\

Wednesday, June 29, 2016

Proxy Authentication

In this post I will describe a little but very useful feature in Oracle named Proxy Authentication.

A proxy user can be used to login into the database on behalf of another user without knowing their password. Of course, to do this you must be a sys user.

How does it work?

First you must create a new user:

create user new_user identified by new_user_pass;

Then we do the magic:

alter user exists_user grant connect through new_user;

After that you can log into the database:

connect new_user[exists_user]/new_user_pass

If you give someone these kind of privileges it’s also important to issue  a good audit, so,here is an example of the command:

CONNECT sys



AUDIT SESSION



AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY new_user ON BEHALF OF exists_user;

AUDIT SELECT TABLE, UPDATA TABLE, INSERT TABLE, DELETE TABLE BY exists_user BY ACCESS;

After that you can select information about a proxy users activity from the dba_audit_trial table.

Here’s an example of a select statement:

SELECT tr2.username           PROXY,

       tr1.username           USERNAME,

       tr1.extended_timestamp,

       tr1.owner,

       tr1.obj_name,

       tr1.action_name,

       tr1.returncode,

       tr1.SESSIONID,

       tr1.PROXY_SESSIONID

  FROM dba_audit_trail tr1, dba_audit_trail tr2

 WHERE tr1.obj_name not in

       ('DUAL', 'SQLPLUS_PRODUCT_PROFILE', 'PRODUCT_PRIVS')

   AND tr1.proxy_sessionid = tr2.sessionid

   AND tr2.action_name = 'PROXY AUTHENTICATION ONLY'

 ORDER BY tr1.timestamp;
Autor: o No comments:

How to Backup an Oracle Database into the Cloud

In this post I want to describe how you can backup your DB into the cloud using the Oracle Database Cloud Backup Service.

First of all, you must buy the service from Oracle but at this time you can use their free 30-day trial of the service. All this information you can find  on cloud.oracle.com

The next step is to download and install Backup Module OPC.

To install the module use this command:

java -jar opc_install.jar -serviceName myService

-identityDomain myDomain -opcId 'myAccount@myCompany.com'

-opcPass 'myPassword' -walletDir /walletDirectory

-libDir /libraryDirectory


Now, you need to configure RMAN to use the Oracle Database Cloud Backup Service.

Here is an example of that command:

CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE 'SBT_TAPE' TO '%F';

CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE 'SBT_TAPE' TO 1;

CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE 'SBT_TAPE' TO 1;

CONFIGURE DEVICE TYPE 'SBT_TAPE' PARALLELISM 3 BACKUP TYPE TO COMPRESSED BACKUPSET;

CONFIGURE CHANNEL DEVICE TYPE 'SBT_TAPE' PARMS  'SBT_LIBRARY=/home/oracle/OPC/lib/libopc.so ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/dbhome_1/dbs/opcorcle.ora)';



After RMAN is configured then you can perform a backup.

Here is an example:

set encryption on identified by "PASSWORD" only;

run

{

allocate channel d1 TYPE sbt PARMS="SBT_LIBRARY=/home/oracle/OPC/lib/libopc.so,ENV=(OPC_PFILE=/u01/app/oracle/product/11.2.0/db_1/dbs/opcKRAZOO1.ora,ORACLE_HOME=/u01/app/oracle/product/11.2.0/db_1)";

backup incremental level 0 database;
}



When your backup is completed you can check it by using command:

list backup;


Autor: o No comments:
Subscribe to: Posts (Atom)