Professional Documents
Culture Documents
Overview
u u u
Set of data to store and access information Based on a relational model of rows and columns stored in tables Also Object-oriented (OO) structures
n
Retrieve data File I/O Space Management Change Management Access Management
Database Structure
u u u u u u u
Data file(s) Control file(s) Redo logs Init.ora (spfile.ora 9i) Trace Alert log Password
Instance Structure
u
Collectively known as System Global Area. 95% defined by data block buffer cache, Shared SQL Pool, Large Pool and Java Pool.
u u
Oracle background processes are started. Single database accessible by multiple instances RAC (Real Application Cluster) a.k.a. parallel server
Instance Defined
u
Defined by initialization parameter(s) that determine the size and composition Can be dynamically altered initSID.ora (ascii file) spfileSID.ora (binary file) configSID.ora (usually only used to create a database not
widely used)
u u u u
Oracle Instance
u
Composed of:
n
SGA (System Global Area) PGA (Program Global Area) Oracle BACKGROUND processes
Shared memory region allocated by Oracle for an Oracle database Allocated when the Oracle database is started The SGA should be in non-paged, non-swapped memory
u u
SGA Composition
u u u u u u u
Buffer cache Shared SQL Pool Large pool (optional) Java pool Redo log buffer Dictionary cache Other miscellaneous items
PGA Composition
u
Non-shared memory area to which a process (server or background) can write Allocated by Oracle when a user connects to an Oracle database and a session is created
10
Oracle Instance
u
11
Oracle Instance
u
ARCn CKPT (prior to 9i) RECO Lock (LCK0) Job Queue (SNPn) Queue Monitor (QMNn) Dispatcher (Dnnn) Server (Snnn for dedicated MTS servers)
12
SGA
u u u u
Buffer Cache Redo Log BUFFER Shared SQL Pool Dynamic (as of Oracle 9i)
14
Dynamic SGA
u
Defined in Granules
n
u u u
Can be modified on the fly (9i) Establish an overall maximum Initially allocated 4 for small, 3 for large (fixed SGA, buffer cache, Shared pool)
15
Was divided into blocks the same size as the blocks in the datafiles As of 9i, multiple buffer cache introduced (depends on block size of each tablespace) Size and number defined in the initialization Parameter File Holds copies of data blocks read from disk
u u
16
Stores the most recently accessed BLOCKS OF DATA Contains PINNED buffers
n
Data being accessed Data that has been MODIFIED, but not written to disk
u u
17
Stores the REDO ENTRIES (changes to the database) Default is four times the OS block size Larger reduces log I/O and uncommented redo to online redo logs Changed data is moved from the database buffer cache to the redo log buffer then to the redo log files
18
Shared Pool
u u
Can be dynamically modified (9i) Must be an integer multiple of the granule size
u
u u
Library Cache Data Dictionary Cache Control structures Reusable Runtime Memory
19
Shared Pool
20
Shared Pool
u
Library Cache
n
SHARED by all users for commonly used SQL statements Shared and Private SQL areas for executed statements PL/SQL Procedures and Packages Allocation and Reuse of Memory
21
Library Cache
u
Shared SQL
n
PARSE TREES for SQL statements EXECUTION plans for SQL statements Size dependent on complexity
Private SQL
n
22
Library Cache
u
Checks for existence Allocate private SQL area May flush the shared pool
23
PGA
24
PGA
u
Varies depending if dedicated or Shared servers (MTS) are used Stack space Session information (PGA verses Shared Pool) Memory allocated to hold a sessions variables and arrays Automatically managed in 9i with the SQL memory management
u u u u
25
Questions
u u u u u
What is the name of Oracles memory structure? What are its contents? How is it divided? If I have 150 mb SGA, why does Oracle change the size? Can you vary sizes of Oracle blocks?
n
If so, how?
26
Oracle Database
u
27
Physical Structure
u
Made up of:
n
Data files Redo Log Files two or more with members One or more Control Files One Parameter File Trace and alert log files One Password file
29
Datafile
u u u u
Disk space for a tablespace One or more per tablespace Associated with only one tablespace Consists of segments:
n
UNDO, Temporary, Data, index, undo, LOB and cache (for the most part)
30
Characteristics
n
Record changes made to the data by various transactions Help RECOVER the data in case of a failure Streamline the process of how data is written to disk
31
Control Files
u
u u
Record of the overall architecture and status of the database Easily moved and recovered Contain the following:
n n n
Database NAME Datafiles NAMES and LOCATIONS Redo log file NAMES, Log sequence number and LOCATIONS
32
Parameter File
u
Attributes of an instance are defined through an Oracle Parameter File Determines the size and characteristics of the instance Stored in an ASCII file or housed with the database in a binary file
33
Parameter File
u
The only Oracle file that is ASCII All other files are binary and not directly changeable by the DBA Read-only when the instance starts
n
34
Trace files contain information about significant events Alert log records the commands and results of major events in the life of the database
n
35
37
Tablespace(s)
u u u
Logically divides a database One or more datafiles are explicity created for each one Logically divided into segments that are further divided into extents and blocks Can be defined as read-only A unit of space to store a schemas objects
u u
38
Object(s)
u
Schema(s)
n
A collection of objects owned by one Oracle user Tables, indexes, views, sequences, stored procedures, functions, packages, UNDO segments
Object(s)
n
39
A collection of the smallest object in a database An extent can be of a varying size Extents MUST be contiguous Blocks are the finest collection of space in an Oracle database
40
Questions
u u u u u
What are the physical files of a database system? What are the logical entities of a database? What is the smallest structure? Which structure MUST be contiguous? Which structure will tell you event information?
41
Background Processes
n
Every instance has BACKGROUND PROCESSES BACKGROUND PROCESSES perform I/O, handle process cleanup and monitor the ORACLE database Provide support, increase performance, assist in recovery and make the database more reliable
43
Background Processes
u u u u u u
44
Database Buffer
u
After the changed data (redo entries) are written to the online redo log files, the changed data will be written to disk These changed data are called dirty Dirty data are moved to the write list Dirty data can be on the write list and on the LRU list
u u u
45
DBWn
u
At some time after the redo entries have been written into the online redo logs, the database writer (DBWn) writes the dirty buffer back to the database This is called delayed write and is based on initialization parameters
46
Only available on systems with Asynch I/O Can use I/O slaves to duplicate the above on systems without it
Keeps the BUFFER CACHE clean and free
47
The dirty list reaches a threshold length A DBWR timeout LGWR issues a checkpoint
48
Writes the REDO log entries (located in the REDO LOG BUFFER) to the REDO LOG files Only the changed data, not the entire Oracle block(s) is written to the redo logs Issues checkpoints
49
The online redo log files hold the redo entries Only the changed bytes are written to the online redo log file The entire data block is not written to these logs
50
There is a fixed number of online redo log file groups Defined at database creation time Can add or drop groups or members (discussed later)
u u
51
Redo log file groups cycle If there are three redo log file groups:
n
When the first group is full, LGWR starts writing to the second group When the second group is full, LGWR writes to the third group When the third group is full, LGWR writes to the first group
52
What causes the LGWR to clear the REDO LOG BUFFER and transfer the transactions to disk?
n
When a user process COMMITS a TRANSACTION TIME-OUT (caused every three seconds) When the redo log buffer becomes 1/3 FULL When the DBWR writes the dirty buffers to disk
53
Use the UNRECOVERABLE key word This is to be used very carefully. No redo entries will ever exist after this point Best used for temporary object creation
54
PMON
u
Cleans up after failed server processes by releasing system resources FREEs resource locks Rolls back aborted processes Restarts dispatchers and shared-server processes
u u u
55
SMON
u
INSTANCE RECOVERY performed at startup CLEANS up temp segment(s) no longer in use Can coalesce fragmented tablespaces
56
CKPT
u
Updates the header record of the data files with a SCN (System Change Number) This SCN is used for synchronization of all files Does this on behalf of the LGWR Can be a source of I/O contention with the LGWR
u u u
57
Archive Mode
u
Saves the online redo log files as archived redo log files A database in archive log mode can be restored to the last committed transaction Production databases are run in archive log mode
58
ARCn
u
Copies the REDO logs to the ARCHIVE storage when the REDO logs become filled
n
Process was optional before 9i, but now is automatically started when archivelog mode is set. Must be turned on
59
ARCn
u
ARCn copies a filled online redo log file to an archived redo log file ARCn gives each archived redo log file a unique name ARCn must be finished copying the online redo log before it is overwritten
60
Process Questions
u
Which process can cause the DBWR to write to disk? Which process can coalesce the free space in a tablespace? Which process wakes up to take care of shared servers?
61
The instance is started The instance mounts the database The database opens
n
63
User Process
u
In network access mode (web or client/server), a user process utilizes the Transparent Network Substrate (TNS) that allow the client applications (i.e., ORACLE tools) to communicate with the server processes Initiates a session on the PC that connects to a dedicated server process
64
Session
u
The activity of a user from the time the user connects to the database to the time the user disconnects from the database Can execute multiple transactions
65
A user application on the PC talks to SQL*Net SQL*Net talks to the user server process The server process parses the SQL statement and validates it
66
A Transaction is Started
u
One or more SQL statements that must all be saved (committed) or discarded (rolled back) as a group
67
A Transaction is Started
u
68
Dedicated Server
Each user has one server process Each server process works for only one user Session information is stored in the PGA
69
Dedicated Server
u
The user process on the PC communicates to the server through Oracles SQL*NET A network listener process is created A dedicated server process is created
u u
70
Server Process
u u u
An OS process that works on behalf of the user Reads the data from disk into the buffer cache Communicates with the database for the user
n
71
SGA Activity
u
The server process reads data from the database datafiles and stores it into the data buffer cache The user SQL statement changes the data in the data buffer cache
73
An area in memory that contains data and controls information for a single user
n
Memory is ALLOCATED when a user process connects to the database Extra memory is allocated for session management if in dedicated server mode
74
75
Physical reads get data from the datafiles Logical reads get data from memory (The SGA data buffer cache) All managed by the server process(es)
76
The server process receives the SQL statement. Processed either by:
n
If an identical SQL statement is found in the shared pool, it uses it If not found in the shared pool, a new shared SQL area is allocated
77
PARSE
u
Data Dictionary
Ensures the processes issuing the command has the RIGHTS to execute the command ALLOCATES a private SQL area for the statement ( PGA ) SCANS existing SQL area for matching statement
u u
78
PARSE TREE
u
Two Types
u u
79
EXECUTE
u
Will only execute if the PARSE is successful APPLIES the PARSE TREE to the data PERFORM physical and logical reads
80
EXECUTE
u
CHANGES data where necessary Performs constraint CHECKING FETCH RETURNS rows of data for a SELECT statement
81
UNDO Segments
u
If the user rolls back the data, the UNDO segments are used to restore the old data
82
The changed data is placed in the redo log buffer If the data is committed, the LGWR writes the changed data to the online redo log files The commit is completed after the data is written to the redo log
83
SGA Review
Buffer Cache Shared Pool Redo Log Buffer
Buffer Cache
u
Consists of buffers the size of the data blocks (only option prior to 9i) or in bytes Two purposes:
n
To improve performance for repeated statements usage To allow users to make changes quickly in memory
LRU WRITE
85
Newest to oldest information Longer it sits, older it becomes When new space is needed or a CKPT (checkpoint) has occurred:
u u
DIRTY buffers are written to disk and removed from memory Oldest data in the SGA can be written over
86
FREE
n
DIRTY
n
Section of memory that CONTAINS data that has been modified, but not yet written to disk
PINNED
n
87
Written to when a user modifies data The server process moves the changed data from user memory to this buffer Contains only the redo entries LGWR writes the redo entries to the online redo log file
u u
88
Shared Pool
u
Large Pool
89
Mandatory Contents
u
Library cache
n
90
Read Consistency
How Oracle maintains a Consistent view of the data for each transaction
UNDO Segments
u
Main purpose
n
92
UNDO Segments
u
Contains
n
Block Information File names and block ID Data as it existed before a transaction Transaction numbers
93
Stores the data before it was changed by a transaction If the user cancels a transaction (rolls back the data), the UNDO segments are used to restore the old data Discussed in a later section
94
UNDO Segments
u
Should an error occur during a modification of data, the record retained by the UNDO SEGMENT will restore the data prior to the modification attempt
95
Read Consistency
u
Ensures data seen by a statement is consistent with respect to a point-in-time Even data changed by another transaction is not seen during the transaction
96
Read Consistency
u
Basic principles
n
Readers can not lock data blocks Readers can not block other readers Readers can not block writers Writers can not block readers Writers can block writers
97
COMMIT
u u u u
When a statement is executed and saved Can be explicitly or implicitly commited Ends the current transaction Generates a System Change Number (SCN)
98
COMMIT
u
Modification becomes PERMANENT A copy of the transaction is placed in the REDO BUFFER Redo buffer is FLUSHED to the REDO LOGS
99
COMMIT
u
User is NOTIFIED Resource locks are RELEASED DBW0 may WRITE the data back to the database file
u
Note: Issuing a COMMIT does not guarantee that a transaction has been written back to the DATAFILE
100
When a REDO BUFFER is flushed, its information is stored in the REDO LOG FILES
n
Hold records of all transactions that have been applied to the database With these entries, a database can be reconstructed during a database crash
101
REDO LOG FILES are circular When a transaction is COMMITTED (data modified), the LGWR transfers the statement from the REDO LOG BUFFER to the REDO LOG FILES A SCN (System Change Number) is also associated to each COMMITTED transaction that is written to a REDO LOG FILE
102
When a REDO LOG FILE becomes full, the LGWR moves to the next file
n
If there are no new REDO LOG FILES, the old files are reused If these other files were not archived, all data before this point can no longer be recovered
103
If ARCHIVELOG is ENABLED, redo log files can be stored Archiving can be duplexed Standby databases can use these same archives
u u
104
Number of filled REDO LOG FILE blocks written between consecutive CHECKPOINTS (OS-dependent)
u
NOTE: Do not make this value larger than the REDO LOG FILE. If it is larger, the CKPT only occurs when switching logs
LOG_CHECKPOINT_TIMEOUT
n
Maximum amount of time before another CHECKPOINT occurs (default 900 sec)
LOG_CHECKPOINT_TO_ALERT
n
105
Filled REDO LOG Forced by DBA with the ALTER SYSTEM SWITCH LOGFILE command
106
Groups must contain identical sets of logfiles (names should be different) Place on different disks to help increase the REDO LOG files chances of survival should there be a computer failure When the REDO buffers are flushed to the REDO LOG files, the information to be stored is mirrored to a log file in both groups
107
108
CONTROL FILE
u
NOTE: It is an excellent idea to have backup copies of this file, in case something should happen to it
109
CONTROL FILE
u
Contains
n
DATABASE NAME TIMESTAMP of database creation TIMESTAMP of last access NAMES and LOCATIONS of databases and redo log files Current LOG SEQUENCE number
110
TRANSACTION
u
111
TRANSACTION
u
A TRANSACTION starts when a user executes a SQL statement The TRANSACTION ends when:
n
SQL statement is COMMITTED A user ends the session unexpectedly A user EXITS the database
112
TRANSACTION
u
A ROLLBACK occurs User TERMINATES ABNORMAL user exit Processor FAILURE Media FAILURE
113
Parameter File
u u
initSID.ora configSID.ora
114
DB_CACHE_SIZE (9i)
u
Number of blocks in the data block buffer cache (3000 to 10,000) Can have five different block sizes DB_#K_CACHE_SIZE Cannot exceed the MAX_SGA_SIZE Specifies the size of a Oracle block Cannot be changed except by rebuilding the database/tablespace (2k, 4k or 8k)
u u u
u
DB_BLOCK_SIZE (bytes)
u u
115
log_buffer (bytes)
n
256k
116
Shared_pool_size (bytes)
n
117
Archiving Parameters
u
118
Archiving Parameters
u u
Standby_archive_dest Log_archive_dest_n
n
As of 9i can be up to 10 locations (SERVICE=tns_service | LOCATION= local location) MANDATORY | OPTIONAL Used for managing the 1-10 archive destinations
Log_archive_dest_state_n
n
119
Archiving Parameters
u u
Log_archive_duplex_dest Log_archive_min_succeed_dest
n
120
Checkpoint Parameter
u
Checkpoints should be avoided in an OLTP system like Banner Larger redo log files will reduce checkpoints Longer checkpoint intervals, larger redo gaps
n
u u
Parameters
n
121
Background Process that helps LGWR at log switch This process updates the data file header files CKPT_PROCESS = TRUE
n
Used only in Oracle systems prior to 9i In 9i, remove this parameter from any init.ora. It will cause an error. Automatically started in 9i
122
dml_locks (1500 to 2000) processes (number of user plus oracle background processes) open_cursors = 1024 (2048 is better) optimizer_mode = rule (Banner requirement)
u u
123
Server Configurations
u
Three types
n
125
DEDICATED server
u
Two tasks
n
USER process and SERVER process If the two processes are on the same machine, the program interface is handled by the LOCAL MACHINE'S I/O If the two processes are on different machines, the program interface is handled by a COMMUNICATION MECHANISM (SQL*Net/Net80)
126
DEDICATED server
127
MULTITHREADED server
u
This allows the system resources to be freed, but can cause decreased response time for heavy users
128
MULTITHREADED Server
Application Code
Dispatcher Processes
129
DISPATCHER
u
The DISPATCHER routes the USER request to the Request Queue The SERVER process checks the queue for new requests (FIFO) The SERVER process then places the response on the calling dispatcher's response queue, and then back to the application
130
(protocol=ipc/tcp) (dispatchers=N)
u
Mts_max_dispatchers = n
131
Summary
u
Oracle database
n
Data, redo log, control, trace, alert log and parameter files
Oracle Instance
n
The set of background processes which access data, log, and control files. An Oracle Instance is defined by one or more Parameter Files that is read at startup time
132
Oracle INSTANCE
u
133
Physical structure
u
One or more DATA files that contain data Two or more REDO files One or more CONTROL files One or more Parameter Files
134
DATAFILE
u
Data is read into stored memory cache Can manipulate, view, or change the data After you complete the transaction, the data is written back to the DATAFILE
135
n n
When a system failure has prevented Oracle from updating DATA Allows the transaction to be recalled Prevents existing data from becoming corrupted through an incomplete transaction by restoring the original information
136
CONTROL FILES
u
When an Oracle database is started, the CONTROL file that is listed first in the parameter file is read Identifies the database Opens the redo logs to allow the database to function
137
SETTING BUFFERS
u u
DB_CACHE_SIZE
u
Redo log
n
LOG_BUFFER
138
MULTITHREADED PGA
n
The SGA is responsible for allocating the memory to the user sessions
DEDICATED PGA
n
139
BACKGROUND PROCESSES
u
DBWn (Database Writer) LGWR (Log Writer) CKPT (Check Point) SMON (System Monitor) S### (Server)
u u u u u
PMON (Process Monitor) ARCn (Archiver) RECO (Recover) Dnnn (Dispatcher) LCKn (Lock)
140
RECO
u
141
Dnnn
u
An optional feature The Dispatcher is used to TRANSLATE communications from one protocol to another
142
LCKn
u
It instantly LOCKS data to prevent data corruption caused by simultaneous access of data by different processes
143
CKPT
u
Primary goal
n
Make sure all modified data buffers get written to files FORCES DBWR to clean the BUFFER CACHE CAUSES the switching of REDO LOG FILES FLUSHES the REDO LOG BUFFER to disk
144
CKPT
u
PROBLEMS
n
The CKPT processes will put more overhead on the server May cause a considerable slowdown In 9i, the CKPT process is predefined and started. In earlier version, to activate CKPT:
u
Parameter File
n n
CHECKPOINT_PROCESS=TRUE
145
Agenda
n
Application(s) used in starting a database Required environment settings to startup a database Various levels of a database startup and shutdown
147
After the installation of Oracle, the DBA configures, creates and starts a database for user access Before you can create a database, you must start an application to begin
148
SQLPLUS Use a database management tool (Enterprise Manager, TOAD) Scripts Oracle Universal Installer RMAN (Recovery Manager not discussed in this course)
u u u
149
SQLPLUS
u
The replacement for Server Manager (svrmgrl) starting with release 8.1.5 With Password file
n
Sqlplus /nolog
n
Then issue connect <username>/<syspassword> as sysdba (9i) Connect internal as sysdba (8i to be desupported after 9i)
Sqlplus / as sysdba
150
Has become more sophisticated Comes with the Enterprise Edition Use the Instance Manager as INTERNAL or AS SYSDBA
TOAD
n
151
Scripts
n
All require several environment variables to be set prior to running any Oracle application
152
$ORACLE_HOME
u
$ORACLE_SID
u
$LD_LIBRARY_PATH
u
Set to $ORACLE_HOME/lib
(optional) $PATH
u
153
Executing the script oraenv, typically located in /usr/local/bin, automatically sets all environment variables Or manually at the command prompt
n
Examples
n
NOTE: Oracle account should set variables in $ORACLE_HOME/bin with no application-specific definitions
154
ORA_DB
u
ORA_SID
u
ORA_ROOTDIR
u
155
Running the command file ORAUSER_<SID>.COM, located under ORA_ROOT:[db_<SID>], automatically sets all logicals and symbols correctly
u
@orauser_<SID>.com
156
Environment Variable - NT
u
Registry values are defined and a service entry is created when the database is created Registry values are automatically set when you use OEM or during installation
n
Run regedit
u
HKEY_LOCAL_MACHINE/SOFTWARE/ORACLE
157
Setting Environment - NT
u
158
Once the proper environment variables are set, the DBA then needs to invoke the local database management utility
sqlplus /nolog connect <username>/<password> as sysdba Or connect / as sysdba
n
159
Connection Example
C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation. reserved. SQL> connect sys/systest as sysdba Connected to an idle instance. SQL> All rights
160
Startup by OS
u
Unix: group DBA(defined in /etc/groups) VMS: Rights identifier ORA_<SID>_DBA (defined in sys$system:authorize) NT: be in the group ORA_DBA
161
As of 8i, Oracle introduced the password file Grant sysdba, sysoper for remote or local connection More in DBA II
162
When the database is shut down, there is no way to verify username and password is necessary to find a way for an individual to log onto the database connected, the user has sys privileges
u It
u Once
163
Once the DBA has connected to the database, he/she can proceed to:
u u u
Startup the database in several modes Shutdown the database in several modes Or create a database
164
There are several ways to start the database's instance We will look at:
n
165
Reading a parameter file (text - init.ora, binary spfile.ora) Allocating SGA (system global area) in memory Creating background processes Reading the control files for system information (for existing databases only) Open files for read and/or read-write
166
NOMOUNT
u u
Typically used during database creation Starts the background processes and allocates memory Also used in recovery
167
Nomount - example
C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation. SQL> connect sys/systest as sysdba Connected to an idle instance. SQL> startup nomount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers SQL> 135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes All rights reserved.
168
MOUNT
u
Associating the database with the started instance Opening the control file, reading it, obtaining the names of the redo log and data files Verify checksum value (if enabled) and/or SCN synchronization
169
Mount - example
C:\Documents and Settings\vdevore>sqlplus /nolog SQL*Plus: Release 9.2.0.1.0 - Production on Fri Apr 4 21:07:52 2003 Copyright (c) 1982, 2002, Oracle Corporation. SQL> connect sys/systest as sysdba Connected to an idle instance. SQL> startup mount ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers Database mounted. SQL> 135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes All rights reserved.
170
OPEN
u
Opening the data file(s) and online redo logs for read-write Allowing regular users to connect to the database Attempts to acquire one or more UNDO segments Performs automatic crash recovery if database was shutdown abnormally
171
OPEN -Example
SQL> startup open ORACLE instance started.
Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers Database mounted. Database opened. SQL>
135338868 bytes 453492 bytes 109051904 bytes 25165824 bytes 667648 bytes
172
STARTUP No Arguments
u
Oracle assumes that STARTUP with no arguments implies a STARTUP OPEN It is also assumed that the current SID environment variable is what will be used.
n
PFILE or SPFILE must be defined and accessible or it will fail DBA must have SYSDBA or OSDBA
173
Starting an instance
u
NOMOUNT, MOUNT, and OPEN are different stages of an Oracle database startup
n
When a STARTUP OPEN is issued, the database first startups in a NOMOUNT state, then proceeds to a MOUNT state, and finally proceeds to an OPEN state
174
RESTRICT
u u
STARTUP RESTRICT Opens the database, but only allows users with RESTRICTED SESSION privilege to access the database Why start a database in a restricted mode?
u u
175
RESTRICT - Example
SQL> startup restrict ORACLE instance started. Total System Global Area Fixed Size Variable Size Database Buffers Redo Buffers Database mounted. Database opened. SQL> 4199600 bytes 42028 bytes 4026500 bytes 122880 bytes 8192 bytes
176
FORCE
u
STARTUP FORCE is used for troubleshooting a failed or failure to open database If the database is closed, forces the database open If the database is open, it will abort the database and then open it
Example: To shutdown the current instance, restart it without mounting or opening and allow only DBA access:
STARTUP FORCE NOMOUNT RESTRICT
u u
177
Allows multiple instances to access the database Cannot be used with EXCLUSIVE or NOMOUNT Invalid if initialization parameter SINGLE_PROCESS is set to TRUE Automatically restarts every five seconds if the instance is busy being recovered Will not retry for any other reason - parallel mode only
Retry
n
178
STARTUP RECOVER
n
Specifies that media recovery be performed Has same effect as issuing RECOVER DATABASE The recovery processes
u u u
Enable log archiving for media recovery Perform complete database recovery Perform partial database recovery
179
Pfile = parameterfilename
n
A site-specific parameter file to initialize an instance at startup. If not specified, Oracle searches for it in:
u
180
The DBA can change the current state of a database using the ALTER DATABASE SQL command The syntax is on the next slide
181
182
The ALTER DATABASE SQL command only moves the startup state of the database to a higher level
n
For example, the ALTER DATABASE SQL command cannot change the startup state from OPEN to MOUNT
u
In this case, the DBA must first shutdown the database and then issue a STARTUP MOUNT command
183
Database shutdown
u
A database shutdown stops an instance and makes the database unavailable to users Syntax
SHUTDOWN [ABORT|IMMEDIATE|NORMAL|TRANSACTIONAL]
184
SHUTDOWN NORMAL
n
Flushes all buffered writes to the disk, waits for all sessions to disconnect and then terminates the instance
SHUTDOWN IMMEDIATE
n
Flushes all buffered writes to the disk, kills all user connections, performs a rollback on all uncommitted transactions, then terminates the instance
185
186
Database shutdown
u
SHUTDOWN ABORT
n
Should only be used in emergency situations, such as when the DBA detects a media failure, power failure, or security breach to the database
187
Shutdown Abort
u
SHUTDOWN ABORT
n
Immediately terminates the Oracle instance All buffered writes are NOT flushed to disk Does not perform a rollback on uncommitted transactions An instance recovery is required on the next database startup (performed automatically)
188
Database shudown
u
SHUTDOWN TRANSACTIONAL
(new with Oracle 8i)
n
All current sessions in a transaction are allowed to complete No new sessions are allowed to start Any connected sessions are disconnected either by issuing a new transaction or once all transactions are committed or aborted
189
Database shutdown
u
SHUTDOWN NORMAL, SHUTDOWN TRANSACTIONAL and SHUTDOWN IMMEDIATE are either the usual or safest shutdown commands
n
190
Database shutdown
u
(SHUTDOWN IMMEDIATE) USER CONNECTIONS ARE TERMINATED All database data in the SGA is written back to the database files All redo log buffer data is written back to the redo log files Database is dismounted The control files are closed The SGA is removed from memory and the background processes are closed
u u u u u
191
192
Views
u
V$database
n
V$instance
n
193
Questions?
u u u
Which OEM manager can use to start up a database? How must you connect to startup a database? Which shutdown command satisfies these conditions?
u u
The database shuts down when the last user logs off Force the database to close with users connected and disconnects their transactions midstream Force the database to close with users connected, but let transactions complete
194
Summary
u
Log onto the host O/S, set up the proper environment and then run sqlplus /nolog
Starting the instance (NOMOUNT) Opening the controlfile(s) (MOUNT) Opening the datafiles and redo logfiles (OPEN)
195
Agenda
n
Describe Oracle tablespaces Create and modify tablespaces Manage tablespaces by querying the appropriate data dictionary views
197
All schema objects within the database (tables, views, packages, functions) are stored in segments and collectively stored in tablespaces
n
A tablespace is a logical unit of storage that is defined within Oracle Each tablespace corresponds to one or more operating-system level datafiles Each segment is contained in a single tablespace
198
199
A tablespace can be altered back and forth between these options as needed
n
Conditions must be tested before each alter (no current transactions may be active)
200
This holds all data dictionary objects and built-in PL/SQL program units (procedures, functions, packages and triggers)
Each tablespace can contain one or more schemas and each schema can have one or more objects
n
Each object can span more than one datafile per tablespace
201
When the Oracle Universal Installer (OUI) or OEM creates a database, it creates several tablespaces by default. For example:
n
SYSTEM - contains system definitions (Required) TEMP - used for sorting RBS/UNDO - used for rollback/UNDO segments TOOLS - used for storing PL/SQL program units USERS - used as default tablespace for users
202
Prior to creating a tablespace, the DBA will need to consider (covered extensively in Lesson 5):
n
Tablespace storage
u
203
Tablespace Storage
u
System limitation on datafile size Database limitation when database is created (maxdatafiles) Data file management
u
204
Dictionary Locally
u u
205
Tablespace Storage
u
Each tablespace contains object segment(s) Each segment is subdivided into logical units of storage called EXTENTS
u
When a user creates an object (such as tables, views, sequences) within the database, Oracle allocates an extent(s) within a tablespace in which to store the objects segment(s)
206
Tablespace Storage
207
Segment Storage
u
Segments can span across datafiles, but extents cannot Each segment can be composed of one or more extents Each extent is further subdivided into units of storage called DATABASE BLOCKS Extents must be made up of contiguous DATABASE BLOCKS
208
Database Blocks
u
Not identical to operating system-level file blocks A logical database block may span multiple system level blocks Should be created to either fit into an OS-level file block or be the same
209
Database Blocks
u
The size of each database block is determined by the parameter DB_BLOCK_SIZE in the initialization parameter file This size is fixed during database creation time. Cannot be changed unless the database is re-created The default DB_BLOCK_SIZE is 2048 bytes
210
Tablespace Storage
u
Tablespace
u
Object segment
u
Extents
u
Oracle Blocks
211
Starting with 8i, you can now create tablespaces that are managed locally within the header file of the tablespace If you specify local in a create tablespace, you cannot specify default storage, minextents, nor temporary clause Local allows two types of management: uniform extent or autoallocate
212
Create a tablespace using the CREATE TABLESPACE SQL command. The syntax for dictionary managed is:
CREATE TABLESPACE <tablespace name> datafile '<datafile location>size <datafile size> [M|K] [autoextend_clause] DEFAULT STORAGE (<storage_clause>) [online|offline];
213
214
Create an Oracle Managed File in a default location for datafile creation with defaults of 100M size and unlimited autoextensible maximum size:
alter system set db_create_file_dest
<datafile location> CREATE TABLESPACE <tablespace name>;
215
Datafile Naming
u
No UNIX/NT variable names nor VMS logicals should be specified in the datafile name
The directory that contains the datafile MUST have write permissions for the Oracle software owner
216
UNIX Naming
u
Example
n
Create a tablespace called DEVELOPMENT Specify a datafile '/u01/oradata/SEED/SEED_DEVELOPMENT_01.dbf' with a size of 300 Megabytes Make this tablespace available to all users immediately
217
Tablespace created.
218
VMS Naming
u
Example:
n
Create a tablespace called RBS Specify a datafile 'dka300:[oradata.seed]seed_rbs_01.dbf' with a size of 300 Megabytes Make this tablespace available to all users immediately and autoextensible at 500k increments to a maximum of 400 megabytes
219
SQL> create tablespace rbs 2> 3> 4> datafile 'dka300:[oradata.seed]seed_rbs_01.dbf size 300M autoextend on next 500k maxsize 400M;
Tablespace created.
220
NT Naming
u
Example
n
Create a tablespace called NEWDATA Specify a datafile d:\oradata\seed\seed_newdata_01.dbf' with a size of 900 Kilobytes Make this tablespace unavailable to users.
u
Extra credit what is missing with the final statement and assumed?
221
NT Naming Example
u
SQL> create tablespace newdata 2> 3> datafile d:\oradata\seed\seed_newdata_01.dbf size 900K offline;
Tablespace created.
222
When creating datafiles for tablespaces, adopt a common file naming convention Most Oracle file types are named as follows (see next slides)
223
DATAFILES
<TABLESPACE NAME>_<SID NAME>_<FILE ID>.dbf
Example
n
The third datafile of the SYSTEM tablespace belonging to the SEED database system_SEED_03.dbf
224
Use the ALTER DATABASE SQL command to modify the characteristics of an existing tablespace
n
Add/rename/change the state of a datafile Change a tablespace to read-only Take a tablespace offline/online Change the storage parameters To begin/end online hot backups Coalesce free space
225
226
Datafile Options
227
Example:
n
Add a second 100 MB datafile to the system tablespace Place the datafile under
/u01/oradata/SEED/SYSTEM_SEED_02.dbf
228
229
Example
n
230
Space from the new file is automatically allocated to the tablespace The new datafile can reside on a separate disk Oracle treats this and all datafiles belonging to a tablespace as a single logical entity
231
Tablespace
Datafile #1
Datafile #2
Once a datafile is added to a tablespace, you cannot delete it unless the tablespace is first dropped
232
To drop any tablespace (except SYSTEM) use the DROP TABLESPACE SQL command The syntax is:
233
A tablespace that contains data cannot be dropped unless the INCLUDING CONTENTS option is specified
n
If constraints exist between objects in the tablespace to be dropped and objects in another tablespace, the CASCADE CONSTRAINTS option must be specified along with the INCLUDING CONTENTS option
234
Once a tablespace is dropped, the datafile(s) associated with the tablespace must be deleted on the operating system level
n
The DROP command only removes that tablespace from the data dictionary Cannot drop the SYSTEM tablespace because it contains the data dictionary Once a drop is executed, it cannot be undone
235
Example
n
Drop the DEVELOPMENT tablespace, including all contents The syntax is:
236
OEM
237
Summary
u
Prepare the operating system Determine storage options Execute the CREATE TABLESPACE SQL and ALTER TABLESPACE command Ways to manage the stored data
238
Agenda
n
Methods of creation Set up the proper operating system environment prior to creating a database Execute the CREATE DATABASE SQL command Execute the proper scripts that build the data dictionary and PL/SQL procedures
240
Creation Methods
u u u
OEM Database configuration assistant When the Oracle software is installed Manually, either with scripts or by command line
241
Preparing the Operating System Creating a parameter file Starting the instance Creating the database Building the data dictionary Building the system PL/SQL procedures
242
An Oracle database consists of datafiles, redo log files, and control files Prior to creating a database, the location(s) of these files should be thought out carefully Space will need to be allocated for the files The system administrator will need to create the appropriate directories and set the proper permissions for these files
243
All systems
n
The owner of the directories should be the Oracle software owner (typically "oracle").
u
On Unix systems, the dba group will also be the group owner of the directory. On VMS, the user must have the ORA_DB rights identifier ON NT, the user must be in the group ORA_DBA
u u
n
The Oracle software owner should be the only user that has write access to these directories
244
Unix
n
(as root)
Bash# cd /u01 bash# mkdir oradata bash# chown oracle:dba oradata bash# chmod 755 oradata
245
VMS
n
(as SYSTEM)
$ Set default dka300:[000000] $ create/dir [.oradata] $ set file/own=oracle oracle.dir $ set prot=(S:RWED,O:RWED,G:RE,O:RE) oracle.dir
246
NT
n
(As administrator) Use Administrative tools in 'Settings' or the Manage option in 'My Computer'
u u
247
UNIX Enter the new name in /var/opt/oracle/oratab VMS Run ora_find_sid.com to register the database NT Run oradim to create a new database service Labels each database with a unique identifier
u u
248
Identifies which database a user will connect to upon executing an Oracle application
u
Unix/NT - ORACLE SID is designated by an environment variable, $ORACLE_SID VMS Oracle SID is a logical, ORA_SID
249
UNIX VMS NT
Once the ORACLE SID is set, all subsequent Oracle I/O affects the associated database
250
Defines and configures the parameters that configure the database All parameters are customizable by the DBA Read at instance startup First created as an ASCII file (initSID.ora) As of 9i, a binary (spfileSID.ora) file can be created and be managed once the instance is started
u u u u
251
Parameter File
u
Great care should be taken in the sizing of each parameter If a parameter is not defined, Oracle will provide defaults
n
To view all defined and defaulted values, run sqlplus as sys or system and issue:
Show parameters
or
view v$parameter
252
Unix
n
VMS
n
NT
n
253
For example,
n
If you have a database with a SID of SEED, Oracle looks for the associated parameter file under:
u u
254
Questions?
u
What is the default block size? Is the buffer cached defined in blocks or bytes? Can you have more than one value for the service_names value? Which control file is read when the database is opened?
255
Most associated parameters take default values if they are not explicitly defined The values that MUST be defined in each file are:
n
db_name (set to the same value as the ORACLE SID) control_files (should point to the location of the control files)
256
Dictionary managed
n
Default storage clause used Uniform extent Autoallocate Oracle manages the allocation, growth and removal Default file location defined in the init.ora
Locally managed
n n
257
Invoke Oracle as: sqlplus /nolog Connect to the database as the sysdba user Start the Oracle instance (nomount)
n
Only allowable startup level since control files, redo log files, and datafiles do not exist at this point
258
259
Once the Oracle instance is started, execute a CREATE DATABASE SQL command. Below is an abridged syntax:
CREATE DATABASE <database name> DATAFILE '<full path to datafile>' size <datafile size>M LOGFILE GROUP <group number> '<full path to logfile>' size <logfile size>M
260
The datafile defined becomes the first datafile of the SYSTEM TABLESPACE Each database MUST have at least two logfile groups For additional options of the CREATE DATABASE SQL command, consult the ORACLE SERVER ADMINISTRATOR'S GUIDE
u u
261
262
The control files associated with this database are also created in the location(s) designated in the parameter file
263
Now the data dictionary and PL/SQL packages need to be built The scripts catalog.sql, catproc.sql need to run against the database
n
264
265
Once these scripts have run, two default users are created in the database
n
266
Data dictionary
u
Composed of a set of tables and views Read-only Provides information about the associated database Created by SQL script catalog.sql
267
Data dictionary
u
Usernames of the associated database Security Names and definitions of scheme objects Space allocation for database objects Auditing information Triggers, functions, packages, and stored procedures
268
Data dictionary
u
CATALOG.SQL
u
CATPROC.SQL
u
269
270
Summary
u
Preparing the O/S Determining the ORACLE SID Creating a parameter file Starting the instance Executing the CREATE DATABASE SQL command Building the data dictionary and PL/SQL packages
271
Basics of Storage
u
Tablespace - Logical storage area within an Oracle Database that subdivides the database
n
273
Space Components
u
Database block - smallest unit of storage within an Oracle database Extent - Contiguous allocation of database blocks Segment - Logical collection of extents that make up a table, cluster, index, temporary segment, or UNDO segment
u u
274
Allocates the first extent of space Size of the extent allocated after the initial Number of extents allocated during the initial creation of the segment Limits the total number of extents the segment can create
275
PCTFREE - reserved portion of the data block that is used for later updates to rows in that block PCTUSED- percentage of space in a data block used before allocating another block A block is kept on the free list until it reaches PCTFREE A block stays off the free list until PCTUSED is reached
276
Tablespace - The tablespace to store the segments Partitioning - Feature of Oracle8 that allows a segment to be separated into multiple segments, each existing in a single or multiple tablespaces Optimal - sets the optimal size in bytes for a rollback segment (not used with UNDO)
277
Example
Create table EMP ( EMPID NUMBER, F_Name L_Name MI SSN VARCHAR2(25), VARCHAR2(25), VARCHAR2(1), VARCHAR2(11)
) Pctfree 10 Pctused 40 storage (Initial 2K Next 2K Pctincrease 0 unlimited) Tablespace USERS; Maxextents
278
Storage Considerations
u
Object creation parameters override tablespace default storage parameters with the exception of locally managed tablespaces as of Oracle8i Locally managed tablespaces enforce the use of uniform extent size or the size that has been autoallocated by Oracle
n
279
Dictionary managed
u u
Grouping of tables are by schema, not table Can take schema offline (ie, bad blocks, recovery)
Locally managed
u u
Never have tablespace fragmentation with uniform extents Never have to worry about extent growth with autoallocate
280
Both can be executed when the database is up Both can extend the tablespace and be ready for use immediately
Autoextending an existing datafile can alleviate DBA worries, but adversely can waste space Adding a datafile is under your control
Alter tablespace add datafile /u01/oradata/seed/newfile_seed_02.dbf size 500M;
281
RAID
u
RAID
n
Important to have for an Oracle system Jbod Lowest data cost low overhead 0 low data cost load balancing 1, 0+1 high data cost most expensive 5 Highest data cost safe
u
It takes four I/Os for one write (read data, read parity,write data, write parity) Minimum of three disks, plus 66-87% of space The more disks, the higher the gain
u u
282
Questions
u
What are the two ways to use the autoextend clause? Which segment type does not use the pctincrease storage clause? What would you think would be less problematic in regards to objects needing extents?
283
Storage issues
u
Disk contention
n
Segment fragmentation
n
284
Disk Contention
u
Too many heavily used segments on a single disk slows down access time and causes degradation in database performance System (Data Dictionary), TEMP and UNDO segment tablespaces are used constantly
u
Keeping these tablespaces on separate disks ensures the best access time
285
Fragmentation Issues
u
Fragmentation
n
Frequent writes to a tablespace lead to greater fragmentation Fragmented tablespaces run slower and require more disk activity then non-fragmented tablespaces Thus, objects should be grouped into tablespaces based on their activity and size
286
Levels of Fragmentation
u
Levels of fragmentation
n
UNDO Segments
u
Temporary Segments
u
287
Free space fragmentation is determined by the number of contiguous free space chunks within a tablespace Segment fragmentation is determined by the number of extents relative to the number of segments within a tablespace
288
A usable free space chunk is large enough to be used by the growth of an existing segment An unusable free space chunk is too small to be used by an existing segment
289
Segment Fragmentation
u u
Caused by segments requiring multiple extents Using a uniform extent size (i.e. locally managed tablespaces) will alleviate this Manage this by monitoring dba_segments and dba_free_space
290
Common Methodologies
u
Eliminates unusable free space fragmentation Does not eliminate segment fragmentation Minimizes maintenance efforts Extent sizes should be carefully chosen to achieve best performance
291
Common Methodologies
u
Often complicated and time-consuming Bound to a finite period of time for growing tables
Rebuilds (imp/exp)
n
292
Common Methodologies
u
Minimizes segment fragmentation Minimizes maintenance efforts Extent sizes grow exponentially Requires large free space chunks to be available
293
Dictionary Views
u
DBA_FREE_SPACE
n
DBA_SEGMENTS
n
DBA_EXTENTS
n
294
Summary
u u u u u
Basics of Space Storage Storage Parameters Default Storage Parameters Fragmentation Methodologies for maintaining
295
Agenda
n
Theory behind rollback/UNDO segments Rollback/UNDO segments within an Oracle Database Rollback/UNDO segments used in transactions Rollback/UNDO segments used in read-consistency
297
UNDO Segments
u
Database objects that record old values of data before the data are modified by transactions Used to recover the database Provide read consistency Allow certain transactions to be undone (rolled back)
u u u
298
UNDO Segments
u u
299
New purpose in 9i
300
SYSTEM
n
Non-SYSTEM
n
Deferred
n
301
Easier to administer
n
In a recent Oracle benchmark, 400 rollback segments were replaced by one undo tablespace
302
Extents within undo tablespace may switch ownership from one segment to another Prevents single large transaction from affecting other users Space reuse is more efficient, so errors are less likely Eliminates need for managing rollback space for online and batch differently
u u u
303
AUTO
u u u
Undo segments managed internally No CREATE, DROP, ALTER Automatic creation, shrinking, etc.
MANUAL
u
304
UNDO values
u
UNDO_TABLESPACE
n
Defines the name of the tablespace used to hold the undo segments
UNDO_RETENTION
n
305
UNDO Segments
u
Each segment allocates extents within a tablespace to store table data before the data are modified
306
UNDO Segments
u
Can hold data for multiple transactions A single transaction must be contained in a single segment Provided maximum number of extents has not been reached
307
The tablespace is all that needs to be created with AUM. Usually created at database creation time as part of the CREATE DATABASE statement: UNDO TABLESPACE undotbs datafile
'/u02/oradata/SEED/undodbs_seed_01.dbf' size 200m autoextend off
308
Default rollback segment is automatically created during database creation Cannot be deleted Segment resides in the SYSTEM tablespace Can only be used for SYSTEM objects Create a second one for creating the tablespaces during creation of a database
309
Additional rollback/UNDO segments must be created to hold rollback data for objects in nonSystem tablespaces The size and number of segments must be monitored:
n
v$rollstat, dba_segments
310
CREATE ROLLBACK SEGMENT <SEGMENT NAME> TABLESPACE <TABLESPACE NAME> [STORAGE <STORAGE_CLAUSE>|OPTIMAL]
311
Storage clause
u
Allows the DBA to set the sizing of the rollback segment(s) The DBA may allow Oracle to size the rollback segment automatically MINEXTENTS for rollback segments must be 2
312
SQL >create rollback segment rbs1 2 >tablespace rbs / Rollback segment created.
313
Once the rollback segment is created, It must be brought online before it can store transaction information An entry must be made in the initSID.ora file to be brought online each time the instance is start Use the rule of four to estimate:
n
# rollback = transactions/4
314
ONLINE
n
Brings rollback segment online Available for subsequent transactions Takes rollback segment offline Unavailable for subsequent transactions Will not go offline until all transactions have completed
OFFLINE
n n
315
Only the SYSTEM rollback segment is brought online Only the segment names in the ROLLBACK_SEGMENTS parameter in the initialization parameter file are brought online
ROLLBACK_SEGMENTS=(RBS1,RBS2)
Query the data dictionary view to check the status of all rollback segments:
sys.dba_rollback_segs
316
Each time a transaction is executed against the database, Oracle automatically allocates an available UNDO segment Unchanged data is stored for transaction and session rollback To ensure that each user has a consistent view of the data they are working on.
317
Prior to executing the SQL statement, execute: SET TRANSACTION USE ROLLBACK SEGMENT <ROLLBACK SEGMENT NAME>
Example:
318
Example
EMPNO | ENAME 00100 | John Doe 00200 | Sue Smith 00300 | Jane Goodall 00400 | Sam Tyson 00500 | Mike Jones | DEPTNO | | 001 | 001 | 001 | 001 | 001 | | | | | SAL 15000 15000 15000 15000 15000 -----------------------------------------
u u
The Emp table holds this information prior to the transaction Before the statement is applied, a free UNDO segment is obtained
319
Statement is Executed
SQL> update emp set sal=30000 where empno=0500; 1 row updated.
u u
The user executes this SQL statement If the user commits, the rollback/UNDO segment is released
320
Rollback Statement
u
To undo changes
n
Execute a ROLLBACK SQL statement This undoes the update statement and copies information back into the table
321
Oracle Flashback
u
Uh, I just deleted 1,000 rows from SPRIDEN. Can you restore it for me? UNDO_RETENTION parameter
322
Using Flashback
u u u
User needs execute on DBMS_FLASHBACK Retention time must be long enough to be useful Query as usual after enabling Flashback
CALL dbms_flashback.enable_AT_time ('25-MAR-02:08:00:00'); SELECT * FROM emp; CALL dbms_flashback_disable();
323
Dictionary Views
u
V$rollstat
n
Number of times a rollback segment has wrapped Number of times it has extended Number of times it has shrunk
V$rollname
n
324
Change the internal structure of the database They do not use rollback/UNDO segments during processing Once SQL statements are executed, they cannot be rolled back!
325
Summary
u
UNDO segments provide the user the ability to undo DML statements within the database UNDO segments also provide read-consistency within the database UNDO is a special type of segment Rollback segments are kept for backwards compatiblity
326
Agenda
n
Create new Database Users Modify existing Database Users Monitor information about Database Users Drop Database Users Terminate user sessions
328
Created within the database or OEM Not defined in the underlying operating system
Oracle stores internal user account information within the data dictionary in an encrypted format
329
330
If you do not specify a default tablespace, the user is assigned to SYSTEM If not explicitly specified, users have a QUOTA of 0 on all tablespaces By default, the account is not locked and the password is not pre-expired
331
If you do not specify a temporary tablespace, temporary segments default to the SYSTEM tablespace In 9i, if you create the default temporary tablespace for everyone you do not need to worry about this To use this new feature, create it at database creation time or later It must be of type temporary
332
Create a User
u
Example:
n
Create a user SAISUSR with a password of u_pick_it Assign a default tablespace of USERS and a quota of 100KB on the DEVELOPMENT tablespace Specify the temporary tablespace to be TEMP (Syntax is on the next slide.)
333
334
User Passwords
u
During the CREATE USER command, the assigned password echoes on the screen
u u
Note that the password is stored in encrypted form The encryption algorithm is DES-128 bit
335
Password Aging
u
336
Object Ownership
u
As with an OS account, Oracle assigns an ownership to all database objects that you create in the database
n
When a user creates an object in the database, it is created under that user's SCHEMA
337
Example
n
User joe creates a table dept within the database This table is created under joe's ownership or schema
SQL> create table dept 2> (deptno number(25), 3> dname varchar2(100)) / Table created.
338
chris cannot see joe's table unless he specifies the appropriate schema. The syntax for specifying objects in another schema is <SCHEMA>.<OBJECT>
339
If a schema is omitted, Oracle assumes the object is in your own schema. If not found there, it will search for a synonym
340
If the object is not yours, the only way you can see the object(s) is for you to have been granted rights to it. This includes the synonym short name.
n
341
During an Oracle install, default user accounts are created. The important ones are: SYS and SYSTEM (INTERNAL will be desupported in 10i)
n
All accounts are DBA accounts To connect to sys, you must have SYSDBA privileges However, all data dictionary objects will be created under the SYS schema
342
To prevent damage to the data dictionary, most DBA tasks should be done as SYSTEM
n
The default password assigned to SYS is change_on_install The default password for SYSTEM is manager Change both passwords immediately after database creation If you create a database in the Database Configuration Assistant, you will be prompted to change the passwords
343
Unix
n
Can connect as SYSDBA only if the user is in the DBA group (defined under /etc/group) Can connect as SYSDBA only if the user is granted the ORA_<sid>_DBA identifier under SYS$SYSTEM:AUTHORIZE Can connect as SYSDBA only if the user is in the ORA_DBA group
VMS
n
NT
n
344
Altering Users
u
Purpose: To change the authentication or database resource characteristics of a database user Several ways to make the change:
n
ALTER USER SQL command OEM Management Console Other third-party tools
345
Example
n
Change the password of the user saisusr to monitor4all Modify the quota this user has to UNLIMITED on the USERS tablespace
SQL > alter user saisusr 2> identified by monitor4all quota unlimited on users; User altered.
346
347
Dropping a User
u
Drop a database user with the DROP USER SQL statement and to optionally to remove the userss objects: Again, this can be done with OEM and SQL DROP USER <username> [CASCADE]
348
If the user has objects in his/her schema, Oracle will not drop a user
n
Example
n
Drop the user saisusr and include all objects in this user's schema
349
Oracle will invalidate, not drop, any objects referencing the dropped objects
n
350
Can view user information in the data dictionary, which stores information on all users
n
351
View information about all users in the database with the DBA_USERS data dictionary view
SQL> select * from dba_users USERNAME -----------------TEMPORARY_TABLESPACE SYS TEMP SYSTEM TEMP 2 rows selected. SQL> exit 5 0 USER_ID ---------PASSWORD ----------------------------CREATED D4C5016086B2DC6A 26-APR-01 D4DF7931AB130E37 26-APR-01 TOOLS DEFAULT SYSTEM DEFAULT DEFAULT_TABLESPACE -----------------PROFILE
352
Display tablespace quotas for all users with the DBA_TS_QUOTAS data dictionary view
n
The user sam has a quota of 100KB on the SYSTEM tablespace (see example on next slide)
353
TABLESPACE_NAME
USERNAME
BYTES
354
When necessary, terminate a user's session while the user is logged on to the database
n
Use an ALTER SYSTEM KILL SESSION SQL statement Or use the OEMs Oracle Enterprise Manager Console
355
OEM
356
Prevents the user from issuing further database calls Frees locked resources Issues rollback on all uncommitted transactions
357
DBA must first determine serial number and the session ID for the session Both values can be determined from the the data dictionary view v$session
358
Example:
n
The DBA wants to kill the session owned by joe The DBA must first determine the serial number and session ID
359
3> /
SID --13
360
361
Note that ALL user sessions are killed when the DBA issues a SHUTDOWN IMMEDIATE
362
Summary
n
Create new Database Users Modify existing Database Users Monitor information about Database Users Drop Database Users Terminate user sessions
363
Managing Resources
u
Agenda
n
365
Profiles
u
Can be used to limit system and database resources available to a user Define a set of resource limits Useful in large multi-user systems Simplifies resource management
u u u
366
Resource Options:
SESSION_PER_USER CPU_PER_CALL IDLE_TIME COMPOSITE_LIMIT LOGICAL_READS_PER_SESSION LOGICAL_READS_PER_CALL CPU_PER_SESSION CONNECT_TIME PRIVATE_SGA(MTS only) FAILED_LOGINS_ATTEMPTS
367
Password options:
n
368
To enable profiles, set the initialization parameter RESOURCE_LIMIT in the database parameter file, init<SID>.ora A value of TRUE enables resource enforcement A value of FALSE(default) disables all profiles Once this value is modified, either restart the database or use the ALTER SYSTEM command for the changes to take effect
u u u
369
Example
n
370
Managing Resources
u
When resource limits are enabled for a database, the system creates a profile called DEFAULT
n
Users who are not explicitly assigned a profile are assigned to DEFAULT All unspecified limits in later profile definitions have the corresponding value of DEFAULT Initially, all DEFAULT values are unlimited DEFAULT profile should not be modified. It will also affect SYS and SYSTEM!
371
372
Managing Resources
u
Using profiles, resources may be controlled at both the session or call (statement) level
n
Lists of resources controlled at the session level and at the call (statement) level may be found in the workbook
373
Managing Resources
u
Example
n
Create a profile called developer_profile Maximum of five concurrent sessions Unlimited CPU time for a call Maximum idle of 60 minutes (Syntax on next slide.)
374
Managing Resources
SQL> create profile developer_profile limit 2> sessions_per_call 5 3> cpu_per_call unlimited 4> idle_time 60 / Profile created.
375
Managing Resources
u
Once you create a profile, assign users to it To assign a new user to a profile, specify the profile name in the CREATE USER SQL statement
n
376
Managing Resources
SQL> create user eddie identified by vanhalen 2> default tablespace users 3> temporary tablespace temp 4> profile developer_profile / User created.
377
Managing Resources
u
378
Managing Resources
u
Profile assignments only affect a user's subsequent transactions Each user is assigned one (and only one) profile
379
Managing Resources
u
The users current statement stops executing, and all changes are rolled back Only a COMMIT, ROLLBACK, or disconnect is allowed
380
Managing Resources
u
Processing of the statement is halted Statement is rolled back Only a COMMIT, ROLLBACK, or disconnect is allowed
381
Managing Resources
u
In both cases, the user is notified of the resource he/she has exceeded
SQL> delete from saturn.spriden / ORA-02393 exceeded call limit on CPU usage
382
To modify characteristics of an existing profile, use the ALTER PROFILE SQL statement
n
383
Profile altered.
384
Managing Resources
u
Example
n
Alter the profile developer_profile to specify a maximum of two sessions, 30000 hundredths of a second CPU time for a session, idle time of 30 minutes and 1000 logical reads per call. (Syntax is on the next slide.)
385
Managing Resources
u
SQL> alter profile default limit 2> sessions_per_user 5 3> idle_time 30 / Profile altered.
386
Resource Composites
u
Total resource usage may be limited through the use of composite limits
n
387
Managing Resources
u
The DBA must first define the weighting factors for each resource that is used This is done using an ALTER RESOURCE COST SQL statement
388
Managing Resources
u
Example:
n
The DBA wants to set a composite limit of 1000 for the above quantities He/she wants to weight each quantity equally
389
Managing Resources
SQL> alter resource cost 2> cpu_per_session 1 3> connect_time 1 4> logical_reads_per_session 1 5> / Statement processed. SQL>
390
Managing Resources
u
A composite profile can now be defined using the above weighting factors
2> composite_limit 2000 3> idle_time 60 4> /
391
Managing Resources
u
In this example, if the total cpu_per_session, connect_time and logical_reads_per_session exceeds 2000, then a user exceeds his/her profile limits
392
Managing Resources
u
To remove a profile from the database, use the DROP PROFILE SQL statement
DROP PROFILE <profile name> [CASCADE]
393
Managing Resources
u
To override this, specify the CASCADE option Any users assigned to a dropped profile will be reassigned to the DEFAULT profile
394
Managing Resources
u
Example
n
Drop the profile developer_profile, and reassign all users that had this profile to the DEFAULT profile.
395
Managing Resources
u
Query the data dictionary to view information about profiles defined in the database Views that hold information about profiles defined in the database include:
n
DBA_USERS
(What profiles)
396
Managing Resources
u
Example
n
------------------------------ -----------------SYS SYSTEM SAM 3 rows selected. SQL> DEFAULT DEFAULT DEFAULT
397
Managing Resources
u
Example
n
Determine the resource limits of the default profile Refer to the workbook for an example of looking up the values
398
Password Limits
u u u u
Use for login attempts Password history Account management May need to run utlpwdmg.sql to set up password management
399
Password History
u
A mechanism must be in place for you to alter their password PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME are mutually exclusive
u
400
Other Options
u
Can give one set of user 75% CPU usage, another 25% (*more in DBAII)
Use product_user_profile Restrict access to items like HOST, SET <set command>, etc.
401
Summary
n
Control resource usage within the database Restrict and limit system and call level controls Manage user password and login attempts
402
Agenda
n
Define database privileges Grant and control system privileges Grant and control object privileges Grant and control roles
404
Oracle allows the DBA and users to control access levels for objects within the database
n
405
406
Object privileges are the easiest to remember. There are eight to remember:
Select alter
n n
insert index
update References
delete execute
n n
407
Users will need system and object privileges to access the database and to manipulate data When a user is created, no object nor system privileges are available Privileges can be GRANTed to users, roles and to PUBLIC
408
All grants the user or role all privileges (except SELECT ANY DICTIONARY) WITH ADMIN OPTION permits the grantee to bestow the privilege to other user(s) or role
n
409
Example:
n
Grant the user scott the privilege to select from any table
410
411
412
Example:
n
413
Example:
n
Remove SELECT ANY TABLE PRIVILEGE from all users in the database
414
User A has system privilege Q with ADMIN OPTION. He/she then grants privilege Q to user B The DBA then revokes system privilege Q from user A The revocation of system privileges does NOT cascade down. After the revoke of privilege Q for user A, user B STILL has privilege Q
415
Once a user is created in the database, he/she still needs CREATE SESSION system privileges in order to logon to the database To disable a user account without dropping the user, simply revoke the user's CREATE SESSION system privilege Refer to the workbook for the syntax
416
u u
All grants all object level privileges. WITH GRANT OPTION allows the grantee to grant this privilege to other users in the database
417
418
The user executing the grant MUST have the object in his/her SCHEMA unless the grant WITH GRANT OPTION has been previously granted For example, john cannot grant select on table emp to sue unless he owns the table or a grant WITH GRANT OPTION has been granted to him
419
Example
n
Grant the users sue and rich the privilege to query the accounts table
420
Example
n
Grant the user jeff the privilege to insert on spriden_pidm column of the SPRIDEN table
n
421
An object privilege that is granted using WITH GRANT OPTION can be passed on to other users and roles by the GRANTEE
SQL> grant select on accounts to sue with grant option; Statement processed.
422
423
424
Example:
n
425
Example:
n
426
Unlike revoking system privileges, revoking object privileges has a cascading effect. Investigate the effects before doing so
n
Suppose that the DBA revokes the SELECT ON ACCOUNTS object privilege from sue... This revoke will remove the privilege from sue AND from all users to whom sue granted that privilege Refer to the workbook for the syntax
427
View all object privileges granted to users by querying the data dictionary
Description All privileges on objects in the database All privileges on columns in the database
428
Summary
u
Define database privileges Grant and control system privileges Grant and control object privileges
429
Role Management
u
Agenda
n
431
Role Management
u
For example, if you have 100 users that each require the following privileges:
u u u u
To assign these privileges, the DBA must execute each grant for all 100 users
432
433
For example, the DBA also wants each user to have update privileges on the SPRIDEN table The DBA must now execute the appropriate grant for EACH user
434
435
A collection of system and/or object level privileges Allows predefined collections of privileges to be modified and assigned Simplifies privilege management Once defined, may be granted to other users, roles and/or PUBLIC Granting a role to a user grants ALL associated privileges to that user
u u
436
Role management
Privilege
CREATE SESSION SELECT ANY TABLE UPDATE ANY TABLE
Role
Normal User
User
Joeuser
437
Role management
u
438
Example
n
439
Example
n
Create a role called power_user Protect this role with the password xxx2q
440
Role management
u
Privileges may be assigned to roles in the same manner they are assigned to users The assignments are done through GRANT SQL statements (See next slide for syntax.)
441
Role management
SQL> grant create session to standard_user; Statement processed. SQL> grant create table to standard_user; Statement processed. SQL> grant drop table to standard_user; Statement processed. SQL> grant select any table to standard_user; Statement processed.
442
Role management
u
A role grant to a user grants all associated privileges to the user (See next slide for syntax.)
443
Role management
SQL> grant standard_user to user1; Statement processed. SQL> grant standard_user to user2; Statement processed. SQL> grant standard_user to user3; Statement processed. . . . (etc)
444
Role management
u
Make these changes through GRANT or REVOKE SQL statements Any changes to roles immediately cascade down to all grantees of the role (See next slide for syntax.)
445
Role management
SQL> grant update on spriden to standard_user; Statement processed.
The above statement gives all grantees of standard_user the ability to update on the SPRIDEN table
446
Role management
u
The above statement causes all associated privileges of standard_user to be granted to power_user
447
Role management
u
448
Role management
u
The exception to this is that no role can be granted to itself, even indirectly
n
If Role A is granted to Role B, and Role B is granted to Role C, then Role C cannot be granted back to Role A
449
Default Roles
u u
Users can have none or many default roles If no default role is assigned, all roles granted to the user will be in effect throughout their session If a user has a default role and wants to set another role, the user must issue the set role command
450
Default roles are set for a user using the ALTER USER SQL statement
451
Setting Roles
u
A user may activate another role that he/she has previously been granted using a SET ROLE SQL statement User Joe can set any role that he was granted during his session.
u
452
Role management
u
If joe has a default role set for his user account, then that role will be active for his entire session. If joe does not have a default role set for his account, then the more powerful role will always be active.
n
453
Role management
u
When a user logs into a database, the default role is what is available. If more than one role is granted as default, the more powerful will take precidence.
454
If joe has standard_user set as a default role, then he has to issue a SET ROLE SQL statement to activate any other role. If Joe wants to delete all the roles from table SPRIDEN, can he simply log in and do this? If not, what must Joe do to give him the privilege?
n
455
Suppose that the user joe has been granted two roles with conflicting privileges...
SQL> grant all on spiden to power_user; Statement processed. SQL> grant select on spriden to standard_user; Statement processed. SQL> grant power_user, standard_user to joe; Statement processed.
456
Role Authorization
u
The DBA can change the authorization of a role using the ALTER ROLE SQL statement
n
NOT IDENTIFIED - removes the password associated to a role IDENTIFIED BY - assigns a password to a role EXTERNALLY Tied to the operating system (not discussed here)
457
View dba_roles to see what roles are passworded To remove/alter a password option, use the alter role command:
458
A password-protected role may be invoked using a SET ROLE ... IDENTIFIED BY SQL statement
To set a non-defaulted password role, the user must have the password and explicitly set it.
459
Role management
u
If a password-protected role is granted to a user as the default role, Oracle skips the password checking and invokes the role as the user logs on If no default role is defined for a user, Oracle assumes that ALL granted roles for a user are the default and skips password checking for ALL granted roles Thus, ALL USERS NEED TO BE ASSIGNED DEFAULT ROLES
460
Role management
u
Banner Security
n
Password-protected roles are the key to security in Banner In Banner, three roles are created :
u u u
461
Role management
u
BAN_DEFAULT_CONNECT
n
Allows users to only connect to the database, but not to have access to ANY objects
462
Role management
u
BAN_DEFAULT_Q
n
BAN_DEFAULT_M
n
463
Role management
u
All three roles are granted to EACH Banner user with BAN_DEFAULT_CONNECT set as the default role
n
464
Role management
SQL> grant ban_default_connect to saisusr; Statement processed. SQL> grant ban_default_q to saisusr; Statement processed. SQL> grant ban_default_m to saisusr; Statement processed. SQL> alter user saisusr default role ban_default_connect; Statement processed.
465
Role management
u
Users with BAN_DEFAULT_M or BAN_DEFAULT_Q roles are not able to invoke the associated privileges, since they will not know the underlying passwords The passwords for invoking these roles are stored in encrypted format in each Banner form
466
Role management
u
These roles are invoked ONLY when the user executes the appropriate form
n
Thus, users can only change information within the database through a Banner form Consult the Banner Security Manual (Chapter 2 of the technical reference) for additional information
467
Cautions
u u
As described earlier, be aware of default roles Another one is if you grant a role with a system privilege with admin option:
n
A user with the role grants the system privilege to another user The role was dropped The new user with the system privilege will still have that privilege!
468
Role_role_privs
n
Role_sys_privs
n
Role_tab_privs
n
469
Summary
n
Describe roles Creating and modifying roles How Banner utilizes roles Methods of combining privileges for user group activies
470
Oracle Net
u
Agenda
n
Describe the purpose and goal of Oracle Net Setup Oracle Net listeners on the database host Setup Oracle Net clients that connect to other Oracle servers
472
Networks
n
Traditionally, database connections have been local connections Server-based applications force support of both the application and database
n
473
Local Connections
u
Local connections are useful in some circumstances, such as DBA tasks Local connections in many other cases are less useful. They require that:
n
An account is set up on the operating system level for all Oracle users. This is a serious security problem, especially under UNIX where numerous security holes exist with shell (/bin/sh, /bin/ksh) level The client resides on the same machine as the database server. This reduces performance of the database server
474
Tier Architecture
u
Two-task processing introduced the beginning of separating clients from applications and servers Two-tier architecture required a fat client with lots of RAM and disk space Configuration management was a nightmare!
475
N-tier Applications
u
Distributes the workload associated to database applications Introduced the N-tier Architecture Thin clients were now able to run applications Oracle Net allowed for distribution of the workload across the network
u u u
476
Thin clients
u
The client has now been transferred to a middle tier The application load can now be spread over the network Browser-based connections have now eliminated fat PC requirements
477
Oracle Net
u u
Heterogeneous database connections are now common Transparent Network Substrate (TNS)
n
Client and server can use different communications protocols Multi-vendor applications can now communicate Can transfer data to an asynchronous receiver
478
Oracle Net
u u
An IP networking protocol Must be installed on both client and server machines before remote connections can take place Defined as a session-level protocol that runs on top of network and transport layers
u
479
480
TCP/IP
u
n n n
Developed by the US Defense Department for high speed data transfer between WANs Protocol used on the Internet Routable between subnets Supports a uniform network numbering scheme throughout the world
481
Oracle Net
u
Installed to run under TCP/IP, since it is present on virtually all machine types Easily configured
n
482
Connection configuration
u
483
Listener.ora
u
An Oracle LISTENER must first be set up on the database server prior to remote connections to any database The Listener.ora file configures
u
A unique listener name Protocol addresses that it is accepting connection requests on Services it is listening for
484
Oracle Net
u
485
Service Name(s)
u
Service name(s) for each running database Instance names of the databases Service Handlers, dedicated or dispatcher
PMON also checks on dispatcher and server processes, and restarts them if necessary
486
Oracle Net
u
Defines a TCP listener named MYLISTENER that runs on port 1526. (Note that on Unix systems ports under 1024 are reserved for root access only.) Hostname of the database server is my.test.edu MYLISTENER attaches to the databases SEED, TEST, and PROD, which run from the directory /u01/oracle/product/8.1.6.#
487
Oracle Net
u
When you invoke this application you should see something similar to:
LSNRCTL for Unix: Version 2.3.3.0.0 - Production on 18-MAY-98 23:51:31 Copyright (c) Oracle Corporation 1994. All rights reserved.
488
Oracle Net
u
To start or stop a particular listener, you can either enter the command at the prompt:
lsnrctl start <LISTENER_NAME>
489
Oracle Net
u
The program lsnrctl calls another executable, tnslsnr, which actually starts the daemon At this point, the databases SEED, TEST, and PROD are ready to accept remote connections from the network
490
Oracle Net
u
491
Oracle Net
u
Typically, the Oracle software owner starts/stop the listener, although anyone in the dba group can do so If someone other than ORACLE starts it, the log file will be produced where the user is logged in at
492
Oracle Net
u
Multiple listeners
n
The previous syntax defined a single listener that attaches to the SEED, TEST, and PROD databases Under this setup, users can remotely log into any of the three databases attached to the daemon while MYLISTENER is running
493
Oracle Net
u
If the DBA needs to restrict users from remotely logging into specific databases while the databases are open, the databases should be attached to separate listeners Databases remain remotely inaccessible as long as the listeners that attach to it are not running The DBA can configure as many as needed so long as each one is defined on a separate port
494
Oracle Net
u
Three listeners: FIRSTLISTENER, SECONDLISTENER, and THIRDLISTENER Run from ports 1526, 1527 and 1528, respectively Attach to the databases SEED, TEST, and PROD
495
Oracle Net
u
496
Oracle Net
u
To prevent users from remotely logging to the TEST, for example, the DBA can shut down SECONDLISTENER However, keep in mind that more listeners take up more system resources
497
In addtion to setting up Oracle Net on the database server, Oracle Net must also be properly configured on each Oracle client Several ASCII configuration files exist for setting up Oracle Net on the Oracle client
n n n
498
Client Configuration
u
As with listener.ora, Oracle recommends you generate these files with Oracle Net Manager, but you can edit them directly
499
Connection Management
u
500
Oracle Net
u
The tnsnames.ora file consists of a series of database connect/host string definitions. Each string defines a specific database which the client can connect to. The basic syntax of these strings is shown in the workbook.
501
Oracle Net
u
Hostname of the database server Port that the listener is running on Oracle SID of the desired database
502
Oracle Net
u
While the DBA is free to choose any name she/he wants as the host string, each value in the string MUST match those defined in the corresponding Oracle listener
u u u
503
Oracle Net
u
For an example of using the latter listener.ora file, the workbook ilustrates the configuration association of these.
504
Oracle Net
u
Once these files are properly set up, you are ready to connect to a remote database On Windows2000/NT you can pre-define the connect string with the LOCAL registry value. This assumes only one database on the server. You can pre-set connect_strings in any environment by creating an individual tnsnames.ora for each database. Each of these assist the user in entering as little as possible
505
Oracle Net
u
Username and password for the Oracle logon Connect string that defines the database
506
Oracle Net
u
From the command line, setting up a remote connection is very similar to that of a local connection
n
Start the desired Oracle client as before During the database logon specify a username followed by an "@<connect string>" during the username prompt
507
Oracle Net
u
For example, to remotely connect as SYSTEM into the SEED database using SQL*PLUS
n
Sqlplus system/manager@seed
You can also connect another database in the sqlplus program without disconnecting
n
Connect general/u_pick_it@prod
508
Oracle Net
u
For example, to connect to SQL*PLUS from a GUI-based session, you would enter the following:
509
Oracle Net
u
The Oracle client first takes the host string specified in the login and attempts to find a matching string in tnsnames.ora
n
If it finds a match, it attempts to find a listener running at the specified host and port If an Oracle listener is found, the client application attempts to locate a database with the SID as specified in the host string If the client finds this database, it takes the username and password and attempts to login
510
Oracle Net
u
Setting up remote database connections is a complicated process, that requires numerous components to be properly functioning The workbook lists common errors that can arise, along with their likely resolutions
511
Oracle Net
u
Any Oracle system account can test the connect string with TNSPING. This will test to see if the host machine is listening and recognizes the connect string Sometimes DNS resolution gets in the way, you can specify an IP for the HOST= parameter. It is faster
512
Sqlnet.log will be very beneficial in trouble shooting connections To identify the relevant part of the problem, you will need to turn on tracing There are three main areas to trace:
n
513
Establishing a connection
514
u u
This will turn on FULL tracing for your user account. Output in /tmp/filename_<PID>.trc
515
516
517
Tuning
u
Packet transferring
n
SDU TDU
u u u
518
Summary
n
Describe the purpose and goal of Oracle Net Setup Oracle Net servers on the database host Setup Oracle Net clients that connect to Oracle Net servers
519