Oracle Database Links Master Class Part 1 Written and presented by Joel Goodman July 1st 2009

Similar documents
Oracle Database Links Part 2 - Distributed Transactions Written and presented by Joel Goodman October 15th 2009

Managing Objects with Data Dictionary Views. Copyright 2006, Oracle. All rights reserved.

Integrating OID/SSO with E- Business Suite and Third-Party SSO Solutions. Presented by Paul Jackson (Norman Leach)

Microsoft Active Directory and Windows Security Integration with Oracle Database

SEER Enterprise Shared Database Administrator s Guide

Oracle. Brief Course Content This course can be done in modular form as per the detail below. ORA-1 Oracle Database 10g: SQL 4 Weeks 4000/-

Security and Control Issues within Relational Databases

ORACLE DATABASE SECURITY. Keywords: data security, password administration, Oracle HTTP Server, OracleAS, access control.

Oracle Database 10g Express

Managing User Accounts

HP Quality Center. Upgrade Preparation Guide

MyOra 3.0. User Guide. SQL Tool for Oracle. Jayam Systems, LLC

Configuring and Integrating Oracle

CA DataMinder. Database Guide. Release th Edition

SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package Data Federation Administration Tool Guide

CHAPTER 2 DATABASE MANAGEMENT SYSTEM AND SECURITY

PUBLIC Installation: SAP Mobile Platform Server for Linux

1 Changes in this release

User Management Guide

Overview. Edvantage Security

Centralized Oracle Database Authentication and Authorization in a Directory

Virtual Private Database Features in Oracle 10g.

MyOra 3.5. User Guide. SQL Tool for Oracle. Kris Murthy

Database 10g Edition: All possible 10g features, either bundled or available at additional cost.

Oracle Database: SQL and PL/SQL Fundamentals NEW

Group Management Server User Guide

LDAP User Service Guide 30 June 2006

Achieving Security Compliancy and Database Transparency Using Database Activity Monitoring Systems

Developing SQL and PL/SQL with JDeveloper

Managing User Accounts

Tivoli Security Compliance Manager. Version rel. 2 July, Collector and Message Reference Windows Oracle Addendum

Setting up the Oracle Warehouse Builder Project. Topics. Overview. Purpose

Contents About the Contract Management Post Installation Administrator's Guide... 5 Viewing and Modifying Contract Management Settings...

Embarcadero Performance Center 2.7 Installation Guide

Oracle Database Security

Avatier Identity Management Suite

4. Getting started: Performing an audit

Novi Survey Installation & Upgrade Guide

Your Question. Net Report Answer

There are more security levels in ARCHIBUS, as described bellow.

3.GETTING STARTED WITH ORACLE8i

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Using LDAP Authentication in a PowerCenter Domain

Postgres Plus Migration Guide

Workflow Templates Library

Secure Messaging Server Console... 2

Setting up SQL Translation Framework OBE for Database 12cR1

Oracle Identity Manager, Oracle Internet Directory

SQL DATABASE PROGRAMMING (PL/SQL AND T-SQL)

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

Choosing a Data Model for Your Database

Managing rights in PostgreSQL

Dashboard Admin Guide

EMC Unisphere for VMAX Database Storage Analyzer

Monitoring Audit Trails Using Enterprise Manager

Oracle Database 11 g Performance Tuning. Recipes. Sam R. Alapati Darl Kuhn Bill Padfield. Apress*

Cisco Process Orchestrator Installation Guide

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

KMx Enterprise: Integration Overview for Member Account Synchronization and Single Signon

IIS, FTP Server and Windows

Protecting Data Assets and Reducing Risk

Auditing manual. Archive Manager. Publication Date: November, 2015

Integrating LANGuardian with Active Directory

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

Oracle 11g DBA Online Course - Smart Mind Online Training, Hyderabad. Oracle 11g DBA Online Training Course Content

5. CHANGING STRUCTURE AND DATA

Quality Center LDAP Guide

Experiment 5.1 How to measure performance of database applications?

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Managing User Accounts

Duration Vendor Audience 5 Days Oracle End Users, Developers, Technical Consultants and Support Staff

Software Architecture Document

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:

Oracle EBS Interface Connector User Guide V1.4

CEN 559 Selected Topics in Computer Engineering. Dr. Mostafa H. Dahshan KSU CCIS

AWS Schema Conversion Tool. User Guide Version 1.0

Denodo Data Virtualization Security Architecture & Protocols

Documentum Business Process Analyzer and Business Activity Monitor Installation Guide for JBoss

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Real Life Database Security Mistakes. Stephen Kost Integrigy Corporation Session #715

Windows Server 2003 Logon Scripts Paul Flynn

Postgres Plus xdb Replication Server with Multi-Master User s Guide

Oracle EXAM - 1Z Oracle Database 11g Security Essentials. Buy Full Product.

An Oracle White Paper March Integrating Oracle Database Vault with Oracle Application Express

Configuration Worksheets for Oracle WebCenter Ensemble 10.3

Oracle 11g Database Administration

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Concepts of Database Management Seventh Edition. Chapter 7 DBMS Functions

Rebasoft Auditor Quick Start Guide

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

2. Oracle SQL*PLUS Winter Some SQL Commands. To connect to a CS server, do:

User's Guide. Product Version: Publication Date: 7/25/2011

SQL Injection in web applications

Credit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600

Transcription:

Oracle Database Links Master Class Part 1 Written and presented by Joel Goodman July 1st 2009

About Me Email: Joel.Goodman@oracle.com Blog: dbatrain.wordpress.com Application Development and Support 1976 to 1982 Software Development and Consultancy 1983 to 1986 IT Training Mainframe Technology 1986 to 1993 Oracle Support 1994 to 1996 Oracle University 1997 to Present OCP DBA 1997 to Present - Releases 7.3 to 11g Oracle 9i OCM DBA from 2002 10g from 2006 DBA Curriculum Delivery: Basic, Advanced, DSI Global DBA Certification Development Team Leader EMEA Core Delivery Technical Team Leader Member DBA Curriculum Quality Review Team Member Oak Table Network 2

Mini-Lesson Objectives Database Links Defined Globally Unique Object Names Database Links Description Creating and Managing Database Links Global Database Naming Database Link Initialisation Parameters Dictionary and Dynamic Performance Views Statistics, Wait Events and Database Links Common Errors Using Database Links Remote Access Management Location Transparency 3

Database Links Defined A Database Link is: A Pointer from one DB to another Stored in the Data Dictionary Is a Uni-Directional Resource Definition DB Links between different versions of Oracle must be supported based on the client-server Interoperability matrix. See note 207303.1 Is Used by Streams,Replication,DB Cloning and Data Guard 4

Database Links Categories Database Links have three main Dimensions: Ownership Private Public Global Security Context Fixed User Connected User Current User Sharing Shared Non-shared 5

Database Link Ownership Private Public Global They may be used in combination at times 6

Creating Private Database Links Create a private link that will use the connect string SALESDW : CREATE DATABASE LINK SALESDW.MYCO.COM CONNECT TO SH IDENTIFIED BY SH USING SALESDW_MYCO ; To use the Link: SELECT * FROM SH.SALES@SALESDW.MYCO.COM; 7

Private Database Link Usage Private Database Links are created in one s own schema Are visible in USER_DB_LINKS view OWNER column in DBA_DB_LINKS and ALL_DB_LINKS views will have username May be used only by the link owner May be used with a Public Link of the same name for maintenance reasons The USING clause and a corresponding TNSNAMES.ORA entry are required Requires the CREATE DATABASE LINK system privilege 8

Creating Public Database Links CREATE PUBLIC DATABASE LINK SALESDW.MYCO.COM USING SALESDW_MYCO ; To use the Link: SELECT * FROM SH.SALES@SALESDW.MYCO.COM; 9

Public Database Link Usage Public Database Links are on the public schema Are visible in ALL_DB_LINKS view OWNER column in DBA_DB_LINKS and ALL_DB_LINKS views will be PUBLIC May be used by any user The USING clause and a corresponding TNSNAMES.ORA entry are optional but often used May have same name as a private link to separate the Network details fro the security details easing administration Requires the CREATE PUBLIC DATABASE LINK system privilege 10

Resolving Database Link Names CREATE PUBLIC DATABASE LINK SALESDW.MYCO.COM USING SALESDW_MYCO ; CREATE DATABASE LINK SALESDW.MYCO.COM CONNECT TO SH IDENTIFIED BY SH; What happens when the public and private link share the same name? Eases Administration when many private links connect to same remote database 11

Global Database Links Are defined with the same attributes as a Private or Public Database Link Are used in the same way as Private or Public links Name Resolution provided by an OID Name Server or Oracle Name Server in Older releases See Net Services Administrators Guide for details on creating entries to act as Global Database Links 12

Database Link Security Context Public and Private Database Links have one of three security contexts: Fixed user Connected user Current user Context chosen may depend on: Third Party Package Requirement Home Grown Security needs Security Admin specifications B2B requirements 13

Fixed User Database Links To create a link for a fixed user, include the username and password in the link. Private DB Links are often Fixed-User Links The USING clause may be omitted if a Public Database Link with the same name exists CREATE DATABASE LINK SALESDW.MYCO.COM CONNECT TO SH IDENTIFIED BY SH USING SALESDW_MYCO ; 14

Connected User Database Links User SH connects to a local database: SQL> CONNECT SH/SH SH invokes an application which uses a public or private dblink without the CONNECT TO clause to connect to a remote database: CREATE DATABASE LINK SALESDW.MYCO.COM USING SALESDW_MYCO ; SQL> SELECT * FROM SALES@SALESDW.MYCO.COM; 15

Current User Database Links User SH connects to a local database: SQL> CONNECT SH/SH SH invokes an application which uses a public or private dblink with the CONNECT TO CURRENT USER clause to execute a procedure on the remote database instance: CREATE DATABASE LINK SALESDW.MYCO.COM CONNECT TO CURRENT_USER USING SALESDW_MYCO ; SQL> EXECUTE HR.HIRE_EMP@SALESDW.MYCO.COM; Requires ASO 16

Current User Database Links Oracle Identity Management OIM Metadata Repository OID Verifies user Client Username and password Oracle DB Applies roles SSL Current user database link Oracle DB 17

ASO and Current User Database Links Local and remote databases must have global schemas Local Schema must be exclusive Remote schema may be exclusive or shared Enterprise users must be mapped to the global schemas Secure Connection required between the Databases See Details in Note 264872.1 18

Database Link Sharing Non-Shared Database Links Shared Database Links Network Connections 19

Non-shared Database Links Use Private links in single-user situations Prevents many or all shared server sessions creating connections to the remote server on behalf of the same user CREATE DATABASE LINK SALESDW.MYCO.COM CONNECT TO SH IDENTIFIED BY SH USING SALESDW_MYCO ; 20

Shared Database Links Reduces Number of network connections Works with Dedicated and Shared Server AUTHENTICATED BY user must be defined on remote database and have CREATE SESSSION privs Link may be public or private CREATE SHARED [PUBLIC] DATABASE LINK SALESDW.MYCO.COM [CONNECT TO [SH IDENTIFIED BY SH] [CURRENT_USER]] AUTHENTICATED BY SHARED_GUEST IDENTIFIED BY JOEL [USING SALESDW_MYCO ]; 21

Effect of Shared Database Links Using Non-Shared Database Links 100 local sessions for any users each connecting to a remote database requires 100 connections to the remote database for the open dblinks. Local connections may be Dedicated or Shared Server. Using Shared Database Links With Shared Server If 10 local Shared Server processes exist and 100 local sessions login, each connecting to a remote database, then only 10 direct network connections are needed locally and 10 to the remote database for the open links. With Dedicated Server -If 10 local clients connect 10 times each to local Dedicated Servers thereby creating 100 local sessions, and each session references the same remote database, then only 10 connections are needed to the remote database for the open links. 22

Guidelines for Shared Database Links Shared dblinks use more network connections when many or all local logins use the same username Use shared dblinks when many local users need to use the same link or when the number of local users accessing a database link is expected to be much larger than the number of shared servers in the local database Often shared db links are used for public database links, but may also be used for private database links when many clients access the same local schema and therefore the same private dblink The AUTHENTICATED BY user must exist in the remote database and be granted CREATE SESSION privilege. This protects the remote shared server process which keeps the original connected user session open until another local user reuses the shared link. The authenticated user remains the same throughout providing guaranteed authentication to use the link. 23

Multiple Database Links with Connection Qualifiers Use Qualifiers for specific RAC Instances for Streams Use also for different protocols CREATE PUBLIC DATABASE LINK SALESDW.MYCO.COM@INST1 USING SALESDW_MYCO_I1 ; CREATE PUBLIC DATABASE LINK SALESDW.MYCO.COM@INST2 USING SALESDW_MYCO_I2 ; 24

Database Links and Global Naming SalesDW SalesDW SalesDW Node UK.COM Node FR.COM Node NL.COM SELECT * FROM SALES_HST@SALESDW???? 25

Defining Global Names Global database names: If global_names = TRUE on the local database, then the database link name must match the global_name of the remote database thereby enforcing unique dblink names otherwise: ORA-02085: database link <name> connects to <database name> To view a database s global name, query the data dictionary view GLOBAL_NAME Set GLOBAL_NAME as follows: SQL> Alter database rename global_name to salesdw.uk.com ; Uses Hierarchical domain naming model based on DB_NAME and DB_DOMAIN Parameters 26

Globally Unique Object Names Unique object names comprise a: Schema name Object name Global Database Name Reference to a Globally unique object may be explicit or use a public or private synonym. Synonyms provide Location transparency 27

Using Synonyms and DB Links Synonyms may be used for Tables, Views and Mviews Procedures, Functions and Packages Sequences and Operators Object Types and Java Class Objects Other Synonyms Synonyms for remote functions or procedures must specify the schema owner in the for clause Synonyms for other objects may omit the schema owner in which case it defaults to the schema of the session on the remote instance. 28

Closing Database Links Close Database links for a session when: The user session must be terminated The network connection established by the link is used infrequently in the application or no longer required Max open links per session is controlled by: OPEN_LINKS OPEN_LINKS_PER_INSTANCE Session s Open Links seen in V$DBLINK Close Open Links with idle time in profile or: ALTER SESSION CLOSE DATABASE LINK name ; DBMS_SESSION.CLOSE_DATABASE_LINK(<name>); 29

Closing Database Links Closing Links may not be done in mid transaction Results in ORA-02080 database link is in use Queries will open transactions and are visible in V$GLOBAL_TRANSACTION V$TRANSACTION Use COMMIT to close transactions when updates have been done Use ROLLBACK or COMMIT for Queries If not done may cause Undo Segment problems 30

Dropping Database Links Drop a Database Link when the application no longer requires it. Redefine a link when: Security breaches demand it Physical databases must be moved Network protocols change Node names change DROP DATABASE LINK linkname ; DROP PUBLIC DATABASE LINK linkname; 31

Database Link Parameters GLOBAL_NAMES OPEN_LINKS 32

GLOBAL_NAMES Parameter Specifies if a DB link must have the same name as the database to which it connects Value may be TRUE or FALSE If set to TRUE on the Local Database Instance then a Database Link name used must match the Global Name of the Remote Database at the time the link is used. May require DB Link Qualifiers to avoid duplicate names Permits consistent naming conventions for databases and links in your Oracle network Is Session and System Modifiable 33

OPEN_LINKS Parameter Specifies the maximum number of concurrent open connections to remote databases from one session in a instance. Includes External Callouts Cartridges Value is numeric from 0 to 255 Is not Modifiable Connection closes when: Session Ends Explicitly closed using ALTER SESSION CLOSE DATABASE LINK 34

Database Link Views DBA_DB_LINKS USER_DB_LINKS ALL_DB_LINKS DBA_SYNONYMS USER_SYNONYMS ALL_SYNONYMS V$DBLINK GV$DBLINK 35

Data Dictionary Views DBA_DB_LINKS - All Links in the Database ALL_DB_LINKS DB Links accessible to current user Columns OWNER DB_LINK USERNAME Description Owner of the database link Link Name User logging into remote db HOST Oracle Net Connect String CREATED Date Created 36

Data Dictionary Views USER_DB_LINKS Links owned by current user Columns Description DB_LINK Link Name USERNAME User logging into remote db PASSWORD Null (backward compatibility) HOST Oracle Net Connect String CREATED Date Created 37

Querying Database Links SQL> SELECT 2 db_link, 3 owner, 4 nvl(username, '**********') username, 5 host, 6 TO_CHAR(created, 'DD-Mon-YYYY HH24:MI:SS') created 7 FROM 8 dba_db_links 9 ORDER BY 10 host, owner, db_link; DB Link Owner User Host Created ----------------- -------- -------- ----------------- -------------------- db1.uk.oracle.com PUBLIC ******** db1.uk.oracle.com 03-Jan-2009 09:49:30 db3.uk.oracle.com PUBLIC ******** db3.uk.oracle.com 10-Jan-2009 09:52:18 db2.uk.oracle.com PUBLIC ******** db2.uk.oracle.com 06-Jan-2009 16:24:09 db1.uk.oracle.com ADMINDBS ADMINDBS 10-Jan-2009 10:00:16 db3.uk.oracle.com ADMINDBS ADMINDBS 10-Jan-2009 09:54:16 db2.uk.oracle.com ADMINDBS ADMINDBS 10-Jan-2009 10:00:06 db1.uk.oracle.com ADMINDB1 ADMINDB1 03-Jan-2009 09:50:26 db3.uk.oracle.com ADMINDB1 ADMINDB1 03-Jan-2009 09:53:31 db2.uk.oracle.com ADMINDB1 ADMINDB1 10-Jan-2009 16:22:16 db1.uk.oracle.com HR HR 05-Jan-2009 11:42:58 10 rows selected. 38

Data Dictionary Views DBA_SYNONYMS All Synonyms in the Database ALL_SYNONYMS Synonyms accessible to current user Columns OWNER SYNONYM_NAME TABLE_OWNER Description Owner of the database link Synonym Name Object owner of Synonym target TABLE_NAME Object name of Synonym target DB_LINK DB Link used if any 39

Data Dictionary Views USER_SYNONYMS Synonyms owned by current user Columns Description SYNONYM_NAME Synonym Name TABLE_OWNER Object owner of Synonym target TABLE_NAME Object name of Synonym target DB_LINK DB Link used if any 40

Querying Synonyms SQL> select owner,synonym_name,table_owner as object_owner,table_name as object_name,db_link from dba_synonyms where db_link not null order by 1,2,3,4; OWNER SYNONYM_NAME OBJECT_OWN OBJECT_NAME DB_LINK ---------- ---------------- ---------- ---------------- ------------- SYSTEM SIDFUNC_ANGEL1 SYSTEM SIDFUNC ANGEL@ANGEL1 SYSTEM SIDFUNC_ANGEL2 SYSTEM SIDFUNC ANGEL@ANGEL2 41

Dynamic Performance Views V$DBLINK - Open DB Links for current session GV$DBLINK Has extra column INST_ID Columns DB_LINK OWNER_ID LOGGED_ON Description link name Owner of the database link UID Is database link currently logged on HETEROGENEOUS Is it heterogeneous PROTOCOL Protocol used by the database link OPEN_CURSORS open cursors for the database link IN_TRANSACTION Is database link in a transaction UPDATE_SENT have updates occurred COMMIT_POINT_STRENGTH TXN Commit point strength 42

Statistics and Database Links Database Link Statistics SQL*Net roundtrips to/from dblink bytes received via SQL*Net from dblink bytes sent via SQL*Net to dblink bytes via SQL*Net vector from dblink bytes via SQL*Net vector to dblink 43

Wait Events and Database Links Database Link Wait Events SQL*Net break/reset to dblink SQL*Net message from dblink SQL*Net message to dblink SQL*Net more data from dblink SQL*Net more data to dblink SQL*Net vector data from dblink SQL*Net vector data to dblink P1 is Driver ID for all Events P2 is number of bytes for all but break/reset where it is break? 44

Common Errors Using Database Links ORA-12154 "TNS:could not resolve service name ORA-12224 "TNS:no listener" ORA-12305 "TNS:listener could not resolve SID given in connect descriptor" ORA-01004: Default username feature not supported; logon denied ORA-25426: Remote instance does not support shared DBLINKs ORA-02085: Database link name connects to name 45

Remote Access Management Unsynchronised User Accounts Synchronised User Accounts Single Shared Accounts Location Transparency Synonyms Views Procedural Code Password Management Auditing 46

Unsynchronised User Accounts Create one public Database Link for each remote database to be accessed. A CONNECT TO clause is explicitly specified in all private links thereby using Fixed User Database Links If USING clause is omitted, all private links inherit the public link definition that shares the same name Implications Users must change their own passwords Private links must be recreated each time a remote password changes Users must have privilege to manage private links Private links may be defined incorrectly, thus resulting in errors Administrators need only give the remote account minimal privilege 47

Synchronised User Accounts Create one public database link for each remote database to be accessed. The CONNECT TO and IDENTIFIED BY clauses are not specified or specify CURRENT_USER No private links are necessary thereby using Connected User or Current User Database Links Implications Users do not need to create private links. Users do not need to administer passwords DBA must synchronise passwords for all users at all sites which means every username and password must be the same at all sites Having the same passwords on multiple sites may not be acceptable for security reasons. Administrators need only give the remote account minimal privileges. 48

Single Shared Accounts Create one public database link for each remote database to be accessed. No private links are necessary CONNECT TO and IDENTIFIED BY clauses are specified thereby using Fixed User Database Links Implications Users do not need to create private links. Users do not need to administer passwords DBAs must recreate a public link when a remote account password changes on database pointed to by that link Remote accounts must have privileges granted. If local user password is disclosed, all sites are vulnerable. Auditing sessions BY USER on remote database not useful when different local users connect to the remote database using the shared account link 49

Location Transparency Create a private Database Link owned by a local privileged user account Use Synonyms to hide the Globally Unique Name of the object Create Local Views that access remote objects Embed references to remote objects in local code Implications: Direct access to remote sites not required by local users also improving security and reducing account maintenance Administrators control security from one local site Remote object locations are unknown to application providing better security Objects can be moved without any changes being made to application code, thereby reducing programming maintenance Links must be recreated if the location changes 50

Database Links and Passwords Good practice requires passwords to change. Cascade password changes to database links. Fixed links: Find links to be changed by username. Connected user links: Find links to be changed by username. Current user links: User credentials are in the directory. 51

Database Links and Auditing Auditing must be done locally Local auditing will not catch access to remote objects but auditing in the remote database may be used. Remote database does not distinguish between local connections and connections from a remote database The user audited on the remote database is the one associated with the DB Link session. This depends on whether the link is a Fixed User, Connected User or Current User DB Link 52

Summary Database Links Defined Globally Unique Object Names Database Links Description Creating and Managing Database Links Global Database Naming Database Link Initialisation Parameters Dictionary and Dynamic Performance Views Statistics, Wait Events and Database Links Common Errors Using Database Links Remote Access Management Location Transparency 53

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information