OCP 12C – Privileges

OCP FlashCards

User Task-Specific Administrative Privileges

  • To continue with the objective of separating duties and the least privileges, Oracle 12c introduce new administratives privileges all destinated to accomplish specific duties:
    • SYSBACKUP : Used for RMAN operations like BACKUP, RESTORE, RECOVER
    • SYSDG : Used to administer DATAGUARD, In 12c when you use DGMGRL commandline interface your are automatically loggued on with the SYSDG privilege.
    • SYSKM : This privilege is meant for TDE operations like OPEN/CLOSE key stores, change master key or manage column encryption keys and tablespace encryption.

Continue reading OCP 12C – Privileges

OCP 12C – Auditing

OCP FlashCards

Unified Audit Data Trail

  • Unifed Auditing offers a consolidated approach, all the audit data is consolidated in a single place.
  • Unified Auditing consolidate audit records for the following sources :
    • Standard Auditing
    • Fine-grained auditing (DBMS_FGA)
    • RAC security auditing
    • RMAN auditing
    • Database Vault auditing
    • Oracle Label Security auditing
    • Oracle Data Mining
    • Oracle Data Pump
    • Oracle SQL*Loader
  • In addition to the consolidation, the unified auditing adds security, all audit data consolidated is read-only.
  • Unified auditing stores the consolidated data into the SYS.AUDSYS table.
  • The unified auditing is activated by default in Oracle 12c but the Old auditing system is still functionning too, you are in mixed-mode. You have to set up explicitly the Unified Auditing to disable the old auditing system.
  • You can query audit data by using the view : SYS.UNIFIED_AUDIT_TRAIL

Continue reading OCP 12C – Auditing

OCP 12C – In Database Archiving and Temporal Validity

OCP FlashCards

In Database Archiving

  • In Database Archiving is a new feature of Oracle 12c meant to solve management of historical data inside the database.
  • Like its name says, this functionnality leaves data into the database, so it remains accessible if you need it.
  • With In Database Archiving, historical data remains in the database but is invisible to the application.
  • Hybrid Columnar Compression (HCC) is used to compress the historical data into the database.

Temporal Validity

  • Temporal Validity works  in concomitence with In Database Archiving
  • It adds the “valid time” dimension to the data by adding columns to table indicating if the row is still valid or can be archived.
  • This helps performance by reducing the quantity of data accessible to the application.
  • The Valid-Time of data is defined at table creation :
SQL> CREATE TABLE ORDER_HISTORY (ORDER_ID NUMBER, ORDER_DATE DATE, COMMENTS VARCHARC2(100), USER_TIME_START DATE, USER_TIME_END DATE, PERIOD FOR user_time (USER_TIME_START , USER_TIME_END));
  •  When you insert a row in the table you must insert the validity period too :
INSERT INTO ORDER_HISTORY (ORDER_ID , ORDER_DATE, COMMENTS, USER_TIME_START, USER_TIME_END) VALUES (1,SYSDATE,'ORDER 1',SYSDATE, SYSDATE+30);

Continue reading OCP 12C – In Database Archiving and Temporal Validity