password expire

ACIT 3910 Database Management & StructureFinal Review

• Network Architecture Chapter 11• Security & Audit Chapter 12• Manipulate Data/Undo Chapters 5,13• Maintenance/Performance Chapter 14• Backup/Recovery Intro Chapters 15/16

Net Connect

User Sessions – Shared Server

Slide 4

User Sessions – Shared Server

Fig 11:26 in textbook, What is happening in the SGA and PMON withDedicated server vs Shared serverP 641: dispatch queues vs response queues

Slide 5

Chapter 12: Security and Auditing

Create SQL> CREATE USER inventuser

IDENTIFIED BY Bcit2011DEFAULT TABLESPACE inventory_tsTEMPORARY TABLESPACE tempQUOTA UNLIMITED inventory_tsPROFILE defaultPASSWORD EXPIREACCOUNT UNLOCK;

Drop Assign Tablespace, Quota Assign Profile Assign/Revoke Privileges Principle of Least Privilege

Slide 6

Privileges

Privileges to:– a user– special user PUBLIC– a role.

Three types of privileges: Object privileges use of schema objects System privileges db-level operations Role privileges named grp of privileges

Slide 7

Password-Security Rules With Profile

A set of standard rules:– how long a password can remain valid– elapsed time– number of password changes before it can be reused– number of failed login attempts – how long the account will remain locked

Example of assigning password features to a profile:SQL> CREATE PROFILE “resource_profile” LIMIT

PASSWORD_LIFE_TIME 60PASSWORD_GRACE_TIME 7PASSWORD_REUSE_MAX 2PASSWORD_REUSE_TIME 4PASSWORD_LOCK_TIME DEFAULTFAILED_LOGIN_ATTEMPTS 5PASSEORD_VERIFIED_FUNCTION DEFAULT;

Slide 8

Monitor for Compliance

Slide 9

Standard Database Auditing

Slide 10

Auditing Database Activity

Monitor and Record specific activities at four levels: Statement Privilege Object Fine-grained access

Audit reports: in the Database or in OS files

SQL> ALTER SYSTEM SET audit_trail=DB SCOPE=SPFILE;

DB - stores in database is default (in SYS.AUD$table) EXTEDED - stores in database with bind variables SQLBIND and

the SQL statement triggering audit entry SQLTEXT OS - stores in OS files (in /adump)

Slide 11

Enabling Statement Auditing Examples

SQL> AUDIT <table_name>;

SQL> AUDIT <table_name> BY <user_name>;

SQL> AUDIT <table_name> BY <user_name> WHENEVER NOT SUCCESSFUL;

SQL> AUDIT INSERT TABLE BY <user_name> BY ACCESS;

SQL> NOAUDIT session;

SQL> NOAUDIT <table_name> BY <user_name>;

SQL> SELECT audit_option, failure, success, user_nameFROM dba_stmt_audit_optsORDER BY audit_option, user_name;

SQL> SELECT username, timestamp, action_nameFROM dba_audit_trailWHERE username = ‘user_name’;

Slide 12

Managing Privilege Auditing Examples

Privilege Auditing involves monitoring and recording execution of SQL statements that require a specific system privilege.

Few examples:SQL> AUDIT create any table;

SQL> AUDIT create any table BY <user_name>;

SQL> AUDIT delete any table BY <user_name> BY ACCESS;

SQL> NOAUDIT alter profile;

SQL> NOAUDIT delete any table BY <user_name>;

SQL> NOAUDIT alter user BY <user_name>;

SQL> SELECT privilege, user_nameFROM dba_priv_audit_optsORDER BY privilege, user_name;

Slide 13

Managing Object Auditing Examples

Object Auditing involves monitoring and recording execution of SQL statements that require a specific object privilege.

Few examples:SQL> AUDIT select ON hr.employees;

SQL> AUDIT select ON hr.employees BY ACCESS WHENEVER SUCCESSFUL;

SQL> AUDIT select ON hr.employees BY SESSION WHENEVER NOT SUCCESSFUL;

SQL> NOAUDIT select ON hr.employees WHEREVER NOT SUCCESSFUL;

SQL> SELECT owner, object_name, object_type, ins, selFROM dba_obj_audit_opts WHERE owner=‘HR’AND object_name=‘employees’;

Slide 14

Chapter 13: Manipulate Data - Various commands

Insert

Delete / Truncate

Merge

Commit

Rollback, (Savepoint, Checkpoint)

Locks

Slide 15

Lock Modes

Row Share permits concurrent access and prohibit others from exclusive locking (e.g. selecting)

Row Exclusive same as row share but prohibits locking in share mode, standard for DML statement (e.g. updating, inserting, deleting)

Share permits concurrent queries but prohibits updates to table (e.g. creating index on a table)

Shared_Row Used to query whole table and allow others Exclusive to query the table but prevent others from

locking for updates

Exclusive Most restrictive that permits queries on locked table but prohibits DML by others (e.g. drop a table)

Slide 16

PL/SQL Objects

See examples in text book pp 720 – 733)

Slide 17

Undo Data

Slide 18

Transactions and Undo Data

Slide 19

Undo vs Redo

Slide 20

Understand basics of Transaction Processing

• A COMMIT or ROLLBACK statement is issued.

• A DDL statement issued (causing implicit COMMIT).

• Exit out of SQL*PLUS (causing implicit COMMIT).

• Abnormal termination of a SQL*PLUS session (e.g. closing a window session will cause implicit rollback).

• Machine failure or a crash (causing implicit rollback).

Slide 21

Data Consistency

• Read consistency• Ensures once a query starts, any changes to the query’s

underlying tables are not reflected in the query’s results. The unchanged BFIM is satisfied from the undo segment.

• Statement-level consistency (default in Oracle)• Ensures data visible to a statement does of change during

the life of that statement.• MS-sqlserver is read-committed snapshot.

• Transaction-level consistency• Ensures data visible to a transaction (which can consists

of multiple statements) does of change during the life of that transaction.

• MS-sqlserver is snapshot isolation.Slide 22

Chapter 14: Database Maintenance

Slide 23

Automatic Workload Repository (AWR)

Slide 24

Advisory Framework

Slide 25

Server Generated Alerts

Approx. 60 metrics are monitored by default, among which are: Broken job count Database time spent waiting (%) Dump Area used (%) SQL Response Time (%) compared to baseline Tablespace used (%) Response Time (per transaction) Wait time (%)

Slide 26

Performance Monitoring

Slide 27

OEM Performance Page

Slide 28

SGA Configurable Parameters

SGA shared_pool size db_cache_size large_pool_size java_pool_size streams_pool_size log_buffer_size result_cache_size db_keep_cache_size db_recycle_cache_size db_nk_cache_size (non-standard)

ASMM automatically tuned these 5Memory initialization parameters and Subsequent manual alterations can be made.

SGA_MAX_SIZE >= SGA_TARGET

Slide 30

Managing Memory Components

New in 11g

Slide 31

AMM

AMM is not enabled by default and MEMORY_TARGET=0 To enable AMM, only requires to set total memory available

for the MEMORY_TARGET (with default SGA=60%, PGA=40%)

SQL> select * from v$memory_target_advice;SQL> select component, current_size, min_size, max_size from v$memory_dynamic_components;

AMM enabled AMM disabled ASMM enabled MT>0, ST>0

Auto tune SGA,PGA but SGA keeps min value ST

MT=0, ST>0Individual pool is auto tuned

ASMM disabled MT>0, ST=0Auto tune SGA,PGA

MT=0, ST=0Specify individual pools

Slide 32

password expire

Documents