DBA programming component. SQL*Plus Scripting 1 Plus points: Same SQL language as in interactive mode Can test programs interactively first Includes predefined.

DBA programming component

SQL*Plus Scripting 1Plus points:

Same SQL language as in interactive modeCan test programs interactively firstIncludes predefined (built-in) functions

Fast development possibleRapid prototyping Get results and feedback quicklyNo cumbersome environment

Variable inputsParameters, substitution, accept

SQL*Plus Scripting 2

Plus points (continued)Can have multiple script files

Each file created by simple text editor

Can have master script filecalling others in sequence

Or can nest script files more generallyscripts can call other scripts (default file type sql)

@S6start S6

SQL*Plus Scripting 3

Problems with scripts:interpreted each time they are run

not verified and compiledoptimisation of SQL code done each run timepoor performance

no control environmentprocedural actions lacking (case, if, while, for, repeat)no error handling

resulting in outright failures or ignoring of messages

SQL*Plus Scripting 4

Problems with scripts (continued):Lack of control by business (via DBA -- DataBase

Administrator)How do we permit scripts for usage by particular

people?Can anyone write a script to do anything they like?

If people write scripts themselves to handle business ruleshow do we know they’ve implemented the rules in the same

way?

Production Environment

Encourages:business rules in one place

application of rules then controlled by DBA

users need permission to apply rulespermission is granted/revoked by DBA

Discourages:duplicated, potentially inconsistent, rulesaccess by users to anything they like

SQL Procedure

An important techniquePart of PL/SQL in Oracle

Procedural Language/Structured Query Language Part of the SQL standard

approximate portability from one system to another

Techniques are available for:procedural control (case, if, while, …)parameterised input/outputsecurity

Oracle PL/SQL

Not available in Oracle 8i LiteAvailable in Oracle 9i at NorthumbriaAvailable in Oracle 9i Personal Edition for

Windows (XP/NT/2000/98) and linux. http://otn.oracle.com/software/products/oracle9i/index.html

c1.4Gb download -- needs Broadband -- 3 CDs

Useful guide to PL/SQL: http://www-db.stanford.edu/~ullman/fcdb/oracle/or-plsql.html

Using Oracle PL/SQL -- Jeffrey Ullman, Stanford University

Procedures are First-class Database Objects

Procedures are held in database tablesunder the control of the database system

in the data dictionary select object_type, object_name from user_objects where object_type = 'PROCEDURE';

user_objects is data dictionary table maintained by Oracle object_type is attribute of table user_objects holding value

‘PROCEDURE’ (upper case) for procedures other values for object_type include ‘TABLE’, ‘VIEW’

object_name is user assigned name for object e.g. ‘PATIENT’

Procedures aid Security

Privileges on Tables: Select

query the table with a select statement. Insert

add new rows to the table with insert statement. Update

update rows in the table with update statement. Delete

delete rows from the table with delete statement. References

create a constraint that refers to the table. Alter

change the table definition with the alter table statement. Index

create an index on the table with the create index statement

Privileges on TablesSQL statement -- issued by DBA:

GRANT select, insert, update, delete ON patient TO cgnr2;

‘no grants to cgnr3 for table access’ allows user cgnr2 to issue SQL commands:

beginning with SELECT, INSERT, UPDATE, DELETE on table patient

but this user cannot issue SQL commands

beginning with REFERENCES, ALTER, INDEX on table patient

User cgnr3 does not know that table patient exists

Privileges on Procedures The SQL statement

GRANT execute ON add_patient TO cgnr3; allows user cgnr3 to execute the procedure called add_patient So user cgnr3 can add patients

presumably the task of add_patient but cannot do any other activity on the patient table

including SELECT

So procedures give security based on taskspowerful task-based security system

Writing DBA scripts7 SQL and SQLplus tricks that

work wonders! Chr(10) inserts a newline character Set linesize 600 WHENEVER OSERROR EXIT <somevalue different for 0>

Use UNIONs to fetch commands from independent queries Use dummy unprinted columns for ordering Use the following

Set pagesize 0 (removes page breaks) Headingsset feedback off (removes number of lines) Selectedset recsep off (removes unwanted blank lines)

Feel free to tweek settings to get a script to work even if the defaults are ok.

What really happens when you start oracle?

Create an instance (recreate if present)Physical memory is allocated to System

Global Area (SGA)Database is mounted

Files are opened (1 is mandatory but more advisable) based on control file settings V$DATAFILE shows db files

Db is openedBootstrap segment is loaded into SGA

showing where to find DD tables

Data dictionary views and control files

Data dictionary views: Use underlying tables owned by SYS Can be queried like other views Number in the hundreds

Select * from dictionary

Order by table_name;

Important DD components

Data dictionary views: Cannot be updated Are documented on otn.oracle.com Have a prefix that defines the scope:

USER: Views focused on a user’s own objects ALL: Views about objects a user either owns or

can query DBA: Views for DBAs only, showing information

about all objects in the database

Dynamic DD views

Dynamic performance views are similar to data dictionary views except:

The contents of the views change with database activity

They are used mostly for tuning and monitoring

Dynamic performance views are prefixed with: V$: Standard dynamic performance view GV$: View spanning multiple instances

Useful views

Some useful views include: V$SYSSTAT: statistical details about

all sessions running on the database V$SQL: Details on individual SQL

statements running on the database V$SESSTAT: Information by session

to help identify memory usage

Physical Storage Management

Oracle databases have a number of files assigned – a pool of free space available known as table spaces

ONLY table spaces are referenced in SQL commands not file

Objects likely to be retrieved from disk at the same time should be on different disks (parallelisation of I/O) – tables held separately from indexes

Cont ..

Special casesSYSTEM – always created hold dictionary

tables. HALLOWED GROUND!!!!!! also need TEMP and ROLLBACK or UNDO

Segments, Extents and BlocksSegment is a physical implementation of object –

table or index etcMade up from extents – contiguous blocks.Extents are expressed as a number of blocks –

elementary storage unit based on OS block sizeGood DBAs like segments to be composed of small

numbers of extents. Looks at DBA_SEGMENTS STORAGE clause determines tables characteristics

NEXT parameter determines size of next extent DBA_EXTENTS table PCTINCREASE parameter

Frequent errors

No more space in table spaceNot enough contiguous space in table

space (DBA_FREE_SPACE shows enough but not in a big chuck) try defragging

Max number of extents has been reached by segment

User management – the theory

Users means oracle accountsUsers are created and identified by a

passwordAssigned a default table space and temp

space and may be given quotasNeed roles to do anything – connect &

resource basic onesMay need profiles

User management – the practice

Only 4 types of userDBAApplication ownerAdvanced userRank-and-file users

We will be doing it today!

System privileges

System privileges allow a user to manage some part of the database system

Object privileges allow a user to work with an object.

SYSDBA and SYSOPER are system privileges that allow a user to start up and shut down the database, as well as other high-level tasks

The CREATE SESSION system privilege is needed to log onto the database

Typical privileges

Typical object privileges for a table include SELECT, INSERT, UPDATE, and DELETE

The GRANT and REVOKE commands are used for both system and object privileges

Use WITH ADMIN OPTION when granting system privileges to allow the user to grant that privilege to others

Cont…

A grant made to PUBLIC gives all users the privilege

Revoked system privileges do not cascade to other users

Use WITH GRANT OPTION when granting object privileges to allow the user to grant that privilege to others

Revoked object privileges cascade to other users

Cont…

Object privileges can be granted on columns

The owner of a table can grant object privileges on that table

The grantor grants the privilege and the grantee receives the privilege

Querying an object without privileges to query causes an error stating that the object does not exist

Auditing

Statement auditing is the monitoring of activity on a particular type of statement, such as SELECT

Privilege auditing audits any command that is authorized by the privilege, such as CREATE TABLE

Object auditing generates audit trail records as soon as the object is used, such as with SELECT or DELETE statements

Cont ..

The SYS.AUD$ table holds auditing records unless the AUDIT_TRAIL initialization parameter is set to “OS”

AUDIT_SYS_OPERATIONS is an initialization parameter that, when set to “TRUE,” causes Oracle9i to audit all activity by SYS or users with SYSDBA

privileges BY ACCESS or BY SESSION tell Oracle9i whether to write a record for each occurrence of an audited event or a summary record for the session

Cont ..

The following clauses limit the writing of audit trail records:

WHENEVER SUCCESSFUL and WHENEVER NOT SUCCESSFUL

AUDIT_TRAIL is a static parameter, so you must restart the database after changing it

A group of data dictionary views shows audit trail records for each type of auditing

Use the NOAUDIT command to stop specific auditing activities

The mythical rollback segment

Temporarily saves previous values when some update go on

2 purposesEnables cancellation of actions

(ROLLBACK statement)Concurrent sessions read the data when they

access changed tables prior to a commit.

Same as other segments

Getting the client and server on talking terms

Client connection to server needs a listener to broker the connection (not the named listener but the tnslsnr)

Only bothered with the instance name (net8 refers to services)

Instance name is not enough, needs to know SID and Oracle home where oracle is installed as you may have multiple versions of oracle on one machine (SID_LIST section of the listener.ora file)

Can use several listeners, useful if incompatible versions (7.1 & *.x)

Listeners created on installation but not always activated