password expire
TRANSCRIPT
ACIT 3910 Database Management & StructureFinal Review
• Network Architecture Chapter 11• Security & Audit Chapter 12• Manipulate Data/Undo Chapters 5,13• Maintenance/Performance Chapter 14• Backup/Recovery Intro Chapters 15/16
User Sessions – Shared Server
Fig 11:26 in textbook, What is happening in the SGA and PMON withDedicated server vs Shared serverP 641: dispatch queues vs response queues
Slide 5
Chapter 12: Security and Auditing
Create SQL> CREATE USER inventuser
IDENTIFIED BY Bcit2011DEFAULT TABLESPACE inventory_tsTEMPORARY TABLESPACE tempQUOTA UNLIMITED inventory_tsPROFILE defaultPASSWORD EXPIREACCOUNT UNLOCK;
Drop Assign Tablespace, Quota Assign Profile Assign/Revoke Privileges Principle of Least Privilege
Slide 6
Privileges
Privileges to:– a user– special user PUBLIC– a role.
Three types of privileges: Object privileges use of schema objects System privileges db-level operations Role privileges named grp of privileges
Slide 7
Password-Security Rules With Profile
A set of standard rules:– how long a password can remain valid– elapsed time– number of password changes before it can be reused– number of failed login attempts – how long the account will remain locked
Example of assigning password features to a profile:SQL> CREATE PROFILE “resource_profile” LIMIT
PASSWORD_LIFE_TIME 60PASSWORD_GRACE_TIME 7PASSWORD_REUSE_MAX 2PASSWORD_REUSE_TIME 4PASSWORD_LOCK_TIME DEFAULTFAILED_LOGIN_ATTEMPTS 5PASSEORD_VERIFIED_FUNCTION DEFAULT;
Slide 8
Auditing Database Activity
Monitor and Record specific activities at four levels: Statement Privilege Object Fine-grained access
Audit reports: in the Database or in OS files
SQL> ALTER SYSTEM SET audit_trail=DB SCOPE=SPFILE;
DB - stores in database is default (in SYS.AUD$table) EXTEDED - stores in database with bind variables SQLBIND and
the SQL statement triggering audit entry SQLTEXT OS - stores in OS files (in /adump)
Slide 11
Enabling Statement Auditing Examples
SQL> AUDIT <table_name>;
SQL> AUDIT <table_name> BY <user_name>;
SQL> AUDIT <table_name> BY <user_name> WHENEVER NOT SUCCESSFUL;
SQL> AUDIT INSERT TABLE BY <user_name> BY ACCESS;
SQL> NOAUDIT session;
SQL> NOAUDIT <table_name> BY <user_name>;
SQL> SELECT audit_option, failure, success, user_nameFROM dba_stmt_audit_optsORDER BY audit_option, user_name;
SQL> SELECT username, timestamp, action_nameFROM dba_audit_trailWHERE username = ‘user_name’;
Slide 12
Managing Privilege Auditing Examples
Privilege Auditing involves monitoring and recording execution of SQL statements that require a specific system privilege.
Few examples:SQL> AUDIT create any table;
SQL> AUDIT create any table BY <user_name>;
SQL> AUDIT delete any table BY <user_name> BY ACCESS;
SQL> NOAUDIT alter profile;
SQL> NOAUDIT delete any table BY <user_name>;
SQL> NOAUDIT alter user BY <user_name>;
SQL> SELECT privilege, user_nameFROM dba_priv_audit_optsORDER BY privilege, user_name;
Slide 13
Managing Object Auditing Examples
Object Auditing involves monitoring and recording execution of SQL statements that require a specific object privilege.
Few examples:SQL> AUDIT select ON hr.employees;
SQL> AUDIT select ON hr.employees BY ACCESS WHENEVER SUCCESSFUL;
SQL> AUDIT select ON hr.employees BY SESSION WHENEVER NOT SUCCESSFUL;
SQL> NOAUDIT select ON hr.employees WHEREVER NOT SUCCESSFUL;
SQL> SELECT owner, object_name, object_type, ins, selFROM dba_obj_audit_opts WHERE owner=‘HR’AND object_name=‘employees’;
Slide 14
Chapter 13: Manipulate Data - Various commands
Insert
Delete / Truncate
Merge
Commit
Rollback, (Savepoint, Checkpoint)
Locks
Slide 15
Lock Modes
Row Share permits concurrent access and prohibit others from exclusive locking (e.g. selecting)
Row Exclusive same as row share but prohibits locking in share mode, standard for DML statement (e.g. updating, inserting, deleting)
Share permits concurrent queries but prohibits updates to table (e.g. creating index on a table)
Shared_Row Used to query whole table and allow others Exclusive to query the table but prevent others from
locking for updates
Exclusive Most restrictive that permits queries on locked table but prohibits DML by others (e.g. drop a table)
Slide 16
Understand basics of Transaction Processing
• A COMMIT or ROLLBACK statement is issued.
• A DDL statement issued (causing implicit COMMIT).
• Exit out of SQL*PLUS (causing implicit COMMIT).
• Abnormal termination of a SQL*PLUS session (e.g. closing a window session will cause implicit rollback).
• Machine failure or a crash (causing implicit rollback).
Slide 21
Data Consistency
• Read consistency• Ensures once a query starts, any changes to the query’s
underlying tables are not reflected in the query’s results. The unchanged BFIM is satisfied from the undo segment.
• Statement-level consistency (default in Oracle)• Ensures data visible to a statement does of change during
the life of that statement.• MS-sqlserver is read-committed snapshot.
• Transaction-level consistency• Ensures data visible to a transaction (which can consists
of multiple statements) does of change during the life of that transaction.
• MS-sqlserver is snapshot isolation.Slide 22
Server Generated Alerts
Approx. 60 metrics are monitored by default, among which are: Broken job count Database time spent waiting (%) Dump Area used (%) SQL Response Time (%) compared to baseline Tablespace used (%) Response Time (per transaction) Wait time (%)
Slide 26
SGA Configurable Parameters
SGA shared_pool size db_cache_size large_pool_size java_pool_size streams_pool_size log_buffer_size result_cache_size db_keep_cache_size db_recycle_cache_size db_nk_cache_size (non-standard)
ASMM automatically tuned these 5Memory initialization parameters and Subsequent manual alterations can be made.
SGA_MAX_SIZE >= SGA_TARGET
Slide 30
AMM
AMM is not enabled by default and MEMORY_TARGET=0 To enable AMM, only requires to set total memory available
for the MEMORY_TARGET (with default SGA=60%, PGA=40%)
SQL> select * from v$memory_target_advice;SQL> select component, current_size, min_size, max_size from v$memory_dynamic_components;
AMM enabled AMM disabled ASMM enabled MT>0, ST>0
Auto tune SGA,PGA but SGA keeps min value ST
MT=0, ST>0Individual pool is auto tuned
ASMM disabled MT>0, ST=0Auto tune SGA,PGA
MT=0, ST=0Specify individual pools
Slide 32