Security and Backups

advertisement
DBA: Security and Backups
Guide to Oracle 10g
Advanced Databases
1
Agenda
• Understand the need for security.
• Learn about System Permissions
and Object permissions.
• Understand the purpose of Roles.
• Explore Security-focused SQL.
• Explain backup and restore options.
Advanced Databases
2
Overview of Database Administration
• Information technology (IT) department
– Database Administrator (DBA)
– Manages database
– Roles:
• Service
• Production
Guide to Oracle 10g
Advanced Databases
3
Installing an Oracle 10g Database
• Oracle 10g DBMS editions:
– Enterprise
– Standard
– Personal
Guide to Oracle 10g
Advanced Databases
4
Oracle 10g Folder Structure
• Default directory structure
– C:\oracle\product\10.1.0
• Oracle Home
– Located beneath C:\Oracle_Base
– Contains subdirectories for Oracle software
executables and network files
– Must be unique for each product
Guide to Oracle 10g
Advanced Databases
5
Database Server System
Requirements
• Online documentation provided on product
CD contains exact system requirements
• Server workstation should have:
– At least 200MHz processor
– At least 256 MB of main memory
– Virtual memory size should be double amount
of RAM
– 100 MB of temporary disk space
Guide to Oracle 10g
– 256 video adapter
Advanced Databases
6
Database Server System
Requirements (continued)
• Server workstation should have:
– NTFS (NT File System)
– Hard disk requirements:
• 32 MB required
Guide to Oracle 10g
Advanced Databases
7
Windows Operating Systems on
Which You Can Install the Oracle 10g
DBMS
Guide to Oracle 10g
Advanced Databases
8
Hard Disk Space Requirements for
NTFS
Guide to Oracle 10g
Advanced Databases
9
Oracle 10g Universal Installer
• Java-based graphical user interface (GUI)
tool
• Install and remove Oracle software
• Automatically installs Oracle version of Java
Runtime Environment (JRE)
• Pages for Oracle Database 10g installation:
– Specify File Locations
– Select Installation Type
Guide to Oracle 10g
– Select Database Configuration
Advanced Databases
10
Oracle 10g Universal Installer
(continued)
• Pages for Oracle Database 10g installation:
– Specify Database Configuration Options
– Select Database Management Option
– Specify Database File Storage Option
– Specify Backup and Recovery Options
– Specify Database Schema Passwords
– Summary
Guide to Oracle 10g
Advanced Databases
11
Select Database Configuration Page
Guide to Oracle 10g
Advanced Databases
12
Oracle 10g Universal Installer
(continued)
•
•
•
•
•
Global database name
Database system identifier (SID)
IP address
Domain name
Tools that Universal Installer automatically
installs:
– Oracle Net Configuration Assistant
Guide to Oracle 10g
– Oracle Database Configuration Assistant
Advanced Databases
13
Configuration Tools Page
Guide to Oracle 10g
Advanced Databases
14
Configuring Client Applications to
Connect to an Oracle 10g Database
• Configure connect strings for client
applications
– Local naming
– Oracle Internet Directory
Guide to Oracle 10g
Advanced Databases
15
Local Naming
• tnsnames.ora
– File stores connect string and database
connection information
– On client workstation in
Oracle_Home\network\admin
• Connect descriptor
• Port
• Service nameGuide to Oracle 10g
Advanced Databases
16
Oracle 10g TCP/IP Connect Descriptor
Structure
Guide to Oracle 10g
Advanced Databases
17
Oracle Internet Directory
• Stores connect descriptor and service name
information on directory server
• Oracle Internet Directory (OID) server
– Uses Lightweight Directory Access Protocol
(LDAP)
Guide to Oracle 10g
Advanced Databases
18
Sample LDAP Directory Server Entries
Guide to Oracle 10g
Advanced Databases
19
Using OID to Create a Database
Connection
Guide to Oracle 10g
Advanced Databases
20
Removing an Oracle 10g Database
• Installation process automatically writes
configuration information into system
registry
• Use Universal Installer to remove Oracle 10g
applications
– Does not remove all application files
– Or all application configuration information from
system registry
Guide to Oracle 10g
Advanced Databases
21
Using Oracle Enterprise Manager 10g
to Perform Database Administration
Tasks
• User account must have DBA role
• Oracle Enterprise Manager (OEM)
– Three-tier architecture
– Console
• Oracle Management Server (OMS)
– Interacts with repository
– Makes it easier for DBAs to administer multiple
Guide to Oracle 10g
databases in organization’s network
Advanced Databases
22
Oracle Enterprise Manager
Architecture
Guide to Oracle 10g
Advanced Databases
23
Using Oracle Enterprise Manager 10g
to Perform Database Administration
Tasks (continued)
• OEM deployment options:
– Centrally
– Locally
Guide to Oracle 10g
Advanced Databases
24
Oracle Enterprise Manager Database
Control Home Page
Guide to Oracle 10g
Advanced Databases
25
Overview of the OEM Console
• Provides graphical, Web-based environment
– Enables DBAs to perform database
administration support role tasks for any
database server
Guide to Oracle 10g
Advanced Databases
26
Managing Navigation in the OEM
• Property page links:
– Home
– Performance
– Administration
– Maintenance
Guide to Oracle 10g
Advanced Databases
27
OEM Performance Property Page
Guide to Oracle 10g
Advanced Databases
28
Connecting to a Database and
Performing DBA Tasks
• DBA must explicitly connect to OEM
– By specifying:
• Username
• Password
• Connect role
• Connect role:
– Normal
– SYSOPER
– SYSDBA
Guide to Oracle 10g
Advanced Databases
29
Managing Oracle 10g Data Storage
• Oracle 10g database stores and manages
data
– Using variety of data structures
Guide to Oracle 10g
Advanced Databases
30
Oracle 10g Data Structures
• Tablespace
– Datafile
• Segment
– Partitioned
• Extent
• Data block
– Database storage data block
Guide to Oracle 10g
– Operating system blocks
Advanced Databases
31
Oracle 10g Data Structures
(continued)
Guide to Oracle 10g
Advanced Databases
32
Non-Partitioned and Partitioned
Database Tables and Associated
Segments
Guide to Oracle 10g
Advanced Databases
33
Data Block Components
Guide to Oracle 10g
Advanced Databases
34
Managing Oracle 10g Data Structures
• Create tablespace
• Manage datafile extents
– Autoextensible tablespace
• Configure tablespace and datafile properties
Guide to Oracle 10g
Advanced Databases
35
The Oracle 10g Database File
Architecture
• Oracle 10g database files:
– Parameter file
– Control files
– Datafiles
– Redo log files
Guide to Oracle 10g
Advanced Databases
36
Oracle 10g Database File Architecture
Guide to Oracle 10g
Advanced Databases
37
Parameter File
• Text file
• Specifies configuration information about
Oracle 10g database instance
• init.ora
– Stored in Oracle_Base\admin\SID\pfile folder
• DBAs can edit parameter file
– Modify database configuration
Guide to Oracle 10g
Advanced Databases
38
Control Files
• Store information about database structure
and state
• Stored in Oracle_Base\oradata\SID
• Three separate control files by default:
– CONTROL01.CTL
– CONTROL02.CTL
– CONTROL03.CTL
– Contain same data
Guide to Oracle 10g
– At least one must be present
Advanced Databases
39
Datafiles
•
•
•
•
.dbf extensions
Store tablespace contents
Stored in Oracle_Base\oradata\SID
Use OEM to view and modify
Guide to Oracle 10g
Advanced Databases
40
Redo Log Files
• Records information to undo action query
changes
• .log extension
• Stored in Oracle_Base\ORADATA\SID
• Pre-image
• Rollback segment
Guide to Oracle 10g
Advanced Databases
41
Redo Log Files (continued)
• Redo log group
– Member
• Log switch
Guide to Oracle 10g
Advanced Databases
42
Lesson A Summary
• Database administrator (DBA)
– Responsible for performing database
administration tasks in organizations
• Database server contains folder called Oracle
Base
• Series of Universal Installer pages guides user
through installation process
Guide Manager
to Oracle 10g10g (OEM)
• Oracle Enterprise
administration utility
Advanced Databases
43
Lesson A Summary (continued)
• Database structural components:
– Tablespace
– Segment
– Extent
– Datafile
– Data block
Guide to Oracle 10g
Advanced Databases
44
Lesson A Summary (continued)
• Database files:
– Parameter
– Control
– Datafile
– Log
Guide to Oracle 10g
Advanced Databases
45
Lesson B Objectives
After completing this lesson, you should be
able to:
• Create and manage user accounts
• Understand an Oracle 10g database
instance’s memory areas and background
processes
• Start and shut down the database
Guide to Oracle 10g
• Understand Oracle 10g database backup and
recovery
Advanced Databases
46
Creating and Managing User
Accounts
• Create new user account
– General information about user account
– System privileges user has in database
– User’s tablespace quota on database server
Guide to Oracle 10g
Advanced Databases
47
Specifying General User
Information
• Use OEM
– General page:
•
•
•
•
•
•
Name
Profile
Authentication
Default tablespace
Temporary tablespace
Status
Guide to Oracle 10g
Advanced Databases
48
Specifying System Privileges
• System privilege
• Object privilege
• Enable new user to interact with Oracle 10g
database
– DBA grants system privileges
– Use System Privileges page in Create User page
• Admin Option
Guide to Oracle 10g
Advanced Databases
49
Tablespace Quotas
• Specifies amount of disk space that user’s
database objects can occupy in default
tablespace
• Must be assigned
• Quota Size value:
– None, default
– Unlimited
Guide to Oracle 10g
– Value
Advanced Databases
50
Editing Existing User Accounts
• Use OEM
– Select user account to be modified on Users
page
– General page opens
– Select other links to modify properties
Guide to Oracle 10g
Advanced Databases
51
Roles
•
•
•
•
Database object
Represents collection of system privileges
Assign to multiple users
Create role
– Can inherit privileges from other roles
• Grant Role to User Account
Guide to Oracle 10g
Advanced Databases
52
Components of an Oracle 10g
Database Instance
• Connection
– Link between client process and database
instance
– Creates user session
• OEM General page for database instance
– Provides information about database instance
Guide to Oracle 10g
Advanced Databases
53
Oracle 10g Server Main Memory
Structures
• System Global Area
– Memory area all database connections use
– Made up of five primary memory areas
• Program Global Area (PGA)
– Memory area stores information for specific user
connection
– Two memory areas:
• Session information
Guide to Oracle 10g
• Stack space
Advanced Databases
54
Primary Memory Areas Within the
System Global Area
Guide to Oracle 10g
Advanced Databases
55
Oracle 10g Background Processes
• Set of background processes
– Service user requests
– DBA does not control directly
• Processes:
– Database Writer (DBWn)
– Log Writer (LGWR)
– System Monitor (SMON)
Guide(PMON)
to Oracle 10g
– Process monitor
– Checkpoint (CKPT)
Advanced Databases
56
Starting and Shutting Down the
Database
• Shut down database periodically
– Perform maintenance
• Restart database
Guide to Oracle 10g
Advanced Databases
57
Creating an Administrative
Connection
• Shutting down database makes database
unavailable for user connections
• DBA must log onto database using
administrative connection
• SYS user account
Guide to Oracle 10g
Advanced Databases
58
Tasks That SYSDBA and SYSOPER
Users Can Perform
Guide to Oracle 10g
Advanced Databases
59
Startup and Shutdown States
• Start Oracle 10g database instance
– Pass through four states:
•
•
•
•
SHUTDOWN
NOMOUNT
MOUNTED
OPEN
• Shut down Oracle 10g database instance
– Pass through states in reverse order
Guide to Oracle 10g
Advanced Databases
60
Oracle 10g Database Instance
States
Guide to Oracle 10g
Advanced Databases
61
Shutdown Options
• Specify one of four ways to handle existing
user connections:
– Normal
– Transactional
– Immediate
– Abort
Guide to Oracle 10g
Advanced Databases
62
Startup Modes
• Start in one of two modes:
– Unrestricted
– Restricted
Guide to Oracle 10g
Advanced Databases
63
Using OEM to Shut Down and
Start a Database Instance
• DBA shuts down database instance using
Normal, Transactional, or Immediate
shutdown option
– Shutdown process performs five following tasks:
•
•
•
•
•
Writes contents of data buffer cache to datafiles
Writes contents of redo log buffer to redo log files
Closes all files
Stops all background processes
Oracle 10g
DeallocatesGuide
SGA intoserver’s
main memory
Advanced Databases
64
Database Backup and Recovery
• Important database administration support
tasks include:
– Backup
• Offline/cold
• Online/hot
– Recovery
Guide to Oracle 10g
Advanced Databases
65
Creating Offline (Cold) Backups
• Shut down database instance
• Copy specific database files to alternate disk
location
– Parameter file
– Control files
– Datafiles
– Not redo logs
Guideinstance
to Oracle 10g
• Restart database
Advanced Databases
66
Creating Online (Hot) Backups
• Create hot backup
– Place database instance in ARCHIVELOG mode
– Back up control file
– Back up datafiles
– Instruct database to write current contents of
redo log files to archive files
• Create backup copies of archive log files
Guide to Oracle 10g
Advanced Databases
67
Database Recovery
• Process of restoring database from either
cold or hot backup files
• Necessary after database failure
• Cold backup recovery:
– Shut down database
– Restore backed up control file and datafiles to
database server
– Restart database
Guide to Oracle 10g
Advanced Databases
68
Database Recovery (continued)
• Hot backup recovery:
– Recover database to point at which last hot
backup created
– Use control trace file to generate new copy of
control file
– Restore backup copies of datafiles
– Perform media recovery
Guide to Oracle 10g
Advanced Databases
69
Backup Strategies
• Cold backups
– Simplest to perform
– Satisfactory for databases whose:
• Contents do not change very much
• Users can tolerate downtime while DBA creates
cold backup files
• Hot backups
– Complex to perform
Guide to Oracle 10g
– Better suited for dynamic, mission-critical
databases
Advanced Databases
70
Lesson B Summary
• Create user account
• Roles
– Manage system privileges
• Memory areas
– System Global Area (SGA)
– Program Global Area (PGA)
• Background processes
Guide to Oracle 10g
• Backup and recovery
Advanced Databases
71
Download