Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1.

Similar presentations


Presentation on theme: "Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1."— Presentation transcript:

1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1

2 12 More things about Oracle Database 12c Thomas Kyte http://asktom.oracle.com

3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template 3  The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Small print

4 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 4 #1 Invisible Columns

5 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 5 Invisible Columns ops$tkyte%ORA12CR1> create table t 2 ( x int, 3 y int 4 ) 5 / Table created. ops$tkyte%ORA12CR1> insert into t values ( 1, 2 ); 1 row created.

6 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 6 Invisible Columns ops$tkyte%ORA12CR1> alter table t add ( z int INVISIBLE ); Table altered.

7 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 7 Invisible Columns ops$tkyte%ORA12CR1> desc t Name Null? Type ----------------- -------- ------------ X NUMBER(38) Y NUMBER(38)

8 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 8 Invisible Columns ops$tkyte%ORA12CR1> insert into t values ( 3, 4 ); 1 row created.

9 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 9 Invisible Columns ops$tkyte%ORA12CR1> select * from t; X Y ---------- 1 2 3 4

10 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 10 Invisible Columns ops$tkyte%ORA12CR1> insert into t (x,y,z) values ( 5,6,7 ); 1 row created. ops$tkyte%ORA12CR1> select x, y, z from t; X Y Z ---------- ---------- ---------- 1 2 3 4 5 6 7

11 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 11 Invisible Columns ops$tkyte%ORA12CR1> alter table t modify z visible; Table altered. ops$tkyte%ORA12CR1> select * from t; X Y Z ---------- ---------- ---------- 1 2 3 4 5 6 7

12 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 12 Add a column in the “middle” ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 d int, 5 e int 6 ); Table created.

13 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 13 Add a column in the “middle” ops$tkyte%ORA12CR1> alter table t modify ( d invisible, e invisible ); Table altered. ops$tkyte%ORA12CR1> alter table t add c int; Table altered. ops$tkyte%ORA12CR1> alter table t modify ( d visible, e visible ); Table altered.

14 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 14 Add a column in the “middle” ops$tkyte%ORA12CR1> desc t Name Null? Type ----------------- -------- ------------ A NUMBER(38) B NUMBER(38) C NUMBER(38) D NUMBER(38) E NUMBER(38)

15 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 15 #2 Invokers Rights

16 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 16 Invokers Rights  Invokers Rights routines ran with the privileges of the invoker  The invoker might be much higher privileged than the owner of the procedure  Can be used to ‘steal’ privileges by the owner

17 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 17 Invokers Rights create or function seemingly_nice_utility authid current_user as begin execute immediate ‘grant dba to me’; do_something_useful; end; If that seemingly nice routine was executed by a highly privileged user, the owner of this nice utility would become a DBA

18 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 18 Invokers Rights ops$tkyte%ORA12CR1> create or replace 2 function injectable( p_date in date ) 3 return number 4 as 5 l_sql varchar2(1000); 6 l_cnt number; 7 begin 8 dbms_output.put_line( 'enter' ); 9 l_sql := ' 10 select count(*) into :n from all_users 11 where created = ''' || p_date || ''''; 12 13 dbms_output.put_line( l_sql ); 14 execute immediate l_sql into l_cnt; 15 return l_cnt; 16 end; Or suppose you have a SQL injectable routine…

19 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 19 Invokers Rights ops$tkyte%ORA12CR1> exec dbms_output.put_line( injectable( sysdate ) ) enter select count(*) into :n from all_users where created = '28-SEP-12' 0 PL/SQL procedure successfully completed. That is what the developer is expecting and in fact what the developer has always seen… But…

20 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 20 Invokers Rights scott%ORA12CR1> create or replace 2 function nefarious 3 return date 4 authid current_user 5 as 6 pragma autonomous_transaction; 7 begin 8 dbms_output.put_line( 'in routine' ); 9 execute immediate 'grant dba to scott'; 10 dbms_output.put_line( 'granted' ); 11 return sysdate; 12 end; 13 / Function created. Scott knows this SQL injection bug exists, Scott knows the owner of the bad code is highly privileged, Scott has connect and resource..

21 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 21 Invokers Rights scott%ORA12CR1> grant execute on nefarious to ops$tkyte; Grant succeeded. scott%ORA12CR1> alter session set nls_date_format = '"'' or scott.nefarious() is not null--"'; Session altered. scott%ORA12CR1> select sysdate from dual; SYSDATE ------------------------------------ ' or scott.nefarious() is not null-- That is a surprise to many people…

22 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 22 Invokers Rights scott%ORA12CR1> select * from session_roles; ROLE ------------------------------ CONNECT RESOURCE scott%ORA12CR1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) ) enter select count(*) into :n from all_users where created = '' or scott.nefarious() is not null--' in routine granted 38 PL/SQL procedure successfully completed. All we have to do is trick that highly privileged user into running for us, just as I did here.. And then….

23 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 23 Invokers Rights scott%ORA12CR1> connect scott/tiger Connected. scott%ORA12CR1> select * from session_roles; ROLE ------------------------------ CONNECT RESOURCE DBA SELECT_CATALOG_ROLE EXECUTE_CATALOG_ROLE … XDB_SET_INVOKER OLAP_DBA OLAP_XS_ADMIN PLUSTRACE 22 rows selected. Not good…

24 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 24 Invokers Rights  Two new privileges: – INHERIT PRIVILEGES  By default PUBLIC has INHERIT PRIVILEGES on all newly created and upgraded user accounts  Hence it works the same in 12c by default  Consider revoke inherit privileges on user username from public – INHERIT ANY PRIVILEGES  Use sparingly

25 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 25 Invokers Rights scott%PDB1> exec dbms_output.put_line( ops$tkyte.injectable(sysdate) ) enter select count(*) into :n from all_users where created = '' or scott.nefarious() is not null--' BEGIN dbms_output.put_line( ops$tkyte.injectable(sysdate) ); END; * ERROR at line 1: ORA-06598: insufficient INHERIT PRIVILEGES privilege ORA-06512: at "SCOTT.NEFARIOUS", line 1 ORA-06512: at "OPS$TKYTE.INJECTABLE", line 15 ORA-06512: at line 1 After issuing the revoke, the schema containing code that is potentially SQL injectable (pretty much most any application schema!) cannot be exploited this way

26 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 26 #3 Multiple Same Column Indexes

27 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 27 Indexing ops$tkyte%ORA11GR2> create table t ( x int, y int, z int ); Table created. ops$tkyte%ORA11GR2> create index t_idx on t(x,y); Index created. ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y); create bitmap index t_idx2 on t(x,y) * ERROR at line 1: ORA-01408: such column list already indexed ops$tkyte%ORA11GR2> create bitmap index t_idx2 on t(x,y) invisible; create bitmap index t_idx2 on t(x,y) invisible * ERROR at line 1: ORA-01408: such column list already indexed

28 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 28 Indexing ops$tkyte%ORA12CR1> create table t ( x int, y int, z int ); Table created. ops$tkyte%ORA12CR1> create index t_idx on t(x,y); Index created. ops$tkyte%ORA12CR1> create bitmap index t_idx2 on t(x,y) invisible; Index created.

29 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 29 Indexing ops$tkyte%ORA12CR1> alter session set optimizer_use_invisible_indexes=true; Session altered. ops$tkyte%ORA12CR1> exec dbms_stats.set_table_stats ( user, 'T', numrows => 1000000, numblks => 100000 ); PL/SQL procedure successfully completed.

30 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 30 Indexing ops$tkyte%ORA12CR1> set autotrace traceonly explain ops$tkyte%ORA12CR1> select count(*) from t; --------------------------------------------------------------------- | Id | Operation | Name | Rows | Cost (%CPU)| --------------------------------------------------------------------- | 0 | SELECT STATEMENT | | 1 | 0 (0)| | 1 | SORT AGGREGATE | | 1 | | | 2 | BITMAP CONVERSION COUNT | | 1000K| | | 3 | BITMAP INDEX FAST FULL SCAN| T_IDX2 | | | ---------------------------------------------------------------------

31 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 31 #4 Temporal Validity

32 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 32 Temporal Validity ops$tkyte%ORA12CR1> create table addresses 2 ( empno number, 3 addr_data varchar2(30), 4 start_date date, 5 end_date date, 6 period for valid(start_date,end_date) 7 ) 8 / Table created.

33 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 33 Temporal Validity ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '123 Main Street', trunc(sysdate-5), trunc(sysdate-2) ); 1 row created. ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '456 Fleet Street', trunc(sysdate-1), trunc(sysdate+1) ); 1 row created. ops$tkyte%ORA12CR1> insert into addresses (empno, addr_data, start_date, end_date ) 2 values ( 1234, '789 1st Ave', trunc(sysdate+2), null ); 1 row created.

34 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 34 Temporal Validity ops$tkyte%ORA12CR1> select * from addresses; EMPNO ADDR_DATA START_DAT END_DATE ---------- ------------------------------ --------- --------- 1234 123 Main Street 12-MAY-13 15-MAY-13 1234 456 Fleet Street 16-MAY-13 18-MAY-13 1234 789 1st Ave 19-MAY-13

35 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 35 Temporal Validity ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate-3; EMPNO ADDR_DATA START_DAT END_DATE ---------- ------------------------------ --------- --------- 1234 123 Main Street 12-MAY-13 15-MAY-13 ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate; EMPNO ADDR_DATA START_DAT END_DATE ---------- ------------------------------ --------- --------- 1234 456 Fleet Street 16-MAY-13 18-MAY-13 ops$tkyte%ORA12CR1> select * from addresses as of period for valid sysdate+3; EMPNO ADDR_DATA START_DAT END_DATE ---------- ------------------------------ --------- --------- 1234 789 1st Ave 19-MAY-13

36 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 36 #5 SQL Text Expansion

37 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 37 SQL Text Expansion ops$tkyte%ORA12CR1> variable x clob ops$tkyte%ORA12CR1> begin 2 dbms_utility.expand_sql_text 3 ( input_sql_text => 'select * from all_users', 4 output_sql_text => :x ); 5 end; 6 / PL/SQL procedure successfully completed.

38 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 38 SQL Text Expansion ops$tkyte%ORA12CR1> print x X -------------------------------------------------------------------------------- SELECT "A1"."USERNAME" "USERNAME","A1"."USER_ID" "USER_ID","A1"."CREATED" "CREAT ED","A1"."COMMON" "COMMON" FROM (SELECT "A4"."NAME" "USERNAME","A4"."USER#" "US ER_ID","A4"."CTIME" "CREATED",DECODE(BITAND("A4"."SPARE1",128),128,'YES','NO') " COMMON" FROM "SYS"."USER$" "A4","SYS"."TS$" "A3","SYS"."TS$" "A2" WHERE "A4"."DA TATS#"="A3"."TS#" AND "A4"."TEMPTS#"="A2"."TS#" AND "A4"."TYPE#"=1) "A1"

39 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 39 SQL Text Expansion ops$tkyte%ORA12CR1> create or replace 2 function my_security_function( p_schema in varchar2, 3 p_object in varchar2 ) 4 return varchar2 5 as 6 begin 7 return 'owner = USER'; 8 end; 9 / Function created.

40 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 40 SQL Text Expansion ops$tkyte%ORA12CR1> create table my_table 2 ( data varchar2(30), 3 OWNER varchar2(30) default USER 4 ) 5 / Table created.

41 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 41 SQL Text Expansion ops$tkyte%ORA12CR1> begin 2 dbms_rls.add_policy 3 ( object_schema => user, 4 object_name => 'MY_TABLE', 5 policy_name => 'MY_POLICY', 6 function_schema => user, 7 policy_function => 'My_Security_Function', 8 statement_types => 'select, insert, update, delete', 9 update_check => TRUE ); 10 end; 11 / PL/SQL procedure successfully completed.

42 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 42 SQL Text Expansion ops$tkyte%ORA12CR1> begin 2 dbms_utility.expand_sql_text 3 ( input_sql_text => 'select * from my_table', 4 output_sql_text => :x ); 5 end; 6 / PL/SQL procedure successfully completed. ops$tkyte%ORA12CR1> print x X -------------------------------------------------------------------------------- SELECT "A1"."DATA" "DATA","A1"."OWNER" "OWNER" FROM (SELECT "A2"."DATA" "DATA", "A2"."OWNER" "OWNER" FROM "OPS$TKYTE"."MY_TABLE" "A2" WHERE "A2"."OWNER"=USER@!) "A1"

43 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 43 #6 Partial Indexes

44 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 44 Enhanced Indexing with Oracle Partitioning  Local indexes  Non-partitioned or partitioned global indexes  Usable or unusable index segments – Non-persistent status of index, no relation to table Indexing prior to Oracle Database 12c

45 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 45 Enhanced Indexing with Oracle Partitioning  Local indexes  Non-partitioned or partitioned global indexes  Usable or unusable index segments – Non-persistent status of index, no relation to table  Partial local and global indexes – Partial indexing introduces table and [sub]partition level metadata – Leverages usable/unusable state for local partitioned indexes – Policy for partial indexing can be overwritten Indexing with Oracle Database 12c

46 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 46 Partial indexes span only some partitions Applicable to local and global indexes Complementary to full indexing Enhanced business modeling Enhanced Indexing with Oracle Partitioning Partial Local and Global Indexes Global Non-Partitioned Index Table Partition Table Partition Table Partition Global Partitioned Index Local Partitioned Index Partial Global Index Partial Local Partitioned Index Partial Global Partitioned Index Full Indexing Indexing on Partial Indexes Indexing off No Indexing

47 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 47 Partial Indexing ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 c int, 5 d int, 6 e int 7 ) 8 partition by range (a) 9 (partition p1 values less than (100) indexing on, 10 partition p2 values less than (200) indexing off, 11 partition p3 values less than (300) indexing on 12 ); Table created.

48 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 48 Partial Indexing ops$tkyte%ORA12CR1> begin 2 dbms_stats.set_table_stats 3 ( user, 'T', numrows=> 1000000, numblks => 100000 ); 4 end; 5 / PL/SQL procedure successfully completed. ops$tkyte%ORA12CR1> select partition_name, high_value, indexing 2 from user_tab_partitions 3 where table_name = 'T'; PARTITION_ HIGH_VALUE INDE ---------- ---------- ---- P1 100 ON P2 200 OFF P3 300 ON

49 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 49 Partial Indexing ops$tkyte%ORA12CR1> create index t_idx_b on t(b) local indexing partial; Index created. ops$tkyte%ORA12CR1> create index t_idx_c on t(c) local; Index created. ops$tkyte%ORA12CR1> create index t_idx_d on t(d) global indexing partial; Index created. ops$tkyte%ORA12CR1> create index t_idx_e on t(e) global; Index created.

50 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 50 Partial Indexing ops$tkyte%ORA12CR1> select index_name, partition_name, status 2 from user_ind_partitions 3 where index_name in ( 'T_IDX_B', 'T_IDX_C' ) 4 order by 1,2; INDEX_NAME PARTITION_ STATUS ---------- ---------- -------- T_IDX_B P1 USABLE T_IDX_B P2 UNUSABLE T_IDX_B P3 USABLE T_IDX_C P1 USABLE T_IDX_C P2 USABLE T_IDX_C P3 USABLE 6 rows selected.

51 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 51 Partial Indexing ops$tkyte%ORA12CR1> select index_name, indexing, status 2 from user_indexes 3 where index_name in ( 'T_IDX_D', 'T_IDX_E' ) 4 order by 1; INDEX_NAME INDEXIN STATUS ---------- ------- -------- T_IDX_D PARTIAL VALID T_IDX_E FULL VALID

52 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 52 Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where b = 2; ------------------------------------------------------------------------------------------ | Id | Operation | Name | Rows | Pstart| Pstop | ------------------------------------------------------------------------------------------ | 0 | SELECT STATEMENT | | | | | | 1 | SORT AGGREGATE | | 1 | | | | 2 | VIEW | VW_TE_2 | 549 | | | | 3 | UNION-ALL | | | | | | 4 | PARTITION RANGE OR | | 524 | KEY(OR)|KEY(OR)| |* 5 | TABLE ACCESS BY LOCAL INDEX ROWID BATCHED| T | 524 | KEY(OR)|KEY(OR)| |* 6 | INDEX RANGE SCAN | T_IDX_B | 1 | KEY(OR)|KEY(OR)| | 7 | PARTITION RANGE SINGLE | | 25 | 2 | 2 | |* 8 | TABLE ACCESS FULL | T | 25 | 2 | 2 | ------------------------------------------------------------------------------------------ Predicate Information (identified by operation id): --------------------------------------------------- 5 - filter(("T"."A" =200 AND "T"."A"<300))) 6 - access("B"=2) 8 - filter("B"=2)

53 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 53 Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where d = 2 and a = 1; ------------------------------------------------------------------------------- |Id | Operation |Name | Rows |Pstart|Pstop| ------------------------------------------------------------------------------- | 0| SELECT STATEMENT | | | | | | 1| SORT AGGREGATE | | 1| | | |* 2| TABLE ACCESS BY GLOBAL INDEX ROWID BATCHED|T | 100| 1 | 1| |* 3| INDEX RANGE SCAN |T_IDX_D| 1| | | ------------------------------------------------------------------------------- Predicate Information (identified by operation id): --------------------------------------------------- 2 - filter("A"=1) 3 - access("D"=2)

54 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 54 Partial Indexing ops$tkyte%ORA12CR1> select count(*) from t where d = 2 and a = 101; ----------------------------------------------------------------- | Id | Operation | Name | Rows || Pstart| Pstop | ----------------------------------------------------------------- | 0 | SELECT STATEMENT | | || | | | 1 | SORT AGGREGATE | | 1 || | | | 2 | PARTITION RANGE SINGLE| | 100 || 2 | 2 | |* 3 | TABLE ACCESS FULL | T | 100 || 2 | 2 | ----------------------------------------------------------------- Predicate Information (identified by operation id): --------------------------------------------------- 3 - filter(("D"=2 AND "A"=101))

55 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 55 #7 Online Operations

56 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 56 More Online Operations  DROP INDEX ONLINE  DROP CONSTRAINT ONLINE  SET UNUSED COLUMN ONLINE  ALTER INDEX UNUSABLE ONLINE  ALTER INDEX [VISIBLE | INVISIBLE]

57 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 57 Online Operations ops$tkyte%ORA12CR1> create table t 2 ( a int, 3 b int, 4 c int, 5 d int 6 ) 7 / Table created. ops$tkyte%ORA12CR1> insert into t values ( 1, 2, 3, 4 ); 1 row created. ops$tkyte%ORA12CR1> commit; Commit complete.

58 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 58 Online Operations ops$tkyte%ORA12CR1> update t set b = 42; 1 row updated. ops$tkyte%ORA12CR1> select * from t; A B C D ---------- ---------- 1 42 3 4

59 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 59 Online Operations ops$tkyte%ORA12CR1> declare 2 pragma autonomous_transaction; 3 begin 4 execute immediate 'alter table t set unused column d online'; 5 end; 6 / PL/SQL procedure successfully completed.

60 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 60 Online Operations ops$tkyte%ORA12CR1> select * from t; A B C ---------- ---------- ---------- 1 42 3 ops$tkyte%ORA12CR1> rollback; Rollback complete. ops$tkyte%ORA12CR1> select * from t; A B C ---------- ---------- ---------- 1 2 3

61 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 61 #8 Implicit Result Sets

62 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 62 Implicit Result Sets  Cursor variables have been around since 7.2  Used to return result sets explicitly  Some other databases return them implicitly  Causes migration headaches

63 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 63 Implicit Result Sets  Two new API calls: – PROCEDURE RETURN_RESULT (rc IN OUT SYS_REFCURSOR, to_client IN BOOLEAN DEFAULT TRUE); – PROCEDURE RETURN_RESULT (rc IN OUT INTEGER, to_client IN BOOLEAN DEFAULT TRUE); – TO_CLIENT => true, return to client layer – TO_CLIENT=> false, return to invoker, immediate caller

64 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 64 Implicit Result Sets ops$tkyte%ORA12CR1> declare 2 c sys_refcursor; 3 begin 4 open c for 5 select * 6 from dept; 7 8 dbms_sql.return_result(c); 9 end; 10 / PL/SQL procedure successfully completed. ResultSet #1 DEPTNO DNAME LOC ---------- -------------- ------------- 10 ACCOUNTING NEW YORK 20 RESEARCH DALLAS 30 SALES CHICAGO 40 OPERATIONS BOSTON

65 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 65 Implicit Result Sets  Two new API calls: – PROCEDURE GET_NEXT_RESULT (c IN INTEGER, rc OUT SYS_REFCURSOR); – PROCEDURE GET_NEXT_RESULT (c IN INTEGER, rc OUT INTEGER); – For PL/SQL processing

66 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 66 Implicit Result Sets Connection conn = DriverManager.getConnection(jdbcURL, user, password); try { Statement stmt = conn.createStatement (); stmt.executeQuery ( “begin foo; end;” ); while (stmt.getMoreResults()) { ResultSet rs = stmt.getResultSet(); System.out.println("ResultSet"); while (rs.next()) { /* get results */ }

67 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 67 #9 Easier Reorgs

68 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 68 Easier Reorgs  Move table tablespaces  Move index tablespaces  Move lob tablespaces  Implement table compression  Implement index key compression  Implement lob compression  Convert to securelfile In a single command you can…

69 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 69 Easier Reorgs ops$tkyte%ORA12CR1> create table t 2 tablespace users 3 as 4 select * 5 from all_objects; Table created. ops$tkyte%ORA12CR1> create index t_idx on t(object_name); Index created. ops$tkyte%ORA12CR1> alter table t add constraint t_pk primary key(object_id); Table altered.

70 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 70 Easier Reorgs ops$tkyte%ORA12CR1> select index_name, status 2 from user_indexes 3 where table_name = 'T'; INDEX_NAME STATUS ---------- T_PK VALID T_IDX VALID ops$tkyte%ORA12CR1> exec show_space( 'T' ); … Full Blocks..................... 1,373 Total Blocks............................ 1,408 Total MBytes............................ 11 …

71 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 71 Easier Reorgs ops$tkyte%ORA12CR1> begin 2 dbms_redefinition.redef_table 3 ( uname => user, 4 tname => 'T', 5 table_compression_type => 'row store compress advanced', 6 table_part_tablespace => 'TEST' ); 7 end; 8 / PL/SQL procedure successfully completed.

72 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 72 Easier Reorgs ops$tkyte%ORA12CR1> select index_name, status 2 from user_indexes 3 where table_name = 'T'; INDEX_NAME STATUS ---------- T_PK VALID T_IDX VALID ops$tkyte%ORA12CR1> exec show_space( 'T' ); … Full Blocks..................... 382 Total Blocks............................ 512 Total MBytes............................ 4 …

73 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 73 #10 Improved Introspection

74 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 74 Improved Introspection  Before 12.1, you used three functions in the DBMS_Utility package Format_Call_Stack() Format_Error_Stack() Format_Error_Backtrace()  New in 12.1 The package UTL_Call_Stack solves the same problem properly

75 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 75 Improved Introspection package body Pkg is procedure p is procedure q is procedure r is procedure p is begin Print_Call_Stack(); end p; begin p(); end r; begin r(); end q; begin q(); end p; end Pkg;

76 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 76 Improved Introspection procedure Print_Call_Stack authid Definer is Depth pls_integer := UTL_Call_Stack.Dynamic_Depth(); begin DBMS_Output.Put_Line(DBMS_Utility.Format_Call_Stack()); end; ----- PL/SQL Call Stack ----- object line object handle number name 0x631f6e88 12 procedure USR.PRINT_CALL_STACK 0x68587700 7 package body USR.PKG 0x68587700 10 package body USR.PKG 0x68587700 13 package body USR.PKG 0x68587700 16 package body USR.PKG 0x69253ca8 1 anonymous block

77 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 77 Improved Introspection procedure Print_Call_Stack authid Definer is Depth pls_integer := UTL_Call_Stack.Dynamic_Depth(); begin for j in reverse 2..Depth loop DBMS_Output.Put_Line( (j - 1)|| To_Char(UTL_Call_Stack.Unit_Line(j), '99')|| UTL_Call_Stack.Concatenate_Subprogram UTL_Call_Stack.Subprogram(j))); end loop; end; 5 1 __anonymous_block 4 16 PKG.P 3 13 PKG.P.Q 2 10 PKG.P.Q.R 1 7 PKG.P.Q.R.P

78 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 78 #11 SQL made for migration

79 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 79 Expanded Syntax  Cross Apply  Outer Apply  Lateral

80 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 80 Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d cross apply (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ---------- -------------- ---------- 10 ACCOUNTING CLARK 10 ACCOUNTING MILLER 10 ACCOUNTING KING

81 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 81 Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d outer apply (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ---------- -------------- ---------- 10 ACCOUNTING CLARK 10 ACCOUNTING KING 10 ACCOUNTING MILLER 40 OPERATIONS

82 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 82 Expanded Syntax ops$tkyte%ORA12CR1> select d.deptno, d.dname, e2.ename 2 from dept d, lateral (select ename 3 from emp e 4 where e.deptno = d.deptno) e2 5 where d.deptno in ( 10, 40 ) 6 order by 1, 2 7 / DEPTNO DNAME ENAME ---------- -------------- ---------- 10 ACCOUNTING CLARK 10 ACCOUNTING MILLER 10 ACCOUNTING KING

83 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 83 #12 SQL ‘Esperanto’

84 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 84 SQL Translation Framework  Migrations – without changing SQL  Translations for  Sybase  MS SQLServer  Partial DB2  Or, do it yourself

85 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 85 SQL Translation Framework ops$tkyte%ORA12CR1> begin 2 dbms_sql_translator.create_profile( 'MY_PROFILE' ); 3 dbms_sql_translator.register_sql_translation 4 ( 'MY_PROFILE', 5 'select * from scott.emp', 6 'select * from scott.dept' ); 7 end; 8 / PL/SQL procedure successfully completed.

86 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 86 SQL Translation Framework ops$tkyte%ORA12CR1> alter session set sql_translation_profile = MY_PROFILE; Session altered. ops$tkyte%ORA12CR1> alter session set events = '10601 trace name context forever, level 32'; Session altered.

87 Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 87 SQL Translation Framework ops$tkyte%ORA12CR1> select * from scott.emp; DEPTNO DNAME LOC ---------- -------------- ------------- 10 ACCOUNTING NEW YORK 20 RESEARCH DALLAS 30 SALES CHICAGO 40 OPERATIONS BOSTON

88 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 12 of the corporate presentation template 88 Graphic Section Divider


Download ppt "Copyright © 2012, Oracle and/or its affiliates. All rights reserved.Insert Information Protection Policy Classification from Slide 13 1."

Similar presentations


Ads by Google