Best Practices for user ORACLE

Hello,
I have few linux servers with user ORACLE.
All the DBAs in the team connecting and working on the servers as ORACLE user and they dont have sperate account.
I create for each DBA its own account and would like them to use it.
The problem is that i dont want to lock the ORACLE account since i need it for installation/upgrade and etc , but yet i dont what
the DBA Team to connect and work with the ORACLE user.
What are the Best Practice for souch case ?
Thanks

To install databases you don't need acces to Oracle.
Also installing 'few databases every month' is fundamentally wrong as your server will run out of resources, and Oracle can host multiple schemas in one database.
"One reason for example is that we have many shell scripts that user ORACLE is the owner of them and only user ORACLE have a privilege to execute them."
Database control in 10g and higher makes 'scripts' obsolete. Also as long as you don't provide w access to the dba group there is nothing wrong in providing x access.
You now have a hybrid situation: they are allowed interactively to screw 'your' databases, yet they aren't allowed to run 'your' script.
Your security 'model' is in urgent need of revision!
Sybrand Bakker
Senior Oracle DBA

Similar Messages

Best practice for integrating oracle atg with external web service

Hi All
What is the best practice for integrating oracle atg with external web service? Is it using integration repository or calling the web service directly from the java class using a WS client?
With Thanks & Regards
Abhishek

Using Integration Repository might cause performance overhead based on the operation you are doing, I have never used Integration Repository for 3rd Party integration therefore I am not able to make any comment on this.
Calling directly as a Java Client is an easy approach and you can use ATG component framework to support that by making the endpoint, security credentials etc as configurable properties.
Cheers
R
Edited by: Rajeev_R on Apr 29, 2013 3:49 AM

Best practice for install oracle 11g r2 on Windows Server 2008 r2

Dear all,
May I know what is the best practice for install oracle 11g r2 on windows server 2008 r2. Should I create a special account for windows for the oracle database installation? What permission should I grant to the folders where Oracle installed and the database related files located (datafiles, controlfiles, etc.)
Just grant Full for Administrators and System and remove permissions for all others accounts?
Also how should I configure windows firewall to allow client connect to the database.
Thanks for your help.

Hi Christian,
Check this on MOS
*RAC Assurance Support Team: RAC Starter Kit and Best Practices (Windows) [ID 811271.1]*
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=BULLETIN&id=811271.1
DOC Modified: 14-DEC-2010
Regards,
Levi Pereira

Best practice for installation oracle 11g rac on windows 2008 server x64

hello!
can somebody tell me a good book or an other kind of literature regarding "best practice for installation oracle 11g rac on windows 2008 server x64"? thx in advance!
best regards,
christian

Hi Christian,
Check this on MOS
*RAC Assurance Support Team: RAC Starter Kit and Best Practices (Windows) [ID 811271.1]*
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=BULLETIN&id=811271.1
DOC Modified: 14-DEC-2010
Regards,
Levi Pereira

Best Practice for thinning Oracle Forms

We are considering upgrading from 10g (10.1.2.3) to (probably) 11g forms initially whist long term migrating to ADF.
Our system is 15 years old and has many issues that go along with a system this old i.e. database keys/indexes missing, forms with lots of code etc.
We have very few resources so thought the best way to go about this would be to thin out all our Oracle forms in 10g prior to upgrade (as this is mainly just a recompile in 11g) but was looking at if there were any best practices as to what level this should be done.
For example we heavily use PLLs. Should the majority of this code be moved into packages or are PLLs ok to use. I take it the majority of program units should be moved to db.
How thin should we aim to make the form. i.e if we are using post queries for something as simple as select customername into :nondbitem from customer where customerid =:customerid. Should we be making this a function in the db and reusing the code in the necessary places?
Just wondering what people would deam best practice before we start.
Thanks

Thanks for all your input.
Although the current database design is not correct we are going to correct the existng database rather than rewriting it.
So were hoping to correct this also!
But what im doing now to get rid some of this post queries for nondbnames is im creating a view of all information i need to display on one pertaining record.
Then i used this view like block basic procedure like relationship to the transactional block.So if you make queries or insert (need to run query the block view) it will give all the necessary record display"
{CODE}
This sounds sensible but we havs hundreds of tables with lots of columns. How are you managing the views/deciding how manytables/columns to include on the forms?

Best practices for administering Oracle Big Data Appliance

-        Best practices as part of administration of Oracle Big Data Infrastructure
-        How do we lock down max space usage per project
Eg: Project team A can have a max limit of 10 TB space allocated
-        Restricting roles, access ( Read, Write), place holder for common shared artifacts
-        Template/procedure for code migration across dev,qa and prod environments etc

Your data is bigger than I run, but what I have done in the past is to restrict their accounts to a separate datafile and limit its size to the max that I want for them to use: create objects restricted to accommodate the location.

Best practices for an oracle application upgrade

Hello,
We have an enterprise application deployed on Oracle Weblogic and connecting to an Oracle database (11g).
The archive is versioned and we are using Weblogic's feature to upgrade to new versions and retire old versions.
In a case of emergency when we need to rollback an upgrade, the job is really easy on Weblogic but not the same on Oracle DB.
For most of our releases, the release package is an ear plus some database scripts.
Releases are deployed with minimum downtime, so while we are releasing our clients are still writing to the DB.
In case of a rollback is needed, we need to make sure the changes we made to the DB structure (Views, SP, Tables...) are reverted but data inserted by clients stayed intact.
Correct me if I am wrong, but Flashback and RMAN TSPITR are not the good options here.
What other people usually do in similar cases? What are best practices and deployment plans for our case?
Guides and direction are welcomed.
Thanks!

Hi Magnus
I guess you have to install again to ensure no problems. BP installation also involves ensuring correct SP levels (cannot be higher) for all software components.
Best regards
Ramki

Best Practices for Securing Oracle e-Business Suite -Metalink Note 189367.1

Ok we have reviewed our financials setup against the title metalink document. But we want to focus on security and configuration specific to the Accounts Payable module of Oracle Financialos. Can you point me in the direction of any useful documents for this or give me some pointers??

Ok we have reviewed our financials setup against the title metalink document. But we want to focus on security and configuration specific to the Accounts Payable module of Oracle Financialos. Can you point me in the direction of any useful documents for this or give me some pointers??

Best Practice for E&C and Professional Services

Hello Experts,
Where do I find the Best Practice for implementing Oracle Projects, specific to Industries like E&C, Professional Services, Etc.
Thanks

Hi Anuj,
Thanks for the links, they have been helpful.
I understand now that OSR is only meant to contain only Proxy services. The synch facility is between OSR and OSB so that in case when you are not using OER, you can publish Proxy services to OSR from OSB. What I didn't understand was why there was a option to publish a Proxy service back to OSB and why it ended up as a Business service. From the link you provided, it mentioned that this case is for multi-domain OSBs, where one OSB wants to use the other OSB's service. It is clear now.
Some more questions:
1) In the design-time, in OER no Endpoints are generated for Proxy services. Then how do we publish our design-time services to OSR for testing purposes? What is the correct way of doing this?
Thanks,
Umar

Oracle Best Practices for generating Transactions IDs in high OLTP systems

We are in the process of designing a high OLTP system using Oracle 11g Database with the following NFRs:
1) 1 million transactions per day
2) 100,000 concurrent users
There are close to about 160-180 entities in the database and we want to know the best approach/practice in deriving the transaction IDs for the OLTP system. Our preferences are given below:
1) Use Oracle Sequence starting with 1,000,000,000 (1 billion) - This is to make the TXN ID look meaningful when it starts with 1 billion instead of starting it with 1.
2) Use timestamp and cast it to number instead of using Oracle sequence.
Note: Transaction IDs must appear in sequence as they are inserted - be it sequence/timestamp
I would like to know pros/cons of the above methods and their impacts on performance. Also, appreciate if you could share any any best practices/methods that Oracle supports.
Thanks in advance.
Ken R

Ken R wrote:
I did a quick PoC using both Oracle Sequence & Timestamp for 1 million inserts in a Non-RAC environment. Code used is given below:
create sequence testseq start with 1 cache 10000 order;
create table test1 (txnid number, txndate timestamp(9));
create table test2 (txnid number, txndate timestamp(9));
begin
for i in 1..1000000
loop
insert into test1 values(testseq.nextval,systimestamp(9));
end loop;
commit;
end;
begin
for i in 1..1000000
loop
insert into test2 values(to_number(to_char(systimestamp(9),'yyyymmddhh24missff9')), systimestamp(9));
end loop;
commit;
end;
Here are the results:
select max(txndate)-min(txndate) from test1;
Result >> 0 0:3:3.514891000
select max(txndate)-min(txndate) from test2;
Result >> 0 0:1:32.386923000
It appears that Timestamp is faster than sequence... Any thought is highly appreciated...Interesting that your sequence timing is so slow. You say this was a non-RAC environment, but I wonder if you had Oracle linked in RAC mode even though you were running single instance - this would result in the ORDERed sequence running through RAC's "DFS Lock Handle" mechanism which might account for the timing anomaly.
Unfortunately your test is not particularly relevant. As DomBrooks points out there are lots of problems with sequence-based or time-based columns, especially in RAC, and most particularly if you think you want a "no-gap" sequence. On top of this, of course, your test doesn't include an index on the relevant column, and it's single user and doesn't test for any concurrency effects.
Typical performance problems are: your RAC instances spend all their time negotiating who gets to use the next value; the index you use to enforce uniqueness suffers from massive contention on the "high-value" block unless you create a reverse-key index - at which point you have to be able to cache the entire index to minimise I/O overheads; you can hash partition the index to avoid using the reverse-key option - but that costs a lot of money if you don't already license the partitioning option.
Regards
Jonathan Lewis

Oracle Best practices for changing Byte to Char on Varchar2 columns

Dear Team,
Application Team wanted to change Byte to Char on Varchar2 columns to accommodate Multi byte character on couple of production tables.
Wanted to know is it safe to have mixture of BYTE and CHAR semantics in the same table i have read on the couple of documents that It's good practice to avoid using a mixture of BYTE and CHAR semantics columns in the same table.
What happens if we have mixture of BYTE and CHAR semantics columns in the same table?
Do we need to gather stats & rebuild indexes on the table after these column changes .
Thanks in Advance !!!
SK

Application Team wanted to change Byte to Char on Varchar2 columns to accommodate Multi byte character on couple of production tables.
Wanted to know is it safe to have mixture of BYTE and CHAR semantics in the same table i have read on the couple of documents that It's good practice to avoid using a mixture of BYTE and CHAR semantics columns in the same table.
No change is needed to 'accommodate Multibyte characters'. That support has NOTHING to do with whether a column is specified using BYTE or CHAR.
In 11g the limit for a VARCHAR2 column is 4000 bytes, period. If you specify CHAR and try to insert 1001 characters that each take 4 bytes you will get an exception since that would require 4004 bytes and the limit is 4000 bytes.
In practice the use of CHAR is mostly a convenience to the developer when defining columns for multibyte characters. For example for a NAME column you might want to make sure Oracle will allocate room for 50 characters REGARDLESS of the actual length in bytes.
If you provide a name of 50 one byte characters then only 50 bytes will be used. Provide a name of 50 four byte characters and 200 bytes will be used.
So if that NAME column was defined using BYTE how would you know what length to use for the column? Fifty BYTES will seldom be long enough and 200 bytes SEEMS large since the business user wants a limit of FIFTY characters.
That is why such columns would typically use CHAR; so that the length (fifty) defined for the column matches the logical length of the number of characters.
What happens if we have mixture of BYTE and CHAR semantics columns in the same table?
Nothing happens - Oracle could care less.
Do we need to gather stats & rebuild indexes on the table after these column changes .
No - not if you by 'need' you mean simply because you made ONLY that change.
But that begs the question: if the table already exists, has data and has been in use without their being any problems then why bother changing things now?
In other words: if it ain't broke why try to fix it?
So back to your question of 'best practices'
Best practices is to set the length semantics at the database level when the database is first created and to then use that same setting (BYTE or CHAR) when you create new objects or make DDL changes.
Best practices is also to not fix things that aren't broken.
See the 'Length Semantics' section of the globalization support guide for more best practices
http://docs.oracle.com/cd/E11882_01/server.112/e10729/ch2charset.htm#i1006683

Best practices for setting up users on a small office network?

Hello,
I am setting up a small office and am wondering what the best practices/steps are to setup/manage the admin, user logins and sharing privileges for the below setup:
Users: 5 users on new iMacs (x3) and upgraded G4s (x2)
Video Editing Suite: Want to connect a new iMac and a Mac Pro, on an open login (multiple users)
All machines are to be able to connect to the network, peripherals and external hard drive. Also, I would like to setup drop boxes as well to easily share files between the computers (I was thinking of using the external harddrive for this).
Thank you,

Hi,
Thanks for your posting.
When you install AD DS in the hub or staging site, disconnect the installed domain controller, and then ship the computer to the remote site, you are disconnecting a viable domain controller from the replication topology.
For more and detail information, please refer to:
Best Practices for Adding Domain Controllers in Remote Sites
http://technet.microsoft.com/en-us/library/cc794962(v=ws.10).aspx
Regards.
Vivian Wang

Best practice standard User Acess Test for WIN2012 AD

What is the Best practice standard User Acess Test for WIN2012 AD

Hello,
as before, add a computer to the domain and log on with a domain user account to the computer.
You should be able from the client machine to open the sharedfolders on the DCseither with:
\\DCName\sysvol
\\DCName\netlogonor \\NetBiosDomainName\sysvol
\\NetBiosDomainName\netlogon
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

Best Practice for Extracting a Single Value from Oracle Table

I'm using Oracle Database 11g Release 11.2.0.3.0.
I'd like to know the best practice for doing something like this in a PL/SQL block:
DECLARE
    v_student_id    student.student_id%TYPE;
BEGIN
    SELECT student_id
    INTO    v_student_id
    FROM    student
    WHERE   last_name = 'Smith'
    AND     ROWNUM = 1;
END;
Of course, the problem here is that when there is no hit, the NO_DATA_FOUND exception is raised, which halts execution. So what if I want to continue in spite of the exception?
Yes, I could create a nested block with EXCEPTION section, etc., but that seems clunky for what seems to be a very simple task.
I've also seen this handled like this:
DECLARE
    v_student_id    student.student_id%TYPE;
    CURSOR c_student_id IS
        SELECT student_id
        FROM    student
        WHERE   last_name = 'Smith'
        AND     ROWNUM = 1;
BEGIN
    OPEN c_student_id;
    FETCH c_student_id INTO v_student_id;
    IF c_student_id%NOTFOUND THEN
        DBMS_OUTPUT.PUT_LINE('not found');
    ELSE
        (do stuff)
    END IF;
    CLOSE c_student_id;
END;
But this still seems like killing an ant with a sledge hammer.
What's the best way?
Thanks for any help you can give.
Wayne

Do not design in order to avoid exceptions. Do not code in order to avoid exceptions.
Exceptions are good. Damn good. As it allows you to catch an unexpected process branch, where execution did not go as planned and coded.
Trying to avoid exceptions is just plain bloody stupid.
As for you specific problem. When the SQL fails to find a row and a value to return, what then? This is unexpected - if you did not want a value, you would not have coded the SQL to find a value. So the SQL not finding a value is an exception to what you intend with your code. And you need to decide what to do with that exception.
How to implement it. The #1 rule in software engineering - modularisation.
E.g.
create or replace function FindSomething( name varchar2 ) return foo.col1%type is
id foo.col1%type;
begin
select col1 into id from foo where col2 = upper(name);
return( id );
exception when NOT_FOUND then
return( null );
end;
And that is your problem. Modularisation. You are not considering it.
And not the only problem mind you. Seems like your keyboard has a stuck capslock key. Writing code in all uppercase is just as bloody silly as trying to avoid exceptions.

Best Practice for Deleted AD Users

In our environment, we are not using AD groups. Users are being added individually. We are running User Profile Service but I am aware that when a user is deleted in AD, they stay in the content database in the UserInfo table so that some metadata can be
retained (created by/modified by/etc).
What are best practices for whether or not to get rid of them from the content database(s)?
What do some of you consultants/admins out there do about this? It was brought up as a concern to me that they are still being seen in some list permissions/people picker, etc.
Thank you!

Personally I would keep them to maintain metadata consistency (Created By etc as you say). I've not had it raised as a concern anywhere I've worked.
However, there are heaps of resources online to delete such users (even in bulk via Powershell). As such, I am unaware of cases of deleting them causing major problems.
w: http://www.the-north.com/sharepoint | t: @JMcAllisterCH | YouTube: http://www.youtube.com/user/JamieMcAllisterMVP

Best Practices for user ORACLE

Similar Messages

Maybe you are looking for