Enterprise manager Performance Hub (Real Time) 12c

Enterprise manager express is 

SQL> drop user osama cascade ;
User dropped.

SQL> create user osama identified by osama;
User created.

SQL> grant select any table to osama;
Grant succeeded.

SQL> grant select any dictionary to osama ;
Grant succeeded.

SQL> grant create session to osama;
Grant succeeded.

SQL> conn osama/osama ;
Connected.

SQL> EXEC  DBMS_SQL_MONITOR.BEGIN_OPERATION (‘My_First_JOB’, forced_tracking => ‘Y’);
BEGIN DBMS_SQL_MONITOR.BEGIN_OPERATION (‘My_First_JOB’, forced_tracking => ‘Y’); END;
      *
ERROR at line 1:
ORA-06550: line 1, column 7:
PLS-00221: ‘BEGIN_OPERATION’ is not a procedure or is undefined
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored

to avoid this error :

SQL> VAR myjob_id NUMBER;

SQL> EXEC :myjob_id := DBMS_SQL_MONITOR.BEGIN_OPERATION (‘My_First_JOB’, forced_tracking => ‘Y’)

PL/SQL procedure successfully completed.

Where 
myjob_id : variable
My_first_Job : Job name.

Now Check Enterprise manager express Page : 

if you check the second picture you will see if you don’t stop the sql_monitor the Job will still running

SQL> EXEC DBMS_SQL_MONITOR.END_OPERATION(‘My_First_JOB’, :myjob_id) ;
PL/SQL procedure successfully completed.

Thank you 
Osama Mustafa

12c Auditing Tutorial

SQL*Plus: Release 12.1.0.1.0 Production on Fri Jun 28 17:07:52 2013
Copyright (c) 1982, 2013, Oracle.  All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 – 64bit Production
With the Partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified Auditing options

New Auditing came with oracle 12c called Unified Auditing which is ” enables selective and effective auditing inside the Oracle database using policies and conditions. The new policy based syntax simplifies management of auditing within the database and provides the ability to accelerate auditing based on conditions. For example, audit policies can be configured to audit based on specific IP addresses, programs, time periods, or connection types such as proxy authentication. In addition, specific schemas can be easily exempted from auditing when the audit policy is enabled.”

You can check here.

regarding to oracle Documentation with this kind of new audit you can capture :

  • Audit records (including SYS audit records) from unified audit policies and AUDIT settings

  • Fine-grained audit records from the DBMS_FGA PL/SQL package
  • Oracle Database Real Application Security audit records
  • Oracle Recovery Manager audit records
  • Oracle Database Vault audit records
  • Oracle Label Security audit records
  • Oracle Data Mining records
  • Oracle Data Pump
  • Oracle SQL*Loader Direct Load

For More Information Read Oracle Documentation Here

With Show parameter auditing you will not see value for unified auditing

SQL> show parameter audit ;
NAME     TYPE VALUE
———————————— ———– ——————————
audit_file_dest              string          /u01/app/oracle/admin/db12c/adump
audit_sys_operations     boolean FALSE
audit_syslog_level     string
audit_trail               string          DB
unified_audit_sga_queue_siz    integer 1048576

To check Value you need to see v$option table 

select value from v$option where PARAMETER = ‘Unified Auditing’;
PARAMETER VALUE
—————————————————————-
Unified Auditing FALSE

if you set this parameter to OS level, check $ORACLE_BASE/audit which the new folder to save all the information , when you create database , oracle uses new feature for auditing called Mixed mode from the name you can see there’s more than one auditing in this mode , One : old mode that we already know in oracle 10g,11g  and new mode that called unified auditing.
Auditing Traditional way can be control using AUDIT_TRAIL parameter , the new Way can be determine using Audit Policy called  ORA_SECURECONFIG ( Policy create already in database ) and to enable Unified audit you have to enable at least one policy. Only sysdba can do that or someone have two role AUDIT_ADMIN,AUDIT_VIEWER. i mention before on my blog for 12c new feature how to use audit policy and enable,disable and drop them.
This is only small section for what ORA_SECURECONFIG contain and what can audit :

select POLICY_NAME, AUDIT_OPTION from   AUDIT_UNIFIED_POLICIES where  policy_name =  ‘ORA_SECURECONFIG’  order by 2 ;

POLICY_NAME     AUDIT_OPTION
——————– —————————————-
ORA_SECURECONFIG     ADMINISTER KEY MANAGEMENT
ORA_SECURECONFIG     ALTER ANY PROCEDURE
ORA_SECURECONFIG     ALTER ANY SQL TRANSLATION PROFILE
ORA_SECURECONFIG     ALTER ANY TABLE
ORA_SECURECONFIG     ALTER DATABASE
ORA_SECURECONFIG     ALTER DATABASE LINK
ORA_SECURECONFIG     ALTER PLUGGABLE DATABASE
ORA_SECURECONFIG     ALTER PROFILE
ORA_SECURECONFIG     ALTER ROLE
ORA_SECURECONFIG     ALTER SYSTEM
ORA_SECURECONFIG     ALTER USER
ORA_SECURECONFIG     AUDIT SYSTEM
ORA_SECURECONFIG     CREATE ANY JOB
ORA_SECURECONFIG     CREATE ANY LIBRARY
ORA_SECURECONFIG     CREATE ANY PROCEDURE
ORA_SECURECONFIG     CREATE ANY SQL TRANSLATION PROFILE
ORA_SECURECONFIG     CREATE ANY TABLE
ORA_SECURECONFIG     CREATE DATABASE LINK
ORA_SECURECONFIG     CREATE DIRECTORY
ORA_SECURECONFIG     CREATE EXTERNAL JOB
ORA_SECURECONFIG     CREATE PLUGGABLE DATABASE
ORA_SECURECONFIG     CREATE PROFILE
ORA_SECURECONFIG     CREATE PUBLIC SYNONYM
ORA_SECURECONFIG     CREATE ROLE
ORA_SECURECONFIG     CREATE SQL TRANSLATION PROFIL

Check if this Audit Policy set as default for Database :

SQL> select POLICY_NAME from   AUDIT_UNIFIED_ENABLED_POLICIES where  policy_name = ‘ORA_SECURECONFIG’;

POLICY_NAME
——————–
ORA_SECURECONFIG

Check this to see by default oracle 12c enable audit which is very useful :

select action_name, dbusername from unified_audit_trail where dbusername=’OSAMA’

ACTION_NAME     DBUSERNAME
——————– ——————–
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
SELECT     OSAMA
UPDATE     OSAMA
LOGON     OSAMA
LOGON     OSAMA
LOGON     OSAMA
LOGON     OSAMA
LOGOFF     OSAMA
LOGOFF     OSAMA
LOGOFF     OSAMA
LOGOFF     OSAMA
LOGOFF     OSAMA
LOGOFF     OSAMA

Unified Contain new features to monitor RMAN command , Expdp,impdp and other new features but to enable it ( set value to true ) you have to relink oracle lib after shutdown all services using the below command , cd $ORACLE_HOME/rdbms/lib and fire :

make -f ins_rdbms.mk uniaud_on ioracle

SQL> select value from v$option where PARAMETER = ‘Unified Auditing’;

VALUE
———-
TRUE

Let’s Test Some New Features and Audit RMAN :

SQL> create audit policy expdp_aduit actions component=datapump export;
Audit policy created.

SQL> audit policy expdp_aduit;
Audit succeeded.

Check if our audit policy is enabled :

select * from AUDIT_UNIFIED_ENABLED_POLICIES where POLICY_NAME like ‘%EXPDP%’;

USER_NAME  POLICY_NAM ENABLED_ SUC FAI
———- ———- ——– — —
ALL USERS  EXPDP_AUDIT     BY       YES YES

 Make sure you create directory , Grant privileges on this directory and run expdp command ( system user )

[oracle@test12c dump]$ expdp directory=dump logfile=audit.log dumpfile=osama_schema schemas=osama

this transaction will exists on memory until background process flash it to disks , so before check the tables i will execute package that ensure to do this immediately ( no waiting )

SQL> EXEC SYS.DBMS_AUDIT_MGMT.FLUSH_UNIFIED_AUDIT_TRAIL;
PL/SQL procedure successfully completed.

check the user who make expdp

SQL> select DBUSERNAME, DP_TEXT_PARAMETERS1, DP_BOOLEAN_PARAMETERS1
from   UNIFIED_AUDIT_TRAIL
where  DP_TEXT_PARAMETERS1 is not null;  

SYSTEM
MASTER TABLE:  “SYSTEM”.”SYS_EXPORT_SCHEMA_01″ , JOB_TYPE: EXPORT, METADATA_JOB_
MODE: SCHEMA_EXPORT, JOB VERSION: 12.1.0.0.0, ACCESS METHOD: AUTOMATIC, DATA OPT
IONS: 0, DUMPER DIRECTORY: NULL  REMOTE LINK: NULL, TABLE EXISTS: NULL, PARTITIO
N OPTIONS: NONE
MASTER_ONLY: FALSE, DATA_ONLY: FALSE, METADATA_ONLY: FALSE, DUMPFILE_PRESENT: TR
UE, JOB_RESTARTED: FALSE

For test case , i remove users tablespace from os after take backup using rman ( database should be in archive mode ) , by default Audit For RMAN is enable no need to do anything ,like the following :

RMAN > backup tablespace users ;

On OS Level :

rm /u01/app/oracle/oradata/db12c/users01.dbf

Back to RMAN :

RMAN> alter tablespace users offline immediate;
using target database control file instead of recovery catalog
Statement processed

RMAN> restore tablespace USERS;
RMAN> alter tablespace users online;

Now Check Audit : 

SQL> select  DBUSERNAME, RMAN_OPERATION from    UNIFIED_AUDIT_TRAIL where   RMAN_OPERATION is not null; 

DBUSERNAME       RMAN_OPERATION
—————————— ——————–
SYS       Recover
SYS       Restore
SYS       Backup
SYS       Backup

Note : if nothing appear at audit table level re run 

exec SYS.DBMS_AUDIT_MGMT.FLUSH_UNIFIED_AUDIT_TRAIL

After finished test  :

SQL> noaudit POLICY EXPDP_AUDIT;
Noaudit succeeded.

SQL> select count(*) from unified_audit_trail;
  COUNT(*)
———-
      3334

You can clean your Audit Now Using Package Called : DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL
Thank you 
Osama mustafa

12c Oracle Support Document until now

Second day for 12c database since it was  officially published, There is no much offical document from oracle https://support.oracle.com until now. But i tried to collect as much as i can and share it here 

RMAN Enhancements in Oracle 12c [ID 1534487.1]
Master Note For Oracle Database 12c Release 1 (12.1) Database/Client Installation/Upgrade/Migration Standalone Environment (Non-RAC) [ID 1520299.1]

Oracle Database 12.1 : FAQ on Queryable Patch Inventory [ID 1530108.1]
Oracle Database 12c Release 1 (12.1) Upgrade New Features [ID 1515747.1]
Complete Checklist for Manual Upgrades to Oracle Database 12c Release 1 (12.1) [ID 1503653.1]
Changes For Oracle Database 12.1 Standalone Installation [ID 1483380.1]

Requirements for Installing Oracle Database 12.1 on Solaris 10 SPARC [ID 1517948.1]
Requirements for Installing Oracle Database 12.1 on RHEL6 or OL6 64-bit (x86-64) [ID 1529864.1]
Requirements for Installing Oracle Database 12.1 64-bit (AMD64/EM64T) on SLES 11 [ID 1519770.1]
How To Downgrade Oracle Database 12c Release 1 (12.1) To Previous Versions [ID 1516622.1]

How to Drop/Truncate Multiple Partitions in Oracle 12C [ID 1482264.1]
Oracle Database 12c Release 1 (12.1) DBUA : Understanding New Changes With All New 12.1 DBUA
[ID : NOTE:1493645.1]
RMAN RECOVER TABLE Feature New to Oracle Database 12c [ID 1521524.1]
How to Merge Multiple Partitions in Oracle 12C [ID 1482263.1]
How to Create Interval-Reference Partitioned Tables in Oracle 12c [ID 1519042.1]

Include to all above documents you can find all new features and document in one place, my friend Steve Karam on his blog (Click Here) collect all folks articles that has been posted about DB12c,  it’s really worth to take alook and share it.

Thank you
Osama mustafa


Database 12c New Audit Features

Amazing Features on Oracle Database 12c , I will blog everything i tested and check in New Oracle Database 12 , This Time Audit Enhancement :

Create Audit Policy :

SQL> create audit policy test_audit privileges select any table ;
Audit policy created.

Where :
Privileges indicate to What this audit policy will do.
SQL> create audit policy test_audit_object actions select,update, lock on osama.test ;
Audit policy created.
Where 
Actions indicate to DML ,DDL Commands.
Until Now , You only Create Audit Policy Without Enable 

In the below way you enable audit for all users 

SQL> audit policy test_audit ;
Audit succeeded.
SQL> audit policy  test_audit_object ;
Audit succeeded.
Enable Audit On Some Users
SQL> audit policy test_audit by osama;
Audit succeeded.

i want to enable audit but not for all users ;

SQL> audit policy test_audit expect osama;
Audit succeeded.
also whenever successful or not successful still exists 

SQL> audit policy test_audit whenever successful 
Audit succeeded.
SQL> audit policy test_audit Whenever not successful ;
Audit succeeded.
Check Audit :

select POLICY_NAME,AUDIT_CONDITION from audit_unified_policies where POLICY_NAME like ‘%TEST%’;

POLICY_NAME               AUDIT_CONDITION
—————–                ————————–
TEST_AUDIT_OBJECT        select 

Check Enable Audit Policy 

select policy_name,user_name from audit_unified_ENABLED_POLICIES ;

POLICY_NAME                   USER_NAME
—————–                     ————————–
TEST_AUDIT_OBJECT        SYS

Disable Audit Policy :

SQL> DROP AUDIT POLICY TEST_AUDIT ;
DROP AUDIT POLICY TEST_AUDIT
*
ERROR at line 1:
ORA-46361: Audit policy cannot be dropped as it is currently enabled.

SQL> NOAUDIT POLICY TEST_AUDIT ;
Noaudit succeeded.

SQL> DROP AUDIT POLICY TEST_AUDIT ;
Audit Policy dropped.

Thank you 
Osama mustafa

Enable Enterprise Express for Database 12c

Oracle Database 12c comes with new feature called Enterprise manager 12c express, this new enterprise manager control Database 12c using GUI , manager storage , performance , user, roles, accounts and others new features added , No command to start or shutdown EM 12c express by default when you start/shutdown database it will be up/down.

  • export ORACLE_SID
  • Make sure listener is up and database is registered.

sqlplus / as sysdba
SQL> show parameter dispatcher ;
NAME     TYPE VALUE
———————————— ———– ——————————
dispatchers     string (PROTOCOL=TCP) (SERVICE=db12cX
DB)

  • Configure HTTP PORT 

SQL> exec DBMS_XDB_CONFIG.setHTTPPort (8080);

Check the below pictures that describe EM Express :

DBMS_XDB.setHTTPPort is deprecated

Thank you
Osama mustafa

Security Features 12c

As Any Newer Version of database oracle Enhance Security This time Oracle create new users for administration purpose

Separate user duties : 

SQL> select username from dba_users where username like ‘%SYS%’;

USERNAME
———————————-
SYS  : Super user
SYSKM : Key magament tasks
SYSDG : Data Guard Managment
SYSBACKUP : backup management

DBMS_PRIVILEGE_CAPTURE

The Privilege Analysis feature allows you to: 
  • Define a privilege capture
  • Start a privilege analysis during a period of time
  • Delete capture analysis
The Capture can be Done on Three level :
  • User
  • Role
  • Context
to understand this new package check the below examples :
sqlplus / as sysdba
SQL> create user test identified  by test ;
SQL> grant create session to test ;
Grant succeeded.
SQL> grant select any table to test ;
Grant succeeded.
Create new Capture using this package :

exec SYS.DBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE ( –
        name           =>  ‘test_capture’, –
        description    =>  ‘Capture_all_thing’, –
        type           =>   dbms_privilege_capture.g_database)

Where 

Name : Package name
Description : What this package fo
type : depend on level users ( g_database ) , role (g_role )  , Context : (g_role_and_context)

we need to enable this package to start capture :

SQL> exec SYS.DBMS_PRIVILEGE_CAPTURE.ENABLE_CAPTURE (name => ‘test_capture’);
 PL/SQL procedure successfully completed.

until everything goes fine now to start capture you have to logout from sqlplus and start do what you need to do.
SQL> conn test/test ;
Connected.
SQL> select * from osama.test ;
no rows selected
SQL> select * from osama.test2 ;
   TEST_ID TEST_NAME
———- ——————–
1 JENNIFER
2 STEVE
3 USER
again reconnect as / as sysdba to disable capture then generate results like the following :
SQL> exec SYS.DBMS_PRIVILEGE_CAPTURE.DISABLE_CAPTURE (name => ‘test_capture’);
PL/SQL procedure successfully completed.
SQL> exec SYS.DBMS_PRIVILEGE_CAPTURE.GENERATE_RESULT (name => ‘test_capture’);
PL/SQL procedure successfully completed.

SQL> select username, object_owner, object_name, obj_priv
from   dba_used_objprivs
where  username in (‘OSAMA’, ‘TEST’) 

USERNAME   OBJECT_OWNER OBJECT_NAME       OBJ_PRIV
———- ———— —————————— ————————-
TEST   SYS ORA$BASE                                      USE
TEST   SYS DBMS_APPLICATION_INFO       EXECUTE
TEST   SYS DUAL                                              SELECT
TEST   SYS DUAL                                               SELECT
TEST   SYSTEM PRODUCT_PRIVS                     SELECT
Drop Capture :
exec SYS.DBMS_PRIVILEGE_CAPTURE.DROP_CAPTURE (name => ‘test_capture’)
Thank you 
Osama mustafa

tiny features : Truncate table in 12c

New Features with Database 12c , CASCADE Usually used with Drop or update command (10g,11g) But now with Database 12c , you can use this features with Truncate command

SQL> select * from test ;
no rows selected

SQL> desc test ;

 Name   Null?    Type
 —————————————– ——– —————————-
 TEST_ID   NOT NULL NUMBER
 TEST_NAME    VARCHAR2(20)

SQL> truncate table test cascade ;
Table truncated.

More Features coming up 🙂

Thank you 
Osama mustafa

Another New Features 12c : generated as identity / Sequence Replacement

in old version of oracle database if you want to create automatic generated number you have to create sequence and use attribute nextval.

But with oracle database 12c this concept is changed new features add when you create table called generated as identity.

Check the Below Demonstration which explain this new features :

SQL> create table test (test_id number generated as identity , test_name varchar2(20));

SQL> desc test ;
 Name   Null?      Type
 —————————————–   ——– ————–
 TEST_ID   NOT      NULL NUMBER
 TEST_NAME          VARCHAR2(20)

SQL> insert into test values (1,’osama’);
insert into test values (1,’osama’)
*
ERROR at line 1:
ORA-32795: cannot insert into a generated always identity column

The TEST_ID Column will be inserting automatically  no need to use in insert command.

SQL> insert into test (TEST_NAME) values ( ‘Jennifer’ );
1 row created.

SQL> select * from test ;
   TEST_ID TEST_NAME
———- ——————–
1       Jennifer 

Check another example :

SQL> create table test2 (TEST_ID NUMBER generated as identity (start with 1 increment by 1 cache 30 order), TEST_NAME varchar2(20));
Table created.

SQL> insert into test2 (test_name) values (‘JENNIFER’);
SQL> insert into test2 (test_name) values (‘STEVE’);
SQL> insert into test2 (test_name) values (‘USER’);

SQL> select * from test2 ;

   TEST_ID TEST_NAME
———- ——————–
1 JENNIFER
2 STEVE
3 USER

Thank you 
Osama mustafa

Queryable Patch Inventory New Features 12c

Again !!! Oracle 12c Under test , every time i tested it i discover new features, while i am testing today i found new folder under $ORACLE_HOME called QOPatch , for the first time when i opened this folder i only found two files,

Check the https://support.oracle.com note :

Oracle Database 12.1 : FAQ on Queryable Patch Inventory [ID 1530108.1] 

from the name you can see it’s retrieve  information  using query, and to use query you have to get access to SQL Plus, this features  allow you access to the OPatch information from within the database.  This Package called  DBMS_QOPATCH

Some of Attribute to use with this package :

  • GET_OPATCH_INSTALL_INFO
  • SET_CURRENT_OPINST
  • GET_OPATCH_LIST
  • IS_PATCH_INSTALLED
  • GET_OPATCH_DATA
  • GET_OPATCH_BUGS
  • GET_OPATCH_FILES
  • GET_OPATCH_COUNT
  • GET_OPATCH_PREQS
  • GET_OPATCH_OLAYS
  • PATCH_CONFLICT_DETECTION
  • GET_PENDING_ACTIVITY
  • GET_OPATCH_XSLT
  • GET_OPATCH_LSINVENTORY
  • GET_SQLPATCH_STATUS

Since this function used to get Opatch information within database then you have to access to SQL Plus 
Check the below examples :

SQL> select dbms_qopatch.get_opatch_lsinventory() from dual;

DBMS_QOPATCH.GET_OPATCH_LSINVENTORY()
——————————————————————————–

Another Examples :

SQL> select dbms_qopatch.GET_PENDING_ACTIVITY() from dual;
DBMS_QOPATCH.GET_PENDING_ACTIVITY()
——————————————————————————–

My Database still fresh and not patch yet So you will not find that much of information 
Thank you 
Osama mustafa

Move Datafiles Online 12c

As you know Oracle database 12c released Yesterday and we all still test it and learn what are the new features !!

For the first time in Oracle Database you can move objects online without offline or shutdown database which is very useful and helpful for any DBA’s

Check the example below :

SQL> select file_name from dba_data_files ;

FILE_NAME
——————————————————————————–
/u01/app/oracle/oradata/db12c/system01.dbf
/u01/app/oracle/oradata/db12c/sysaux01.dbf
/u01/app/oracle/oradata/db12c/users01.dbf
/u01/app/oracle/oradata/db12c/undotbs01.dbf

Let’s move system01.dbf 
SQL> alter database move datafile ‘/u01/app/oracle/oradata/db12c/system01.dbf’ to ‘/u01/system.dbf’;

SQL> select File_name from dba_data_files ;
FILE_NAME
——————————————————————————–
/u01/system.dbf
/u01/app/oracle/oradata/db12c/sysaux01.dbf
/u01/app/oracle/oradata/db12c/users01.dbf
/u01/app/oracle/oradata/db12c/undotbs01.dbf

Thank you
Osama mustafa