In my project, I am using Oracle Database and SubSonic for DAL. I have a problem with SubSonic and Oracle Schema, that is:
When developing, I used a schema DEV in Oracle Database and generate DAL using SubSonic.
After that when release to customer, he used a new schema TEST in Oracle Database and changed the connection string in app.config to connect to Oracle. The error will appear, that is “Table or View does not exist”. I found this error and see that the schema of tables is still DEV.
I do not want re-generate DAL after change schema and when released to the customer. Please help me.
Firstly, your schema should not be DEV. DEV is a user or role.
Your schema name should be related to the data content (eg ACCOUNTS or SALES)
Secondly, consider whether you or the customer is going to decide the schema name. Say you have a product called FLINTSTONE. You may decide that the schema name should be FLINTSTONE. However your customer may want to run two instances of your product (eg one for local sales, the other for international) and use the same database. So they want FS_LOCAL and FS_INTER as the schema names. Is that option a feature of your product ?
Next, decide if your application should connect as the schema owner. There are good security reasons for NOT doing that. For example, the schema owner has privileges to drop tables, which is generally something the application doesn't do and thus, on the principle of least privilege, is something your application shouldn't have privileges to do.
Generally I would recommend some config parameter for the application for the schema name, and after connecting to the database, the app should do an "ALTER SESSION SET CURRENT_SCHEMA = 'whatever was it the config file'". The application database user would need the appropriate insert/update/delete/select/execute privileges on the objects in the application schema. If the application can't do that, you can have a LOGON trigger in the database.
Gary is correct in not using DEV as a schema on your own machine. In using Oracle we typically set up the schema as what the client is going to name their schema. This however does not fix your issue. What you need to do is create a global alias in Oracle that maps say DEV to CLIENTSCHEMA. You should still rename the schema on your machine but this will allow your schema to differ from your clients.
Related
We are a team of tens of data analysts. Our main data back-end is an Oracle database. We use personal schemas to do work where we don't need to collaborate with others and we would like to create schemas dedicated to projects where people need to collaborate.
The problem is that in Oracle, one schema is equivalent to one DB user. If we create a schema dedicated to a project, for the purpose of creating DB objects in the context of that project, there will be a single set of credentials (username + password) that needs to be shared by all team members. This has two inconveniences:
if people mistype the credentials, they can block the account for everyone;
it is no longer possible to monitor who did what for security/audit reasons, since everyone uses the same schema;
An alternative would be that only one person uses the Schema user to create objects and assigns privileges to other people in those objects, but that can become quickly cumbersome.
Another alternative is to interact with the DB through R or Python but that means the credentials will be stored in some text file, which is bad for security.
As we see it, the ideal situation is if multiple personal DB users can create objects in the same schema, and if those objects are automatically available for that set of DB users. Is this totally impossible in Oracle? Is this impossible in any major DB? Is this requirement somehow flawed and as such, there is a good reason for why it is not available?
We could compare this collaboration in a DB schema to what commonly happens with people collaborating in a folder, using R, Python or other programming language for data analytics.
Thank you for your advise!
Maybe I miss something but could you not just create a schema that will be used for all users and grant the required privileges to each individual user?
Each user authenticates with his local account and by default uses his local schema and to access the public one you just use the ALTER SESSION SET CURRENT_SCHEMA command.
I've been trying for days but cannot find the answer to this. I am using Oracle Application Express (APEX), someone else setup the initial connection to a "Apex" database in oracle, but I am trying to connect to our production database in oracle. I am making web forms and the web forms are connected to the "Apex" database that was setup already, but I need to connect to our production database so we can create reports from the data entered through the web forms. I need the tables to show up in the create page option from the production database, currently its coming from the apex database, please help.
Create Page View with Tables (from apex)
Thank You so much in Advance!
What is the "production database"? Is it really a different database (than the one you're currently connected to), or is it a user in the same database?
if former:
you could create a database link between those two databases and create synonyms for production users' tables in one of schemas your workspace is assigned to.
another option is to install Apex onto the production database, so that you could use current installation as "development" and then deploy the application into the "production-based" Apex
if latter, you might do the same (i.e. create synonyms, just without the database link), or simply assign the production schema to your workspace
You may be interested to read Mike's response to a question with a similar misunderstanding regarding architecture.
https://community.oracle.com/thread/4135843
Once you have your head wrapped around this, you can consider the parsing schema to your application. This schema defines the table access your application has, in the normal way Oracle handles table privileges.
Then it's up to you to define who has access to what pages, using APEX Authorisation Schemes.
The database I am using is Oracle 11g Express Edition release 2.
I created 2 schemas in the same instance xe. They all have the same tables names and sequences names and stored procedures and stored functions and views names. But the tables structures and views texts are different ( there is some modifications between them ).
The reason for the creation of these two schemas is because our project has two versions. So the first schema is used for the first version , and the second schema was created for the second version. The mechanism of our web application Spring project is that whenever a connection is made through the web application login page then a corresponding Oracle user is making a connection according to the login entered ; so there is no fixed credential connection , there are Oracle users corresponding to each web application login.
So in order for each user to work with each database objects then I created public synonyms for every objects , and granted permissions to them for each user. But the database objects are owned by the schema I mentioned at the beginning. Now my problem is this : our customer wants the two project versions to be run on a same instance ( same computer server ). So one of the project version cannot run because the public synonyms can only refer to a particular schema owner. So how to make the public synonyms work for each schema ?
In short, you can't. However, you can always use a distinct synonym name to identify the object.
Something similar to below:
create public synonym structures_v1 for schema1.structures;
create public synonym structures_v2 for schema2.structures;
Oracle provides 2 totally different technologies for this situation (which comes to my mind):
Editions (and Edition Based Redefinition)
PDBs
With Editions you can create the same Object once in each Edition - but there are limitations like tables are not editionable.
It's not a feature you just enable, you need to understand the concept and implement it properly.
PDBs enable consolidation of Databases with colliding namespace (such as your described synonyms) within the same CDB and therefore save SGA/memory. Basically they are totally separated - limited interference can be implemented when it's concept of object & data inheritance is understand.
What about creating a 3rd Schema and having Synonym and permission to query 1st and 2nd schema. Anyone tested this concept?
I have a Java webapp (WAR) that is to be run in JBOSS.
That webapp is to create connections to an Oracle database using a username/password for a user that is given read-only permissions.
The webapp queries tables belonging to a different schema. I do this by qualifying each table name in my SQL queries.
However, I would like to parameterise this in my datasource, since the schema names can be different in different environments.
Is there a way to define a JBOSS data source which logs in as User A for each connection, but uses Schema B for all queries?
One way to do it is to use the new-connection-sql or check-valid-connection-sql datasource properties to execute ALTER SESSION SET CURRENT_SCHEMA=yourschema, which will change the default schema for each connection.
Recommended way is to create synonyms in Oracle for your User A to access tables in schema owned by User B. This way you can even grant specific privileges to user A to select, update, insert on tables owned by the other UserB.
An application needs to access various Oracle database. Some databases have tables in Schemas, some don't - there's no control over this.
If a database has a schema in use, the applicable won't work unless the user enters a schema. I'd like it to be able determine via a SQL query if a schema is required to access the tables so the user can be alerted to this.
I'm aware of the question - How do I obtain a list of schemas that an Oracle user has access to - but that only tells me what schema's can be accessed, not if use of the schema is required to access tables.
Is there an SQL query to one of the system tables that can do this with that user's rights?
Note: The application only has login credentials and doesn't know any table details.
Hope that's clear. Thanks.
Question is confusing. For most part in Oracle, you can consider LOGIN == USER == SCHEMA. When you login into your database with your user, you are able to see and access all objects in that user's schema.
Objects in other schemas (on same database server) can be accesed by SCHEMA2.TABLE1 if connected user has privileges to acces table (there are different privileges...). As already stated in some comments, you do not need to prefix table if synonym exists. Your user can access even tables on some remote server if exists appropriate database link.