OracleNotes

Category: Oracle Database 12c

  • OracleDB12c New Feature: Unified Auditing

    Unified Auditing is a new feature introduced in Oracle Database 12c, to streamline and standardize all audit trail information. The traditional auditing architectures involve many audit-trail locations and tables to review information for the auditors, and do not follow a standard. Every new product introduced in the database had to essentially have a new audit table because the AUD$ table is limited. The Oracle Unified Audit feature introduced in Oracle Database 12c addresses these issues and gives a standard interface and single location for the audit trail.

    Unified Auditing is a database option and is not enabled by default. The following query shows if Unified Auditing is enabled or not.

    SQL> SELECT VALUE FROM V$OPTION
     WHERE PARAMETER = 'Unified Auditing';

VALUE
----------
FALSE

    To enable Unified Auditing, shut down the database and listener, and then relink the oracle executable using the following options:

    cd $ORACLE_HOME /rdbms/lib

make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME

    Unified Auditing is managed by creating and enabling audit policies. Unified audit-trail records can be read using the UNIFIED_AUDIT_TRAIL view. This view includes audit records from standard and fine-grained auditing, along with auditing of data pump, SQL loader, database vault, label security, recovery manager, and real application security products.

    Oracle Database 12c has two roles to support Unified Auditing. The AUDIT_ADMIN role has privileges to create, alter, and drop audit policies. It also has privileges to enable or disable audit policies for each business requirement, to view audit records, and to clean up the audit trail. The AUDIT_VIEWER role is for users who only need to view the audit-trail contents. Unified Auditing is owned by AUDSYS user, not SYS user.

    Privilege auditing in traditional auditing has to be enabled by setting the AUDIT_SYS_OPERATIONS=true. The audit records are written to operating system files. With Unified Auditing, privilege audit is enabled by default and can be queried using the same UNIFIED_AUDIT_TRAIL view. In a unified audit database, the following actions are audited mandatory without any policy:

    • CREATE AUDIT POLICY
    • ALTER AUDIT POLICY
    • DROP AUDIT POLICY
    • AUDIT
    • NOAUDIT
    • EXECUTE of DBMS_FGA
    • EXECUTE of DBMS_AUDIT_MGMT

    Read more at
    http://docs.oracle.com/cd/E16655_01/network.121/e17607/audit_admin.htm#DBSEG1026

    http://docs.oracle.com/cd/E16655_01/server.121/e17609/tdpsg_auditing.htm#TDPSG50000

     

     

  • Oracle Database 12c Licensing Trivia!

    Was reading the licensing doc, and this is a note to self… [any decisions must be based on the licensing doc and not this blog].

    Couple of things not changed…

    • Almost all “cool” features are available only in EE edition.
    • Almost all “cool” features outside of storing data requires some kind of “Extra Cost” option

    I am not sure how to train myself in administering SE database, as the EE options and extra cost options have spoiled me!

    Multitenant option is available in EE only. It is extra cost option for up to 252 pluggable databases. The multitenant architecture with one pluggable database (single tenant) is available in all editions and is included in the cost.

    Similar to previous versions, the following products are available only in EE. Some are extra cost options. See licencing doc for all products.

    • Oracle RAC One Node (** extra cost)
    • Oracle Data Guard
    • Oracle Active Data Guard (** extra cost)
    • Multitenancy (12c) (** extra cost)
    • Rolling Upgrades using Active Data Guard
    • All Oline DDL Operations
    • Block Change Tracking File
    • Tablespace Point In Time Recovery
    • Flashback features
    • Fine Grained Auditing (FGA) and VPD
    • Resource Manager
    • All compression features (Advanced Compression option is extra cost)
    • All parallel features
    • In memory database cache (** extra cost)
    • Oracle Database Vault (** extra cost)
    • Real Application Security

    All of the “Extra Cost Option” Manageability options are available in EE only

    • Oracle Cloud Management Pack for Oracle Database
    • Oracle Data Masking Pack for Oracle and Non-Oracle Databases
    • Oracle Database Lifecycle Management Pack for Oracle Database
    • Oracle Diagnostics Pack
    • Oracle Test Data Management Pack for Oracle and Non-Oracle Databases
    • Oracle Tuning Pack (requires Diagnostics Pack)
    • Oracle Real Application Testing

    Flashback Data Archive and Oracle Streams are available in all editions.

    Extra Cost Options (Available only in EE, except RAC). Under each product option, the applicable features. Wow! almost all features I tout about are extra cost options (including the privilege analysis)…

    Oracle Active Data Guard

    • Physical Standby with Real-time Query
    • Fast Incremental Backup on Physical Standby
    • Automatic Block Repair
    • Active Data Guard Far Sync
    • Global Data Services
    • Real-Time Cascade
    • Application Continuity
    • Rolling Upgrade using Active Data Guard

    Oracle Advanced Analytics

    • In-database data mining algorithms:
    • Oracle R Enterprise (integration with open-source R)

    Oracle Advanced Compression

    • Advanced Row Compression
    • Advanced LOB Compression
    • Advanced LOB Deduplication
    • RMAN Backup Compression
    • Data Pump Data Compression
    • Heat Map
    • Automatic Data Optimization
    • Data Guard Redo Transport Compression
    • Advanced Network Compression
    • Optimization for Flashback Data Archive History Tables
    • Storage Snapshot Optimization

    Oracle Advanced Security

    • Transparent Data Encryption (TDE) for tablespaces and columns (including Oracle SecureFiles)
    • DataPump Export File encryption
    • RMAN backup encryption to disk
    • TDE master key storage in an Oracle Wallet or external Hardware Security Module
    • Data Redaction of sensitive data returned to applications

    Oracle Database Vault

    • Realms
    • Mandatory Realms
    • Command Rules
    • Privilege Analysis

    Oracle In-Memory Database Cache

    • Data access using PL/SQL, JDBC, ODBC, ttClasses, OCI, and Pro*C/C++ interfaces
    • Transaction Log API (XLA) for change notification
    • In-memory Database Cache Grid
    • Automatic data synchronization with the Oracle database
    • Transactional replication between the in-memory cache databases
    • Automated failure detection and database failovers
    • TimesTen Extension for Oracle SQL Developer
    • TimesTen Plug-in for Oracle Enterprise Manager

    Oracle Label Security

    • Label based access control (LBAC)
    • Multi-level security (MLS)
    • Label factors for Database Vault (Confidential, Sensitive)
    • User label authorizations (Confidential, Sensitive: PII)
    • Data labels (Sensitive: PII)

    Oracle Multitenant

    Oracle On-Line Analytical Processing (OLAP)

    • OLAP Cube Definition, Storage, and Querying
    • OLAP API and Metadata
    • OLAP Cube Materialized Views
    • Analytic Workspaces
    • SQL Access to OLAP Cubes

    Oracle Partitioning

    • Table Partitions and Subpartitions
    • Global and Local Index Partitions and Subpartitions

    Oracle RAC One Node 

    Oracle Real Application Clusters (Oracle RAC)

    • Real Application Clusters
    • Connection Load BalancingOracle Database Options
    • Fast Connection Failover
    • Hot Cluster Failover
    • Oracle Advanced Security SSL/TLS
    • Application Continuity

    Oracle Real Application Testing

    • Database Replay
    • SQL Performance Analyzer (SPA)
    • SQL Tuning Sets (STS)

    Oracle Spatial and Graph

    Oracle Diagnostics Pack

    • Automatic Workload Repository
    • Automatic Database Diagnostic Monitor (ADDM)
    • Compare Period ADDM
    • Real Time ADDM
    • Active Session History (ASH)
    • ASH analytics
    • Performance Hub
    • Exadata Cell Grid Administration
    • Exadata Cell Grid Performance
    • Exadata Cell Group Health Overview page
    • Exadata Resource Utilization
    • Blackouts
    • Notifications
    • Metric and Alert/Event history
    • User-Defined Metrics and Metric Extensions
    • Management Connectors
    • Dynamic metric baselines and Adaptive metric thresholds
    • Monitoring templates and Template Collections
    • Replay Compare Period Report

    Initialization parameter CONTROL_MANAGEMENT_PACK_ACCESS, controls access to Oracle Diagnostics Pack and Oracle Tuning Pack. DIAGNOSTIC+TUNING, DIAGNOSTIC, NONE are options.
    Oracle Tuning Pack

    • SQL Access Advisor
    • SQL Tuning Advisor
    • Automatic SQL Tuning
    • SQL Tuning Sets
    • SQL Profiles
    • Real-time SQL and PL/SQL Monitoring
    • Real-time Database Operations Monitoring
    • Reorganize object

    Notable Items:

    Infrastructure Repository Databases
    A separate single instance Oracle Database can be installed and used as an infrastructure repository for RMAN, Oracle Enterprise Manager Cloud Control, Global Data Services Catalog, and Grid Infrastructure Management Repository without additional license requirements, provided that all the targets are correctly licensed. It may not be used or deployed for other uses.

    Oracle Database Express Edition
    Oracle Database Express Edition may be used for free, for the purposes of developing, prototyping and running applications. It can also be used for free to provide demonstrations and training. It may also be distributed for free with any applications. See doc for restrictions.

    Support of Real Application Testing in Earlier Releases
    The full functionality of Oracle Real Application Testing is available only on Oracle Database 11g Release 1 or higher. Partial functionality of Oracle Real Application Testing is available to customers wishing to upgrade from Oracle9i Database Release 2 or Oracle Database 10g.

    XStream
    XStream provides application programming interfaces (APIs) that enable client applications to receive real-time data changes from an Oracle database (using XStream Out APIs) and to send real-time data changes to an Oracle database (using XStream In APIs). These data changes can be shared between Oracle databases and other systems, such as filesystems and non-Oracle databases. XStream is licensed via the Oracle GoldenGate product. You must purchase a license for this product before using the XStream APIs.