I am new to oracle database. I work on 12c version oracle database which is hosted in linux platform. I have to whitelist a list of ip addresses to access the oracle database.
Example: Below are the server details and i need to add my ipaddress to connect to the database
(PROTOCOL = TCP)(HOST = 192.168.56.122) (PORT = 1521)
kishan 192.108.10.132 xyz#gmail.com
I have gone through these documents but it was not quite helpful. Any help would be much appreciated!
https://docs.oracle.com/en/cloud/paas/casb-cloud/palug/putting-ip-addresses-blacklists-or-whitelists.html#GUID-17060E3D-D8B6-41F1-AAEB-9CC3F4D7B670
https://docs.oracle.com/en/cloud/paas/exadata-express-cloud/csdbp/configure-ip-whitelist-policy.html
Looks like you're looking for ACL (Access Control List). Here's an example:
Create ACL:
BEGIN
DBMS_NETWORK_ACL_ADMIN.create_acl (
acl => 'kishan.xml',
description => 'HTTP Access',
principal => 'KISHAN', -- user in your database
is_grant => TRUE,
privilege => 'connect',
start_date => NULL,
end_date => NULL);
END;
/
Assign ACL:
BEGIN
DBMS_NETWORK_ACL_ADMIN.assign_acl (acl => 'kishan.xml',
HOST => '192.108.10.132',
lower_port => NULL,
upper_port => NULL);
END;
/
Add privilege
BEGIN
-- TRAFOGLED
DBMS_NETWORK_ACL_ADMIN.add_privilege (acl => 'kishan.xml',
principal => 'KISHAN',
is_grant => TRUE,
privilege => 'connect',
start_date => NULL,
end_date => NULL);
DBMS_NETWORK_ACL_ADMIN.add_privilege (acl => 'kishan.xml',
principal => 'KISHAN',
is_grant => TRUE,
privilege => 'resolve',
start_date => NULL,
end_date => NULL);
END;
/
COMMIT;
After you've done all that, user KISHAN should have access to 192.108.10.132. If there are other users that should gain the same access, just add them into the "add privilege" script.
ACLs as described by #Littlefoot control access from within the database to external resources (e.g. a PL/SQL stored procedure accessing a web service or e-mail server). If you're talking about whitelisting database clients, connecting to the DB from other hosts, there are a couple of options, but be careful not to work yourself into a corner in terms of administrative overhead. It is very important to consider what is the actual problem you are trying to solve.
You can use
the host server's local firewall (e.g. iptables, firewall1, etc.) to restrict access to port 1521 (or whatever port you're using);
the TCP.INVITED_NODES parameter in sqlnet.ora (see here: https://docs.oracle.com/en/database/oracle/oracle-database/19/netrf/parameters-for-the-sqlnet.ora.html#GUID-897ABB80-64FE-4F13-9F8C-99361BB4465C);
or use Oracle Connection Manager if you have an Enterprise Edition database.
In general I wouldn't restrict to anything more narrow than a subnet, though. The reason for that is that there isn't any good way to do it more precisely: IP addresses tend to change frequently with DHCP, which could result in a user being unintentionally locked out, and they can be easily spoofed by bad actors. Tracking each individual IP is an administrative nightmare, too.
See these articles I wrote up last year for more detail and some of the important questions to consider:
https://pmdba.wordpress.com/2020/02/18/how-to-limit-a-user-connection-to-a-specific-ip-address/
https://pmdba.files.wordpress.com/2013/03/deploying-an-oracle-11gr2-connection-manager.pdf
Related
I need to connect a Yii2 model to an Oracle database but it is not working despite reading several answers on this topic.
The Oracle login credentials that I use to manually log in are similar to:
host: hosturl.abc.com
port: 1521
SID: sidname
user: username
password: passABC
In the manual login process, I then need to select the appropriate Schema, after which I can see all tables.
I am not clear how to include these details in the oci connection. Here is what I have done without success:
'db2' => [
'class' => 'yii\db\Connection',
'dsn' => 'oci:dbname=//hosturl.abc.com:1521/sidname;charset=UFT-8',
'username' => 'username',
'password' => 'passABC'
],
I get an error "The table does not exist: TableName" however, I get this message even if I supply completely random details ie wrong username, wrong host, wrong password etc)
I am not clear why I cannot connect. Perhaps the Oracle database is rejecting all queries? Do I need to include the SID in the connection credentials?
Any help appreciated
UPDATE
I think there must be a more general problem with my installation. I am trying a raw connection as follows:
$conn = oci_connect("username", "passABC", "//hosturl.abc.com/sidname");
if (!$conn) {
print "There is a problem";
} else {
print "Connected to Oracle!";
}
This returns the following error:
Call to undefined function oci_connect()
Any suggestions? This looks like a problem with my php setup??
SOLVED!
1) oci_connect not working: SOLVED
Please see this post for more details How do I connect PHP 7.x to Oracle database on RedHat / CentOS?. This fix was required for Yii2 to connect to Oracle.
2) Yii2 db credentials for an Oracle database
/common/config/main-local:
'db' = [
'class' => 'yii\db\Connection',
'dsn' => 'oci:dbname=//hosturl:1521/SID;charset=UTF8',
'username' => 'dbusername',
'password' => 'dbpassword',
]
I tried a number of Yii2 oci8 extensions but none of them worked for me. Instead, the fix (1) for the oci_connect worked and no additional Yii2 drivers were required. I was able to use the standard 'yii\db\Connection' class.
3) Database Schema
Within the Oracle database we have a number of schemas and I wasn't sure how to query a specific table within a particular schema. Ultimately the solution was simple: Within each model, prepend the schema name to the table name. For example:
class myTable extends ActiveRecord
{
public static function tableName()
{
return 'schemaName.myTable';
}
I have been struggling to get the final SAMPLE (ASP.Net, EF Core, SQL) to work against a real SQL Server. Every sample I can find does not use real SQL they always opt for in-memory data store
I changed the connection string
"Data Source=.;Initial Catalog=IS4;Integrated Security=True;"
and ran
dotnet ef database update -c ApplicationDbContext
This created me a SQL database with 25 tables.
I tweaked Startup.cs to change
services.AddDbContext<ApplicationDbContext>(options =>
options.UseSqlServer(connectionString));
and b.UseSqlite to b.UseSqlServer
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
})
// this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = b =>
b.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
// options.TokenCleanupInterval = 15;
});
I ran the server with "/seed" on the command line but the Seed functionality doesn't work
First it complains CLIENT can't have a NULL ID when it calls SaveChanges(). If I change the code to add the ID
if (!context.Clients.Any())
{
Console.WriteLine("Clients being populated");
int i = 1;
foreach (var client in Config.GetClients().ToList())
{
var x = client.ToEntity();
x.Id = i++;
context.Clients.Add(x);
}
context.SaveChanges();
}
else
{
Console.WriteLine("Clients already populated");
}
I then get
"Cannot insert the value NULL into column 'Id', table 'IS4.dbo.ClientGrantTypes".
When I watch the video's it says it can be migrated from SQLite to full SQL simply by changing the connection string which is obviously not true, given all the other changes I have done, so I must be doing (or missing) something else.
Any thoughts?
Could it be that all the tables with an "Id INT" column should all be IDENTITY columns and they are not!
I checked the migrations code and it has
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.CreateTable(
name: "ApiResources",
columns: table => new
{
Id = table.Column<int>(nullable: false)
.Annotation("Sqlite:Autoincrement", true),
Description = table.Column<string>(maxLength: 1000, nullable: true),
DisplayName = table.Column<string>(maxLength: 200, nullable: true),
I am guessing
.Annotation("Sqlite:Autoincrement", true),
doesn't work with full SQL and therefore all the tables need identity properties setting.
Interestingly if you run the other template to add the AdminUI
dotnet new is4admin
It seems to add a couple of SQL scripts
CREATE TABLE "Clients" (
"Id" INTEGER NOT NULL CONSTRAINT "PK_Clients" PRIMARY KEY AUTOINCREMENT,
"AbsoluteRefreshTokenLifetime" INTEGER NOT NULL,
"AccessTokenLifetime" INTEGER NOT NULL,
which does make them identity columns.
I was faced with this issue today and did a couple of searches online and stumbled upon this https://entityframeworkcore.com/knowledge-base/46587067/ef-core---do-sqlserver-migrations-apply-to-sqlite-
The link pointed out to switch the annotation portion in the migration class UP method after
Id = table.Column(nullable: false)
from
.Annotation("Sqlite:Autoincrement", true);
to
.Annotation("SqlServer:ValueGenerationStrategy", SqlServerValueGenerationStrategy.IdentityColumn)
And you will need to import
using Microsoft.EntityFrameworkCore.Metadata;
Then you build, and the migration will be successful.
To resolve this particular issue I used SSMS.
right click on table
select script to drop and create
add IDENTITY after the NOT NULL
Execute
However you are correct, it is using sqlite annotations in the sql file and in the migrations.
To fully resolve this issue, you need to create an implementation of all 3 necessary database contexts: identity, persisted grant, and configuration.
That requires an implementation of design time factories for each of those contexts as well.
Then you can run add-migration in the package manager console for each of those contexts, and then run update database, or run the application with the migrate function when seeding.
So to recap:
Create implementations for the 3 db contexts
Create Design time factory implementations for those db contexts
Add the migrations
Update the database with those migrations
really simple doubt, guess it is a bug, or something I got wrong
I have a databse in Azure, as Standard:S0 Tier, now 178 mb, and I want to make a copy (in a master's procedure) but with result database in BASIC pricing tier
Tought as:
CREATE DATABASE MyDB_2 AS COPY OF MyDB ( EDITION = 'Basic')
With unhappier result :
Database is created as pricing tier Standard:S0
Then tried:
CREATE DATABASE MyDB_2 AS COPY OF MyDB ( SERVICE_OBJECTIVE = 'Basic' )
or
CREATE DATABASE MyDB_2 AS COPY OF MyDB ( EDITION = 'Basic', SERVICE_OBJECTIVE = 'Basic' )
With even unhappy result :
ERROR:: Msg 40808, Level 16, State 1, The edition 'Standard' does not support the service objective 'Basic'.
tried also:
CREATE DATABASE MyDB_2 AS COPY OF MyDB ( MAXSIZE = 500 MB, EDITION = 'Basic', SERVICE_OBJECTIVE = 'Basic' )
with unhappier result :
ERROR:: Msg 102, Level 15, State 1, Incorrect syntax near 'MAXSIZE'.
.
May I be doing something not allowed ?
But if you copy your database via portal, you'd notice that basic tier is not available with message'A database can only be copied within the same tier as the original database.'. The behavior is documented here:'You can select the same server or a different server, its service tier and performance level, a different performance level within the same service tier (edition). After the copy is complete, the copy becomes a fully functional, independent database. At this point, you can upgrade or downgrade it to any edition. The logins, users, and permissions can be managed independently.'
I want to implement oracle streams in different schema name..for example
schema1.jobs to schema2.jobs
because most of people give example in same schema..like scott.emp to scott.emp :(
anybody have any advice and thread ?
thank you so much :)
you must configure the apply process. To do this you should add rules to the rule set. With this configuration, the apply process dequeues the LCR (Logical Change Record) events and applies all changes to the destination schema. In order to do this, execute the following in the destination DB as strmadmin user:
SQL> begin
dbms_streams_adm.add_schema_rules (
schema_name => 'XXX',
streams_type => 'apply',
streams_name => 'apply_strm',
queue_name => 'capture_Downstream',
include_dml => true,
include_ddl => true,
source_database => 'SOURCE_GLOBAL_NAME');
end;
/
You should adjust the parameters based on your case. See the https://docs.oracle.com/cd/B10501_01/appdev.920/a96612/d_strm_2.htm it is for 9.2
I have some strange issue with querying SQL Server from django.
When I query db twice in single request, I got errors in some cases. Namely when first db query returns big amount of data, we end up with error while querying db second time.
Details:
We're using Microsoft SQL Server backend for Django (https://bitbucket.org/Manfre/django-mssql/src) running on windows.
We want allow user to filter data from some table ("Activity") via form, display it on the website's table and then show related data from another table ("Frames") on map.
class Frames(models.Model):
...
class Activity(models.Model):
frame_from = models.ForeignKey(Frames, ...)
...
The problem is: when we want to filter larger amount of data from Activity (let's say 200rows x 6 colums), we can not make other queries in the same request on table Frames (MARS is turned on in Django settings.py):
result = Aktywnosci.objects.filter(qset1)
is always ok, but
path = Frames.objects.filter(qset2)
when the previous query returned larger amount of data, raises OLE DB Error:
'Microsoft OLE DB Provider for SQL Server' Error: Cannot
create new connection because in manual or distributed transaction mode.
PS. Database settings from settings.py:
# Database for this installation.
DATABASES = {
'default':{
'ENGINE': 'django.db.backends.sqlserver_ado',
'NAME': '***',
'USER': '***',
'PASSWORD': '***',
'HOST': '***',
'PORT': '',
'OPTIONS' : {
'provider': 'SQLOLEDB',
'use_mars': True,
}
}
}
PS2. I came across this issue on the google-code page of djang-mssql: http://code.google.com/p/django-mssql/issues/detail?id=79 - but it seems to be solved in new version of package...
What can I do about it?
Thanks in advance
We got the solution at bitbucket: https://bitbucket.org/Manfre/django-mssql/issue/13/ole-db-provider-for-sql-server-error from Michael Manfre - thanks a lot for this.
The solution is following:
"SQLOLEDB and MARS doesn't work very well and I intend on changing all of the documentation and defaults to assume a native client driver will be used. Try using the native client; "SQLNCLI10" or "SQLNCLI11".
DATABASES = {
'default': {
'ENGINE': 'sqlserver_ado',
'NAME': 'mydb',
'HOST': r'localhost',
'USER': '',
'PASSWORD': '',
'OPTIONS': {
'provider': 'SQLNCLI10',
'extra_params': 'DataTypeCompatibility=80;MARS Connection=True;',
},
}
}
Is "use_mars=True" set up in your "settings.py" file?
http://django-mssql.readthedocs.org/en/latest/settings.html
If this doesn't work, I have a question: is your selection in SQL Server involving tables with triggers on them (transact SQL scripts) - in this case the SQL Server will use a static cursor instead of a firehose one (which is what you need) therefore you will get your error. Try to get rid of the triggers, use some views in SQL Server and select from them instead of tables.