define database privileges
u Grant and control system privileges
u Grant and control object privileges

429

Oracle Database Administration I


143
Oracle Database Administration I
Lesson 10
Role Management

Role Management
u Agenda
n Describe roles
n Creating and modifying roles
n Manage roles

431

Role Management
u Privilege management can be tedious
n For example, if you have 100 users that each require the
following privileges:
u CREATE SESSION
u CREATE TABLE
u DROP TABLE
u SELECT ANY TABLE
n To assign these privileges, the DBA must execute each grant
for all 100 users

432

Oracle Database Administration I


144
Grant with no Roles
SQL> grant create session to user1;
Statement processed.
SQL> grant create table to user1;
Statement processed.
SQL> grant drop table to user1;
Statement processed.
SQL> grant select any table to user1;
Statement processed.
(Same for user 2, etc.)

433

Users Need Object Privileges


u Object permissions must be executed for each user.
n For example, the DBA also wants each user to have update
privileges on the SPRIDEN table
n The DBA must now execute the appropriate grant for EACH
user

434

Grant the Object Privilege


SQL> grant update on spriden to user1;
Statement processed.
SQL> grant update on spriden to user2;
Statement processed.
SQL> grant update on spriden to user3;
Statement processed.
.
.
.
(etc.)

435

Oracle Database Administration I


145
What are Roles?
u A collection of system and/or object level privileges
u Allows predefined collections of privileges to be modified
and assigned
u Simplifies privilege management
u Once defined, may be granted to other users, roles and/or
PUBLIC
u Granting a role to a user grants ALL associated privileges
to that user

436

Role management

Privilege Role
CREATE SESSION Normal User
SELECT ANY TABLE
UPDATE ANY TABLE

User
Joeuser

437

Role management
u Create roles using the CREATE ROLE SQL
statement
CREATE ROLE <role name> [not identified | identified
{by password | using [schema.]package | externally |
globally}]

438

Oracle Database Administration I


146
Create Role - example
u Example
n Create a role called standard_user

SQL> create role standard_user;


Statement processed.

439

Create Role Protected - example


u Example
n Create a role called power_user
n Protect this role with the password xxx2q

SQL> create role power_user identified by xxx2q;


Statement processed.

440

Role management
u After a role is created:
n Privileges may be assigned to roles in the same
manner they are assigned to users
n The assignments are done through GRANT SQL
statements
n (See next slide for syntax.)

441

Oracle Database Administration I


147
Role management
SQL> grant create session to standard_user;
Statement processed.
SQL> grant create table to standard_user;
Statement processed.
SQL> grant drop table to standard_user;
Statement processed.
SQL> grant select any table to standard_user;
Statement processed.

442

Role management
u Once defined, a role can then be granted to users
n A role grant to a user grants all associated privileges
to the user

n (See next slide for syntax.)

443

Role management
SQL> grant standard_user to user1;
Statement processed.
SQL> grant standard_user to user2;
Statement processed.
SQL> grant standard_user to user3;
Statement processed.
.
.
.
(etc)

444

Oracle Database Administration I


148
Role management
u A role may be modified to have more or fewer
privileges
n Make these changes through GRANT or REVOKE
SQL statements
n Any changes to roles immediately cascade down to
all grantees of the role
n (See next slide for syntax.)

445

Role management
SQL> grant update on spriden to standard_user;
Statement processed.

u The above statement gives all grantees of


standard_user the ability to update on the
SPRIDEN table

446

Role management
u Roles may also be granted to other roles

SQL> grant standard_user to power_user;


Statement processed.

u The above statement causes all associated privileges of


standard_user to be granted to power_user

447

Oracle Database Administration I


149
Role management
u Subsequent privileges may then be granted to
power_user

SQL> grant alter any table to power_user;


Statement processed.

u What will happen if you grant subsequent


privileges to standard_user?

448

Role management
u The exception to this is that no role can be granted
to itself, even indirectly

n If Role A is granted to Role B, and Role B is granted


to Role C, then Role C cannot be granted back to
Role A

449

Default Roles
u Users can have none or many default roles
u If no default role is assigned, all roles granted to
the user will be in effect throughout their session
u If a user has a default role and wants to set
another role, the user must issue the set role
command

450

Oracle Database Administration I


150
Set Default Roles
u Default roles are set for a user using the ALTER
USER SQL statement

SQL> alter user joe default role standard_user;


User altered.

u View dba_role_privs to see what roles are default


roles.

451

Setting Roles
u A user may activate another role that he/she has previously
been granted using a SET ROLE SQL statement
u User Joe can set any role that he was granted during his
session.
u Refer to the workbook for the syntax

452

Role management
u If joe has a default role set for his user account,
then that role will be active for his entire session.

u If joe does not have a default role set for his


account, then the more powerful role will always
be active.

n So long as he was granted default roles...

453

Oracle Database Administration I


151
Role management
u When a user logs into a database, the default role
is what is available.
u If more than one role is granted as default, the
more powerful will take precidence.

454

Role management - question


u If joe has standard_user set as a default role, then he has to
issue a SET ROLE SQL statement to activate any other role.

u If Joe wants to delete all the roles from table SPRIDEN, can
he simply log in and do this?
u If not, what must Joe do to give him the privilege?

n Hint: refer to your workbook.

455

Effects of Conflicting Roles


u Suppose that the user joe has been granted two
roles with conflicting privileges...
SQL> grant all on spiden to power_user;
Statement processed.
SQL> grant select on spriden to standard_user;
Statement processed.
SQL> grant power_user, standard_user to joe;
Statement processed.

456

Oracle Database Administration I


152
Role Authorization
u The DBA can change the authorization of a role using the
ALTER ROLE SQL statement
n NOT IDENTIFIED - removes the password
associated to a role
n IDENTIFIED BY - assigns a password to a role
n EXTERNALLY – Tied to the operating system (not discussed
here)

ALTER ROLE NOT IDENTIFIED | IDENTIFIED BY <password> |


EXTERNALLY

457

Role Password Management


u View dba_roles to see what roles are passworded
u To remove/alter a password option, use the alter
role command:

SQL> alter role power_user not identified;


Role altered.

458

Password Protected Roles


u A password-protected role may be invoked using a SET
ROLE ... IDENTIFIED BY SQL statement

SQL> set role power_user identified by xxx2q;


Statement processed.

u To set a non-defaulted password role, the user must have


the password and explicitly set it.

459

Oracle Database Administration I


153
Role management
u If a password-protected role is granted to a user as the
default role, Oracle skips the password checking and
invokes the role as the user logs on

u If no default role is defined for a user, Oracle assumes that


ALL granted roles for a user are the default and skips
password checking for ALL granted roles

u Thus, ALL USERS NEED TO BE ASSIGNED DEFAULT


ROLES

460

Role management
u Banner Security
n Password-protected roles are the key to security in Banner
n In Banner, three roles are created :
u BAN_DEFAULT_CONNECT
u BAN_DEFAULT_Q <with password protection>
u BAN_DEFAULT_M <with password protection>

461

Role management
u BAN_DEFAULT_CONNECT
n Role consisting of the CREATE SESSION privilege
u Allows users to only connect to the database, but not
to have access to ANY objects

462

Oracle Database Administration I


154
Role management
u BAN_DEFAULT_Q
n Allows select / executes on all objects

u BAN_DEFAULT_M
n Allows select / execute / insert / delete / update on all
objects

463

Role management
u All three roles are granted to EACH Banner user with
BAN_DEFAULT_CONNECT set as the default role
n See the next slide for the syntax.

464

Role management
SQL> grant ban_default_connect to saisusr;
Statement processed.
SQL> grant ban_default_q to saisusr;
Statement processed.
SQL> grant ban_default_m to saisusr;
Statement processed.
SQL> alter user saisusr default role ban_default_connect;
Statement processed.

465

Oracle Database Administration I


155
Role management
u Users with BAN_DEFAULT_M or BAN_DEFAULT_Q roles
are not able to invoke the associated privileges, since they
will not know the underlying passwords
u The passwords for invoking these roles are stored in
encrypted format in each Banner form

466

Role management
u These roles are invoked ONLY when the user executes the
appropriate form

n Thus, users can only change information within the database


through a Banner form

n Consult the Banner Security Manual (Chapter 2 of the technical


reference) for additional information

467

Cautions
u As described earlier, be aware of default roles
u Another one is if you grant a role with a system privilege
with admin option:
n A user with the role grants the system privilege to another user
n The role was dropped
n The new user with the system privilege will still have that
privilege!

468

Oracle Database Administration I


156
Other DBA Views
u Role_role_privs
n Roles granted other roles and admin
u Role_sys_privs
n Roles granted system privileges
u Role_tab_privs
n Roles granted object privileges

469

Summary
n Describe roles
n Creating and modifying roles
n How Banner utilizes roles
n Methods of combining privileges for user group
activies

470

Oracle Database Administration I


Lesson 11
Oracle Net

Oracle Database Administration I


157
Oracle Net
u Agenda
n Describe the purpose and goal of Oracle Net

n Setup Oracle Net listeners on the database host


n Setup Oracle Net clients that connect
to other Oracle servers

472

Purpose of Oracle Net


u Networks
n We all need to use them, internet and intranets
u Traditionally, database connections have been local
connections
u Server-based applications force support of both the
application and database
n CPU and IO loads

u Client/server technology helped to separate this load

473

Local Connections
u Local connections are useful in some circumstances, such
as DBA tasks
u Local connections in many other cases are less useful.
They require that:
n An account is set up on the operating system level for all Oracle users.
This is a serious security problem, especially under UNIX where
numerous security holes exist with shell (/bin/sh, /bin/ksh) level
n The client resides on the same machine as the database server. This
reduces performance of the database server

474

Oracle Database Administration I


158
Tier Architecture
u Two-task processing introduced the beginning of
separating clients from applications and servers
u Two-tier architecture required a fat client with lots of RAM
and disk space
u Configuration management was a nightmare!

475

N-tier Applications
u Distributes the workload associated to database
applications
u Introduced the N-tier Architecture
u Thin clients were now able to run applications
u Oracle Net allowed for distribution of the workload across
the network

476

Thin clients
u The client has now been transferred to a middle
tier
u The application load can now be spread over the
network
u Browser-based connections have now eliminated
fat PC requirements

477

Oracle Database Administration I


159
Oracle Net
u Heterogeneous database connections are now common
u Transparent Network Substrate (TNS)
n Client and server can use different communications protocols
n Multi-vendor applications can now communicate
n Can transfer data to an asynchronous receiver

478

Oracle Net
u An IP networking protocol
u Must be installed on both client and server machines before
remote connections can take place
u Defined as a session-level protocol that runs on top of
network and transport layers
u Under the OSI(Open Systems Interconnect) theoretical
network model

479

OSI Theoretical Network Model

480

Oracle Database Administration I


160
TCP/IP
u TCP/IP (Transmission Control Protocol / Internet Protocol)
n Developed by the US Defense Department for high speed data
transfer between WANs
n Protocol used on the Internet
n Routable between subnets
n Supports a uniform network numbering scheme throughout the
world

481

Oracle Net
u Installed to run under TCP/IP, since it is present on
virtually all machine types
u Easily configured
n Manually with any text editor
n Using a configuration assistant

482

Connection configuration
u Oracle Net Configuration Assistant

483

Oracle Database Administration I


161
Listener.ora
u An Oracle LISTENER must first be set up on the database
server prior to remote connections to any database

u The Listener.ora file configures


u A unique listener name

u Protocol addresses that it is accepting connection requests


on

u Services it is listening for

484

Oracle Net
u Either located in $ORACLE_HOME/network/admin or in the
location that is defined by the system
n $ORACLE_HOME/network/admin (Unix)
n TNS_ADMIN (VMS/NT)

u Does not require identification of the database service

485

Service Name(s)
u Registered by PMON which provides:
n Service name(s) for each running database

n Instance names of the databases


n Service Handlers, dedicated or dispatcher

u PMON also checks on dispatcher and server processes, and


restarts them if necessary

486

Oracle Database Administration I


162
Oracle Net
u A sample listener.ora file is shown in the workbook.
n Defines a TCP listener named MYLISTENER that runs on port
1526. (Note that on Unix systems ports under 1024 are reserved
for root access only.)

n Hostname of the database server is my.test.edu

n MYLISTENER attaches to the databases SEED, TEST, and


PROD, which run from the directory /u01/oracle/product/8.1.6.#

487

Oracle Net
u The executable that controls the listener is called
lsnrctl
n When you invoke this application you should see something
similar to:

LSNRCTL for Unix: Version 2.3.3.0.0 - Production on 18-MAY-98 23:51:31

Copyright (c) Oracle Corporation 1994. All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL>

488

Oracle Net
u To start or stop a particular listener, you can
either enter the command at the prompt:
lsnrctl start <LISTENER_NAME>

u Or you can invoke the program and type:


lsnrctl > start <LISTENER_NAME>

489

Oracle Database Administration I


163
Oracle Net
u The program lsnrctl calls another executable,
tnslsnr, which actually starts the daemon
u At this point, the databases SEED, TEST, and
PROD are ready to accept remote connections
from the network

490

Oracle Net
u To stop a listener, invoke lsnrctl and enter the
following:
LSNRCTL> stop <LISTENER_NAME>

u In the case of MYLISTENER:


LSNRCTL> stop MYLISTENER
The command completed successfully
LSNRCTL> exit
$

491

Oracle Net
u Typically, the Oracle software owner starts/stop
the listener, although anyone in the dba group can
do so
u If someone other than ORACLE starts it, the log
file will be produced where the user is logged in at

492

Oracle Database Administration I


164
Oracle Net
u Multiple listeners
n The previous syntax defined a single listener that attaches to
the SEED, TEST, and PROD databases
n Under this setup, users can remotely log into any of the three
databases attached to the daemon while MYLISTENER is
running

493

Oracle Net
u Multiple listeners (cont.)
n If the DBA needs to restrict users from remotely logging into
specific databases while the databases are open, the databases
should be attached to separate listeners

n Databases remain remotely inaccessible as long as the


listeners that attach to it are not running
n The DBA can configure as many as needed so long as each
one is defined on a separate port

494

Oracle Net
u The listener.ora file shown in the workbook defines:

n Three listeners: FIRSTLISTENER, SECONDLISTENER, and


THIRDLISTENER

n Run from ports 1526, 1527 and 1528, respectively

n Attach to the databases SEED, TEST, and PROD

495

Oracle Database Administration I


165
Oracle Net
u With multiple listeners, each must be started
individually under lsnrctl

n This allows the DBA greater control over database


access

496

Oracle Net
u To prevent users from remotely logging to the
TEST, for example, the DBA can shut down
SECONDLISTENER

u However, keep in mind that more listeners take up


more system resources

497

Client Oracle Net


u In addtion to setting up Oracle Net on the database server,
Oracle Net must also be properly configured on each Oracle
client
u Several ASCII configuration files exist for setting up Oracle
Net on the Oracle client
n sqlnet.ora
n names.ora
n tnsnames.ora

498

Oracle Database Administration I


166
Client Configuration
u Each file defines a different component of Oracle Net clients
n However, tnsnames.ora is critical for remote database
connections

u As with listener.ora, Oracle recommends you generate


these files with Oracle Net Manager, but you can edit them
directly

499

Connection Management
u Oracle Net Manager

500

Oracle Net
u The tnsnames.ora file consists of a series of
database connect/host string definitions. Each
string defines a specific database which the client
can connect to.
u The basic syntax of these strings is shown in the
workbook.

501

Oracle Database Administration I


167
Oracle Net
u Each host string entry defines:

n Hostname of the database server

n Port that the listener is running on

n Oracle SID of the desired database

502

Oracle Net
u While the DBA is free to choose any name she/he
wants as the host string, each value in the string
MUST match those defined in the corresponding
Oracle listener
u Port
u Host
u SID or Service Name

503

Oracle Net
u For an example of using the latter listener.ora file,
the workbook ilustrates the configuration
association of these.

504

Oracle Database Administration I


168
Oracle Net
u Once these files are properly set up, you are ready to
connect to a remote database
u On Windows2000/NT you can pre-define the connect string
with the LOCAL registry value. This assumes only one
database on the server.
u You can pre-set connect_strings in any environment by
creating an individual tnsnames.ora for each database.
u Each of these assist the user in entering as little as possible

505

Oracle Net
u Oracle clients require three parameters for remote
connects:

n Username and password for the Oracle logon

n Connect string that defines the database

506

Oracle Net
u From the command line, setting up a remote
connection is very similar to that of a local
connection
n Start the desired Oracle client as before
n During the database logon specify a username
followed by an "@<connect string>" during the
username prompt

507

Oracle Database Administration I


169
Oracle Net
u For example, to remotely connect as SYSTEM into the SEED
database using SQL*PLUS
n Sqlplus system/manager@seed

u You can also connect another database in the sqlplus


program without disconnecting
n Connect general/u_pick_it@prod

508

Oracle Net
u For example, to connect to SQL*PLUS from a GUI-based
session, you would enter the following:

509

Oracle Net
u The Oracle client first takes the host string specified in the
login and attempts to find a matching string in
tnsnames.ora
n If it finds a match, it attempts to find a listener running at the
specified host and port
n If an Oracle listener is found, the client application attempts to
locate a database with the SID as specified in the host string
n If the client finds this database, it takes the username and
password and attempts to login

510

Oracle Database Administration I


170
Oracle Net
u Troubleshooting Oracle Net
n Setting up remote database connections is a complicated
process, that requires numerous components to be properly
functioning
n The workbook lists common errors that can arise, along with
their likely resolutions

511

Oracle Net
u Any Oracle system account can test the connect string with
TNSPING. This will test to see if the host machine is
listening and recognizes the connect string
u Sometimes DNS resolution gets in the way, you can specify
an IP for the HOST= parameter. It is faster

512

Log and trace files


u Sqlnet.log will be very beneficial in trouble shooting
connections
u To identify the relevant part of the problem, you will need to
turn on tracing
u There are three main areas to trace:
n 1. The SQL*NET client
n 2. The ‘listener’ process
n 3. The SQL*NET ‘server’

513

Oracle Database Administration I


171
Trace file levels
u Establishing a connection
Client----à Listener ---à Server
1 2 3
u An established connection
Client ---à Server
1 3

514

Client Level Tracing


Add in the file sqlnet.ora
n Trace_level_client=##
n Trace_file_client=filename
n Trace_directory_client=/tmp
n Trace_unique_client=true
u This will turn on FULL tracing for your user account.
u Output in /tmp/filename_<PID>.trc

515

Listener Level Tracing


u Add in the file Listener.ora
n Trace_level_listener=##
n Trace_file_listener=filename
n Trace_directory_listener=/tmp
u This defines FULL tracing in /tmp/filename.trc

516

Oracle Database Administration I


172
Server Level Tracing
u Add in the file sqlnet.ora.
u Output sent to /tmp/filename_<PID>.
n Trace_level_server=##
n Trace_file_server =filename
n Trace_directory_server =/tmp

517

Tuning
u Packet transferring
n SDU
n TDU
u Server and dispatchers
u Connect time
u queuesize

518

Summary
n Describe the purpose and goal of Oracle Net
n Setup Oracle Net servers on the database host
n Setup Oracle Net clients that connect
to Oracle Net servers

519

Oracle Database Administration I


173

You might also like