November 17, 2006

UKOUG 2006 Day 4

Oracle Database Vault

As a DBA, I dread that developers issue “unwanted” SQL table deletion or dropping. I also do not want to see some sensitive data within the database.

If a developer connect as schema owner, he can always drop table or delete rows. We usually use an app server which will store the password in plain text and use it to connect to database. So a developer can always find the password for a product server.

A nightmare, a deep worry in my heart.

At UKOUG conference today, I saw a demo of Oracle vault. It solves the problem elegantly.
there is a new user, security manager, he can define a set of security roles. (he cannot see the data). The rules can prevent DBA or user from dropping/deleting/altering a table, even a table belongs to his own schema.

Suddenly DBA is no longer a dictator with absolute powerful. He has a security manager, a parliament to limit his power. This is good.
Absolute power can lead to absolute destruction

Gata guard at play

a two-hour session from Carel-Jan Engel, dba!ert. Not good. he mentioned his customers convert logical standby db to physical standby db because logical standby is difficult to maintain. Logical standby will has at least 20% extra redo.
Larry Carpenter from Oracle confirmed this, but assert logical standby is pretty mature in 10g R2.

I have reasons to use logical standby:
  • Use logical standby as a test server.
  • Can do rolling upgrade.
  • Can be used as report, though we never do so.
Some tips:
  • When he upgrade physical standby, he create a separate Oracle home on both hot standby servers.
  • he prefer use the same database name everywhere. hmm, worth thinking…

10GR2: Performance Diagnosis Update

ashrpt.sql (ASH report), awrddrpt.sql(report on differences between snapshots), awrsqrpt.sql(Workload Repository SQL Report) to display session history
v$sql is update every 5 seconds even a SQL is currently running.

Odds and Ends
Connor MacDonald is an excellent speaker.

alter session set tracefile_identifier = <name>

will generate a new trace file whose name containing

flashback standby database to before resetlogs

Metalink (ML) note: 187242.1

English study

work solidly   fiddle around
Lighting never strikes twice on the same spot - I wont take a bet on this

- 2 comments by 1 or more people Not publicly viewable

  1. jason arneil

    Hey, are you actually running logical standby in production?

    We tried to do this for some time on version but found many, many bugs that would freeze the apply process. What version are you running on and are you finding it stable?


    20 Nov 2006, 12:38

  2. Hongfeng Sun

    logical standby 10g is much better than 9i. If you only use table, view , sequence.. in your application, logical standby is pretty stable. You need to proactively monitor the log apply service, it often stopped due to some inconsistent state between primary and standby.

    We use logical standby in 9.2, 10.1 and 10.2. I found 10+ is quite good.

    20 Nov 2006, 12:49

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

Search this blog

Search Warwick Blogs



Most recent comments

  • Oracle 11g is the clear leader in this area. Oracle has invested heavily into self–tuning capabiliti… by shaane on this entry
  • All the features are very nice.I like Repair Advisors the most.Oracle 10G introduced some of the dat… by lucy on this entry
  • "logical standby failed to re–start, I am also getting the same error. I have search on internet and… by anemia on this entry
  • Thanks for the nice information because from last three days i am stuck on this problem…. by robot vacuum on this entry
  • So what happen City speed dating when you tried this coding once in your PC.. Please tell me so i am… by John Bergeron on this entry
Not signed in
Sign in

Powered by BlogBuilder