Month: April 2023

Oracle Database 23c Schema-Level Privileges

arcsdegeoLeave a comment

Oracle has introduced a very good and much needed feature which is the ability to grant object level permissions on schema level scope. In the past if you have a schema with many tables under it and you want to grant the application account SELECT permission on these tables…you have 2 options:

Option 1:  performing the grant select explicitly on each table in the schema…so if you have 300 tables in your schema “HR”…you will execute : GRANT SELECT on HR.XXXX to HR_APP for each table. And any newly introduced set of tables will require the re-grant operation against them.

Option 2:  granting the application account “HR_APP” select any table permissions….which is very excessive permission and violates the security boundary if you are in a multi-hosting environment as the account will have access to tables in other schemas.

Let us explore 23c feature:

I will create two tables in HR schema and populate it with dummy data.

create table HR.EMPLOYEES ( fname varchar2(10), lname varchar2 (10) , ID number, retired BOOLEAN , deptno varchar2 (10));

insert into HR.EMPLOYEES values(‘John’,’Smith’,13912,FALSE,’IT-1′);

commit;

insert into HR.EMPLOYEES values(‘Sarah’,’Richardson’,71918,FALSE,’HR-1′);

commit;

insert into HR.EMPLOYEES values(‘Ricardo’,’Lopez’,150,TRUE,’Finance-1′);

commit;

create table HR.DEPARTMENTS ( deptname varchar2(10), orgcode varchar2 (10) , no_employees number , deptno varchar2 (10));

insert into HR.DEPARTMENTS values(‘IT’,’CG981258′,320,’IT-1′);

commit;

insert into HR.DEPARTMENTS values(‘FINANCE’,’CG96251′,166,’FIN-1′);

commit;

insert into HR.DEPARTMENTS values(‘AUDIT’,’CG400311′,320,’AUD-1′);

commit;

Now, using the new SQL command feature:

SQL> grant select any table on schema HR to HR_APP;

When accessing the database using application account HR_APP , the account will be able to view the data for the two existing tables:

This is great….and this will be applied automatically to newly created tables….I will create a dummy table based on departments table and HR_APP will be able to view the data:

SQL> create table HR.DUMMY as select * from HR.DEPARTMENTS;

Storing Oracle AWR snapshots in User Defined Tablespace (Non-SYSAUX tablespace)

arcsdegeoLeave a comment

In Oracle database there is a component called “Automatic Workload Repository” (AWR). AWR collects, processes, and maintains performance statistics for the database.

Moreover, AWR is taken by default on hourly basis and these snapshots are by default stored in SYSAUX tablespace. One of the reasons why you would like to offload AWR to a different tablepsace is because you might have many components in your database and they are installed in SYSAUX so you would like to have a separate space for it.

In this blog post, I will illustrate how can you store AWR in user-tablespace instead of SYSAUX:

First, I will create a user tablespace and will call it TS_AWR

  SQL> CREATE TABLESPACE TS_AWR DATAFILE

  ‘/opt/oracle/oradata/ORCLCDB/PDB_TEMP/TS_AWR.DBF’ SIZE 20M

  LOGGING ONLINE PERMANENT BLOCKSIZE 8192

  EXTENT MANAGEMENT LOCAL AUTOALLOCATE DEFAULT

 NOCOMPRESS  SEGMENT SPACE MANAGEMENT AUTO;

Then, execute the following dbms_workload_repository package to change database snapshot settings, to find DBID for a pluggable database [select dbid from v$pdbs]:

SQL> exec dbms_workload_repository.modify_snapshot_settings(dbid =>3048656388, tablespace_name=> ‘TS_AWR’);

PL/SQL procedure successfully completed.

Now, to Test it….manually execute a snapshot:

SQL> EXEC DBMS_WORKLOAD_REPOSITORY.create_snapshot;

Checking the new tablespace TS_AWR…clearly AWR tables and objects were created successfully: