There are quite a lot of new features in the 12c database that I like and have discussed and talked about them at various events. On this #ThanksODC day, I would like to take the opportunity to thank Oracle Technology Network (or Oracle Developer Community) and Oracle ACE Program for all the support they provide to the DBA and Developer community to share and gain knowledge.

Two simple addition to the 12c database makes my life much easier on the security front. The requirement was to lock the user accounts that are not logged into the database for consecutive 60 days.

1.  Last Login Time 

In releases prior to Oracle Database 12c 12.1 to find out when a user last successfully logged into the database, we need to enable session auditing, which has some overhead and the DBA needs to set up routines to clean the audit table, etc. In 11g database, I had to enable session auditing (keep the session audit records for at least 61 days) and write a SQL querying DBA_USERS and DBA_AUDIT_SESSION to list out all the active users who did not use the database for 60 days.

In 12.1, Oracle automatically registers the successful login time in SYS.USER$ table and is visible in DBA_USERS. The LAST_LOGIN column of DBA_USERS shows the last login time of the user in the database. In 12.1 database, my requirement is met by writing a simple SQL against DBA_USERS using the LAST_LOGIN column! No auditing required. The result is used to build dynamic SQL to lock each account using ALTER USER ACCOUNT LOCK statement (similar to 11g).

BTW, have you noticed, when you login to the database using SQL*Plus, you will see the last login time displayed as well.

2.  Inactive Account Lock

My requirement got completely automated in 12.2 database. Oracle introduced the INACTIVE_ACCOUNT_TIME parameter for user profiles. The INACTIVE_ACCOUNT_TIME profile parameter locks a user account that has not logged in to the database instance in a specified number of days. The default value for INACTIVE_ACCOUNT_TIME is 35. The minimum setting is 15 and the maximum is 24855.

Thanks, Oracle!

#ThanksOTN

#ThanksODC

And thank you, @OracleBase, for doing the appreciation day again!

Oracle *daily* TidBits” (#oratidbit) published on Facebook, Twitter, and Google+ during weekdays in September 2017. You will also see these tidbits, one tidbit at a time, for each page refresh on the right side of this blog as well… Hope you find these helpful to learn something new or to remind you of its existence and use.

#oratidbit #db12cR2 The V$MANAGED_STANDBY view is deprecated in Oracle Database 12c Release 2 (12.2.0.1). Use the new view V$DATAGUARD_PROCESS.
#oratidbit #db12cR2 Starting in Oracle Database 12c Release 2 (12.2), the Advanced Replication feature of Oracle Database is unsupported. Start using Oracle GoldenGate.
#oratidbit #db12cR2 DBUA in Database 12cR2 has pause and continue functionality: You can stop the upgrade, and continue the upgrade at a later time.
#oratidbit #db12cR2 init parameter DATA_GUARD_SYNC_LATENCY defines the maximum amount of time (in seconds) that the primary database may wait before disconnecting subsequent destinations after at least one synchronous standby has acknowledged receipt of the redo.
#oratidbit #db12cR2 init parameter ENABLED_PDBS_ON_STANDBY specifies a subset of pluggable databases (PDBs) for replication on a physical standby of a multitenant container database (CDB). In prior releases, you had to specify either all PDBs or none.
#oratidbit #db12cR2 Oracle Diagnostic Pack can be used with an Oracle Active Data Guard standby database that is open read-only.
#oratidbit #db12cR2 When a physical standby database is converted into a primary, STANDBY_DB_PRESERVE_STATES init parameter lets you keep any sessions connected to the standby during the switchover/failover.
#oratidbit The Enterprise Manager Command Line Interface (EM CLI) enables to access Enterprise Manager functionality through a command-line interface or scripts. EMCLI operates in standard command mode, interactive mode or script mode.
#oratidbit OEM13c EMCLI client is downloaded from your OMS – https:///em/public_lib_download/emcli/kit/emclikit.jar. To be able to do scripting download emcliadvancedkit.jar.
#oratidbit The Oracle Database Provider for DRDA is a network front-end that enables client programs to connect to Oracle Database using the Distributed Relational Database Architecture (DRDA) protocol.
#oratidbit Starting with #DB12cR2, Oracle Net listener supports multiple redirects with the parameter, ALLOW_MULTIPLE_REDIRECTS_listener_name. It supports seamless migration of a PDB from a local database to Public Cloud.
#oratidbit Starting with #db12cR2, data compression can be set in the sqlnet.ora file using parameters SQLNET.COMPRESSION and SQLNET.COMPRESSION_LEVELS. Setting these parameters in the sqlnet.ora file affects all the connections using the sqlnet.ora file.
#oratidbit The Automatic Diagnostic Repository (ADR) is a systemwide tracing and logging central repository. The repository is a file-based hierarchical data store for depositing diagnostic information, including network tracing and logging information.
#oratidbit #db12cR2 Oracle RAC Reader Nodes facilitate Oracle Flex Cluster architecture by allocating a set of read/write instances running Online Transaction Processing (OLTP) workloads and a set of read-only database instances across Hub Nodes and Leaf Nodes in the cluster. In this architecture, updates to the read-write instances are immediately propagated to the read-only instances on the Leaf Nodes, where they can be used for online reporting or instantaneous queries.
#oratidbit Start and stop Oracle instances with Oracle Enterprise Manager, SQL*Plus, or SRVCTL. OEM and SRVCTL provide options to start and stop all of the instances in an Oracle RAC database with a single step.
#oratidbit If you stop database instances using “crsctl stop crs” or “crsctl stop cluster -all”, databases are stopped with “shutdown abort”.
#oratidbit Oracle database startup looks for initialization parameter file in $ORACLE_HOME/dbs directory. The file names checked are spfile<sid>.ora, spfile.ora, init<sid>.ora, in order.
#oratidbit In #db12cR2 the optimizer uses the UNION-ALL operator to perform the OR expansion. Earlier, CONCATENATION operator was used.
#oratidbit DBMS_STATS.GET_STATS_HISTORY_RETENTION function shows the current optimizer statistics history retention value. DBMS_STATS.GET_STATS_HISTORY_AVAILABILITY function retrieves the oldest time stamp when statistics history is available.

Oracle *daily* TidBits” (#oratidbit) published on Facebook, Twitter, and Google+ during weekdays in August 2017. You will also see these tidbits, one tidbit at a time, for each page refresh on the right side of this blog as well… Hope you find these helpful to learn something new or to remind you of its existence and use.

 

#oratidbit #orcldb If you are installing 64-bit Oracle Database software, and your existing Oracle Database is a 32-bit Oracle Database installation, then your existing Oracle Database is automatically converted to 64-bit during the upgrade.
#oratidbit You can install Oracle R Enterprise Server in a pluggable database (PDB) within a multitenant container database (CDB). The database may not be the root database.
#oratidbit An external procedure is a procedure invoked from a program that is written in a different language. Oracle Database uses an external procedure agent named extproc to support external procedures.
#oratidbit #orcldb #datapump Setting the parameter _OPTIMIZER_GATHER_STATS_ON_LOAD=FALSE might improve the table loading speed. Use this parameter if you include EXCLUDE=STATISTICS, and plan to collect stats after the import.
#oratidbit ROracle is an open source R package that enables interaction between R and an Oracle database. ROracle is maintained and supported by Oracle. ROracle is licensed under LGPL v.2 or later and not under the terms of your Oracle license agreement.
#oratidbit #db12cR2 SQL92_SECURITY initialization parameter default is TRUE in 12.2. Meaning, users must have been granted the SELECT object privilege in order to execute UPDATE or DELETE statements.
#oratidbit Parallel upgrade utility in 12c is catctl.pl. In #db12cR2 use the dbupgrade (Linux/Unix) or dbupgrade.cmd (Windows) shell script instead of using catctl.pl.
#oratidbit Oracle ASM Filter Driver (Oracle ASMFD) is a kernel module that resides in the I/O path of the Oracle ASM disks. Oracle ASM uses the filter driver to validate write I/O requests to Oracle ASM disks and rejects any I/O requests that are invalid.
#oratidbit Oracle ASM disk scrubbing checks logical data corruptions and repairs the corruptions automatically in normal and high redundancy disks groups. The feature is designed so that it does not have any impact on the regular input and output (I/O) operations in production systems.
#oratidbit Automatic memory management is enabled by default on an Oracle ASM instance, even when the MEMORY_TARGET parameter is not explicitly set.
#oratidbit #orcldb A proxy PDB is a PDB that uses a database link to reference a PDB in a remote CDB. When you issue a statement in a proxy PDB while the PDB is open, the statement executes in the referenced PDB.
#oratidbit #orcldb GV$AQ_MESSAGE_CACHE_ADVICE provides advice on how much STREAMS_POOL should be allocated for sharded queues based on a snapshot of the current messaging load.
#oratidbit A subset of GDSCTL commands are applicable to Global Data Services (GDS) configuration and another subset of GDSCTL commands are for Oracle Sharding configuration.
#oratidbit chactl commands are to administer Oracle Cluster Health Advisor basic monitoring functionality on the RAC targets.
#oratidbit The Trace File Analyzer control utility, TFACTL, is the command-line interface for Oracle Trace File Analyzer. You need root access or sudo access to tfactl to run administration commands.
#oratidbit #db12cR2 After installing 12.2.0.1 database a pre-existing database link SYS_HUB exists as a requirement to clone a remote PDB.
#oratidbit #orcldb The SPARE6 column in SYS.USER$ table keeps track the last successful login time of the user in Oracle Database 12c. This is a very good security feature, without enabling “AUDIT SESSION” to find when the user last used the database.
#oratidbit #orcldb In Oracle Database 12c, when you move the online data file using ALTER DATABASE MOVE DATAFILE ‘filename’; without the TO clause, the file will be moved to DB_FILE_CREATE_DEST as Oracle Managed File – the DB_FILE_CREATE_DEST location can be ASM diskgroup or file system.
#oratidbit #orcldb Oracle Database 12c has new CASCADE clause for TRUNCATE statement. This truncates all child tables that reference the truncated table if the foreign key is defined with ON DELETE CASCADE option and the FK constraint is in ENABLED status. Children, grand children are truncated.
#oratidbit #db12cR2 The DBMS_DEBUG package is deprecated in Oracle Database 12c release 2 (12.2). Use DBMS_DEBUG_JDWP instead.
#oratidbit #db12cR2 DBUA in Database 12cR2 has priority-based PDB upgrades. You can set priority for PDB upgrades so that higher priority PDBs are upgraded first.
#oratidbit #db12cR2 The DBMS_JOB package is deprecated and may be unsupported in a future release. Use DBMS_SCHEDULER instead.
#oratidbit #db12cR2 DBUA in Database 12cR2 has Standalone Prerequisite Checks: You can run DBUA with the -executePrereqs option to check prerequisites for upgrades at any time.
%d bloggers like this: