BANK DBA ROLE
I am a new DBA, and would like to know more about bank dba roles, what kind of applications, size of db and what kind of challenges you guys take, in your routine tasks. Any such information would be of great help for beginners like me.
agree with all of upstairs's brother, but in diferent order.
1. reliable, means no data loss, data integrity, including good backup/resore,recover strategy
2. availability, at least 99.999% in a year, I means, at least not at most.
3. performance, bad performance maybe can be considered as non-available. you should care about not only instance tuning, sql tuning , and also the host server, network, storage equipment's performance which maybe impact on database.
4. routine management, relative speaking, it is simple and easy.
5. confidence and tenacity
Similar Messages
-
Is there a way to create a role like DBA role?
is there a way to create a role just like DBA role?
Karl wrote:
thanks for the reply.
yes, i know the command. but i still have concerns.
DBA role come with oracle product, and it is very powerful. our client wants to have a role just like DBA role, but with the following excluded from it
DELETE_CATALOG_ROLE
GRANT ANY ROLEThen simply do NOT issue those two GRANT -
Performance tab not working in Enterprise Manager for user with dba role
Database: 11g2
New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
2. Created user dbauser1 with dba role
3. Log in as dbauser1 in Enterprise Manager
After click Performance tab, it just went straight to "Database Login" page. No error message.
Any suggestions or advice will be appreciated.
piaomaHi Gourav,
This is the wsdl url:
http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
Kind Regards,
Richard -
Hi
DB 11g
One user has GRANT ANY ROLE privilege, and when it's trying to grant "DBA" role... it's throwing insufficient privilege... where in case of ' IMP_FULL_DATABASE" & " SELECT_CATALOG_ROLE" it's went fine... why not DBA role .???Hi,
It seems that there is a little confusing among some Oracle documentations. According to [url http://download-west.oracle.com/docs/cd/A87860_01/doc/server.817/a76956/privs.htm#15013] Managing User Privileges and Roles since Oracle 8i documentation, the roles CONNECT, RESOURCE and DBA are automatically defined for Oracle databases as part of database creation. On the other hand, there is a note:
"Note: The previous three roles are provided to maintain compatibility with previous versions of Oracle and may not be created automatically in future versions of Oracle. Oracle Corporation recommends that you design your own roles for database security, rather than relying on these roles"
Now, according to [url http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/authoriz.htm#i1007401]Oracle 10g documentation:
"5.2.7 Predefined Roles
The following roles are defined automatically for Oracle Database:
* CONNECT
* RESOURCE
* DBA
* EXP_FULL_DATABASE
* IMP_FULL_DATABASE
These roles are provided for backward compatibility to earlier versions of Oracle Database and can be modified in the same manner as any other role in an Oracle database.
Note: Each installation should create its own roles and assign only those privileges that are needed, thus retaining detailed control of the privileges in use. This process also removes any need to adjust existing roles, privileges, or procedures whenever Oracle Database changes or removes roles that Oracle Database defines. For example, the CONNECT role now has only one privilege: CREATE SESSION. Both CONNECT and RESOURCE roles will be deprecated in future Oracle versions."
In resume, the CONNECT and RESOURCE roles will be deprecated in future Oracle versions, but there is nothing about DBA role.
Cheers
Legatti -
DBA role and system privileges
I created a new user (PIPPO) with the default dba role in my db.
I know that the dba_role has the SELECT ANY TABLE and INSERT ANY TABLE system privileges.
I expeperienced that if I select a table of another schema on a simple sqlplus session everything is OK, but if I select the same table on the same manner in a PL/SQL procedure or in the creation of a wiew, both owned by PIPPO, the error message is that the table not exists...
So I have to grant SELECT and INSERT on the tables I want to my user PIPPO.
Does anyone tell me if this is normal or strange?
ThanksThis is normal. To access other schema's table you need to have direct grant not through roles. DBA is a role.
-
Hi,
I recently saw that the DBA role is missing from one of our databases and the connect privileges are revoked from almost all schemas in the database. I tried investing about how this. Initially I went to check the dba_audit_trail,unfortunately it's empty. Secondly I tried using log miner to analyse redo logs for last 5 days in short intervals. Analysing from V$LOGMNR_CONTENTS using a "DROP" filter on operation column,but still couldn't get anything. Can anyone suggest any other way to investigate this.If you had access to a database of the same version you could use the scripts from Pete Finnigan (http://www.petefinnigan.com/tools.htm) to see what privileges are given to the DBA role and re-create the role.
On metalink there is Note: 1068678.6 How to Recreate DBA Role if Dropped. Last revision is 26-Nov-2002 and only mentions version 8.X. -
Is it possible to break dba role into
new dba
back up dba
dba operator
etc. SO that a single dba does not have all super
privileges ?
Thanks
- SatyajeetYou can certainly create new roles that have fewer privs than DBA and grant those roles to different folks. That's probably the easiest approach.
Justin -
DBA role cannot update a table
SQL> select * from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL> show user
USER is "JIMMYB"
SQL> select granted_role from dba_role_privs where grantee ='JIMMYB';
GRANTED_ROLE
CTXAPP
DBA
SQL> select user_seq, person_id from cmis.users
2 where last_name = 'ZIGGY';
USER_SEQ PERSON_ID
12788 1246277
SQL> update cmis.users
2 set
3 person_id = 10991
4 where user_seq = 12788;
update cmis.users
ERROR at line 1:
ORA-00942: table or view does not existHow can the DBA role not be allowed to update this table?I'm not sure what I am missing here. I've never encountered this before.
SQL> desc cmis.users
Name Null? Type
USER_SEQ NOT NULL NUMBER
PERSON_ID NUMBER ENCRYPT
USERNAME VARCHAR2(50) ENCRYPT
PREFIX VARCHAR2(10)
FIRST_NAME VARCHAR2(100) ENCRYPT
MIDDLE_NAME VARCHAR2(100) ENCRYPT
LAST_NAME VARCHAR2(100) ENCRYPT
SUFFIX VARCHAR2(12)
EMAIL_ADDRESSS VARCHAR2(1000) ENCRYPT
USER_STATUS_SEQ NUMBERI can't imagine it has anything to do with transparent data encryption. -
DBA role required to see indexes in Other Users schema
When my developers try to view indexes owned by other users that are unable to see them unless the have been added to the DBA Role. Is this a requirement to view indexes owned by others? Are there lesser privs than DBA that will allow this?
The developer already has this privilege. Using other development tools he can see the indexes in other schemas. It appears to be a problem or setting in SQL Developer. We are running version 1.2.1. Any other thoughts?
-
APEX DBA role to monitor the database, is there a workaround?
I have a developer who wishes to access the database monitor for performance monitoring, but I do not wish to give him DBA privileges. Is apex looking for the DBA role explicitly?
I am trying to avoid having to perform a daily manual process (I monitor about a dozen email accounts - not all of them from ISP's with the 60 day deletion window). The ISP's 60 day deletion window is rolling - each day different existing messages are about to reach the threshold. I don't want to mark messages as Read for all messages, just those that are about to be 60 days old. I know that I can do this by creating a smart mailbox that only has messages that are 59 days old, select all of the smart mailbox messages and then right-click and "Mark as Read", but this would have to be a daily, manual process.
-
PDB_DBA has DBA role, but no quota on tablespace
Hi all,
I have weird situation and I can't find in doco why is that:
I have created PDB with role DBA for admin user, I can see that PDB_DBA role has DBA role. I can create table in admin user schema, but can't insert rows there, as there are no quota on tablespace. If I grant DBA to admin user directly- I can insert rows - so, I got "quota unlimited" as part of DBA role:
SQL> conn / as sysdba
Connected.
SQL> create pluggable database P1 admin user a identified by a roles=(dba);
Pluggable database created.
SQL> alter session set container=P1;
Session altered.
SQL> alter pluggable database P1 open;
Pluggable database altered.
SQL> create table a.t(id integer);
Table created.
SQL> insert into a.t values(1);
insert into a.t values(1)
ERROR at line 1:
ORA-01950: no privileges on tablespace 'SYSTEM'
SQL> select * from dba_role_privs where grantee = 'A';
GRANTEE
GRANTED_ROLE ADM DEL DEF COM
A
PDB_DBA YES NO YES NO
SQL> select granted_role from dba_role_privs where grantee = 'PDB_DBA';
GRANTED_ROLE
DBA
SQL>
SQL> grant dba to a;
Grant succeeded.
SQL> insert into a.t values(1);
1 row created.
SQL> revoke dba from a;
Revoke succeeded.
SQL> insert into a.t values(1);
1 row created.
SQL>What is the full version of Oracle 12c that you are using?
That does seem odd. Especially since revoking the direct grant leaves the privilege intact which could only come from the role.
What happens if you bounce the DB after the initial INSERT failure? Does it continue to fail if the direct grant isn't made?
Also - did you specify FILE_NAME_CONVERT as an init parameter?
If you have a MOS account I suggest you search to see if there are any bugs related to PDB privileges.
There have been some known issues with the whole PDB metadata link thing. System tables only exist in the root and the PDBs only have metadata links to the actual system entries. It's possible that the metadata link didn't get created or propagated properly after the PDB was created.
That is why I ask if you can try bouncing the database to see if the problem still persists.
The other, related, test to try is to first create the PDB (no other action at all such as grants, users, or anything). Then open the PDB and then shut it all down.
When you restart the entire DB and open the PDB then perform your test and see if you get the same results. The intent of that test is to see if the metadata entries are properly created and propogated AFTER the PDB actually exists.
Unfortunately (for you at least for now) there are so many nuances to the whole multitenant thing in the way privileges (among other things) work it will be a while until they all get sorted out.
Many of those are the management of privileges (roles, grants, etc) for PDBs given that some PDBs aren't open at the time the privilege change is made. If a PDB isn't open and you modify a common privilege there won't be any replication to that PDB and you will later have to update that PDBs privileges manually. -
I have some problems understanding DBA role. I have DBA privs on a database (I'm a developer, not a DBA). Because of a privacy problem, I have not to select data in only one table of the database. A solution could be to encrypt rows of this table... This will be the last choice, because in this case I will have to rewrite some applications. So, I'm trying to create a new role in which I have all privileges except SELECT ANY TABLE. Then I will have to lose my DBA privs. During ordinary operations necessary to mantain my applications (like backup, import and export and so on...), I will have DBA privs granted again from the privacy manager only for the period necessary to mantain the site. After this period I have to sign a paper in which I declare I have not seen the records of that table. As you can imagine, this solution is very bad (during that period I can create 1000 users with dba privs...), but seems to be fine to the privacy manager.
Now my problem is: after creating the role DBA_WSAT that is the DBA role without select any table, I can connect as sysdba again... Why? Which is the privilege that enable a user to connect as sysdba? Any suggestions will be appreciated to solve this bad situation...
Thank you very much.
Ste.You probably have an entry in the password file that needs to be removed if you are no longer a DBA.
Have you considered auditing access to this sensitive table, either in addition to the current proposal or instead of it? That would be far more secure than signing the piece of paper periodically.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
REVOKE insert on tables from use with DBA role
Hi
I have two users with DBA role granted. I want to remove insert/update capabilities of a certain tables from one of the users but keep the DBA role. Is this possible ?
ThanksNo.
Do not even think about messing with the DBA role!!
You cannot grant global privileges through a role, then ungrant select privileges from an individual.
What you need to do is to crate your own local DBA-like role (or roles). Grant the global privileges all DBAs need to your own DBA-like role and grant that to the DBAs. Then grant privileges on the tables to various roles and grant them to the individual DBAs. That way you can exclude the privileges you do not want to grant.
But, ultimately, you need to be able to trust your DBA to follow procedures, rules, and instructions. If you cannot, perhaps he should not be a DBA. -
Hi, i have experienced many time that when you give dba role to any schema it should get the privilege of Create any on all object. but it is not the case after giving dba privilege to schema i have to give create any privilege to that schema though DBA role have that Facility, why is it so.
Regards
Vikas ChopkarAre you talking about the default role named DBA? If so, that role should rarely be granted to anyone. Either way, on my database it has the privileges you say it doesn't.
SQL> SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE='DBA' ORDER BY PRIVILEGE;
GRANTEE PRIVILEGE ADM
DBA ADMINISTER ANY SQL TUNING SET YES
DBA ADMINISTER DATABASE TRIGGER YES
DBA ADMINISTER RESOURCE MANAGER YES
DBA ADMINISTER SQL TUNING SET YES
DBA ADVISOR YES
DBA ALTER ANY CLUSTER YES
DBA ALTER ANY DIMENSION YES
DBA ALTER ANY EVALUATION CONTEXT YES
DBA ALTER ANY INDEX YES
DBA ALTER ANY INDEXTYPE YES
DBA ALTER ANY LIBRARY YES
DBA ALTER ANY MATERIALIZED VIEW YES
DBA ALTER ANY OUTLINE YES
DBA ALTER ANY PROCEDURE YES
DBA ALTER ANY ROLE YES
DBA ALTER ANY RULE YES
DBA ALTER ANY RULE SET YES
DBA ALTER ANY SEQUENCE YES
DBA ALTER ANY SQL PROFILE YES
DBA ALTER ANY TABLE YES
DBA ALTER ANY TRIGGER YES
DBA ALTER ANY TYPE YES
DBA ALTER DATABASE YES
DBA ALTER PROFILE YES
DBA ALTER RESOURCE COST YES
DBA ALTER ROLLBACK SEGMENT YES
DBA ALTER SESSION YES
DBA ALTER SYSTEM YES
DBA ALTER TABLESPACE YES
DBA ALTER USER YES
DBA ANALYZE ANY YES
DBA ANALYZE ANY DICTIONARY YES
DBA AUDIT ANY YES
DBA AUDIT SYSTEM YES
DBA BACKUP ANY TABLE YES
DBA BECOME USER YES
DBA CHANGE NOTIFICATION YES
DBA COMMENT ANY TABLE YES
DBA CREATE ANY CLUSTER YES
DBA CREATE ANY CONTEXT YES
DBA CREATE ANY DIMENSION YES
DBA CREATE ANY DIRECTORY YES
DBA CREATE ANY EVALUATION CONTEXT YES
DBA CREATE ANY INDEX YES
DBA CREATE ANY INDEXTYPE YES
DBA CREATE ANY JOB YES
DBA CREATE ANY LIBRARY YES
DBA CREATE ANY MATERIALIZED VIEW YES
DBA CREATE ANY OPERATOR YES
DBA CREATE ANY OUTLINE YES
DBA CREATE ANY PROCEDURE YES
DBA CREATE ANY RULE YES
DBA CREATE ANY RULE SET YES
DBA CREATE ANY SEQUENCE YES
DBA CREATE ANY SQL PROFILE YES
DBA CREATE ANY SYNONYM YES
DBA CREATE ANY TABLE YES
DBA CREATE ANY TRIGGER YES
DBA CREATE ANY TYPE YES
DBA CREATE ANY VIEW YES
DBA CREATE CLUSTER YES
DBA CREATE DATABASE LINK YES
DBA CREATE DIMENSION YES
DBA CREATE EVALUATION CONTEXT YES
DBA CREATE EXTERNAL JOB YES
DBA CREATE INDEXTYPE YES
DBA CREATE JOB YES
DBA CREATE LIBRARY YES
DBA CREATE MATERIALIZED VIEW YES
DBA CREATE OPERATOR YES
DBA CREATE PROCEDURE YES
DBA CREATE PROFILE YES
DBA CREATE PUBLIC DATABASE LINK YES
DBA CREATE PUBLIC SYNONYM YES
DBA CREATE ROLE YES
DBA CREATE ROLLBACK SEGMENT YES
DBA CREATE RULE YES
DBA CREATE RULE SET YES
DBA CREATE SEQUENCE YES
DBA CREATE SESSION YES
DBA CREATE SYNONYM YES
DBA CREATE TABLE YES
DBA CREATE TABLESPACE YES
DBA CREATE TRIGGER YES
DBA CREATE TYPE YES
DBA CREATE USER YES
DBA CREATE VIEW YES
DBA DEBUG ANY PROCEDURE YES
DBA DEBUG CONNECT SESSION YES
DBA DELETE ANY TABLE YES
DBA DEQUEUE ANY QUEUE YES
DBA DROP ANY CLUSTER YES
DBA DROP ANY CONTEXT YES
DBA DROP ANY DIMENSION YES
DBA DROP ANY DIRECTORY YES
DBA DROP ANY EVALUATION CONTEXT YES
DBA DROP ANY INDEX YES
DBA DROP ANY INDEXTYPE YES
DBA DROP ANY LIBRARY YES
DBA DROP ANY MATERIALIZED VIEW YES
DBA DROP ANY OPERATOR YES
DBA DROP ANY OUTLINE YES
DBA DROP ANY PROCEDURE YES
DBA DROP ANY ROLE YES
DBA DROP ANY RULE YES
DBA DROP ANY RULE SET YES
DBA DROP ANY SEQUENCE YES
DBA DROP ANY SQL PROFILE YES
DBA DROP ANY SYNONYM YES
DBA DROP ANY TABLE YES
DBA DROP ANY TRIGGER YES
DBA DROP ANY TYPE YES
DBA DROP ANY VIEW YES
DBA DROP PROFILE YES
DBA DROP PUBLIC DATABASE LINK YES
DBA DROP PUBLIC SYNONYM YES
DBA DROP ROLLBACK SEGMENT YES
DBA DROP TABLESPACE YES
DBA DROP USER YES
DBA ENQUEUE ANY QUEUE YES
DBA EXECUTE ANY CLASS YES
DBA EXECUTE ANY EVALUATION CONTEXT YES
DBA EXECUTE ANY INDEXTYPE YES
DBA EXECUTE ANY LIBRARY YES
DBA EXECUTE ANY OPERATOR YES
DBA EXECUTE ANY PROCEDURE YES
DBA EXECUTE ANY PROGRAM YES
DBA EXECUTE ANY RULE YES
DBA EXECUTE ANY RULE SET YES
DBA EXECUTE ANY TYPE YES
DBA EXPORT FULL DATABASE YES
DBA FLASHBACK ANY TABLE YES
DBA FORCE ANY TRANSACTION YES
DBA FORCE TRANSACTION YES
DBA GLOBAL QUERY REWRITE YES
DBA GRANT ANY OBJECT PRIVILEGE YES
DBA GRANT ANY PRIVILEGE YES
DBA GRANT ANY ROLE YES
DBA IMPORT FULL DATABASE YES
DBA INSERT ANY TABLE YES
DBA LOCK ANY TABLE YES
DBA MANAGE ANY FILE GROUP YES
DBA MANAGE ANY QUEUE YES
DBA MANAGE FILE GROUP YES
DBA MANAGE SCHEDULER YES
DBA MANAGE TABLESPACE YES
DBA MERGE ANY VIEW YES
DBA ON COMMIT REFRESH YES
DBA QUERY REWRITE YES
DBA READ ANY FILE GROUP YES
DBA RESTRICTED SESSION YES
DBA RESUMABLE YES
DBA SELECT ANY DICTIONARY YES
DBA SELECT ANY SEQUENCE YES
DBA SELECT ANY TABLE YES
DBA SELECT ANY TRANSACTION YES
DBA UNDER ANY TABLE YES
DBA UNDER ANY TYPE YES
DBA UNDER ANY VIEW YES
DBA UPDATE ANY TABLE YES -
What are the roles and responsibilities for SQL DBA in MSBI?
Hi Vijay,
SSIS:
SQL Server SSIS installation, patching, upgrades and configure it
- SQL Server Integration Services package deployment
Security and access:
Saving Packages to the msdb Database
Controlling Access to Packages
Controlling Access to the Contents of Packages
Controlling Access to Packages
Storing Package Configurations Securely
Controlling Access to the Integration Services Service
Monitor H/W Resource
Monitoring and optimize the packages
SSRS:
SQL Server SSRS installation, patching, upgrades and configure it
Security and Protection (SSRS)-
Authentication and Authorization
Reporting Services provides different authentication types for users and Client applications to authenticate with the report server. Using the right authentication type for your report server enables your organization to achieve the appropriate level of
security required by your organization
(SSRS databases, access, security), maybe set-up a scale-out infrastructure (SSRS farm).
If it is with SharePoint integration: make sure SharePoint is configured.
SQL Server Reporting Services support and report deployment
Monitoring and optimize the report queries
SSAS
SQL Server SSAS installation, patching, upgrades and configure it .
-SQL Server Analysis Services support.
Security and Protection (SSAS)-
Restrict access to each dimension, specify allowed/denied dimension members, or write advanced multi-dimensional expressions (MDX) for dynamic security. Another area of MSAS security
is defining permissions and impersonation level for assemblies.
Monitoring and optimize the MDX queries
Some of the frequently used DMVs include to monitor
$system.discover_connections
$system.discover_sessions
$system.discover_commands
$system.discover_object_memory_usage
$system.discover_object_activity
$system.discover_locks
You can query each of these DMVs through simple <tt>SELECT * FROM DMV_name</tt> statements.
We can collect backups and restore databases using SSMS or by submitting XMLA commands
Resolving Blocking Issues
Scaling Up and Scaling Out
Assuring High Availability
Maybe you are looking for
-
I thought I would throw this question out there before I did anything drastic: Yesterday my AppleTV remote stopped working. No indication that it was a battery problem. Our iPhone remote apps still work. I bought a new battery. Still nothing. Like I
-
Hi guys, If I am not wrong is the API to update delivery details in WSH_DELIVERY_DETALS TABLE. Here i am updating tracking_number for a given delivery_detail_id, but its not working. Please help me if I am doing amy mistake. create OR REPLACE pr
-
GUI not working anymore after installing of ABAP preview
Hi, I have sapgui 6.40 installed on my computer. Now after installing the Netweaver Preview ABAP stack (the installation worked fine) I cannot start my sapgui anymore. I get a messagebox with the following message: "The procedure entry point RfcReset
-
Workflow Builder: RES file editing?
using Workflow Builder 2.0.3.8.3 Well, a client asked for us(private company) to get him a localized for Russia copy of WFB. The representatives of ORACLE in Moscow said that WFB have never been translated into russian. I found some OCX files contain
-
I have a single template page that's used to generate about 20 pages. Within it I have a query that pulls products assigned to that category and displays them in list of "Top 10" based on the number of times they've been viewed. As this can get kinda