copyright © 2014, oracle and/or its affiliates. all rights reserved. 1

Oracle Database 12c Release 1PL/SQL New FeaturesSteven FeuersteinArchitect, Applied PL/SQL


3

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Program Agenda

More PL/SQL-Only Data Types Cross PL/SQL-to-SQL Interface

Optimizing Function Execution in SQL

The UTL_CALL_STACK Package

The ACCESSIBLE_BY Clause

FETCH FIRST and BULK COLLECT


Program Agenda, continued

Privileges/Access Management for Program Units– Grant Roles to Program Units

– And INHERIT PRIVILEGES and INHERIT ANY PRIVILEGES

– BEQUEATH CURRENT_USER for Views

New Conditional Compilation Directives

Implicit Statement Results

Goodbye, Tiny SQL VARCHAR2!


More PL/SQL-Only Data Types Cross PL/SQL-to-SQL Interface

Prior to 12c, PL/SQL-only datatypes could not be bound in dynamic SQL statements, restricted what functions could be called in SQL, etc.

Now, those rules are greatly relaxed.– Bind records and associative arrays

– Use TABLE operator with associative arrays

– Can bind Booleans with dynamic PL/SQL, but you cannot bind Booleans into SQL statements.

TABLE with associative arrays!

12c_table*.sql 12c_bind*.sql


Optimizing Function Execution in SQL

That seems like an awfully good idea! Two methods:

– WITH clause that defines a function

– UDF pragma that gives more options to the compiler

WITH FUNCTION: define a function directly within your SQL statement.

– Say goodbye to nasty context switch!

For all those user-defined functions

12c_with_function*.sql 12c_udf*.sql


The UTL_CALL_STACK Package

Prior to 12c, you could obtain several kinds of "stacks" through individual function calls:

– DBMS_UTILITY.FORMAT_CALL_STACK - "How did I get here?"

– DBMS_UTILITY.FORMAT_ERROR_STACK - "What is the error message/stack?"

– DBMS_UTILITY.FORMAT_ERROR_BACKTRACE - "On what line was my error raised?"

Now, the UTL_CALL_STACK package supports all that and a much better API to the info in the stack.

Great improvement in execution stack granularity

12c_utl_call_stack*.sql


FETCH FIRST N for BULK COLLECT

BULK COLLECT now supports an optional FETCH FIRST clause.– Limits the number of rows that a query returns, reducing the complexity of

common "Top-N" queries.

FETCH FIRST is provided primarily to simplify migration from third-party databases to Oracle Database.

Nice usability enhancement

12c_fetch_first.sql


The ACCESSIBLE_BY Clause

ACCESSIBLE_BY extends the concept of "privacy" for package subprograms.

Use it to define a "whitelist" of program units that can invoke a package's subprograms.

When that public procedure really shouldn’t be used

12c_accessible_by.sql

PACKAGE private_pkg ACCESSIBLE BY (public_pkg)IS PROCEDURE do_this;

PROCEDURE do_that;END;

PACKAGE BODY public_pkgIS PROCEDURE do_only_this IS BEGIN private_pkg.do_this; private_pkg.do_that; END;END;


Privilege-Related Features

First, let's review definer and invoker rights. Definer Rights

– Whenever you executed a stored program, it runs under the privileges of the schema in which the program was compiled or defined.

Invoker Rights– Oracle resolves all data references (table, view, etc.) at run-time, based on

the currently-connect user and its privileges (directly granted or available through roles).

Fine-tuning effects of AUTHID clause


About Definer Rights

Allows you to centralize access to and control of underlying data structures.

Ignores roles and relies on directly-granted privileges.

But it can be a source of confusion and architectural problems.

Centralizing control

Orders

OE Data

OE CodeOrder_Mgt

Cancel

Sam_Sales

PlaceClose Old

Orders

XCannot alter table directly.

Note: Oracle built-in packages have long had the capability of running

under the invoker's authority.


Drawbacks of Definer Rights

Deployment & maintenance– Must install module in all remote databases where needed

– In some databases, each user has own copy of table(s), requiring copy of stored module

Security– No declarative way to restrict privileges on certain modules in a package --

it's all or nothing, unless you write code in the package to essentially recreate roles programmatically.

– Difficult to audit privileges

Sure would be nice to have a choice...and you do!

Nothing works for everyone


"Reflection" Capability of Invoker Rights

With invoker rights, you can execute code owned by another schema, yet have all references to data structures "reflect back" into your own schema.

User/Data schemaUser/Data schema

accounts table

PROCEDURE mng_account ISBEGIN ... code.acct_mgr.destroy(...);END;

Central Code schemaCentral Code schema

PACKAGE acct_mgr

...FROM accounts WHERE...

destroy

modify

make

AUTHID

CURRENT_USER

invdefinv.sql


Grant Roles to Program Units (back to 12.1)

Grant roles to program units, so you fine-tune the privileges available to the invoker of a program unit.

– Helpful when you don't want the invoker to inherit all of the definer's privileges.

Roles granted to a program unit do not affect compilation. – Instead, they affect the privilege checking of SQL statements that the unit

issues at run time.

– Unit executes with privileges of both its own roles and any other currently enabled roles.

Nice usability enhancement

12c_grant_role_units.sql 12c_roles_for_program_units.sql

Most helpful when unit executing dynamic SQL


BEQUEATH CURRENT_USER for Views

Prior to 12.1, if your view executed a function, it would always be run under the privileges of the view's owner, and not that of the function.

– Even if the function was defined with AUTHID CURRENT_USER

Add the BEQUEATH CURRENT_USER clause and then the invoker right's mode of the function will be "honored."

Tying up a loose end

12c_bequeath.sql


INHERIT PRIVILEGES and INHERIT ANY PRIVILEGES

More fine-tuning for privilege management! You can override AUTHID and BEQUEATH settings by revoking

INHERIT PRIVILEGES.– On a schema-level basis

You can say, in effect: "All schemas but SCOTT can use my privileges when running X."

After upgrade, all works as before.– INHERT PRIVILEGES granted to all schemas

Yes, there’s more!

12c_inherit_privileges.sql


New Conditional Compilation Directives

Oracle has added two new directives. $$PLSQL_UNIT_OWNER

– Returns the name of the owner of the current program unit. Returns NULL if an anonymous block.

$$PLSQL_UNIT_TYPE– Returns the type of the program unit

– Inside an anonymous block or non-DML trigger, returns "ANONYMOUS BLOCK".

For a fantastic and under-utilized feature


Implicit Statement Results

I hate when a SQL Server developer says "Ha, ha, I can do this and you can't."

Well, with 12.1, there's one less thing that developer can talk about.– Not that there was ever all that much….

We can now create a procedure that will implicitly display the result of a SQL statement.

– And it breathes some life back into DBMS_SQL!

When you need PL/SQL to act like Transact-SQL

12c_implicit_results.sql


Goodbye, Tiny SQL VARCHAR2!

It sure has been irritating that PL/SQL supports VARCHAR2s up to 32K in size (after which , you must switch over to CLOBs), while in SQL, the maximum was 4000.

Now, SQL's VARCHAR2 and NVARCHAR2 have been extended to 32K as well!

Note: SQL has these maximum sizes only if the MAX_STRING_SIZE initialization parameter is set to EXTENDED.

And one more impedance between PL/SQL and SQL

12c_sql_varchar2.sql


Oracle Database 12c Release 1 PL/SQL

Nothing earth-shattering, but a solid improvement on an already robust language.

– Improved integration with SQL

– Better support for migration from Transact-SQL and other database languages

– Fine-tuning of privileges management and access control.

My favorite by far: ability to use TABLE with associative arrays.

Steady improvements, handling new sets of requirements

copyright © 2014, oracle and/or its affiliates. all rights reserved. 1

Documents