DBA: Security and Backups Guide to Oracle 10g Advanced Databases 1 Agenda • Understand the need for security. • Learn about System Permissions and Object permissions. • Understand the purpose of Roles. • Explore Security-focused SQL. • Explain backup and restore options. Advanced Databases 2 Overview of Database Administration • Information technology (IT) department – Database Administrator (DBA) – Manages database – Roles: • Service • Production Guide to Oracle 10g Advanced Databases 3 Installing an Oracle 10g Database • Oracle 10g DBMS editions: – Enterprise – Standard – Personal Guide to Oracle 10g Advanced Databases 4 Oracle 10g Folder Structure • Default directory structure – C:\oracle\product\10.1.0 • Oracle Home – Located beneath C:\Oracle_Base – Contains subdirectories for Oracle software executables and network files – Must be unique for each product Guide to Oracle 10g Advanced Databases 5 Database Server System Requirements • Online documentation provided on product CD contains exact system requirements • Server workstation should have: – At least 200MHz processor – At least 256 MB of main memory – Virtual memory size should be double amount of RAM – 100 MB of temporary disk space Guide to Oracle 10g – 256 video adapter Advanced Databases 6 Database Server System Requirements (continued) • Server workstation should have: – NTFS (NT File System) – Hard disk requirements: • 32 MB required Guide to Oracle 10g Advanced Databases 7 Windows Operating Systems on Which You Can Install the Oracle 10g DBMS Guide to Oracle 10g Advanced Databases 8 Hard Disk Space Requirements for NTFS Guide to Oracle 10g Advanced Databases 9 Oracle 10g Universal Installer • Java-based graphical user interface (GUI) tool • Install and remove Oracle software • Automatically installs Oracle version of Java Runtime Environment (JRE) • Pages for Oracle Database 10g installation: – Specify File Locations – Select Installation Type Guide to Oracle 10g – Select Database Configuration Advanced Databases 10 Oracle 10g Universal Installer (continued) • Pages for Oracle Database 10g installation: – Specify Database Configuration Options – Select Database Management Option – Specify Database File Storage Option – Specify Backup and Recovery Options – Specify Database Schema Passwords – Summary Guide to Oracle 10g Advanced Databases 11 Select Database Configuration Page Guide to Oracle 10g Advanced Databases 12 Oracle 10g Universal Installer (continued) • • • • • Global database name Database system identifier (SID) IP address Domain name Tools that Universal Installer automatically installs: – Oracle Net Configuration Assistant Guide to Oracle 10g – Oracle Database Configuration Assistant Advanced Databases 13 Configuration Tools Page Guide to Oracle 10g Advanced Databases 14 Configuring Client Applications to Connect to an Oracle 10g Database • Configure connect strings for client applications – Local naming – Oracle Internet Directory Guide to Oracle 10g Advanced Databases 15 Local Naming • tnsnames.ora – File stores connect string and database connection information – On client workstation in Oracle_Home\network\admin • Connect descriptor • Port • Service nameGuide to Oracle 10g Advanced Databases 16 Oracle 10g TCP/IP Connect Descriptor Structure Guide to Oracle 10g Advanced Databases 17 Oracle Internet Directory • Stores connect descriptor and service name information on directory server • Oracle Internet Directory (OID) server – Uses Lightweight Directory Access Protocol (LDAP) Guide to Oracle 10g Advanced Databases 18 Sample LDAP Directory Server Entries Guide to Oracle 10g Advanced Databases 19 Using OID to Create a Database Connection Guide to Oracle 10g Advanced Databases 20 Removing an Oracle 10g Database • Installation process automatically writes configuration information into system registry • Use Universal Installer to remove Oracle 10g applications – Does not remove all application files – Or all application configuration information from system registry Guide to Oracle 10g Advanced Databases 21 Using Oracle Enterprise Manager 10g to Perform Database Administration Tasks • User account must have DBA role • Oracle Enterprise Manager (OEM) – Three-tier architecture – Console • Oracle Management Server (OMS) – Interacts with repository – Makes it easier for DBAs to administer multiple Guide to Oracle 10g databases in organization’s network Advanced Databases 22 Oracle Enterprise Manager Architecture Guide to Oracle 10g Advanced Databases 23 Using Oracle Enterprise Manager 10g to Perform Database Administration Tasks (continued) • OEM deployment options: – Centrally – Locally Guide to Oracle 10g Advanced Databases 24 Oracle Enterprise Manager Database Control Home Page Guide to Oracle 10g Advanced Databases 25 Overview of the OEM Console • Provides graphical, Web-based environment – Enables DBAs to perform database administration support role tasks for any database server Guide to Oracle 10g Advanced Databases 26 Managing Navigation in the OEM • Property page links: – Home – Performance – Administration – Maintenance Guide to Oracle 10g Advanced Databases 27 OEM Performance Property Page Guide to Oracle 10g Advanced Databases 28 Connecting to a Database and Performing DBA Tasks • DBA must explicitly connect to OEM – By specifying: • Username • Password • Connect role • Connect role: – Normal – SYSOPER – SYSDBA Guide to Oracle 10g Advanced Databases 29 Managing Oracle 10g Data Storage • Oracle 10g database stores and manages data – Using variety of data structures Guide to Oracle 10g Advanced Databases 30 Oracle 10g Data Structures • Tablespace – Datafile • Segment – Partitioned • Extent • Data block – Database storage data block Guide to Oracle 10g – Operating system blocks Advanced Databases 31 Oracle 10g Data Structures (continued) Guide to Oracle 10g Advanced Databases 32 Non-Partitioned and Partitioned Database Tables and Associated Segments Guide to Oracle 10g Advanced Databases 33 Data Block Components Guide to Oracle 10g Advanced Databases 34 Managing Oracle 10g Data Structures • Create tablespace • Manage datafile extents – Autoextensible tablespace • Configure tablespace and datafile properties Guide to Oracle 10g Advanced Databases 35 The Oracle 10g Database File Architecture • Oracle 10g database files: – Parameter file – Control files – Datafiles – Redo log files Guide to Oracle 10g Advanced Databases 36 Oracle 10g Database File Architecture Guide to Oracle 10g Advanced Databases 37 Parameter File • Text file • Specifies configuration information about Oracle 10g database instance • init.ora – Stored in Oracle_Base\admin\SID\pfile folder • DBAs can edit parameter file – Modify database configuration Guide to Oracle 10g Advanced Databases 38 Control Files • Store information about database structure and state • Stored in Oracle_Base\oradata\SID • Three separate control files by default: – CONTROL01.CTL – CONTROL02.CTL – CONTROL03.CTL – Contain same data Guide to Oracle 10g – At least one must be present Advanced Databases 39 Datafiles • • • • .dbf extensions Store tablespace contents Stored in Oracle_Base\oradata\SID Use OEM to view and modify Guide to Oracle 10g Advanced Databases 40 Redo Log Files • Records information to undo action query changes • .log extension • Stored in Oracle_Base\ORADATA\SID • Pre-image • Rollback segment Guide to Oracle 10g Advanced Databases 41 Redo Log Files (continued) • Redo log group – Member • Log switch Guide to Oracle 10g Advanced Databases 42 Lesson A Summary • Database administrator (DBA) – Responsible for performing database administration tasks in organizations • Database server contains folder called Oracle Base • Series of Universal Installer pages guides user through installation process Guide Manager to Oracle 10g10g (OEM) • Oracle Enterprise administration utility Advanced Databases 43 Lesson A Summary (continued) • Database structural components: – Tablespace – Segment – Extent – Datafile – Data block Guide to Oracle 10g Advanced Databases 44 Lesson A Summary (continued) • Database files: – Parameter – Control – Datafile – Log Guide to Oracle 10g Advanced Databases 45 Lesson B Objectives After completing this lesson, you should be able to: • Create and manage user accounts • Understand an Oracle 10g database instance’s memory areas and background processes • Start and shut down the database Guide to Oracle 10g • Understand Oracle 10g database backup and recovery Advanced Databases 46 Creating and Managing User Accounts • Create new user account – General information about user account – System privileges user has in database – User’s tablespace quota on database server Guide to Oracle 10g Advanced Databases 47 Specifying General User Information • Use OEM – General page: • • • • • • Name Profile Authentication Default tablespace Temporary tablespace Status Guide to Oracle 10g Advanced Databases 48 Specifying System Privileges • System privilege • Object privilege • Enable new user to interact with Oracle 10g database – DBA grants system privileges – Use System Privileges page in Create User page • Admin Option Guide to Oracle 10g Advanced Databases 49 Tablespace Quotas • Specifies amount of disk space that user’s database objects can occupy in default tablespace • Must be assigned • Quota Size value: – None, default – Unlimited Guide to Oracle 10g – Value Advanced Databases 50 Editing Existing User Accounts • Use OEM – Select user account to be modified on Users page – General page opens – Select other links to modify properties Guide to Oracle 10g Advanced Databases 51 Roles • • • • Database object Represents collection of system privileges Assign to multiple users Create role – Can inherit privileges from other roles • Grant Role to User Account Guide to Oracle 10g Advanced Databases 52 Components of an Oracle 10g Database Instance • Connection – Link between client process and database instance – Creates user session • OEM General page for database instance – Provides information about database instance Guide to Oracle 10g Advanced Databases 53 Oracle 10g Server Main Memory Structures • System Global Area – Memory area all database connections use – Made up of five primary memory areas • Program Global Area (PGA) – Memory area stores information for specific user connection – Two memory areas: • Session information Guide to Oracle 10g • Stack space Advanced Databases 54 Primary Memory Areas Within the System Global Area Guide to Oracle 10g Advanced Databases 55 Oracle 10g Background Processes • Set of background processes – Service user requests – DBA does not control directly • Processes: – Database Writer (DBWn) – Log Writer (LGWR) – System Monitor (SMON) Guide(PMON) to Oracle 10g – Process monitor – Checkpoint (CKPT) Advanced Databases 56 Starting and Shutting Down the Database • Shut down database periodically – Perform maintenance • Restart database Guide to Oracle 10g Advanced Databases 57 Creating an Administrative Connection • Shutting down database makes database unavailable for user connections • DBA must log onto database using administrative connection • SYS user account Guide to Oracle 10g Advanced Databases 58 Tasks That SYSDBA and SYSOPER Users Can Perform Guide to Oracle 10g Advanced Databases 59 Startup and Shutdown States • Start Oracle 10g database instance – Pass through four states: • • • • SHUTDOWN NOMOUNT MOUNTED OPEN • Shut down Oracle 10g database instance – Pass through states in reverse order Guide to Oracle 10g Advanced Databases 60 Oracle 10g Database Instance States Guide to Oracle 10g Advanced Databases 61 Shutdown Options • Specify one of four ways to handle existing user connections: – Normal – Transactional – Immediate – Abort Guide to Oracle 10g Advanced Databases 62 Startup Modes • Start in one of two modes: – Unrestricted – Restricted Guide to Oracle 10g Advanced Databases 63 Using OEM to Shut Down and Start a Database Instance • DBA shuts down database instance using Normal, Transactional, or Immediate shutdown option – Shutdown process performs five following tasks: • • • • • Writes contents of data buffer cache to datafiles Writes contents of redo log buffer to redo log files Closes all files Stops all background processes Oracle 10g DeallocatesGuide SGA intoserver’s main memory Advanced Databases 64 Database Backup and Recovery • Important database administration support tasks include: – Backup • Offline/cold • Online/hot – Recovery Guide to Oracle 10g Advanced Databases 65 Creating Offline (Cold) Backups • Shut down database instance • Copy specific database files to alternate disk location – Parameter file – Control files – Datafiles – Not redo logs Guideinstance to Oracle 10g • Restart database Advanced Databases 66 Creating Online (Hot) Backups • Create hot backup – Place database instance in ARCHIVELOG mode – Back up control file – Back up datafiles – Instruct database to write current contents of redo log files to archive files • Create backup copies of archive log files Guide to Oracle 10g Advanced Databases 67 Database Recovery • Process of restoring database from either cold or hot backup files • Necessary after database failure • Cold backup recovery: – Shut down database – Restore backed up control file and datafiles to database server – Restart database Guide to Oracle 10g Advanced Databases 68 Database Recovery (continued) • Hot backup recovery: – Recover database to point at which last hot backup created – Use control trace file to generate new copy of control file – Restore backup copies of datafiles – Perform media recovery Guide to Oracle 10g Advanced Databases 69 Backup Strategies • Cold backups – Simplest to perform – Satisfactory for databases whose: • Contents do not change very much • Users can tolerate downtime while DBA creates cold backup files • Hot backups – Complex to perform Guide to Oracle 10g – Better suited for dynamic, mission-critical databases Advanced Databases 70 Lesson B Summary • Create user account • Roles – Manage system privileges • Memory areas – System Global Area (SGA) – Program Global Area (PGA) • Background processes Guide to Oracle 10g • Backup and recovery Advanced Databases 71