How do I truncate the Oracle audit table in AWS RDS? - oracle

How do I truncate the Oracle audit table in Amazon AWS RDS?
SQL> select count(*) from sys.aud$;
COUNT(*)
----------
1358
SQL> truncate table sys.aud$;
truncate table sys.aud$
*
ERROR at line 1:
ORA-01031: insufficient privileges

Connect as the admin user and run this rdsadmin command:
SQL> exec rdsadmin.rdsadmin_master_util.truncate_sys_aud_table;
PL/SQL procedure successfully completed.
SQL> select count(*) from sys.aud$;
COUNT(*)
----------
0

Related

How to connect Oracle 19c Database

I am trying to connect to pluggable databases previously created and could not do it.
Option 1
SQL> conn /as sysdba;
Connected.
SQL> conn system/system
ERROR:
ORA-01033: ORACLE initialization or shutdown in progress
Process ID: 0
Session ID: 0 Serial number: 0
Warning: You are no longer connected to ORACLE.
SQL>
Warning: You are no longer connected to ORACLE.
/
Option 2
SQL> show pdbs;
SQL> conn / as sysdba;
Connected.
SQL> show pdbs;
SQL> alter pluggable database orclpdb open;
alter pluggable database open
*
ERROR at line 1:
ORA-01109: database not open
Previously I had connected using sql developer and worked.
Updated
My database is not mounted and I tried to mount it and shows the below error details.
SQL> conn / as sysdba;
Connected.
SQL> show con_name;
CON_NAME
------------------------------
CDB$ROOT
SQL> select open_mode from v$database;
select open_mode from v$database
*
ERROR at line 1:
ORA-01507: database not mounted
SQL> alter database mount;
alter database mount
*
ERROR at line 1:
ORA-00214: control file
'E:\APP\ORACLE\FAST_RECOVERY_AREA\PROD\CONTROLFILE\O1_MF_JCWYX5LY_.CTL' version
102600 inconsistent with file
'E:\APP\ORACLE\ORADATA\PROD\CONTROLFILE\O1_MF_JCWYX5BQ_.CTL' version 102597
SQL> show parameter control
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
control_file_record_keep_time integer 7
control_files string E:\APP\ORACLE\ORADATA\PROD\CON
TROLFILE\O1_MF_JCWYX5BQ_.CTL,
E:\APP\ORACLE\FAST_RECOVERY_AR
EA\PROD\CONTROLFILE\O1_MF_JCWY
X5LY_.CTL
control_management_pack_access string DIAGNOSTIC+TUNING
This is because the CDB is at MOUNT, not OPEN, you should open the root container before using PDB.
SQL> conn / as sysdba
Connected.
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> select open_mode from v$database;
OPEN_MODE
--------------------
MOUNTED
To open the CDB, you may issue the following SQL command or bounce it.
SQL> alter database open;
Database altered.
Then show pdbs again.
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 ORCLPDB READ WRITE NO
If the PDB is still MOUNTED, then you should open it.
SQL> alter pluggable database orclpdb open;
Pluggable database altered.

Oracle - How to use & without being asked about the value? [duplicate]

This question already has answers here:
How to declare variable and use it in the same Oracle SQL script?
(11 answers)
Closed 11 months ago.
Basically, I don't want to be asked about the value like this::
SQL> select &test from dual;
Enter value for test:
I want only declare the &test along the script, something like it:
&test varchar2(100):= 'some value'; --of course, this don't work.
Execute
SQL> set define off
before running your code.
SQL> select '&test' from dual;
'&TES
-----
&test
SQL>
If you want to "declare" it, then use var:
SQL> var test varchar2(200);
SQL> exec :test := 'some value';
PL/SQL procedure successfully completed.
SQL> print test
TEST
----------------------------------------------------------------------------------------------------
some value
SQL>
In dynamic SQL: I won't lock anyone, but - I'll change my password.
SQL> connect scott/tiger
Connected.
SQL> var test varchar2(200);
SQL> exec :test := 'lion';
PL/SQL procedure successfully completed.
SQL> print test
TEST
----------------------------------------------------------------------------------------------------
lion
SQL> begin
2 execute immediate 'alter user scott identified by ' || :test;
3 end;
4 /
PL/SQL procedure successfully completed.
SQL> connect scott/tiger
ERROR:
ORA-01017: invalid username/password; logon denied
Warning: You are no longer connected to ORACLE.
SQL> connect scott/lion
Connected.
SQL>

Accessing a function against another owner in oracle?

I am having a function called fn_export and its owner is bhist. I am calling this function from ohist user using bhist.fn_export. While calling like this I am facing the below issue.
ORA-00942: table or view does not exist
ORA-06512: at "bhist.fn_export", line 442
ORA-06512: at line 20
I tried to verify all the tables in that function and I am able to access all those tables from ohist. I have execute grant on bhist.fn_export to ohist. Still I am having this issue. Can any one of you please help in resolving this issue?
Thanks,
Venkat
You need to grant EXECUTE privilege on this function to ohist user.
A syntax is:
GRANT EXECUTE ON function_name TO username;
You can connect as bhist user and grant the privilege using:
GRANT EXECUTE ON fn_export TO ohist;
You can also connect as SYS or SYSTEM, and use this command:
GRANT EXECUTE ON bhist.fn_export TO ohist;
See a below simple example (one user is named TEST and the other is named DEV):
SQL> connect test
Enter password:
Connected.
SQL> CREATE FUNCTION fn_export RETURN number AS
2 BEGIN
3 RETURN 20;
4 END;
5 /
Function created.
SQL> connect dev
Enter password:
Connected.
SQL> SELECT test.fn_export FROM dual;
SELECT test.fn_export FROM dual
*
ERROR at line 1:
ORA-00904: "TEST"."FN_EXPORT": invalid identifier
SQL> connect test
Enter password:
Connected.
SQL> grant execute on fn_export to dev;
Grant succeeded.
SQL> connect dev
Enter password:
Connected.
SQL> SELECT test.fn_export FROM dual;
FN_EXPORT
----------
20
SQL>

Using dollar sign in sqlplus spool file

How to use file name with dollar sign (ie, '$') in unix like below
SQL> spool DIR$work.sql
SP2-0332: Cannot create spool file.
and i tried like below
SQL> spool DIR\$work.sql
SP2-0332: Cannot create spool file.
SQL> spool 'DIR\$work.sql'
SP2-0332: Cannot create spool file.
SQL> spool 'DIR$work.sql'
SP2-0332: Cannot create spool file.
I couldn't succeed in any way to create such file in oracle.
I have oracle 11g version.
In windows sqlplus it works fine.
You can use the set escchar setting to stop Oracle interpreting the dollar sign:
SQL> show escchar
escchar OFF
SQL> spool /tmp/$work.sql
SP2-0332: Cannot create spool file.
SQL> set escchar $
SQL> spool /tmp/$work.sql
SQL>
You are now spooling to that file name.
SQL> select * from dual;
D
-
X
1 row selected.
SQL> spool off
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
...
$ cat /tmp/\$work.sql
SQL> select * from dual;
D
-
X
1 row selected.
SQL> spool off
Also see My Oracle Support document 761384.1 for more information.

Oracle privilege missing for DBMS_SCHEDULER, ORA-27486 after GRANT CREATE JOB, CREATE EXTERNAL JOB

What additional privilege am I missing?
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
SQL> create user myUser identified by password default tablespace theData temporary tablespace temp;
User created.
SQL> grant connect, resource to myUser;
Grant succeeded.
SQL> GRANT READ,WRITE ON DIRECTORY tmp TO myUser;
Grant succeeded.
SQL> GRANT CREATE JOB TO myUser;
Grant succeeded.
SQL> GRANT CREATE EXTERNAL JOB TO myUser;
Grant succeeded.
SQL> connect myUser/password
Connected.
SQL>
SQL>
1 CREATE PROCEDURE shellScript
2 AS
3 /*-----------------------*/
4 v_sql UTL_FILE.FILE_TYPE;
5 v_shell UTL_FILE.FILE_TYPE;
6 /*=======================*/
7 BEGIN
8 /*=======================*/
9 -- write the sql script to /tmp/myUser-tmp-script.sql
10 v_sql:= UTL_FILE.FOPEN('TMP','myUser-tmp-script.sql','w');
11 UTL_FILE.PUT_LINE(v_sql,'select to_char(sysdate,''YYYYMMDDHR24MISS'') from dual'||';', FALSE);
12 UTL_FILE.FFLUSH(v_sql);
13 UTL_FILE.FCLOSE(v_sql);
14 -- write the shell script to /tmp/myUser-tmp-script.sh
15 v_shell:= UTL_FILE.FOPEN('TMP','myUser-tmp-script.sh','w');
16 UTL_FILE.PUT_LINE(v_shell,'#!/bin/bash', FALSE);
17 UTL_FILE.PUT_LINE(v_shell,'sqlplus myUser/password#sbox #/tmp/myUser-tmp-script.sql > /tmp/myUser-tmp-script.err', FALSE);
18 UTL_FILE.FFLUSH(v_shell);
19 UTL_FILE.FCLOSE(v_shell);
20 -- execute the shell script which executes the sql script
21 DBMS_SCHEDULER.PURGE_LOG(JOB_NAME=>'myJob');
22 DBMS_SCHEDULER.CREATE_JOB(JOB_NAME=>'myJob', JOB_TYPE=>'EXECUTABLE', JOB_ACTION=>'/bin/bash', NUMBER_OF_ARGUMENTS=>1, START_DATE=>SYSTIMESTAMP, ENABLED=>FALSE);
23 DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE('myJob', 1, '/tmp/myUser-tmp-script.sh');
24 DBMS_SCHEDULER.ENABLE('myJob');
25 USER_LOCK.SLEEP(500); -- give it 5 seconds to complete
26 -- clean up
27 UTL_FILE.FREMOVE('TMP', 'myUser-tmp-script.sh');
28 UTL_FILE.FREMOVE('TMP', 'myUser-tmp-script.sql');
29 /*=======================*/
30 END shellScript;
/
Procedure created.
SQL> SHOW ERRORS PROCEDURE shellScript
No errors.
SQL>
SQL>
SQL> execute shellScript;
BEGIN shellScript; END;
*
ERROR at line 1:
ORA-27486: insufficient privileges
ORA-06512: at "SYS.DBMS_ISCHED", line 411
ORA-06512: at "SYS.DBMS_ISCHED", line 452
ORA-06512: at "SYS.DBMS_SCHEDULER", line 1082
ORA-06512: at "MYUSER.SHELLSCRIPT", line 21
ORA-06512: at line 1
SQL>
According to TFM, PURGE_LOG requires the MANAGE SCHEDULER privilege:
GRANT MANAGE SCHEDULER TO xxx;
Wow, I found the problem... "myJob" was an existing package object in the database. I'm guessing my "insufficient privileges" were to replace the package object with a job object.
if you get the manage scheduler privilege, the next thing where this will fail is the none existing execute bits on the shell script. If the execute bits are in place, it will fail because it lacks the environment settings like PATH and ORACLE_HOME, needed to run SQL*Plus.
Besides that, why stick to 10g?
Oracle 11g has much better options to run external jobs, security implemented by credentials instead of some file in $ORACLE_HOME that defines the user to run the job.
There is some very nice reading available on this subject, see my profile.
I hope this helps,
Ronald.

Resources