ORACLE SECURITY

orapwd tool for password file in oracle

The password file stores a list of usernames and passwords that are allowed to remotely authenticate as SYSDBA over the network. Oracle must use this file to authenticate them, not the normal list of passwords stored in the database. And for this authentication to use password file, the value of REMOTE_LOGIN_PASSWORDFILE should be EXCLUSIVE or […]

PDB Lockdown Profiles in Oracle 12.2

Use the ALTER LOCKDOWN PROFILE statement to alter a PDB lockdown profile. You can use PDB lockdown profiles in a multitenant environment to restrict user operations in pluggable databases (PDBs). Pluggable databases bring a new separation of database administrator roles. The DBA administers the container database, the CDB, but can then delegate the administration of […]

Lock account automatically with INACTIVE_ACCOUNT_TIME

In Oracle 12.2 Release We can use the INACTIVE_ACCOUNT_TIME resource parameter in profile to automatically lock the account of a database user who has not logged in to the database instance in a specified number of days. 1. By default, it is set to UNLIMITED. 2. The minimum setting is 15 and the maximum is […]

Purge AUD$ table using DBMS_AUDIT_MGMT

            Oracle 11gR2 introduced DBMS_AUDIT_MGMT for managing audit trails.  The growth of AUD$ can impact the performance of the database. So purging it regularly is the best practice followed by DBA’s and DBMS_AUDIT_MGMT makes it easier. Follow below steps for puring aud$ table. 1. Make sure AUD$ table is not […]

ENABLE_DDL_LOGGING in oracle 12c

This  ENABLE_DDL_LOGGING parameter has been introduced in oracle 12c. If this ENABLE_DDL_LOGGING is enabled,then DDL records are written to the ADR. All DDL operations like alter/create/drop/truncate objects. Only drop user will be logged, But create user will not be. Enable the parameter:

Do some DDL operations:

    Check the log:   cd /u02/app/oracle/diag/rdbms/cdborcl/cdborcl/log/ddl […]

How to move AUD$ table to another tablespace using DBMS_AUDIT_MGMT

If your AUD$ table is in SYSTEM and SYTEM tablespace, Then it is advised to move the AUD$ to a dedicated tablespace. Use below steps to move AUD$.

Use the dbms_audit_mgmt to move the tablespace .

check whether tablespace has been moved from system to AUDIT_DATA or not.

how to use DBMS_PRIVILEGE_CAPTURE to capture privs in oracle 12c

DBMS_PRIVILEGE_CAPTURE: ————————- Oracle 12c introduced the DBMS_PRIVILEGE_CAPTURE package, which helps us in doing privilege analyze and find report on used and unused privileges. In order to use the DBMS_PRIVILEGE_CAPTURE package you must be granted the CAPTURE_ADMIN role. steps involve: —————- CREATE_CAPTURE ENABLE_CAPTURE DISABLE_CAPTURE( after waiting for necessary time) GENERATE_RESULT DROP_CAPTURE Though there are 4 options […]

Open wallet automatically after starting the database

If encryption wallet is enabled, then everytime we start the database, we have to open the wallet manually. So to avoid this, we can create one trigger which will open the wallet automatically , once you start the database. Below is the trigger:  

 

how to send mail using utl_mail in oracle 11g

            From oracle 11gR2 onwards ACLs(Access control list) are mandatory to send mail from procedure using UTL_MAIL or UTL_SMTP. For this make sure XDB component is installed. If XDB component is not installed Check – How to install XDB component in oracle.   Verify whether UTL_MAIL and UTL_SMTP is installed […]

Disable TDE in oracle 12c

Though Oracle hasn’t provided straight forward method to disable TDE . But there is a work around for this. Follow Below steps   Find the encrypted table columns and modify them:  

  Now find the table under encrypted table and move to normal tablespace:  

  switch logfiles multiple times

Close […]

Page 1 of 212
Skip to toolbar