Agenda
SYSDBA privileges Startup Database shutdown Cold and hot /backup Recovery Database creation
Special view v$pwfile_users with special users We must be with a user like Sysdba in order to execute selects over it
How
SYS@oracle> show user; USER is "SYS"
SYS@oracle> select * from v$pwfile_users; USERNAME SYSDB SYSOP SYS TRUE TRUE
Check in v$pwfile_users
How to revoke?
SYS@oracle> revoke SYSDBA from rednick;
Revoke succeeded.
Check in v$pwfile_users
GRANT, sintaxe
grant system_privilege to username; grant system_privilege_1, system_privileges_2, ..,system_privileges_n to username; grant system_privilege_1 to username with admin option; grant object_privilege to username; grant object_privilege to username with grant option; grant object_privilege to username with hierarchy option;
Sample
grant select, update on table_1 to user_1;
Ref:
http://www.stanford.edu/dept/itss/docs/oracle/10g/server.101/b10759/statements_901 3.htm
REVOKE, sintaxe
Revoke system privs from users and roles Revoje users privs on objects Revoke roles from users
Sample:
REVOKE DROP ANY TABLE FROM hr; REVOKE DELETE ON orders FROM hr;
Ref:
http://stanford.edu/dept/itss/docs/oracle/10gR2/server.102/b14200/statements_9020.htm
Privileges
Def: one privilege is a right to execute a SQL command over an object from a different schema Privileges can be assigned to an user or a role
Privileges over
Tables select, insert, update, delete, alter, debug, flashback, on commit refresh, query rewrite, references, all Views select, insert, update, delete, under, references, flashback, debug Sequence alter, select Packeges, Procedures, Functions (Java classes, sources...) execute, debug Materialized Views delete, flashback, insert, select, update Directories read, write Libraries execute User defined types execute, debug, under Operators execute Indextypes execute
! One user can access an object from a different schema only having the right role or privs Privileges can be found in
all_tab_privs_made & user_tab_privs_made
sample:
SQL> Create role select_data_role; SQL> Grant select on emp, dept, bonus to select_data_role; After an role has specific privs, the role can be assigned to a user SQL> GRANT select_data_role TO Rednick;
Limitation:
Even if the privs can be assigned to objects from different schmea, in PL_SQL programs this is impossible Only direct dependence is permitted
Role: PUBLIC
It is created by sql.bsq during the database creation
create role public / This role is not visible in dba_roles Any privs given to PUBLIC becomes a privs to any user from the database
Predifined Roles : delete_catalog_role, execute_catalog_role, select_catalog_role exp_full_database, imp_full_database aq_user_role, aq_administrator_role, global_aq_user_role(?) logstdby_administrator snmpagent recovery_catalog_owner hs_admin_role oem_monitor, oem_advisor scheduler_admin gather_system_statistics plustrace xdbadmin xdbwebservices ctxapp
Predefined role:
!t
Conclusions: GRANT vs REVOKE CREATE vs DROP Security enhanced if Grants are given to Roles System privs have globa access Each object has an owner-user
Physic
Logical
Physic
Database create database test logfile group 1 ('/path/to/redo1.log') size 100M, group 2 ('/path/to/redo2.log') size 100M, group 3 ('/path/to/redo3.log') size 100M character set WE8ISO8859P1 national character set utf8 datafile '/path/to/system.dbf' size 500M autoextend on next 10M maxsize unlimited extent management local sysaux datafile '/path/to/sysaux.dbf' size 100M autoextend on next 10M maxsize unlimited undo tablespace undotbs1 datafile '/path/to/undotbs1.dbf' size 100M default temporary tablespace temp tempfile '/path/to/temp01.dbf' size 100M
Ref:
http://www.adp-gmbh.ch/ora/sql/create_database.html
Physic Tablespaces
create tablespace ts_something logging datafile '/dbf1/ts_sth.dbf' size 32m autoextend on next 32m maxsize 2048m extent management local;
Ref:
http://www.adp-gmbh.ch/ora/sql/create_tablespace.html
Physic
!
Temp Tablespaces have tempfiles and not datafiles
Physic Segments split in 4 categ: data segments: table si cluster index rollback temporary data
Physic Segment creation CREATE ROLLBACK SEGMENT segm_1 TABLESPACE tbs_1 STORAGE ( INITIAL 10K NEXT 10K MAXEXTENTS UNLIMITED );
Physic Extent Def Is a logical unit from an continue number of data blocks. One or more "extent" make a segment. When the segment is fully used , Oracle creates another one
Physic How to ? Space over extent When a table is created, an initial extent with a predifined data blocks . Even if the table do not have any records, data blocks are reserverd
Physic Oracle Data Block Rep the lowest logical unit for I/O
Views: dba_tablespace; v$tablespace; Data files: dba_data_files; v$datafile; Temporary files: dba_temp_files; v$tempfile;
sample:
select TABLESPACE_NAME, INITIAL_EXTENT, NEXT_EXTENT, MIN_EXTENTS, MAX_EXTENTS, PCT_INCREASE, STATUS, CONTENTS from dba_tablespaces order by TABLESPACE_NAME
Deletion of tablespace:
Drop tablespace
Steps:
1. datafiles of a tablespace SELECT file_name, tablespace_name FROM dba_data_files WHERE tablespace_name =<tablespace name>;
2. Deletion:
DROP TABLESPACE <tablespace name> INCLUDING CONTENTS AND DATAFILES; Referinte:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14220/logical. htm#i4896
Logical: Schema: All objects of a specific user: tables,views, sequence procedures, synonyms , index, clusters, and "database links".
Logical: Cluster "Create cluster privs and having a system tablespace with unlimited space
Logical: Cluster In order to create a cluster in a different schema, what privs is required? CREATE _ _ _ CLUSTER
Ref:http://download.oracle.com/docs/cd/B19306_01/server.10 2/b14200/clauses009.htm
CREATE TABLE dept ( deptno NUMBER(3) PRIMARY KEY, . . . ) CLUSTER emp_dept (deptno);
Logical: Partition Def: big volumes of data manipulation by splitting them over a specific characteristic.
Logical: Partition 1 select sum(val) from sales where year=1991; select product,sum(val) from sales where year=1992 group by product;
2.
create table sales (year number(4), product varchar2(10), val number(10,2)) partition by range (year) partition p1 values less than (1992) tablespace u1, partition p2 values less than (1993) tablespace u2, partition p3 values less than (1994) tablespace u3, partition p4 values less than (1995) tablespace u4, partition p5 values less than (MAXVALUE) tablespace u5
3. Obs:
There are no bigger value than MAXVALUE., where MAXVALUE is max(col) If partition p4 didnt exist we couldnt insert dates bigger than 1995
Security
Security
Security
Auth
OS
So auth then sqlplus / OS in DB with schema Reverse : DB users in LDAP auth with EUS
Auth
Network
Security
Auth Oracle db DES (Data encryption standard) password encryption Password policy and grace logins Lost password policy
Security
Security
Security
Db Security
Security
Db Security OS
More dba(group) Specialized on different operations DDL, create/drop database . create/drop table
Security
Security
Db Security Security policies At DBA level, At : SYSDBA, SYSOPER roles At normal users
Security
Q/A
email: emanuil.rednic@gmail.com