Restricted Mode

When you’re doing some work in maintenance windows and you want to be sure that
no one else is logged into the database you can use Restricted Mode

First you must check what users have permission to login  to restricted mode:

select * from dba_sys_privs where privilege=’RESTRICTED SESSION’;

If a user that you want to use doesn’t have this permission, use:

grant RESTRICTED SESSION to ROBERT;

You can also revoke permission from users than shouldn’t have it:

revoke RESTRICTED SESSION from ANTOHER_USER;

Ok, now you can switch the database into restricted mode.

There are two ways you can do this.

Shutdown the database and open in restricted mode:

shutdown immediate;

startup restrict;

This method has the  advantage that you will be sure that nobody without restricted session permission will  be online.

But of course, you may not   want or can’t restart the database, so the second way is to switch the database into restricted mode when it’sopen:

ALTER SYSTEM ENABLE RESTRICTED SESSION;

Using the statement below you can check in what state the database is:

select logins from v$instance;

In this method the important issue is to know that after alter system Oracle doesn’t kill existing sessions, so you must do this on your own, e.g using this script:

declare



  cursor sesje is

    select g.SID sid, g.SERIAL# serial

      from v$session g

     where g.USERNAME != ’SYS’

       and g.USERNAME is not null;



begin



  for sesja in sesje loop

   begin

     execute immediate 'ALTER SYSTEM KILL SESSION ''' || sesja.sid || ',' || sesja.serial || ''' immediate';

   exception

     when others then

       null;

   end;

  end loop;

end;

In the first and second method you must know that by default, if the database is in restricted mode you can’t login into her via listener, even if you have the needed permission. If you try , you will see this error message:

ORA-12526: TNS:listener: all appropriate instances are in restricted mode

To login via listener you must modify tnsnames file and add one little thing: (UR=A)

ORCL =

 (DESCRIPTION =

   (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))

   (CONNECT_DATA =

(UR=A)

     (SERVER = DEDICATED)

     (SERVICE_NAME = ORCL)

   )

 )

Proxy Authentication

In this post I will describe a little but very useful feature in Oracle named Proxy Authentication.

A proxy user can be used to login into the database on behalf of another user without knowing their password. Of course, to do this you must be a sys user.

How does it work?

First you must create a new user:

create user new_user identified by new_user_pass;

Then we do the magic:

alter user exists_user grant connect through new_user;

After that you can log into the database:

connect new_user[exists_user]/new_user_pass

If you give someone these kind of privileges it’s also important to issue  a good audit, so,here is an example of the command:

CONNECT sys



AUDIT SESSION



AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY new_user ON BEHALF OF exists_user;

AUDIT SELECT TABLE, UPDATA TABLE, INSERT TABLE, DELETE TABLE BY exists_user BY ACCESS;

After that you can select information about a proxy users activity from the dba_audit_trial table.

Here’s an example of a select statement:

SELECT tr2.username           PROXY,

       tr1.username           USERNAME,

       tr1.extended_timestamp,

       tr1.owner,

       tr1.obj_name,

       tr1.action_name,

       tr1.returncode,

       tr1.SESSIONID,

       tr1.PROXY_SESSIONID

  FROM dba_audit_trail tr1, dba_audit_trail tr2

 WHERE tr1.obj_name not in

       ('DUAL', 'SQLPLUS_PRODUCT_PROFILE', 'PRODUCT_PRIVS')

   AND tr1.proxy_sessionid = tr2.sessionid

   AND tr2.action_name = 'PROXY AUTHENTICATION ONLY'

 ORDER BY tr1.timestamp;

How to Backup an Oracle Database into the Cloud

In this post I want to describe how you can backup your DB into the cloud using the Oracle Database Cloud Backup Service.

First of all, you must buy the service from Oracle but at this time you can use their free 30-day trial of the service. All this information you can find  on cloud.oracle.com

The next step is to download and install Backup Module OPC.

To install the module use this command:

java -jar opc_install.jar -serviceName myService

-identityDomain myDomain -opcId 'myAccount@myCompany.com'

-opcPass 'myPassword' -walletDir /walletDirectory

-libDir /libraryDirectory

Now, you need to configure RMAN to use the Oracle Database Cloud Backup Service.

Here is an example of that command:

CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE 'SBT_TAPE' TO '%F';

CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE 'SBT_TAPE' TO 1;

CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE 'SBT_TAPE' TO 1;

CONFIGURE DEVICE TYPE 'SBT_TAPE' PARALLELISM 3 BACKUP TYPE TO COMPRESSED BACKUPSET;

CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS  'SBT_LIBRARY=/home/oracle/OPC/lib/libopc.so ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/dbhome_1/dbs/opcorcle.ora)';

After RMAN is configured then you can perform a backup.

Here is an example:

set encryption on identified by "PASSWORD" only;

run

{

allocate channel d1 TYPE sbt PARMS="SBT_LIBRARY=/home/oracle/OPC/lib/libopc.so,ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/db_1/dbs/opcKRAZOO1.ora,ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1)";

backup incremental level 0 database;
}

When your backup is completed you can check it by using command:

list backup;