I manage an Oracle database as DBA in my current role, but the database infrastructure including audit settings was defined by my predecessor, who I cannot contact.
I am trying to identify how my predecessor set up Oracle auditing. I suspect they configured auditing at a schema level with different configurations for different schemas. Is this possible?
If so, how do I see the different configurations for each schema?
Thanks
Related
I am working on very legacy database. It is Oracle 19c database. It contains 120 database users and 900 tables at present. There is no documentation as of now on this database. I must identify following items.
How to identify who is using the database and for what purpose?
Who are frequently/actively connected users?
Which tables do we access most frequently?
Which tables are not in use?
It would be great help if you provide different options & data dictionary tables to meet this.
Oracle does not collect that information by default. The only way to collect that information is to enable auditing on the users and tables in question. That will allow you - over time - to create a profile of activity and usage patterns.
See the Introduction to Auditing for more information.
How to redefine liquibase.properties files for different changesets if there are several users (schemas) in the oracle database with privileges only for their schema?
Looking at the release notes for SQLcl 21.4 (current latest version), they state
In this release, you can only capture objects from the schema you are connected to in SQLcl.
So if you are using SQLcl and need to generate changes from multiple schemas, you will need to connect to each schema and generate the changes individually.
When I have such projects as the one you described - with multiple schemas, I prefer to create a special user (schema) with privileges to other schemas and use this user in liquibase.properties file.
Basically, the easiest way is to create a specific role with grants to other schemas.
I have a Java webapp (WAR) that is to be run in JBOSS.
That webapp is to create connections to an Oracle database using a username/password for a user that is given read-only permissions.
The webapp queries tables belonging to a different schema. I do this by qualifying each table name in my SQL queries.
However, I would like to parameterise this in my datasource, since the schema names can be different in different environments.
Is there a way to define a JBOSS data source which logs in as User A for each connection, but uses Schema B for all queries?
One way to do it is to use the new-connection-sql or check-valid-connection-sql datasource properties to execute ALTER SESSION SET CURRENT_SCHEMA=yourschema, which will change the default schema for each connection.
Recommended way is to create synonyms in Oracle for your User A to access tables in schema owned by User B. This way you can even grant specific privileges to user A to select, update, insert on tables owned by the other UserB.
My question is kind of straightforward and so should be the answer.
Talking about ORACLE databases in SQL Developer, we can create connections to users' schemes.
The connection needs to specify the username and the password, and that allows to access the schema of that user. Below the connection, I usually see all the elements of the schema shown within folders like Tables, Views, Indexes, Packages and so on.
But then I also see the folder Other Users just next to those from above. This folder contains a list of other usernames (different from the one you are currently connecting to). Exploring each of these, you see in turn a schema (like a set of elements as from above).
What is this design about? Are they different users sharing the same schema (tables, views, packages, indexes etc..) but with different grants? When we do that?
Your connection details determines which SCHEMA you will be browsing when you expand the connection tree.
The other users node allows you to browse additional schemas. Your connection user's privileges will determine what you can or can't see in other schemas.
A database object is owned by a single user, or exists in a single schema (which is really the collection of objects owned by a user.) There are no shared objects.
In my project, I am using Oracle Database and SubSonic for DAL. I have a problem with SubSonic and Oracle Schema, that is:
When developing, I used a schema DEV in Oracle Database and generate DAL using SubSonic.
After that when release to customer, he used a new schema TEST in Oracle Database and changed the connection string in app.config to connect to Oracle. The error will appear, that is “Table or View does not exist”. I found this error and see that the schema of tables is still DEV.
I do not want re-generate DAL after change schema and when released to the customer. Please help me.
Firstly, your schema should not be DEV. DEV is a user or role.
Your schema name should be related to the data content (eg ACCOUNTS or SALES)
Secondly, consider whether you or the customer is going to decide the schema name. Say you have a product called FLINTSTONE. You may decide that the schema name should be FLINTSTONE. However your customer may want to run two instances of your product (eg one for local sales, the other for international) and use the same database. So they want FS_LOCAL and FS_INTER as the schema names. Is that option a feature of your product ?
Next, decide if your application should connect as the schema owner. There are good security reasons for NOT doing that. For example, the schema owner has privileges to drop tables, which is generally something the application doesn't do and thus, on the principle of least privilege, is something your application shouldn't have privileges to do.
Generally I would recommend some config parameter for the application for the schema name, and after connecting to the database, the app should do an "ALTER SESSION SET CURRENT_SCHEMA = 'whatever was it the config file'". The application database user would need the appropriate insert/update/delete/select/execute privileges on the objects in the application schema. If the application can't do that, you can have a LOGON trigger in the database.
Gary is correct in not using DEV as a schema on your own machine. In using Oracle we typically set up the schema as what the client is going to name their schema. This however does not fix your issue. What you need to do is create a global alias in Oracle that maps say DEV to CLIENTSCHEMA. You should still rename the schema on your machine but this will allow your schema to differ from your clients.