기술지원 뉴스에서 확인한 내용입니다.
".. 19c는 2023년 3월까지, 그리고 2026년 3월까지의 확장 지원 하에 적용될 것입니다. "
| 19c 기대했던 기능들. automatic indexing, realtime-statistics. Exa/Cloud only (0) | 2019.03.08 |
|---|---|
| DDL log 별도 저장 (0) | 2018.12.19 |
| Oracle 12c Default audit policy include release 2 (0) | 2017.09.26 |
| 12c의 ORA_STIG_PROFILE (0) | 2016.08.26 |
| RMAN recover table point in time (0) | 2016.03.06 |
19c가 exadata에서 가능하게 됐다는 글이 오라클 블로그에 올라왔었다.
https://blogs.oracle.com/database/oracle-database-19c-available-exadata
곧 있으면 일반 on-premise non-exa 버전도 나올 것이다.
소개 중에서 저는 특히 기대되는 기능이 아래 두개 였다
automatic indexing
real-time statistics collections
라이센스 얘기가 없어서 19c docs의 라이센스 가이드에서 찾아봤더니
| Feature / Option / Pack | SE2 | EE | EE-ES | DBCS SE | DBCS EE | DBCS EE-HP | DBCS EE-EP | ExaCS | Notes |
| Automatic Indexing | N | N | Y | Y | Y | Y | Y | Y | EE-ES: Available on Exadata. Not available on Oracle Database Appliance. |
| SQL Quarantine | N | N | Y | Y | Y | Y | Y | Y | EE-ES: Available on Exadata. Not available on Oracle Database Appliance. |
| Real-Time Statistics | N | N | Y | Y | Y | Y | Y | Y | EE-ES: Available on Exadata. Not available on Oracle Database Appliance. |
| High-Frequency Automatic Optimizer Statistics Collection | N | N | Y | Y | Y | Y | Y | Y | EE-ES: Available on Exadata. Not available on Oracle Database Appliance. |
On-premise에선 EE-ES 부터만 가능하다.
ES는 Enterprise System(EXADATA, ODA등)이고 오른쪽 노트에서는 또 ODA는 안된다고 한다.
클라우드 서비스 사용할 경우엔 다 되는것도 확인할 수 있다.
OOW18에서 19c 예정 기능들 소개를 봤을 땐 일반 DB에서도 가능할 것 같았었는데!
테스트해보려면 19c 버전 이상의 db버전 19c가 있어야 하고, 아니면 클라우드를 사용해서 해보는 수밖에 없겠다.
아니면 EXADATA 시뮬 환경을 구성하는 것도 방법인데, 12c도 메모리 요구사항이 매우 높아 잘 구동이 안되는 경우도 있어서 19c가 잘 될런지? 메모리는 더 요구할 것 같다.
On-premise 운용 측면에선 앞으로도 EXA가 아닌 머신은 해당 기능들을 고려할 필요가 없겠다. 조금 아쉽다.
| 19c long term support 기간 (0) | 2019.07.22 |
|---|---|
| DDL log 별도 저장 (0) | 2018.12.19 |
| Oracle 12c Default audit policy include release 2 (0) | 2017.09.26 |
| 12c의 ORA_STIG_PROFILE (0) | 2016.08.26 |
| RMAN recover table point in time (0) | 2016.03.06 |
컨셉 매뉴얼을 잠깐 참조하다가 DDL Log가 있어 확인해본 내용 정리
예전에 audit 말고 ddl을 남기는 방법을 찾다가
ALERT LOG에 DDL 기록을 남기기 위해 enable_ddl_logging 파라미터를 확인해서 적용했던 적이 있는데
결국엔 다시 껐다.
이유는 당시 적용한 db는 주기적인 datapump 작업이 자주 일어나고 있었는데,
datapump 작업시의 임시 테이블이나 뷰 생성과 DROP에 기록도 남아 DB Alert log 를 더럽혔기 때문이다.
12c부터(R1인지 R2인지 정확히 모름) DDL 로그가 전용으로 생겼다
위치1 text file
$ORACLE_BASE/diag/rdbms/<dbname>/<sid>/log/ddl_<sid>.log
위치2 xml file
$ORACLE_BASE/diag/rdbms/<dbname>/<sid>/log/ddl/log.xml
설정:
|
SQL> show parameter ddl
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
ddl_lock_timeout integer 0
enable_ddl_logging boolean FALSE
SQL> alter system set enable_ddl_logging=true;
System altered. |
expdp를 수행해 본다
|
[oracle@test ~]$ expdp system schemas=scott
Export: Release 12.2.0.1.0 - Production on Wed Dec 19 21:09:45 2018
Copyright (c) 1982, 2017, Oracle and/or its affiliates. All rights reserved.
Password:
Connected to: Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
Starting "SYSTEM"."SYS_EXPORT_SCHEMA_01": system/******** schemas=scott
Processing object type SCHEMA_EXPORT/TABLE/TABLE_DATA
Processing object type SCHEMA_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS
Processing object type SCHEMA_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS
Processing object type SCHEMA_EXPORT/STATISTICS/MARKER
Processing object type SCHEMA_EXPORT/USER
Processing object type SCHEMA_EXPORT/SYSTEM_GRANT
Processing object type SCHEMA_EXPORT/ROLE_GRANT
Processing object type SCHEMA_EXPORT/DEFAULT_ROLE
Processing object type SCHEMA_EXPORT/PRE_SCHEMA/PROCACT_SCHEMA
Processing object type SCHEMA_EXPORT/SEQUENCE/SEQUENCE
Processing object type SCHEMA_EXPORT/TABLE/TABLE
Processing object type SCHEMA_EXPORT/TABLE/INDEX/INDEX
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/CONSTRAINT
Processing object type SCHEMA_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT
. . exported "SCOTT"."T1" 104.0 KB 10100 rows
. . exported "SCOTT"."EMP" 8.781 KB 14 rows
. . exported "SCOTT"."DEPT" 6.031 KB 4 rows
. . exported "SCOTT"."SALGRADE" 5.960 KB 5 rows
. . exported "SCOTT"."BONUS" 0 KB 0 rows
Master table "SYSTEM"."SYS_EXPORT_SCHEMA_01" successfully loaded/unloaded
******************************************************************************
Dump file set for SYSTEM.SYS_EXPORT_SCHEMA_01 is:
/u01/app/oracle/admin/orcl12c/dpdump/expdat.dmp
Job "SYSTEM"."SYS_EXPORT_SCHEMA_01" successfully completed at Wed Dec 19 21:11:10 2018 elapsed 0 00:01:21 |
ddl 로그 파일을 확인해보니
|
[oracle@test log]$ cat ddl_orcl12c.log
2018-12-19T21:09:21.251992+09:00
diag_adl:CREATE TABLE "SYSTEM"."SYS_EXPORT_SCHEMA_01" --생략--
2018-12-19T21:09:22.504407+09:00 diag_adl:CREATE OR REPLACE FORCE VIEW "SYS"."AQ$_KUPC$DATAPUMP_QUETAB_1_F" sharing=none AS SELECT --생략--
diag_adl:CREATE OR REPLACE FORCE VIEW "SYS"."AQ$_KUPC$DATAPUMP_QUETAB_1_F" sharing=none AS SELECT --생략-- 2018-12-19T21:09:26.354288+09:00
diag_adl:DROP TABLE "SYSTEM"."SYS_EXPORT_SCHEMA_01" PURGE
2018-12-19T21:09:48.012644+09:00
diag_adl:CREATE TABLE "SYSTEM"."SYS_EXPORT_SCHEMA_01" --생략--
diag_adl:CREATE OR REPLACE FORCE VIEW "SYS"."AQ$_KUPC$DATAPUMP_QUETAB_1_F" sharing=none AS SELECT --생략--
diag_adl:CREATE OR REPLACE FORCE VIEW "SYS"."AQ$_KUPC$DATAPUMP_QUETAB_1_F" sharing=none AS SELECT --생략-- 2018-12-19T21:09:51.515314+09:00 diag_adl:ALTER TABLE "SYSTEM"."SYS_EXPORT_SCHEMA_01" ADD (UNIQUE (process_order, duplicate))
diag_adl:CREATE INDEX SYS_MTABLE_000005D25_IND_1 ON "SYSTEM"."SYS_EXPORT_SCHEMA_01" (object_schema, original_object_name, object_type)
diag_adl:CREATE INDEX SYS_MTABLE_000005D25_IND_2 ON "SYSTEM"."SYS_EXPORT_SCHEMA_01" (object_schema, object_name, object_type, partition_name, subpartition_name)
diag_adl:CREATE INDEX SYS_MTABLE_000005D25_IND_3 ON "SYSTEM"."SYS_EXPORT_SCHEMA_01" (base_process_order)
diag_adl:CREATE INDEX SYS_MTABLE_000005D25_IND_4 ON "SYSTEM"."SYS_EXPORT_SCHEMA_01" (original_object_schema, original_object_name, partition_name)
diag_adl:CREATE INDEX SYS_MTABLE_000005D25_IND_5 ON "SYSTEM"."SYS_EXPORT_SCHEMA_01" (seed)
2018-12-19T21:09:59.614785+09:00
diag_adl:truncate table "SYS"."IMPDP_STATS"
2018-12-19T21:10:03.507561+09:00
diag_adl:truncate table sys.spd_scratch_tab
2018-12-19T21:11:13.637296+09:00
diag_adl:DROP TABLE "SYSTEM"."SYS_EXPORT_SCHEMA_01" PURGE |
이 내용들이 db alertlog에 남는다면 db alert log가 매우 지저분해질 수 있다.
일반 유저의 DDL은 당연히 남을 것이고
audit는 sys 유저는 별도 설정 안하면 안남는 이슈가 있는데, 과연 이 기능은 남을까?
|
SQL> show parameter audit_sys_op
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_sys_operations boolean FALSE
SQL> show user
USER is "SYS"
SQL> create table t1 (c1 number);
Table created. |
ddl 로그를 확인해본다.
|
[oracle@test log]$ cat ddl_orcl12c.log
2018-12-19T21:52:56.253252+09:00
diag_adl:create table t1 (c1 number) |
sys에서 수행한 ddl도 남는다
ddl 전용 로그가 생겨서인지 db alert log에는 ddl 로그가 안남는걸 확인했다.
간편히 사용하고 싶다면 12c이상에선 이 방법도 고려해볼만 하겠다.
단, AUDIT과는 다르게 위 로그에서 알 수 있듯이 단순히 "언제","어떤 SQL" 정보만 남고 어떤 machine에서 어떤 유저가 수행했는지 나오지 않는다.
19-03 추가
11g에선 Oracle Change Management Pack 옵션 라이센스가 필요하고
12c부턴 Oracle Lifecycle Management Pack 옵션 라이센스가 필요한 파라미터이다
이 옵션은 사는 고객사를 본 적이 드물다. 파라미터 변경하지 말도록 하자.
| 19c long term support 기간 (0) | 2019.07.22 |
|---|---|
| 19c 기대했던 기능들. automatic indexing, realtime-statistics. Exa/Cloud only (0) | 2019.03.08 |
| Oracle 12c Default audit policy include release 2 (0) | 2017.09.26 |
| 12c의 ORA_STIG_PROFILE (0) | 2016.08.26 |
| RMAN recover table point in time (0) | 2016.03.06 |
■ 개요
12.1과 12.2 모두 Unified Audit 기능은 off 상태입니다.
활성화하려면 relink가 필요합니다.. (기본값에 대해 다루기에 relink 과정은 생략)
기본설정은 mixed mode로 예전의 방식과 unified audit가 혼용되어 적용되어 있습니다.
■ 12c 기본 정책
11g와 마찬가지로 기본적으로 적용되어 있는 Audit 설정이 존재합니다.
▶기본 적용되어 있는 정책
column policy_name format a25
column user_name format a14
column enabled format a7
set line 200
set pages 1000
SQL> SELECT policy_name, enabled_opt, user_name, success, failure FROM audit_unified_enabled_policies;
POLICY_NAME ENABLED USER_NAME SUC FAI
------------------------- ------- -------------- --- ---
ORA_SECURECONFIG BY ALL USERS YES YES
ORA_LOGON_FAILURES BY ALL USERS NO YES
--두가지 정책이 enable 되어 있습니다.
--그리고 ORA_LOGON_FAILURES는 폴리시 자체는 LOGON 이란 액션만 있고 실패에 대한 조건이 없습니다.
--12c부터는 활성화시에 옵션을 사용해 적용됩니다. 아래처럼
CREATE AUDIT POLICY ORA_LOGON_FAILURES ACTIONS LOGON;
AUDIT POLICY ORA_LOGON_FAILURES WHENEVER NOT SUCCESSFUL;
▶ 생성되어 있는 정책
SQL> select policy_name from AUDIT_UNIFIED_POLICIES group by policy_name;
POLICY_NAME
-------------------------
ORA_CIS_RECOMMENDATIONS
ORA_LOGON_FAILURES
ORA_RAS_POLICY_MGMT
ORA_DATABASE_PARAMETER
ORA_RAS_SESSION_MGMT
ORA_ACCOUNT_MGMT
ORA_SECURECONFIG
▶ 생성되어 있는 정책 detail
col AUDIT_OPTION for a40
col AUDIT_CONDITION for a10
col ENTITY_NAME for a15
col object_schema for a10
col object_name for a15
select POLICY_NAME,AUDIT_OPTION,AUDIT_OPTION_TYPE, OBJECT_SCHEMA, OBJECT_NAME from AUDIT_UNIFIED_POLICIES
order by 1,2;
POLICY_NAME AUDIT_OPTION AUDIT_OPTION_TYPE OBJECT_SCH OBJECT_NAME
------------------------- ---------------------------------------- ------------------ ---------- ---------------
ORA_ACCOUNT_MGMT ALTER ROLE STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT ALTER USER STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT CREATE ROLE STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT CREATE USER STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT DROP ROLE STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT DROP USER STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT GRANT STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT REVOKE STANDARD ACTION NONE NONE
ORA_ACCOUNT_MGMT SET ROLE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER ANY TRIGGER SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER DATABASE LINK STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER PROCEDURE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER PROFILE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER ROLE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER SYSTEM SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS ALTER USER STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE ANY LIBRARY SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE ANY TRIGGER SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE DATABASE LINK STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE PROCEDURE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE PROFILE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE ROLE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE SYNONYM STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS CREATE USER STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP ANY LIBRARY SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS DROP ANY TRIGGER SYSTEM PRIVILEGE NONE NONE
ORA_CIS_RECOMMENDATIONS DROP DATABASE LINK STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP PROCEDURE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP PROFILE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP ROLE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP SYNONYM STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS DROP USER STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS GRANT STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS REVOKE STANDARD ACTION NONE NONE
ORA_CIS_RECOMMENDATIONS SELECT ANY DICTIONARY SYSTEM PRIVILEGE NONE NONE
ORA_DATABASE_PARAMETER ALTER DATABASE STANDARD ACTION NONE NONE
ORA_DATABASE_PARAMETER ALTER SYSTEM STANDARD ACTION NONE NONE
ORA_DATABASE_PARAMETER CREATE SPFILE STANDARD ACTION NONE NONE
ORA_LOGON_FAILURES LOGON STANDARD ACTION NONE NONE
ORA_RAS_POLICY_MGMT ADD GLOBAL CALLBACK XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT ADD PROXY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE ACL XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE DATA SECURITY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE NAMESPACE TEMPLATE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE ROLE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE ROLESET XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE SECURITY CLASS XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT CREATE USER XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE ACL XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE DATA SECURITY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE GLOBAL CALLBACK XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE NAMESPACE TEMPLATE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE ROLE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE ROLESET XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE SECURITY CLASS XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DELETE USER XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT DISABLE DATA SECURITY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT ENABLE DATA SECURITY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT ENABLE GLOBAL CALLBACK XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT GRANT ROLE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT GRANT SYSTEM PRIVILEGE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT REMOVE PROXY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT REVOKE ROLE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT REVOKE SYSTEM PRIVILEGE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT SET USER PASSWORD XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT SET USER PROFILE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT SET USER VERIFIER XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE ACL XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE DATA SECURITY XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE NAMESPACE TEMPLATE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE ROLE XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE ROLESET XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE SECURITY CLASS XS ACTION NONE NONE
ORA_RAS_POLICY_MGMT UPDATE USER XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT ASSIGN USER XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT CREATE NAMESPACE ATTRIBUTE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT CREATE SESSION XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT CREATE SESSION NAMESPACE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT DELETE NAMESPACE ATTRIBUTE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT DELETE SESSION NAMESPACE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT DESTROY SESSION XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT DISABLE ROLE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT ENABLE ROLE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT GET NAMESPACE ATTRIBUTE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT SET COOKIE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT SET INACTIVE TIMEOUT XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT SET NAMESPACE ATTRIBUTE XS ACTION NONE NONE
ORA_RAS_SESSION_MGMT SWITCH USER XS ACTION NONE NONE
ORA_SECURECONFIG ADMINISTER KEY MANAGEMENT SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER ANY PROCEDURE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER ANY SQL TRANSLATION PROFILE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER ANY TABLE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER DATABASE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER DATABASE LINK STANDARD ACTION NONE NONE
ORA_SECURECONFIG ALTER PLUGGABLE DATABASE STANDARD ACTION NONE NONE
ORA_SECURECONFIG ALTER PROFILE STANDARD ACTION NONE NONE
ORA_SECURECONFIG ALTER ROLE STANDARD ACTION NONE NONE
ORA_SECURECONFIG ALTER SYSTEM SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG ALTER USER STANDARD ACTION NONE NONE
ORA_SECURECONFIG AUDIT SYSTEM SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG BECOME USER SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ANY JOB SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ANY LIBRARY SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ANY PROCEDURE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ANY SQL TRANSLATION PROFILE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ANY TABLE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE DATABASE LINK STANDARD ACTION NONE NONE
ORA_SECURECONFIG CREATE DIRECTORY STANDARD ACTION NONE NONE
ORA_SECURECONFIG CREATE EXTERNAL JOB SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE PLUGGABLE DATABASE STANDARD ACTION NONE NONE
ORA_SECURECONFIG CREATE PROFILE STANDARD ACTION NONE NONE
ORA_SECURECONFIG CREATE PUBLIC SYNONYM SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE ROLE STANDARD ACTION NONE NONE
ORA_SECURECONFIG CREATE SQL TRANSLATION PROFILE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG CREATE USER SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG DROP ANY PROCEDURE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG DROP ANY SQL TRANSLATION PROFILE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG DROP ANY TABLE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG DROP DATABASE LINK STANDARD ACTION NONE NONE
ORA_SECURECONFIG DROP DIRECTORY STANDARD ACTION NONE NONE
ORA_SECURECONFIG DROP PLUGGABLE DATABASE STANDARD ACTION NONE NONE
ORA_SECURECONFIG DROP PROFILE STANDARD ACTION NONE NONE
ORA_SECURECONFIG DROP PUBLIC SYNONYM SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG DROP ROLE STANDARD ACTION NONE NONE
ORA_SECURECONFIG DROP USER SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG EXECUTE OBJECT ACTION SYS DBMS_RLS
ORA_SECURECONFIG EXECUTE OBJECT ACTION REMOTE_SCH ADD_AGENT_CERTI
EDULER_AGE FICATE
NT
ORA_SECURECONFIG EXEMPT ACCESS POLICY SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG EXEMPT REDACTION POLICY SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG GRANT ANY OBJECT PRIVILEGE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG GRANT ANY PRIVILEGE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG GRANT ANY ROLE SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG LOGMINING SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG PURGE DBA_RECYCLEBIN SYSTEM PRIVILEGE NONE NONE
ORA_SECURECONFIG SET ROLE STANDARD ACTION NONE NONE
ORA_SECURECONFIG TRANSLATE ANY SQL SYSTEM PRIVILEGE NONE NONE
136 rows selected.
■ 관련 뷰
AUDIT_UNIFIED_POLICIES
AUDIT_UNIFIED_ENABLED_POLICIES
UNIFIED_AUDIT_TRAIL
AUDIT_UNIFIED_POLICY_COMMENTS
AUDIT_UNIFIED_CONTEXTS
| 19c long term support 기간 (0) | 2019.07.22 |
|---|---|
| 19c 기대했던 기능들. automatic indexing, realtime-statistics. Exa/Cloud only (0) | 2019.03.08 |
| DDL log 별도 저장 (0) | 2018.12.19 |
| 12c의 ORA_STIG_PROFILE (0) | 2016.08.26 |
| RMAN recover table point in time (0) | 2016.03.06 |
12c에선 보안용으로 ORA-STIG_PROFILE 이라는 profile을 기본으로 생성해준다.
SQL> select * from dba_profiles;
PROFILE RESOURCE_NAME RESOURCE LIMIT COM
----------------- ------------------------------ -------- ------------------------------ ---
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED NO
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED NO
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED NO
DEFAULT CPU_PER_CALL KERNEL UNLIMITED NO
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED NO
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED NO
DEFAULT IDLE_TIME KERNEL UNLIMITED NO
DEFAULT CONNECT_TIME KERNEL UNLIMITED NO
DEFAULT PRIVATE_SGA KERNEL UNLIMITED NO
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED NO
DEFAULT PASSWORD_LIFE_TIME PASSWORD UNLIMITED NO
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED NO
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED NO
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL NO
DEFAULT PASSWORD_LOCK_TIME PASSWORD UNLIMITED NO
DEFAULT PASSWORD_GRACE_TIME PASSWORD UNLIMITED NO
ORA_STIG_PROFILE COMPOSITE_LIMIT KERNEL DEFAULT NO
ORA_STIG_PROFILE SESSIONS_PER_USER KERNEL DEFAULT NO
ORA_STIG_PROFILE CPU_PER_SESSION KERNEL DEFAULT NO
ORA_STIG_PROFILE CPU_PER_CALL KERNEL DEFAULT NO
ORA_STIG_PROFILE LOGICAL_READS_PER_SESSION KERNEL DEFAULT NO
ORA_STIG_PROFILE LOGICAL_READS_PER_CALL KERNEL DEFAULT NO
ORA_STIG_PROFILE IDLE_TIME KERNEL 15 NO
ORA_STIG_PROFILE CONNECT_TIME KERNEL DEFAULT NO
ORA_STIG_PROFILE PRIVATE_SGA KERNEL DEFAULT NO
ORA_STIG_PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD 3 NO
ORA_STIG_PROFILE PASSWORD_LIFE_TIME PASSWORD 60 NO
ORA_STIG_PROFILE PASSWORD_REUSE_TIME PASSWORD 365 NO
ORA_STIG_PROFILE PASSWORD_REUSE_MAX PASSWORD 10 NO
ORA_STIG_PROFILE PASSWORD_VERIFY_FUNCTION PASSWORD ORA12C_STRONG_VERIFY_FUNCTION NO
ORA_STIG_PROFILE PASSWORD_LOCK_TIME PASSWORD UNLIMITED NO
ORA_STIG_PROFILE PASSWORD_GRACE_TIME PASSWORD 5 NO
STIG란 Security Technical Implementation Guidelines 의 약자이다.
| 19c long term support 기간 (0) | 2019.07.22 |
|---|---|
| 19c 기대했던 기능들. automatic indexing, realtime-statistics. Exa/Cloud only (0) | 2019.03.08 |
| DDL log 별도 저장 (0) | 2018.12.19 |
| Oracle 12c Default audit policy include release 2 (0) | 2017.09.26 |
| RMAN recover table point in time (0) | 2016.03.06 |
11g에선 Tablespace PITR만 가능했는데 12c에선 Table단위도 가능하게 되었다.
이를 간단히 테스트해본다.
1. 백업
$ rman target /
backup database;
2. 현재 시간 or scn 확인
SQL> select current_scn from v$database;
CURRENT_SCN
-----------
665749
3. scott에서 emp, bonus truncate
$ sqlplus scott/tiger
SQL> truncate table emp;
SQL> truncate table bonus;
4. rman 에서 테이블 recover 실행
$ mkdir /oradata/aux
$ rman target /
recover table scott.emp, scott.bonus
until scn 665749
auxiliary destination '/oradata/aux'
remap table scott.emp:re_emp, scott.bonus:re_bonus;
※동일 명의 테이블이 있으면 에러나기 때문에 remap 해야함.
5. 확인 및 insert
$ sqlplus scott/tiger
SQL> select * from re_emp;
SQL> select * from re_bonus;
SQL> insert into emp select * from re_emp;
SQL> insert into bonus select * from re_bonus;
| 19c long term support 기간 (0) | 2019.07.22 |
|---|---|
| 19c 기대했던 기능들. automatic indexing, realtime-statistics. Exa/Cloud only (0) | 2019.03.08 |
| DDL log 별도 저장 (0) | 2018.12.19 |
| Oracle 12c Default audit policy include release 2 (0) | 2017.09.26 |
| 12c의 ORA_STIG_PROFILE (0) | 2016.08.26 |
|
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
