UKOUG 2006 Day 4
Oracle Database Vault
As a DBA, I dread that developers issue “unwanted” SQL table deletion or dropping. I also do not want to see some sensitive data within the database.
If a developer connect as schema owner, he can always drop table or delete rows. We usually use an app server which will store the password in plain text and use it to connect to database. So a developer can always find the password for a product server.
A nightmare, a deep worry in my heart.
At UKOUG conference today, I saw a demo of Oracle vault. It solves the problem elegantly.
there is a new user, security manager, he can define a set of security roles. (he cannot see the data). The rules can prevent DBA or user from dropping/deleting/altering a table, even a table belongs to his own schema.
Suddenly DBA is no longer a dictator with absolute powerful. He has a security manager, a parliament to limit his power. This is good.
Absolute power can lead to absolute destruction
Gata guard at play
a two-hour session from Carel-Jan Engel, dba!ert. Not good. he mentioned his customers convert logical standby db to physical standby db because logical standby is difficult to maintain. Logical standby will has at least 20% extra redo.
Larry Carpenter from Oracle confirmed this, but assert logical standby is pretty mature in 10g R2.
- Use logical standby as a test server.
- Can do rolling upgrade.
- Can be used as report, though we never do so.
- When he upgrade physical standby, he create a separate Oracle home on both hot standby servers.
- he prefer use the same database name everywhere. hmm, worth thinking…
10GR2: Performance Diagnosis Update
ashrpt.sql (ASH report), awrddrpt.sql(report on differences between snapshots), awrsqrpt.sql(Workload Repository SQL Report) to display session history
v$sql is update every 5 seconds even a SQL is currently running.
Odds and Ends
Connor MacDonald is an excellent speaker.
alter session set tracefile_identifier = <name>
will generate a new trace file whose name containing
flashback standby database to before resetlogs
Metalink (ML) note: 187242.1
work solidly fiddle around Lighting never strikes twice on the same spot - I wont take a bet on this