User oracle is configured with os authentication and logged in as oracle.
I am trying to to take full db export using the following expression:
exp 'system/as sysdba' file='full_exp.dmp' log='full_exp.log' consistent='y'
but getting error:
LRM-00108: Invalid positional parameter value 'sysdba'
Also tried with:
exp 'system' file='full_exp.dmp' log='full_exp.log' consistent='y'
Asks for password for system and empty password doesn't work, throws errors EXP-00004, EXP-00056 and ORA-01017.
Please guide me in taking full db export by os authenticated user.
Doing a full export "as sysdba" is a bad idea - a major security risk (plus "system" doesn't have the sysdba privilege by default anyway). You are better off defining a user with exp_full_database and/or datapump_exp_full_database privileges only, with OS authentication or with an Oracle Wallet to hold the credentials, and using that account to run the full export.
create user export_user identified by [password];
grant create session, exp_full_database, datapump_exp_full_database to export_user;
There is a reference on my blog on how to set up an Oracle Wallet for the credentials. Then your expdp or exp command would look like this:
exp export_user file='full_exp.dmp' ...
or
expdp export_user directory=export_dir ...
Last - seriously consider using Datapump (expdp) rather than the old-school "export" utility (exp). Newer versions of Oracle include object types that export doesn't support, and Datapump is generally faster and more flexible in terms of options.
To use Oracle OS authentification for a non SYSDBA connection, you just need to connect with the OS account that is mapped to the Oracle account and use / as user/password:
sqlplus /
expdp / ...
See details for Unix and Windows in
https://oracle-base.com/articles/misc/os-authentication
Related
Environment:
Oracle XE 18 running on Windows 10 (my laptop!).
I run database commands using specific users and sys.
Problem:
The windows application event log has 1000's of verbose Oracle database logging, for example every SELECT statement, indeed every command I run!
Launch Windows Event Viewer, execute at command prompt: eventvwr
Questions:
How to configure Oracle so that only certain messages are written
the to the Windows Event Log. Ideally no commands that I execute are
logged.
Does Oracle XE also write to log files (not windows event logs) and if so how to configure the granularity?
(I'm fairly new to Oracle)
Additional Info:
Below is an example of a windows application event log
Looking at your screenshot, it seems you are using the SYS user to execute your SQL commands. By default, all operations executed by users using SYSASM, SYSBACKUP, SYSDBA, SYSDG, SYSKM, or SYSOPER privileges are audited and go to the event log. You can disable that behavior with the AUDIT_SYS_OPERATIONS initialization parameter.
See documentation here: https://docs.oracle.com/en/database/oracle/oracle-database/19/refrn/AUDIT_SYS_OPERATIONS.html#GUID-58176267-238C-40B5-B1F2-BB8BB9518950
When logged in as SYS, you can change the parameter setting with the following command:
alter system set audit_sys_operations=false scope=spfile;
Then restart the database.
That said, in general you should not be using SYS for day-to-day operations and preferably would leave the default auditing in place. Instead, use a user account with normal privileges (i.e. not SYS as SYSDBA) to do everything that doesn't require those elevated privileges. For the most part you wouldn't need that level of access except for startup/shutdown, backup operations, and installing patches.
create user myuser identified by mypassword;
grant dba to myuser;
alter user myuser default role all;
That should give you a user with plenty of elevated privileges that won't constantly trip the built-in auditing.
Read up on Oracle security here: https://docs.oracle.com/en/database/oracle/oracle-database/18/dbseg/introduction-to-oracle-database-security.html#GUID-41040F53-D7A6-48FA-A92A-0C23118BC8A0
I have a pluggable database in Oracle 12c named PDBORCL.
After a server restart something changed in how to connect to it.
I created a user in that pluggable DB, for the example the user is PETER and the password is also PETER. Before the restart I used to be able to open a Command Prompt, run sqlplus, which would in turn ask for my username and then its password, and it would sign in. Now this does not work, it says invalid username/password. When I log in with SYS and check:
SELECT * FROM dba_users WHERE username = 'PETER';
I get no results.
However, if I sign in using the following from a command prompt, it works:
sqlplus PETER/PETER#PDBORCL
So, the DB is up and running, but it seems to be connecting by default to the wrong pluggable DB. I need to change it to the way it was before the restart, so that it connects by default to that specific pluggable DB.
How can I achieve this?
I found the solution. Change or create the environment variable LOCAL (in Windows) to PDBORCL. I think I read in linux the variable is TWO_TASK. After changing it, the following works:
sqlplus PETER/PETER
Also, just calling sqlplus and waiting to be prompted for username and password works.
You have created a user in pluggableDB and this user is not visible beyond the pluggable DB hence the reason you dont see user PETER when running the above query as sys..
If you want to connect to your pluggable DB directly what you have done above is right else you to connect to sys and the use CONNECT command.
I'm just getting started with Oracle data export and import and things worked perfectly fine the first time around. But then I came back next day repeated the exact same steps on the same systems, but get ORA-01435: user does not exist error.
System Specs for all machines:
-OS: Windows 2012 R2 x64
-Oracle Server: Oracle 11G Express x64
Objective:
I'm exporting data from Oracle server 1 and importing to Oracle server 2.
Procedure:
Export data dump is successful from Oracle server 1.
but when importing the data dump on Oracle server 2, I follow this procedure:
-Stop IIS service
net stop WAS
Create Schema/user account and Grant privileges before import
net stop WAS
sqlplus / as sysdba;
CREATE user PIE1 identified by PASS1;
GRANT ALL PRIVILEGES TO PIE1;
GRANT IMP_FULL_DATABASE TO PIE1;
According to oracle, all goes well, but look at the first image bellow. In DBeaver, I can see that only the User account PIE1 has been created, but NO schema.
Oracle issue 1. User account created, but not the Schema
Question 1: According to Oracle, the command "Create User" IS supposed to also create an associated Schema. Anyone have an idea why this is no longer working for me? It worked once the night before.
I then continue the import procedure as follows:
imp PIE1/PASS1#xe file=c:\Backups\AVUSER2_6_7.dmp log=c:\Backups\import.log fromuser=AVUSER2_6_7 touser=PIE1;
But get the following error:
Oracle claims the User doesn't exist even though it does
Oracle claims the User doesn't exist even though it does. I repeated the entire procedure and even created an identical import/export user account and credentials, and this error still comes up.
Question 2: Any idea why Oracle "Can't find" a user account that's clearly in the database?
Additional Info:
Checked that my windows account is in admin group
Checked that my windows account is in ORA_DBA group
Opened all CMD prompt as Admin
As you implied, users and schemas as the same in Oracle, you can't have a user without a schema. No idea about DBeaver, but as there are other users that aren't listed under 'schemas' (according to your second image - ANONYMOUS, DIP, ...) that seems to be unrelated.
(Purely a guess, but perhaps the user you're connect as in DBeaver just doesn't have visibility of any objects owned by those users - maybe it only lists users it can see in all_objects, say. Pure speculation, but you could investigate that by looking at the data dictionary while connect through SQL*Plus as the same user. According to this old forum post, there is an option to hide empty schemas...)
The import is connecting successfully as PIE1 - you'd get a different error, ORA-01017, if it wasn't and you wouldn't see the 'Connected to...' banner or anything after that.
Your import command has a trailing semicolon that should not be there. The "importing ... objects into" message shows that it's trying to import into the PIE1; user and not the one you actually created, PIE1. Remove that semicolon and try again.
Incidentally, you can probably also remove the #xe TNS alias and stick to a local connection, assuming the environment is configured as it was whenyou ran SQL*Plus. You should also consider using datapump expdp/impdp rather than the legacy exp/imp.
My problem is that when i create an object it is always stored in sys schema. Normally when you do not specify the schema, the object should be created in the current schema. I'm using toad 12, and the tab current schema is setted correctly.
What i did wrong? Any idea?.
When you login using the 'AS SYSDBA' - the schema context for your session is set SYS no matter who are logged in as.
From the Docs
When you connect with SYSDBA or SYSOPER privileges, you connect with a default schema, not with the schema that is generally associated with your username. For SYSDBA this schema is SYS; for SYSOPER the schema is PUBLIC.
It's much better practice to ONLY use as sysdba when doing something like taking a backup or shutting down the database or doing an upgrade.
How can I execute 'conn / as sysdba' using jsp.
Using
PreparedStatement stmt = conn.prepareStatement(sql);
shows java.sql.SQLException: SQL string is not Query?
How can I do it using jsp?
conn is a SQL*Plus command, not a SQL statement. So it can only be used in SQL*Plus (or another client tool that happens to have some support for SQL*Plus commands). You can't use it via JDBC.
conn / as sysdba tells SQL*Plus to use operating system authentication to connect to the database as the user SYS with the SYSDBA role enabled. Operating system authentication in this case would require that SQL*Plus was being invoked on the server where the database is installed and that the user was logged in as the operating system user "oracle". It seems exceedingly unlikely that it would be appropriate and/or possible for a JSP page to use operating system authentication like this-- that would, at a minimum, require that the application server that is running your JSP code is installed on the same server that Oracle is installed on and that it is running as the same operating system user as the Oracle database. Neither of those are particularly likely. Connecting to the database as SYS with the SYSDBA role enabled would also be very odd for a JSP page-- it is exceedingly rare that you would want JSP code to be running with those sorts of privileges. Generally, Oracle databases do not allow connections as SYS from anything other than the machine that Oracle is running on because, in general, only a DBA would be logging in with that account and then only to perform a very small set of tasks that actually require that sort of elevated access.
It should be possible to configure Oracle to accept remote connections for the user SYS with the SYSDBA role. And it should be possible to configure the connection string in your JSP code to use the appropriate password for that account. But it would be so exceedingly rare to want to do both, and would open such a substantial security hole, that I would seriously question whether that's really what you want to do. Can you explain a bit more about the problem you're trying to solve?
Yes, sql is the Query, but you need resultQuery = stmt.executeQuery() to save the result.
Also, take a look to the driver connection, the name of the machine where the DB is and the user name and password.