Tag: Oracle Osama

Step By Step Install Database Vault 11g

Posted on by Osama Mustafa in Database
I talked before about how to install Oracle Database Vault 10g But now i will talk about 11g and how to install it ?

in database 11g database vault installation become more easier, all you have to do is check the box to install that option and even if you forgot that you can install it later by run script

the below is screen shot for the installation for database 11g , the idea is to see where to choose Database Vault features:

If you check the below screen you see that in “Select Option” you can choose Database Vault and while installation is running it will be installed :

the installation will remain in normal procedure , If you want to check it’s installed or not you can go with v$option : 

SQL> select * from v$option where parameter =’Oracle Database Vault’;
PARAMETER                                                        VALUE
——————————- ——————————–
Oracle Database Vault                                            FALSE

to enable database vault make sure database , dbconsole and listener are shutdown:

[oracle@prim u01]$ cd /u01/app/oracle/product/11.2.0/db_1/rdbms/lib/
[oracle@prim lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle

SQL> select * from v$option where parameter =’Oracle Database Vault’;
PARAMETER                                                        VALUE
—————————————————————-
Oracle Database Vault                                            TRUE

Please notice that i use Redhat in windows you need to rename some files read Oracle Documentation.
To disable Database Vault the same thing but :

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off
cd $ORACLE_HOME/bin
relink all

thank you 
Osama mustafa 

Step By Step Install Database Vault On 10g

Posted on by Osama Mustafa in Database
Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including users who have administrative access. For example, you can restrict administrative access to employee salaries, customer medical records, or other sensitive information.
You configure Oracle Database Vault to manage the security of an individual Oracle Database instance. You can install Oracle Database Vault on standalone Oracle Database installations, in multiple Oracle homes, and in Oracle Real Application Clusters (Oracle RAC) environments.
Today i will provide step by step how to install Database Vault on Oracle Database 10g, Notice to install it you should upgrade your database at least to 10.2.0.3 to avoid any errors.
Database Vault is very useful to protect your data from users such as DBA who has access to all tables , But the questions is who is control database vault ?
Usually there are two users to control it , Database vault owner this user is granted the DV_Owner role and can manage database role and configurations, the username must be minimum 2 and maximum 30 character , the password for this user should be complex.
another user called : Database Vault manager which is granted DV_ACCTMGR role, and used to manage database user account , this user is created to facilitate separation duties which mean while you install you can only create one user do all this jobs , the username should be minimum 2/maximum 30 character and the password is complex .
The below is screen-shot for installing Database Vault (Notice Database and Listener should be shutdown) :


Thank you 
Osama Mustafa


Avoid Backup Database with corrupted Archivelog

Posted on by Osama Mustafa in Database

Corrupt block seq: 34229 blocknum=1.
Bad header found during deleting archived log
Data in bad block – seq:0. bno:0. time:0
beg:0 cks:0
calculated check value: 0

No need for Oracle DBA to tell you there’s corruption , usually this error indicate that archivelog is corrupted in our case Archivelog number 34229.

To Solve this problem :

1- Check Validate for this archivelog

 RMAN> validate archvielog sequence 34229;

 2 – Now to avoid this error , you should delete archivelog on Os level.
3 –

RMAN > crosscheck archivelog all;
DELETE EXPIRED ARCHIVELOG sequence 34229;

Then Backup database.

 Thank you
Osama Mustafa

Oracle Security Case Study

Posted on by Osama Mustafa in Others
Does your security procedure protect your data?

In most of the companies , there is access to Email Systems, Intranet , networks and internet , most of these user are using the application that connected to Database ( assume that it’s Oracle Database).

By Creating Security Procedure to protect database and what this database contain you create hard environment to deal with  since the three compentents are availability,  integrity and secuirty which mean if you increase the security then integrity will not be on the same level and so on,The Oracle database has several layers of security and provides auditing functionality at each level. most of then mention in Oracle Security Section website.

  • Password management : One of the basic steps to Enforce user to follow the rules such as : password expiration, limit password reuse, limit the number of failed logon attempts, force password complexity, lock and expire database accounts
  •     Database Auditing to monitor user activity.
  •     Fine Grained Auditing to define specific conditions necessary for an audit record to be generated, resulting in a more meaningful audit trail
  •     Database Resource Manager to set resource limits and quotas on the amount of various system resources available to users
  •     Roles to manage object privileges
  •      Oracle Label Security for more sophisticated row level security
  •     Data Encryption to provide an additional layer of protection
Which Kind Of Security Plan you follow , Do you think the Basic Steps to Secure Database will be enough or should someone enable auditing , install database firewall …. when you answer consider that more security means it will be hard to deal with application and environment.
tell me your case about the security ? what you think ?
Thank you 
Osama mustafa  

 

Limit The Access To The Database

Posted on by Osama Mustafa in Database
In this Article, i explain how to limit access to database for only one user per schema which mean one concurrent user per schema.

Resource_limit should set to True

SQL> show parameter resource

NAME                                 TYPE        VALUE
———————————— ———– ——————————
resource_limit                       boolean     TURE
resource_manager_plan                string

After change this parameter Bounce database.

Connect to database using sysdba privileges 

sqlplus / as sysdba

create profile Only_one_user limit sessions_per_user 1;

Create New User/modify old one depend on what you want:

create user test identified by test profile Only_one_user;
grant connect to test;

Now Try to connect to this user using more than one terminal, if you did you will receive error

ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit

Thank you
Osama Mustafa

DBMS_METADATA

Posted on by Osama Mustafa in Database
The DBMS_METADATA package provides a way for you to retrieve metadata from the database dictionary as XML or creation DDL and to submit the XML to re-create the object.

TableSpace

select dbms_metadata.get_ddl(‘TABLESPACE’,tablespace_name) from dba_tablespaces;

Get All Tablespace Script :

set head off echo off
select ‘select dbms_metadata.get_ddl(”TABLESPACE”,”’
  ||  tablespace_name || ”’) from dual;’ from dba_tablespaces


Table

 select dbms_metadata.get_ddl(‘TABLE’,’DEPT’,’SCOTT’) from dual;

User

SELECT dbms_metadata.get_ddl(‘USER’,’SCOTT’) FROM dual;

Role

SELECT DBMS_METADATA.GET_GRANTED_DDL(‘ROLE_GRANT’,’SCOTT’) from dual;
 SELECT DBMS_METADATA.GET_GRANTED_DDL(‘OBJECT_GRANT’,’SCOTT’) from dual;
SELECT DBMS_METADATA.GET_GRANTED_DDL(‘SYSTEM_GRANT’,’SCOTT’) from dual;
SELECT dbms_metadata.get_ddl(‘ROLE’,’RESOURCE’) from dual;

This is the Most common Usage for this package more information read Oracle Documentation
 
Thank you
Osama mustafa

Using Production Data is this Right ?

Posted on by Osama Mustafa in Others
Production Data Contain Sensitive information should not be shared with unauthorized people this data contain financial , Account Number , ATM passwords  … , Most of the company contain Developers team to support applications and modify the code as they need it, But the developers need data to test the code, How to get this data, This the Question ?

I seen lot of Company Use Production Data on development database/Test Database because it’s great for testing,really easy and No cost for doing this but  is this right ? My View On this Topic No production data is allowed on the development. There’s lot of point to discuss to proof exactly what i mean and if it’s necessary to use it then hide it with multiple ways i will talk about it.

There is a lot more chance that the data may be compromised,This data should be removed and sanitized to make it anonymous / De-personalized.I read lot of articles every article explain something different for example This article support using Prod Data. after reading this blog ask yourself one question how the production  make job easier ? by let developer/unauthorized people looking to customer Data !!!!  Different point of view Customer want their data to be secure and the employees want to test the code and something easy and real to use.

Check this The Ponemon Institute has come out with some interesting (and scary) data on data security during development and testing.

 This chart shows what Breach of data. It shows a lot of sensitive data such as card holder data, customer data, credit card information and business confidential information.

Personally I prefer to use a subset or dummy data use Red-Gate Data Generator, 
There’s lot of security issue can be lead by Using Prod data for testing/development such as  severely compromise its confidentiality, even leading to legal action.

Take this example Hannaford Brothers,In March, the Maine-based Hannaford Brothers grocery store chain
announced that 4.2 million customer card transactions had been compromised by the hackers. More than 1800 credit card numbers were immediately used for fraudulent transactions.

after all this examples is it Ok to use Prod Data On test ?  Do you have a legitimate reason?  do you have
Security,Encryption, Firewalls, Breech Detection , Include to that There’s difference Security Rules On prod data and Test Data , Production database For authorized People, Privacy, Auditing,  Roles , Privileges lot of conditions to access it. on the other hand Development data Frequently wide open,Dozens  of employees  have access, Access from many to unlimited places, Home access And you still Want to use Production Data ? Do you programs care or know the difference ?

Some Rules you have to follow :

  • Make your employees aware of the policies and procedures.
  • If it is  possible to not use production data, take that option.use  alternate ways of testing scenarios.
  • Ensure that production data is masked or scrubbed when it is moved out of the production environment.

if it’s necessary to use your Production Data Then Do it right by scrambling (Scrambling is the function of replacing a character (or byte) of data with a different character (or byte) of data) Oracle Provide you with solutions to do that called data masking By write your own function that will Scramble data for you.
another option could be use is encryption (Encryption is a series of algorithms used to encrypt data into nonsensical characters (not in the English alphabet)). There’s Another way you can hide production data NULL’ing Out,Substitution, Gibberish Generation ….

 Finally Using live data in non-production is either illegal or expensive. For the companies using it illegally, it’s only a matter of time before somebody slips up and the practice is discovered

Using live data in non-production is either illegal or expensive. For the companies using it illegally, it’s only a matter of time before somebody slips up and the practice is discovered. For the companies paying extra to keep their developers compliant, they’ll find themselves resistant to new development and undercut by companies who’ve used their data in a strategic way. In the long run, the tiny benefit is just not worth the risk. – See more at: http://www.businesscomputingworld.co.uk/are-you-using-live-customer-data-outside-of-your-production-database/#sthash.8r06L9KL.dpuf

Using live data in non-production is either illegal or expensive. For the companies using it illegally, it’s only a matter of time before somebody slips up and the practice is discovered. For the companies paying extra to keep their developers compliant, they’ll find themselves resistant to new development and undercut by companies who’ve used their data in a strategic way. In the long run, the tiny benefit is just not worth the risk. – See more at: http://www.businesscomputingworld.co.uk/are-you-using-live-customer-data-outside-of-your-production-database/#sthash.8r06L9KL.dpuf

Read Ponemon Institute Report

Thank you
Osama Mustafa

Cancel Request In Conurrent Manager

Posted on by Osama Mustafa in Application
To Cancel Request In Oracle Apps using SqlPlus  Command run the below Query :

Update Fnd_Concurrent_Requests
   SET Phase_Code = ‘C’,
   Status_Code = ‘E’
 Where Request_ID = ;

Or you can Replace Retest_id with  CONCURRENT_PROGRAM_ID.

Thank you
Osama Mustafa

What is ORA-00600

Posted on by Osama Mustafa in Database
The ORA-600 error is the generic internal error number for Oracle program exceptions. It indicates that a process has encountered a low-level, unexpected condition.

ORA 600 “internal error code, arguments: [%s], [%s],[%s], [%s], [%s]”

and you should it’s different Oracle errors , Because when you see this error then it’s indicating for bugs, the above is general description for the error the first characterset / Number is is used with database version to identify the problem by oracle support. and maybe you will find related document on https://support.oracle.com.

When you face this error you should check the below document searching for some Notes/Patch could help you :

 Note 600.1 ORA-600/ORA-7445 Lookup tool

You need to Choose database version ( 4 digit ) and First argument in the error, also for more information how to use this tool :

 Note 1082674.1 : A Video To Demonstrate The Usage Of The ORA-600/ORA-7445 Lookup Tool [Video]

Notice when you check the alert log and see this error, a trace file is generated and an entry is written to the alert.log with details of the trace file location, trace file provide you with more information about the error that could help you to solve it. you can check the below document how to use trace file :

Note 453125.1 11g Diagnosability Frequently Asked Questions
Note 443529.1 11g Quick Steps to Package and Send Critical Error Diagnostic Information to Support[Video]

Most Common Reason for ORA-00600 File-Corruption, Failure in Hardware, I/O , or memory, to solve this error you need to do some steps before Open Services Request :

  1. Check Alert Log .
  2. Don’t forget to look at the Ora-00600 Tools.
  3. If you find any Notes related to your problem  use it and read it carefully.
  4. The last option you could help is contact Oracle Support by open Services Request but provide the full information such as:
      1. alertlog for database.
      2. Traces.
      3. If any change happened lately included with SR.
      4. I post About RDA it’s useful to use it when you open SR.

Thank you
Osama Mustafa

EBS 11i MOS notes

Posted on by Osama Mustafa in Application
Cloning

NOTE.362473.1 : Cloning E-Business Suite Using Hot Backup for Minimal
NOTE.216212.1 : Business Continuity for Oracle Applications Release 11i
NOTE.233428.1 : Sharing the Application Tier File System in Oracle
NOTE.230672.1 : Cloning Oracle Applications Release 11i with Rapid Clone
NOTE.216664.1 : FAQ: Cloning Oracle Applications Release 11i
NOTE.135792.1 : Cloning Oracle Applications Release 11i

Patching

NOTE.174436.1 : Oracle Applications Patching FAQ
NOTE.175485.1 : How to Apply an 11i Patch When adpatch is Already Running
NOTE.181665.1 : Release 11i Adpatch Basics

Autoconfig:

NOTE.218089.1 : Autoconfig FAQ
NOTE.165195.1 : Using AutoConfig to Manage System Configurations with
NOTE.270519.1 :Customizing an AutoConfig Environment

General Notes:

165195.1 “Using Autoconfig to Manage System Configurations with Oracle Applications 11i”.
218089.1 “Frequently Asked Questions about Using Autoconfig with Oracle Applications Release 11i”.
217368.1 “Advanced Configurations and Topologies for Enterprise Deployments of E-Business Suite 11i”.
362135.1 “Configuring Oracle Applications Release 11i with 10g Release2 Real Application Clusters and Automatic Storage Management”
123718.1 “A Guide to Understanding and Implementing SSL with Oracle Applications 11i”.
125767.1 “Upgrading Developer 6i with Oracle Applications 11i”.189708.1 Oracle Reports 6i Setup Guide for Oracle Applications 11i
273888.1 Steps to Upgrade Oracle Apps 11.5.4 to Latest Version or 11.5.9
437794.1 Database Status Check Before, During And After Migrations and Upgrades
362202.1 Oracle Applications Release 11i with Oracle 10g(10.1.0.4)
165195.1 for more information on how to run autoconfig
233436.1 Installing Oracle Application Server 10g with Oracle E-Business Suite Release 11i
313418.1 Using Discoverer 10.1.2 with Oracle E-Business Suite 11i.
352843.1 HOW TO RUN A PATCH IMPACT ANALYSIS IN OAM