Laurent Schneider
lock sys
In the old days, locking sys had not much effect.
SQL> alter user sys identified by *** account lock;
User altered.
SQL> select account_status
from dba_users
where username='SYS';
ACCOUNT_STATUS
--------------------------------
LOCKED
SQL> conn / as sysdba
Connected.
SQL> conn sys/** as sysdba
Connected.
SQL> conn sys/***@db01 as sysdba
Connected.
Well, in the very-old days, Oracle7, or with the in 12cR2-deprecated parameter O7_DICTIONARY_ACCESSIBILITY, SYS could be locked. But this is out of the scope of this post.
In 12cR2, it is now possible to lock SYS.
SQL> alter user sys
identified by ***
account lock;
User altered.
SQL> select account_status
from dba_users
where username='SYS';
ACCOUNT_STATUS
--------------------------------
LOCKED
SQL> conn / as sysdba
Connected.
SQL> conn sys/** as sysdba
Connected.
SQL> conn sys/***@db01 as sysdba
ERROR:
ORA-28000: the account is locked
I like it 
Oracle recommends you create other users to perform DBA tasks.
SQL> grant dba, sysdba
to user0001
identified by ***;
Grant succeeded.
Still, probably intentionally left so or simply forgotten, Oracle recommends to lock all Oracle supplied accounts except for SYS and SYSTEM (ref: Changing Passwords for Oracle Supplied Accounts)
Also note, you’ll get an ORA-40365 if you use an old-style password file
SQL> alter user sys identified by *** account lock;
alter user sys identified by *** account lock
*
ERROR at line 1:
ORA-40365: The SYS user cannot be locked
while the password file is in its current format.
Single-Tenant over bequeath connections
If you follow Oracle recommendation to use SingleTenant CDB instead of Non-CDB, then a lot of things will break.
I won’t go into details, but basically, in this new architecture, you have one core container, called CDB$ROOT, which is the default container where you connect to if you connect locally
sqlplus / as sysdba
SQL> select cdb from v$database;
CDB
---
YES
SQL> select sys_context('USERENV','CON_NAME') from dual;
SYS_CONTEXT('USERENV','CON_NAME')
---------------------------------
CDB$ROOT
SQL> select con_id, NAME from V$CONTAINERS
CON_ID NAME
---------- ----------
1 CDB$ROOT
2 PDB$SEED
3 ST01
Then you’ll soon realise, you can no longer do what you used to do
SQL> create user u identified by u;
create user u identified by u
*
ERROR at line 1:
ORA-65096: invalid common user or role name
Some scripts still run in the root container. SHUTDOWN ABORT, ALTER SYSTEM SWITCH LOGFILE. Doing a full backup or clone probably won’t hurt you much. Relatively..
But now let’s imagine I have a very simple and very old script to lock scott
vintage.sh:
echo "alter user scott account lock;"|
sqlplus -s / as sysdba
This won’t work. I need to lock scott in the SingleTenant container ST01.
I could do this in the container
SQL> alter session set container=ST01;
Session altered.
SQL> alter user scott account lock;
User altered.
So fine, so good. NOW : how do I make this work without changing the script ?
Remember, non-cdb database, as they were used in Oracle 11, 10, 9, 8, 7 … are now deprecated. Remember, cdb is recommended. Now face it : it’ll break your dba scripts.
As a production dba, I don’t want to rewrite all the existing scripts. Some are ultra-old and used by people who did not write them.
One method for my script would be to change the container in a login script.
echo "alter session set container=ST01;" > /tmp/login.sql
export ORACLE_PATH=/tmp
vintage.sh
Session altered.
User altered.
(ORACLE_PATH in latest 12.1 and in 12.2, SQL_PATH in older release)
However, if my script must work with both CDB and non-CDB, I need to set the container in only this case.
In my login.sql, I first tried to implement some plsql logic, but alter session set container is not working (aka working with limitation) with execute immediate.
As well, I don’t want my script to break Oracle 11.
So I decide to do some sqlplus magic with defined variable.
set ver off feed off
-- 1) check if the column v$database.cdb exists
col column_name new_v cdb nopri
def cdb=null
select column_name from dba_tab_columns
where owner='SYS' and
table_name='V_$DATABASE' and column_name='CDB';
-- 2) if cdb is YES, then select a dynamic statement using V$PDB
col pdb new_v pdb nopri
def pdb="null stmt from dual where 1=0"
select
'''set container="''||name||''"'' stmt from v$pdbs where name!=''PDB$SEED'''
pdb
from v$database
where &cdb='YES';
-- 3) get a dynamic alter session statement. I use a dummy flagger for non-cdb
col stmt new_val stmt nopri
def stmt="SET FLAGGER=OFF"
select &pdb;
-- 4) alter session
alter session &stmt;
set feed 6
col column_name clear
col stmt clear
col pdb clear
undef cdb
undef stmt
undef pdb
del
Now I run my script
11g: ./vintage.sh
User altered.
12c-non-cdb: ./vintage.sh
User altered.
12cR2-single-tenant: ./vintage.sh
User altered.
DISCLAIMER: you shouldn’t use a global login.sql and you should know that secretly fixing old scripts may have side effects. Test, test and retest your code
DISCLAIMER 2: my frequent readers surely wonder if this statement generating a statement generating a statement is for an obfuscation contest
Legacy users get ORA-01017 in 12.2
The default case insensitive string disappeared in 12cR2, let’s call it the 10G string in this post, but it was the same since Oracle 7 at least. It was introduced in V5 or V6 to replace clear-text passwords.
What’s happening then with my ultra-old-accounts?
You could well set a new password (or the same password again) to each account to be migrated to 11g passwords before moving to 12cR2.
If nobody knows the password and nobody can change it because it is hardcoded in the application and neither easy to read (hidden / obfuscated /encrypted) nor to change, then, you are in TROUBLE ! This is documented in Note 2075401.1
First disclaimer : it is a good thing to achieve a better security. SHA1 and SHA2 are a lot better than the oldstyle-longly-hacked-unsalted-case-insensitive-homemade-algorythm. SHA3 has been published in 2015 and it not used in Oracle 12cR2 yet. SHA2 is a bit older (2001) but still recommended. SHA1 is oldish (1995) and no-longer-recommended, collision has been detected. Read more on wikipedia or crypto101
SHA-1 was a really huge improvement when introduced in 11gR1. The old self-made algorythm has been a torture for Oracle Security team. It has been published on Internet. Extremly powerfull password cracker can find your “not-too-long” password in notime. In 11g, Oracle removed the 10g String from the DBA_USERS view. I wrote about this here. It remained on the base table, USER$ until 12cR2. Now Oracle completly removed it by default in 12cR2. 10 years after SHA1 was introduced in 11gR1.
Still. You are the dba. You want to migrate your database not to chase passwords.
You could edit your sqlnet.ora to allow 10g strings.
SQLNET.ALLOWED_LOGON_VERSION_SERVER=11
This works
SQL> sho parameter sec_case_sensitive_logon
NAME VALUE
------------------------- -----
sec_case_sensitive_logon FALSE
SQL> CREATE USER "U" IDENTIFIED BY
VALUES 'DC6F2B33D359A95B';
User created.
SQL> grant create session to u;
Grant succeeded.
SQL> conn u/abcdefg@pdb01
Connected.
SQL> conn u/AbCdEfG@pdb01
Connected.
If you have SQLNET.ALLOWED_LOGON_VERSION_SERVER=11, then you could keep the same setting of sec_case_sensitive_logon as in 11g. I recommmend the default (true).
But, that’s it ? Wellllllll… not sure.
In 12.1
SQL> select dbms_metadata.get_ddl('USER','U') from dual
DBMS_METADATA.GET_DDL('USER','U')
----------------------------------
CREATE USER "U" IDENTIFIED BY
VALUES 'DC6F2B33D359A95B'
Let’s try in 12.2
SQL> select dbms_metadata.get_ddl('USER','U') from dual
DBMS_METADATA.GET_DDL('USER','U')
------------------------------------
CREATE USER "U" IDENTIFIED BY VALUES
'S:0000000000000000000000000000000
00000000000000000000000000000'
While this is a perfectly working syntax, and IDENTIFIED BY VALUES is not supported *. So if create that user, then, obviously, the 10G string is lost.
Well, unsupported feature then? Hmm, yes. You should never have used identified by values.
Ok, so if I refresh my Test database with Production data, how can I save test passwords? You can’t. At least not in a supported way by using identified by values.
You could something like :
SQL> select 'alter user "'||name||
'" identified by values '''||
password||''';' txt
from user$, v$instance
where version > '12.2'
and spare4 is null
and regexp_like(PASSWORD,'[A-F0-9]{16}');
txt
-----------------------------------
alter user "U" identified by values
'DC6F2B33D359A95B';
This may work. In 12.2.0.1. Maybe not in 13. Maybe not in 12.2.0.1.0PSU July. It’s not supported. If it does not work, it is NOT-A-BUG.
The SHA1 was introduced 10 years ago in Oracle 11gR1. If you have not changed your password in ten years, and you don’t know how many employees and ex-employees know this password, and it is case-insensitive, and its “pseudo-hashing-algorythm” has been hacked for maybe two decades, yet, I can only warmly recommend to change those accounts passwords !
Again: so if I refresh my Test database with Production data, how can I save test passwords ?
If I were you I would design a better system for login. For human users, use global users and an Identity solution, like Oracle Universal directory. For technical account, build yourself a tool that generate a random password, and update the user and credentials, something like
select
substr(
REGEXP_REPLACE(
UTL_RAW.cast_to_varchar2(
SYS.DBMS_CRYPTO.RANDOMBYTES (1024)
) ,'[^!#-~]'
),
1,
20
) PW
from dual;
PW
--------------------
%K0w(^%UN.B82Yjjfu{?
And use it to reset your technical user and to configure your application credentials.
* Note 554605.1: the 'IDENTIFIED BY VALUES' clause on a CREATE/ALTER USER statement is not officially documented, and is intended purely for internal
remote transaction timeout
If you access one table via database link and the row is locked, you may get a timeout
SQL> update emp@l set sal=sal+1
where ename='SCOTT';
1 row updated.
SQL> update emp@l set sal=sal+2
where ename='SCOTT';
update emp@l set sal=sal+2
*
ERROR at line 1:
ORA-02049: timeout: distributed
transaction waiting for lock
ORA-02063: preceding line from L
Elapsed: 00:01:00.00
SQL> sho parameter distr
NAME VALUE
--------------------------- -------
distributed_lock_timeout 60
This timeout (default 60 seconds) could be tuned, maybe to 300 seconds, if you are doing huge remote transactions
But what if you don’t want to wait one minute to get an exception? Lock the row before update then !
SQL> select ename, sal from emp@l
where ename='SCOTT'
for update wait 2;
select ename, sal from emp@l
*
ERROR at line 1:
ORA-30006: resource busy;
acquire with WAIT timeout expired
ORA-02063: preceding line from L
Elapsed: 00:00:02.01
If you want to wait only 2 seconds and not one minute, or even NOWAIT (0 second), then lock the row first. Depending on your application, waiting one minute to get an exception may be unacceptable
ANNOUNCEMENT: 12cR2 is available on AIX and HPUX and #sqldev 4.2
download it from http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
sqldeveloper 4.2 is there : http://www.oracle.com/technetwork/developer-tools/sql-developer/overview/index.html
Monitor audit_file_dest !
Until 11.2, audit_file_dest used to remain small with default settings and reasonably sized and active database. Suddenly, in 12c, you will sooned or later get ORA-09925: Unable to create audit trail file.
At that point, no more connection is possible to the database, it is a complete loss of service.
Why suddenly in 12c ? This is because the default for audit_sys_operations changed to true. In 11g, you used to get an 1K file each time you connect as sysdba. So a few tousands sysdba connections a weeks, a few mega, no worries.
Mon Mar 27 14:08:01 2017 +02:00
LENGTH : '155'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
Suddenly in 12c, you get plenty files that are many Mb. For instance for AUTOTASK jobs, every single select is dumped to the filesystem. A single week-end of an quiet database may generate 1Gb of *.aud files of DBMS_SCHEDULER.
Those DB001_j000_12345_20170327140802123456789.aud files are highly useless and annoying.
LENGTH : '641'
ACTION :[490] 'select /*+ no_parallel(t) no_parallel_index(t) dbms_stats cursor_sharing_exact use_weak_name_resl dynamic_sampling(0) no_monitoring xmlindex_sel_idx_tbl no_substrb_pad */ substrb(dump("PERIOD_END_TIME",16,0
,64),1,240) val,
rowidtochar(rowid) rwid from "SYS"."WRP$_REPORTS_TIME_BANDS" t where rowid in (chartorowid('AABJ58AADAAAMsrAAA'),chartorowid('AABJ58AADAAAMsrAAB'),chartorowid('AABJ58AADAAAMsrAAC'),chartorowid('AABJ58A
ADAAAMssAAA')) order by "PERIOD_END_TIME"'
DATABASE USER:[3] 'SYS'
PRIVILEGE :[4] 'NONE'
CLIENT USER:[0] ''
CLIENT TERMINAL:[7] 'UNKNOWN'
STATUS:[1] '0'
Once your audit_file_dest is getting full, your database stops, so better delete those *_j00*_* and *_m00*_* quickly enough!
connect / as sysoper generates ORA-1017
Today I had the issue that I could not login as sysoper on one database, despite being in the dba and oper groups.
The problem is that the osoper group was -probably- not selected during installation
e.g. in 12c /AIX
it may be called differently on your system
$ sqlplus -L -s / as sysoper
ERROR:
ORA-01017: invalid username/password; logon denied
$ awk '/H.17.*, 3/,/End/{print}' $ORACLE_HOME/rdbms/lib/config.s
.csect H.17.NO_SYMBOL{RO}, 3
.string ""
# End csect H.17.NO_SYMBOL{RO}
The string is empty. Let’s change this to oper or dba. Stopping any processes using that home is strongly recommended before relink.
$ vi $ORACLE_HOME/rdbms/lib/config.s
.string "dba"
$ relink
$ sqlplus -s -L / as sysoper
sho user
USER is "PUBLIC"
quit
$
old jdbc driver generates ORA-28040
I read on note 401934.1 that Oracle 10gR2 jdbc clients are still supported with Oracle 12c.
I have an application using an oracle10gr2 jdbc, and connection to 12c generates ORA-28040.
Connection to 11gR2 works like a charm.
O12.java
import java.util.Properties;
import java.sql.*;
public class O12 {
public static void main(String argv[]) throws
SQLException {
Properties props = new Properties();
props.setProperty("user", "scott");
props.setProperty("password", "tiger");
DriverManager.registerDriver(new
oracle.jdbc.driver.OracleDriver());
Connection conn = DriverManager.getConnection(
argv[0], props);
System.out.println("JDBC Version: "+
conn.getMetaData().getDriverVersion());
conn.close();
}
}
compile
javac -cp ojdbc14.jar O12.java
test with jdbc 10.2.0.2 db 11.2.0.4
java -cp ojdbc14.jar:. O12 jdbc:oracle:thin:@DB11204:1521:DB11204
JDBC Version: 10.2.0.2.0
test with jdbc 10.2.0.2 db 12.1.0.2
java -cp ojdbc14.jar:. O12 jdbc:oracle:thin:@DB12102:1521:DB12102
Exception in thread "main" java.sql.SQLException: ORA-28040: No matching authentication protocol
The easy solution of course is to update the driver. Even without recompile it worked.
test with jdbc 11.2.0.1 db 12.1.0.2
java -cp ojdbc5.jar:. O12 jdbc:oracle:thin:@DB12102:1521:DB12102
JDBC Version: 11.2.0.1.0
Before upgrading the db server to 12c, check 10g jdbc jar’s are upgraded
Restricted sqlplus and sql_script
Yesterday I wrote about execute sql script from plsql. Connor then posted a 12c new feature that I overviewed
@laurentsch Or perhaps just use scheduler to run them, job_type = SQL_SCRIPT
— Connor McDonald (@connor_mc_d) December 21, 2016
If you are still considering the 11g approach with sqlplus, you should read about restricted sqlplus
If you run
sqlplus -L -s -R 3 scott/tiger@db01
lot’s of OS-command are disabled
SQL> get /etc/passwd SP2-0738: Restricted command "get" not available SQL> spool /etc/oratab SP2-0738: Restricted command "spool" not available SQL> host reboot SP2-0738: Restricted command "host" not available
There is also a Product User Profile. I never saw any customer using this. I doubt it is very safe.
You could disable some commands
SQL> insert into system.PRODUCT_USER_PROFILE
(PRODUCT,USERID,ATTRIBUTE,CHAR_VALUE)
values
('SQL*Plus','SCOTT','ROLLBACK','DISABLED');
Which prevents SCOTT from doing rollabck
SQL> rollback;
SP2-0544: Command "rollback" disabled in Product User Profile
but it doesn’t resist Rock & Roll
SQL> roll & rock
Rollback complete.
If you have 12c, go have a look at the doc for SQL_SCRIPT jobs
execute sql script from pl/sql
When you want to run a SQL script, you rather use sqlplus. If you want to run it within a PL/SQL stored procedure, you are screwed. You could redo the logic of sqlplus, this is what any decent IDE and code runnner does, and it’s a pile of work and you will get lot’s of bugs…
Another approach is to use sqlplus.
Wait! calling sqlplus from plsql? Well… why not. For instance via external job
- create a table with sql scripts
- create a shell script, /tmp/ddl, that spool and executes T.text content
- create a UNIX credential
- create and run an external job
create table t(id number primary key, text clob); insert into t(id, text) values ( 42, 'update emp set sal=sal*2 /* XMas gift */;' );
#!/bin/ksh ORACLE_HOME=/u01/app/oracle/product/12.1.0/db_1 export ORACLE_HOME $ORACLE_HOME/bin/sqlplus -s -L scott/tiger <<EOF set hea off lin 2000 pages 0 trims on spo /tmp/$1.sql select text from t where id=$1; spo off @/tmp/$1 EOF
begin dbms_scheduler.create_credential( 'C','USER01','PW'); end; /
begin
DBMS_SCHEDULER.CREATE_JOB(
job_name => 'J',
job_type => 'EXECUTABLE',
number_of_arguments => 1,
job_action => '/tmp/ddl',
credential_name => 'C');
DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE(
'J', 1, '42');
DBMS_SCHEDULER.run_job('J');
end;
/
CREATE EXTERNAL JOB privilege is powerfull and your DBA won’t like it 
ANNOUNCEMENT: 12cR2 documentation is available
The doc docs.oracle.com/database/122 is available. Check new features and stay tuned.
Okay, just 12 for today : HIGH compressed index, case insensitive database with bound collation, partitioned external tables, AL32UTF8 default for new database, listagg overflow, VALIDATE_CONVERSION, approx_percentile, json_exists, flashback pluggable database, the SHARING clause, RAC streched clusters site definition and INACTIVE_ACCOUNT_TIME in profile.
Some I like more than others 
Okay, one more : SQLPLUS HISTORY !
To shrink or to move
If you delete most of the rows in one table, you probably want to regain that space, to minimize IO and fragmentation.
If you delete most of the rows in most of the tables, you probably also want to resize the datafile to reduce storage and backup space.
In this case, you could move your data in a new tablespace
alter table t move tablespace newts;
I wrote about this here : 2006/08/tablespace-maintenance-tasks.html
There is also an option to SHRINK. In oldish (pre-12cR2) releases, this had the advantage of being an online operation. In 12.2, include the online keyword.
SHRINK requires ROW MOVEMENT. I don’t like the idea of having the rowid’s changing. You have also a bunch of restrictions, amoung others on materialized view fast refreshes and index organized tables.
I am impatient to get this 12cR2. According to the doc, during an alter table move, transactions run uninterrupted on the table
OTN Appreciation Day : Partition your table online !
#ThanksOTN @oraclebase
No, I am not talking about DBMS_REDEFINITION, where you get a kind of online feeling.
No, I don’t want to rename my table, rename my foreign keys, my primary key, my not-null-constraints, recreate my referential integrity, recompile my triggers.
I just want to partition a non-partitioned table.
ALTER TABLE EMP MODIFY PARTITION BY RANGE(HIREDATE) INTERVAL(NUMTOYMINTERVAL(1, 'MONTH')) (PARTITION P1 VALUES LESS THAN (DATE '1980-01-01')) ONLINE;
This is going to save me a lot of Saturday work
You need 12.2 to run this.
Enterprise Manager 13c R2 is out
#EM13R2 is out https://t.co/dIwIn0jxp9
— laurentsch (@laurentsch) October 6, 2016
Download it here : oracle.com/technetwork/oem/grid-control/downloads
Documentation : docs.oracle.com/cd/E73210_01
What is the instance name?
If your Oracle SID doesn’t match your instance name in init.ora, this is quite confusing.
Check my previous post, what is sid in oracle
In the instance_name column of the view v$instance, as well as in USERENV context, it matches the ORACLE_SID of the underlying operating system.
SQL> var ORACLE_SID varchar2(9)
SQL> set autoprint on
SQL> exec dbms_system.get_env('ORACLE_SID',:ORACLE_SID)
PL/SQL procedure successfully completed.
ORACLE_SID
------------
ORA001
SQL> select sys_context('USERENV','INSTANCE_NAME') from dual;
SYS_CONTEXT('USERENV','INSTANCE_NAME')
---------------------------------------
ORA001
SQL> select instance_name from v$instance;
INSTANCE_NAME
----------------
ORA001
SQL>
This is not the same as the init.ora parameter
SQL> select name, value, description from v$parameter where name='instance_name'; NAME VALUE DESCRIPTION ------------- --------- ---------------------------------------- instance_name INS001 instance name supported by the instance SQL>
The instance_name doesn’t have to match anything. It’s of relevance if you use ADR. And you probably do. Background dump dest and family are deprecated now. In your ADR docu you’ll read
{ORACLE_BASE}/diag/rdbms/{DB_UNIQUE_NAME}/{SID}/trace
But this SID is actually your init.ora instance name. And not your ORACLE_SID.
What is SID in Oracle ?
In the doc you’ll find, it’s the Oracle system identifier.
Okay, let’s imagine the following
Environment:
ORACLE_SID=ORA001
init.ora:
DB_NAME=DB001 DB_UNIQUE_NAME=UNI001 INSTANCE_NAME=INS001 SERVICE_NAMES=SVC001,SVC002 DB_DOMAIN=EXAMPLE.COM GLOBAL_NAMES=false
database:
SQL> select * from GLOBAL_NAME; GLO001.example.com
listener.ora:
SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (GLOBAL_NAME=GLO001.EXAMPLE.COM) (SID_NAME=ORA001) ) )
What is my SID? Actually there is more than one correct answer.
In the environment, Oracle SID is ORA001. This matches SID_NAME in listener.ora. It does not have to match database name, unique name, global name or instance_name.
$ lsnrctl services Services Summary... Service "GLO001.EXAMPLE.COM" has 1 instance(s). Instance "ORA001", status UNKNOWN, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:7 refused:0 LOCAL SERVER
As the instance is not running, I have only my listener.ora static connections.
The SERVICE_NAME is GLO001.EXAMPLE.COM and the SID is ORA001.
$ sqlplus "sys/***@ (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=SRV001) (PORT=1521) ) (CONNECT_DATA= (SERVICE_NAME=GLO001.EXAMPLE.COM) ) )" as sysdba Connected to an idle instance. SQL> $ sqlplus "sys/***@ (DESCRIPTION= (ADDRESS= (PROTOCOL=TCP) (HOST=SRV001) (PORT=1521) ) (CONNECT_DATA= (SID=ORA001) ) )" as sysdba Connected to an idle instance. SQL>
Let’s start
SQL> startup
and check my services
$ lsnrctl services Services Summary... Service "SVC001.EXAMPLE.COM" has 1 instance(s). Instance "INS001", status READY, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:0 refused:0 state:ready LOCAL SERVER Service "SVC002.EXAMPLE.COM" has 1 instance(s). Instance "INS001", status READY, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:0 refused:0 state:ready LOCAL SERVER Service "UNI001.EXAMPLE.COM" has 1 instance(s). Instance "INS001", status READY, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:0 refused:0 state:ready LOCAL SERVER Service "GLO001.EXAMPLE.COM" has 1 instance(s). Instance "ORA001", status UNKNOWN, has 1 handler(s) for this service... Handler(s): "DEDICATED" established:13 refused:0 LOCAL SERVER The command completed successfully
I know have 4 service names :
- The global name in listener.ora
- the unique name in init.ora
- both service name in init.ora
And 2 sid
- The SID in listener.ora
- The instance name in init.ora
While we often have sid = oracle_sid = service_name = service_names = global_name = instance_name = db_name = db_unique_name, if you switch from SID to SERVICE_NAME, this could be help to identify legacy application.
If you read the doc carefully, you may have noticed the SID is no longer documented as a valid clause of CONNECT_DATA in 11g and 12c
In 10gR2 :
http://docs.oracle.com/cd/B19306_01/network.102/b14213/tnsnames.htm#i477921
Use the parameter SID to identify the Oracle8 database instance by its Oracle System Identifier (SID). If the database is Oracle9i or Oracle8, use the SERVICE_NAME parameter rather than the SID parameter.
This is probably a documentation bug, I would rephrase this as If the database is Oracle9i or Oracle8i or later.
In 11g and 12c, the comment disappeared. Oracle 8i was released last century, but SID didn’t completly disappear from tnsnames. Yet.
duplicate to a future date
If you work with large databases, you often wait way to long for the clones. Typically you want to duplicate a 10TB database to production timestamp 9am, and you start at 9am and then you wait for hours.
Is it possible to start the clone, let’s say, at midnight, and set until time 9am?
No! You’ll get
RMAN-06617: UNTIL TIME (2016-05-21 09:00:00) is ahead of last NEXT TIME in archived logs (2016-05-20 23:58:52)
But… you could start to restore the datafiles at midnight.
sqlplus sys/***@db02 as sysdba <<EOF
alter system set db_name='DB01' scope=spfile;
alter system set db_unique_name='DB02' scope=spfile;
startup force nomount
EOF
rman target sys/***@db01 auxiliary sys/***@db02 <<EOF
restore clone primary controlfile;
alter clone database mount;
run {
set newname for datafile 1 to
"/db02/system01.dbf";
set newname for datafile 2 to
"/db02/sysaux01.dbf";
set newname for datafile 3 to
"/db02/undotbs1_02.dbf";
set newname for datafile 4 to
"/db02/users01.dbf";
restore clone database
;
}
EOF
This is exactly when RMAN does when you issue a duplicate. You could use the supported RESTORE command instead of the unsupported RESTORE CLONE command. But then it’ll get a bit more complex as you need to find out the location of your backup and so on.
At 9am, you issue your duplicate, and you’ll see
skipping datafile 1; already restored to file /db02/system01.dbf skipping datafile 2; already restored to file /db02/sysaux01.dbf skipping datafile 3; already restored to file /db02/undotbs1_02.dbf skipping datafile 4; already restored to file /db02/users01.dbf
You just saved nine hours 
column width change in 12c
In 11g I used to have 30 characters width in my dictionary
SQL> select table_name, column_name from user_tab_columns; TABLE_NAME COLUMN_NAME ------------------------------ ------------------------------ BONUS COMM BONUS SAL BONUS JOB BONUS ENAME DEPT LOC DEPT DNAME DEPT DEPTNO EMP DEPTNO EMP COMM EMP SAL EMP HIREDATE TABLE_NAME COLUMN_NAME ------------------------------ ------------------------------ EMP MGR EMP JOB EMP ENAME EMP EMPNO SALGRADE HISAL SALGRADE LOSAL SALGRADE GRADE 18 rows selected.
Which was pretty nice to read with no setting.
Now in 12c it is ugly enought to make your eyes tired
SQL> select table_name, column_name from user_tab_columns; TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ DEPT DEPTNO DEPT DNAME DEPT LOC TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ EMP EMPNO EMP ENAME EMP JOB TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ EMP MGR EMP HIREDATE EMP SAL TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ EMP COMM EMP DEPTNO BONUS ENAME TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ BONUS JOB BONUS SAL BONUS COMM TABLE_NAME ------------------------------------------------------------------------------------------------------------------------ COLUMN_NAME ------------------------------------------------------------------------------------------------------------------------ SALGRADE GRADE SALGRADE LOSAL SALGRADE HISAL 18 rows selected. SQL>
This is due to a change of the width of the underlying column in the dictionary. Probably a good-news for our data modeling colleagues that it may be 128 in future.
But currently it is only 30 characters in 12c. So why not format it correctly ?
Simply add the format in $ORACLE_HOME/sqlplus/admin/glogin.sql
col TABLE_NAME for a30 col COLUMN_NAME for a30
DISCLAIMER: it’s fine to add UNIQUE_KEY_LEVEL_NAME or REFERENCED_TRIGGER_NAME, but you may have application tables that have columns called OWNER or USER, it is probably safer to not assume they are all smaller than 30 chars, so don’t add common names.
Drop table cascade and reimport
Happy new year
Today I had to import a subset of a database and the challenge was to restore a parent table without restoring its children. It took me some minutes to write the code, but it would have taken days to restore the whole database.
CREATE TABLE t1( c1 NUMBER CONSTRAINT t1_pk PRIMARY KEY); INSERT INTO t1 (c1) VALUES (1); CREATE TABLE t2( c1 NUMBER CONSTRAINT t2_t1_fk REFERENCES t1, c2 NUMBER CONSTRAINT t2_pk PRIMARY KEY); INSERT INTO t2 (c1, c2) VALUES (1, 2); CREATE TABLE t3( c2 NUMBER CONSTRAINT t3_t2_fk REFERENCES t2, c3 NUMBER CONSTRAINT t3_pk PRIMARY KEY); INSERT INTO t3 (c2, c3) VALUES (2, 3); CREATE TABLE t4( c3 NUMBER CONSTRAINT t4_t3_fk REFERENCES t3, c4 NUMBER CONSTRAINT t4_pk PRIMARY KEY); INSERT INTO t4 (c3, c4) VALUES (3, 4); COMMIT; expdp scott/tiger directory=DATA_PUMP_DIR dumpfile=scott.dmp reuse_dumpfiles=y
Now what happen if I want to restore T2 and T3 ?
If possible, I check the dictionary for foreign keys from other tables pointing to T2 and T3.
SELECT constraint_name
FROM user_constraints
WHERE (r_constraint_name) IN (
SELECT constraint_name
FROM user_constraints
WHERE table_name IN ('T2', 'T3'))
AND table_name NOT IN ('T2', 'T3');
TABLE_NAME CONSTRAINT_NAME
------------------------------ ------------------------------
T4 T4_T3_FK
T4 points to T3 and T4 has data.
Now I can drop my tables with the cascade options
drop table t2 cascade constraints; drop table t3 cascade constraints;
Now I import, first the tables, then the referential constraints dropped with the cascade clause and not on T2/T3.
impdp scott/tiger tables=T2,T3 directory=DATA_PUMP_DIR dumpfile=scott.dmp impdp scott/tiger "include=ref_constraint:\='T4_T3_FK'" directory=DATA_PUMP_DIR dumpfile=scott.dmp
It’s probably possible to do it in one import, but the include syntax is horrible. I tried there
Licensing Cloud Control
I just read the Enterprise Manager Licensing Information User Manual today. They are a lot of packs there, and you may not even know that autodiscovering targets is part of the lifecycle management pack or that blackouts are part of the diagnostic pack.
Have a look