Wednesday, 10 June 2015
Tuesday, 9 June 2015
Database/dictionary stats:
Dictionary Stats:
All thats needed:
SQL> EXEC DBMS_STATS.GATHER_SCHEMA_STATS ('SYS');
SQL> exec DBMS_STATS.GATHER_DATABASE_STATS (gather_sys=>TRUE);
SQL> EXEC DBMS_STATS.GATHER_DICTIONARY_STATS;
To gather the fixed objects stats use:-
EXEC DBMS_STATS.GATHER_FIXED_OBJECTS_STATS;
All thats needed:
SQL> EXEC DBMS_STATS.GATHER_SCHEMA_STATS ('SYS');
SQL> exec DBMS_STATS.GATHER_DATABASE_STATS (gather_sys=>TRUE);
SQL> EXEC DBMS_STATS.GATHER_DICTIONARY_STATS;
To gather the fixed objects stats use:-
EXEC DBMS_STATS.GATHER_FIXED_OBJECTS_STATS;
Friday, 5 June 2015
Oracle: Experiment Redact function simple implementation 12c/19c
Variations:
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'dept',
column_name => 'dname',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.full,
function_parameters => '7,1,5',
expression => '1=1');
END;
Before redact Variation 1:
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'emp',
column_name => 'deptno',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.full,
function_parameters => '7,1,5',
expression => '1=1');
END;
after:
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
12:37:34 SQL> /
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 0 <=======redacted
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 0
==================================================================================================================
Before redact Variation 2:
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'emp',
column_name => 'deptno',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1');
END;
Compare before after:(Select * from emp)
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
12:48:40 SQL> /
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 77
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 77
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 77
======================================================================================
Before redact Variation 3:Multi Column Query: select * from emp where ename in ('SMITH','ALLEN');
##Base Policy
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'emp',
column_name => 'deptno',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.partial,
function_parameters => '7,1,5',
expression => '1=1');
END;
/
##Add column
BEGIN DBMS_REDACT.ALTER_POLICY(
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mask_dname',
action => DBMS_REDACT.ADD_COLUMN,
column_name => 'sal',
function_type => DBMS_REDACT.RANDOM,
expression => '1-1');
END;
/
BEGIN DBMS_REDACT.ALTER_POLICY(
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mask_dname',
action => DBMS_REDACT.ADD_COLUMN,
column_name => 'ename',
function_type => DBMS_REDACT.RANDOM,
expression => '1-1');
END;
/
See before/after together:
13:02:44 SQL> /
13:02:44 SQL> /
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20 <=Original
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
13:02:45 SQL> /
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 334 77 <====redact sal and deptno
7499 ALLEN SALESMAN 7698 20-FEB-81 21 300 77
13:04:07 SQL> /
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 8.cLQ CLERK 7902 17-DEC-80 548 77 <====redact ENAME
7499 CgUF} SALESMAN 7698 20-FEB-81 806 300 77
===============================================Drop Policy
Extra: Drop policy (drpol.sql)
BEGIN
DBMS_REDACT.drop_POLICY(
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mask_dname');
END;
/
Historical Post:
==========================
Execute in order in scott schema:
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'dept',
column_name => 'dname',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.full,
function_parameters => '7,1,5',
expression => '1=1');
END;
---connect as scott tiger
select * from scott.dept;
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 NEW YORK
20 DALLAS
30 CHICAGO
40 BOSTON
exec DBMS_REDACT.disable_POLICY (object_schema => 'scott',object_name => 'dept',policy_name => 'mask_dname');
----opp of above
exec DBMS_REDACT.enable_POLICY (object_schema => 'scott',object_name => 'dept',policy_name => 'mask_dname');
------------------
select * from dept;
SQL> /
DEPTNO DNAME LOC
---------- -------------- -----------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
Enable/Disable could be done anytime. Similar call. Policy creation done from system. select executed from scott schema.
Extra: Drop policy
BEGIN
DBMS_REDACT.drop_POLICY(
object_schema => 'scott',
object_name => 'dept',
policy_name => 'mask_dname');
END;
/
Doc link:http://docs.oracle.com/database/121/ARPLS/d_redact.htm#ARPLS73800
Based on environment:(details later)
https://docs.oracle.com/cd/E11882_01/network.112/e40393/redaction_config.htm#ASOAG10635
BEGIN
DBMS_REDACT.ADD_POLICY(
object_schema => 'scott',
object_name => 'dept',
column_name => 'dname',
policy_name => 'mask_dname',
function_type => DBMS_REDACT.full,
function_parameters => '7,1,5',
expression => '1=1');
END;
---connect as scott tiger
select * from scott.dept;
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 NEW YORK
20 DALLAS
30 CHICAGO
40 BOSTON
exec DBMS_REDACT.disable_POLICY (object_schema => 'scott',object_name => 'dept',policy_name => 'mask_dname');
----opp of above
exec DBMS_REDACT.enable_POLICY (object_schema => 'scott',object_name => 'dept',policy_name => 'mask_dname');
------------------
select * from dept;
SQL> /
DEPTNO DNAME LOC
---------- -------------- -----------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
Enable/Disable could be done anytime. Similar call. Policy creation done from system. select executed from scott schema.
Extra: Drop policy
BEGIN
DBMS_REDACT.drop_POLICY(
object_schema => 'scott',
object_name => 'dept',
policy_name => 'mask_dname');
END;
/
Doc link:http://docs.oracle.com/database/121/ARPLS/d_redact.htm#ARPLS73800
Based on environment:(details later)
https://docs.oracle.com/cd/E11882_01/network.112/e40393/redaction_config.htm#ASOAG10635
expression => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''PSMITH'''
expression => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',''SUPERVISOR'') = ''FALSE'''
expression => '1=1' ---no filter
Subscribe to:
Posts (Atom)