Tuesday, December 3, 2024

Webinar: Unlocking Oracle Database 23c’s Advanced Security Features

 Join this webinar to learn about Oracle Database 23c's most recent security improvements. We'll go over new features including enhanced authentication techniques and encryption, demonstrating how they help safeguard your data and bolster security against changing threats. This webinar is Ideal for database administrators and IT specialists wishing to increase database security.

Date and time: Dec 13th 2024, 8:00am-9:00am
Pacific Daylight Time (San Francisco, GMT-07:00)


This Webinar covers following Topics.
  • SQL Firewall
  • Audit
  • Authentication
  • Authorization
  • Encryption
  • Autonomous Database
  • Other
To register for this Webinar, please send an email to SatishbabuGunukula@gmail.com
Here is the Webinar Meeting Link

Click here to view the Presentation

Thanks & Regards,
http://www.oracleracexpert.com

Tuesday, November 19, 2024

ORA-04031: unable to allocate 12312 bytes of shared memory ("shared pool","unknown object","KKSSP^212","kglseshtTable")

We recently encountered the following error in 19c, which typically occurs when the database needs additional shared memory. In most of the cases setting MAX_SGA_SIZE to a higher value will resolve the issue.

Below are some possible cause
  •  Insufficient memory allocated via initialization parameters
  •  Fragmentation in app design
  •  Auto tuning issues
  •  A Bug causing the issue
  •  Memory leaks
ORA-04031: unable to allocate 12312 bytes of shared memory ("shared pool","unknown object","KKSSP^334","kglseshtTable")
< ORA-00604: error occurred at recursive SQL level 1 < ORA-04031: unable to allocate 40 bytes of shared memory ("shared pool","unknown object","KGLH0^f185eace","kglHeapInitialize:temp")
< ORA-04031: unable to allocate 12312 bytes of shared memory ("shared pool","unknown object","KKSSP^394","kglseshtTable")



The error message will provide the amount of memory unavailable, memory pool facing the issue and failed allocation details
 

I would highly suggest running below query to get the optimal value for SGA_TARGET
Select * from V$SGA_TARGET_ADVICE

Note that in order to initialization parameters to take into effect we need to bounce the instance.

AGLT>oerr ora 04031
04031, 00000, "unable to allocate %s bytes of shared memory (\"%s\",\"%s\",\"%s\",\"%s\")"
// *Cause: More shared memory is needed than was allocated in the shared
// pool or Streams pool.
// *Action: If the shared pool is out of memory, either use the
// DBMS_SHARED_POOL package to pin large packages,
// reduce your use of shared memory, or increase the amount of
// available shared memory by increasing the value of the
// initialization parameters SHARED_POOL_RESERVED_SIZE and
// SHARED_POOL_SIZE.
// If the large pool is out of memory, increase the initialization
// parameter LARGE_POOL_SIZE.
// If the error is issued from an Oracle Streams or XStream process,
// increase the initialization parameter STREAMS_POOL_SIZE or increase
// the capture or apply parameter MAX_SGA_SIZE.
// parameter MAX_SGA_SIZE.

Refer below links for Oracle support notes
  • This Oracle support note provides information about ORA-04031 related bugs and which release they were fixed
OERR: ORA-4031 "unable to allocate %s bytes of shared memory ("%s","%s","%s")" (Doc ID 4031.1)
  • This Oracle note provides detailed troubleshooting and diagnosing details
Troubleshooting and Diagnosing ORA-4031 Error [Video] (Doc ID 396940.1)
  • This Oracle note provides detailed understanding and tuning of the of the shared pool
NOTE:62143.1 - Troubleshooting: Understanding and Tuning the Shared Pool

Thanks & Regards,
https://oracleracexpert.com

Wednesday, September 25, 2024

Annotations in Oracle 23ai

Oracle Database23ai introduced new feature annotations, using this feature user can add additional comments to objects and allow storing database object metadata. It helps to share the metadata across applications.

You can add annotations to any supported schema objects with CREATE privilege and you can add or drop annotations using ALTER privilege, the object can have more than one annotation as well. The supported schema objects include tables, indexes, views, materialized views. An annotation will consist of a name and an optional value, which can be entered as freeform text fields.

You can drop the annotations, or it will be dropped when a schema object is dropped. You can query USER|ALL|DBA_ANNOTATIONS_USAGE to view annotations for an object.

Annotation has three clauses i.e ADD, DROP or REPLACE

ADD – create annotations for an existing object.
DROP – removes the annotation from an object.
REPLACE – change annotation_value. This clause used with ALTER statements.

In below example, we’re adding annotation both table and columns

CREATE TABLE emp (
emp_id number ANNOTATIONS (ColumnInfo ‘Employee ID’),
emp_name varchar2(30) ANNOTATIONS (ColumInfo ‘Employee Name’),
dept varchar2(20) )
ANNOTATIONS ( TableInfo ‘Employee Table’);

SQL> SELECT ANNOTATION_NAME, ANNOTATION_VALUE from USER_ANNOTATIONS_USAGE WHERE Object_Name ='EMP' AND Object_Type = 'TABLE' AND Column_Name IS NULL;

ANNOTATION_NAME ANNOTATION_VALUE
-------------------- --------------------
TABLEINFO Employee Table

You can drop annotation from an existing table using below example
SQL> ALTER TABLE emp ANNOTATIONS (DROP TableInfo);

You can add annotation to the table using below example, note that ADD keyword is optional.
SQL> ALTER TABLE emp ANNOTATIONS (ADD TableInfo ‘Employee Table’);

SQL> SELECT ANNOTATION_NAME, ANNOTATION_VALUE from USER_ANNOTATIONS_USAGE WHERE Object_Name ='EMP' AND Object_Type = 'TABLE' AND Column_Name IS NOT NULL;

ANNOTATION_NAME ANNOTATION_VALUE
-------------------- --------------------
EMP_ID Employee ID
EMP_NAME Employee Name

In below example you can add, replace and drop annotations at column level. Note that ADD keyword is optional.

SQL> ALTER TABLE EMP modify dept ANNOTATIONS (ADD ColumnInfo ‘Dept Name’);
SQL> ALTER TABLE EMP modify dept ANNOTATIONS (REPLACE ColumnInfo ‘Deptartment Name’);
SQL> ALTER TABLE EMP modify dept ANNOTATIONS (DROP ColumnInfo);

Thanks & Regards,
https://oracleracexpert.com

Wednesday, September 4, 2024

Authentication enhancements in Oracle 23c

Oracle 23c offers longer passwords improved security in authentication now supports up to 1024 bytes

• Oracle Data pump Export and import support longer encryption passwords up to 2024 bytes long
• Oracle Call interface (OCI) and Oracle C++ Call interface support up to 1024 bytes long password for user authentication.
• JDBC think driver support up to 1024 characters for password
• Oracle Database (including Autonomous) and clients supports password up to 1024 bytes

You can login into Oracle Database using Microsoft Azure Active Directory single sing-on OAuth2 access token. Multicloud feature integrates Oracle Database and Azure AD and you can perform this integration on

• Oracle 19.16 and later (Back ported) but not for Oracle 21c.
• Oracle Autonomous Database on Dedicated/Shared Exadata Infrastructure
• Oracle Exadata Clod Service
• Oracle Base Database Service

You can map AD users to Oracle Database schema and roles and also you can login ODP.NET can login into Oracle Database Using Microsoft Azure Active Directory. The UTL_HTTP support SHA-256/512 and XDB HTTP supports SHA512, authentication and updated Kerberos Library support.

The password length helps accommodating Oracle Identity Access management (IAM) and Identity Cloud service (IDCS) and helps enabling uniform password rules.

Oracle 23c offers many Improvements in Kerberos security and MIT Kerberos version 1.20.1 supports cross domain, windows credential guard and multiple principals.

KERBEROS5_CC_NAME and KERBEROS5_PRINCIPAL can be specified in tnsnames.ora and the values must match for user authentication.

kuser =
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orahost)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=ORCL))
(SECURITY=(KERBEROS5_CC_NAME = /tmp/kuser/krb.cc) (KERBEROS5_PRINCIPAL = kprinc)))

Kerberos parameters can be specified in Sqlnet.ora file but note that some parameters you can set at server level, and some are at client level and few you can set on both.

You can set below parameters on both client and server

SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle
SQLNET.KERBEROS5_CONF=<Kerberos_configfile_path >
SQLNET.KERBEROS5_CONF_MIT=(TRUE)
SQLNET.FALLBACK_AUTHENTICATION=FALSE
SQLNET.KERBEROS5_CLOCKSKEW=1200

The below parameter is not required on the server, but in case if your client in Microsoft Windows then you may want to consider setting OSMSFT:// or MSLSA
SQLNET.KERBEROS5_CC_NAME= <Kerberos_CC_name_withpath>

This setting is not usually required for the client or the server.
SQLNET.KERBEROS5_REALMS=<Kerberos_realms_path >
Only set this parameter on the server
SQLNET.KERBEROS5_KEYTAB=<Kerberos_keytab_path > 

Thanks & Regards,
https://oracleracexpert.com

Friday, August 30, 2024

Opatch failed with "Make failed to invoke "/usr/bin/make -f ins_net_client.mk client_sharedlib"

I encountered a patch failure while upgrading to Oracle 19.23. I received "Opatch session completed with warnings".

The error clearly indicates that the root cause is a missing "shrept.lst" file.

Make failed to invoke "/usr/bin/make -f ins_net_client.mk client_sharedlib ORACLE_HOME=/oracle/product/19.x.0.0/dbhome_1 OPATCH_SESSION=apply"....'genclntsh: genclntsh: Could not locate /oracle/product/19.x.0.0/dbhome_1/network/admin/shrept.lst

make: *** [ins_net_client.mk:143: client_sharedlib] Error 1
'
Make failed to invoke "/usr/bin/make -f ins_rdbms.mk client_sharedlib ORACLE_HOME=/oracle/product/19.x.0.0/dbhome_1 OPATCH_SESSION=apply"....'genclntsh: genclntsh: Could not locate /oracle/product/19.x.0.0/dbhome_1/network/admin/shrept.lst
make: *** [ins_rdbms.mk:56: client_sharedlib] Error 1
'
Make failed to invoke "/usr/bin/make -f ins_ldap.mk ldapsearch ORACLE_HOME=/oracle/product/19.x.0.0/dbhome_1 OPATCH_SESSION=apply"....'genclntsh: genclntsh: Could not locate /oracle/product/19.x.0.0/dbhome_1/network/admin/shrept.lst

make: *** [/oracle/product/19.x.0.0/dbhome_1/ldap/lib/env_ldap.mk:2474: /oracle/product/19.x.0.0/dbhome_1/lib/libclntsh.so] Error 1
'
The following make actions have failed :

Re-link fails on target "client_sharedlib".
Re-link fails on target "client_sharedlib".
Re-link fails on target "ldapsearch".

Do you want to proceed? [y|n]
y
User Responded with: Y
Patch 36233263 successfully applied.
Sub-set patch [34765931] has become inactive due to the application of a super-set patch [36233263].
Please refer to Doc ID 2161861.1 for any possible further required actions.
OPatch Session completed with warnings.
Log file location: /oracle/product/19.x.0.0/dbhome_1/cfgtoollogs/opatch/opatch2024-08-24_22-25-17PM_1.log

I have reviewed the opatch log file to verify the error and I can see the the same error.

[Aug 24, 2024 11:32:40 PM] [INFO] Deleted the file "/oracle/product/19.x.0.0/dbhome_1/.patch_storage/unzip_action/1723357551241/inventory/Templates/perl/bin/zipdetails"

[Aug 24, 2024 11:32:40 PM] [INFO] --------------------------------------------------------------------------------
[Aug 24, 2024 11:32:40 PM] [INFO] The following warnings have occurred during OPatch execution:
[Aug 24, 2024 11:32:40 PM] [INFO] 1) OUI-67200:Make failed to invoke "/usr/bin/make -f ins_net_client.mk client_sharedlib ORACLE_HOME=/oracle/product/19.x.0.0/dbhome_1 OPATCH_SESSION=apply"....'genclntsh: genclntsh: Could not locate /oracle/product/19.x.0.0/dbhome_1/network/admin/shrept.lst
make: *** [ins_net_client.mk:143: client_sharedlib] Error 1

'
[Aug 24, 2024 11:32:40 PM] [INFO] 4) OUI-67124:Re-link fails on target "client_sharedlib".
Re-link fails on target "client_sharedlib".
Re-link fails on target "ldapsearch".
[Aug 24, 2024 11:32:40 PM] [INFO] --------------------------------------------------------------------------------
[Aug 24, 2024 11:32:40 PM] [SEVERE] OUI-67008:OPatch Session completed with warnings.
[Aug 24, 2024 11:32:40 PM] [INFO] Finishing UtilSession at Sat Aug 24 23:32:40 PDT 2024
[Aug 24, 2024 11:32:40 PM] [INFO] Log file location: /oracle/product/19.x.0.0/dbhome_1/cfgtoollogs/opatch/opatch2024-08-24_22-25-44PM_1.log

we found that shrept.lst file was missing and have rollback the patch using
$ opatch rollback -id <xxxxxx>

We copied the shrept.lst file from another environment, re-applied the patch using "opatch apply," and the process completed successfully without any issues.

Thanks & Regards
https://oracleracexpert.com

Wednesday, July 10, 2024

Column Level Audit in Oracle 23ai

Oracle Database support auditing at column level and Audit actions at column level introduced in Oracle 23ai Database. Using this feature, you can Audit column level for tables and views.

Before Oracle 21c and before you can audit at table level. Oracle deprecated traditional auditing in Oracle 21c, and it is desupported from Oracle 23ai.

In Oracle 23ai user can perform audit actions at individual column level by creating audit policies. You can audit action on a Tableau or view column using “CREATE AUDIT POLICY” Statement

For example,
  • Audit all actions on a table
    SQL> CREATE AUDIT POLICY aud_all_act_emp ACTIONS ALL ON SCOTT.EMP;

When using ACTIONS ALL user should be cautious. Because enabling on an online transaction processing (OLTP) workload. Will lead large number of audit records.
  • Audit action on a column
    SQL> CREATE AUDIT POLICY aud_col_bon_act_emp ACTIONS SELECT (BONOUS) ON                SCOTT.EMP;

Users can query UNIFIED_AUDIT_TRAIL dictionary view to view audit events information

SQL> SELECT OBJECT_NAME,SQL_TEXT FROM UNIFIED_AUDIT_TRAIL WHERE OBJECT_NAME = 'EMP';

OBJECT_NAME     SQL_TEXT
------------------------ ----------------------------------------------------------------
EMP                         SELECT BONUS FROM EMP WHERE EMPNO=123

You can also audit actions on SYS objects using CREATED AUDIT POLICTY statement.

SQL> CREATE AUDIT POLICY aud_col_sys_obje ACTIONS SELECT ON SYS.TABLES;

To audit recursive actions, use ONLY TOPLEVEL clause in the CREATE AUDIT POLICY statement.

User can audit PL/SQL packages, functions, procedures and triggers, pls consider below points
  • You can audit standalone PL/SQL packages, functions and procedures 
  • Auditing a PL/SQL package will audit all functions and procedures within the package. You cannot audit individual producers and functions within the PL/SQL package. 
  • Auditing all executions will enable auditing all triggers, functions and procedures within PL/SQL packages.
  • Auditing EXECUTE operation on a PL/SQL stored procedure or function, will determine the success or failure of the operation auditing purpose.
For a list of Object-level Database action audit options, you can refer Oracle documentation here

Thanks & Regards,
https://oracleracexpert.com

Tuesday, June 4, 2024

Webinar: Oracle Database 23c New Security features

This Webinar helps you to understand Oracle Database 23c new Security features and make use of these cutting edge functionalities.

Date and time: June 14th 2024, 8:00am-9:00am
Pacific Daylight Time (San Francisco, GMT-07:00)

This Webinar covers following Topics.
  • SQL Firewall
  • Audit
  • Authentication
  • Authorization
  • Encryption
  • Autonomous Database
  • Other
To register for this Webinar, please send an email to SatishbabuGunukula@gmail.com
You will receive an email confirmation with meeting link or Webinar link will be posted here.

Note that registrations are limited and first come and first serve basis.

For Zoom Link Click here
For presentation link Click here

Thanks & Regards,
http://www.oracleracexpert.com

Monday, June 3, 2024

The listen port 8080 is already in use by another process using ORDS

I have come across below error when installing ORDS for APEX using 23.x+ version. When you try to bring up the ORDS you may receive the same warning message

/oracle:DBA>ords --config /oracle/ords_conf install

ORDS: Release 23.4 Production on Tue Feb 27 05:42:02 2024
Copyright (c) 2010, 2024, Oracle.
Configuration:
/oracle/ords_conf/

The configuration folder /oracle/ords_conf does not contain any configuration files.

Oracle REST Data Services - Interactive Install

Enter a number to select the type of installation
[1] Install or upgrade ORDS in the database only
[2] Create or update a database pool and install/upgrade ORDS in the database
[3] Create or update a database pool only
Choose [2]:
Enter a number to select the database connection type to use
[1] Basic (host name, port, service name)
[2] TNS (TNS alias, TNS directory)
[3] Custom database URL
Choose [1]:
Enter the database host name [localhost]: orasrv1
Enter the database listen port [1521]:
Enter the database service name [DBA]: ADB
Provide database user name with administrator privileges.
Enter the administrator username: SYS
Enter the database password for SYS AS SYSDBA:
Connecting to database user: SYS AS SYSDBA url: jdbc:oracle:thin:@//orasrv1:1521/ADB

Retrieving information.
Enter the default tablespace for ORDS_METADATA and ORDS_PUBLIC_USER [SYSAUX]: ORDS_DATA

Enter the temporary tablespace for ORDS_METADATA and ORDS_PUBLIC_USER [TEMP]: TEMP

Enter a number to select additional feature(s) to enable:

[1] Database Actions (Enables all features)
[2] REST Enabled SQL and Database API
[3] REST Enabled SQL
[4] Database API
[5] None
Choose [1]:

Enter a number to configure and start ORDS in standalone mode
[1] Configure and start ORDS in standalone mode
[2] Skip
Choose [1]:

Enter a number to select the protocol
[1] HTTP
[2] HTTPS
Choose [1]: 2
Enter the HTTPS port [8443]:
Enter a number to select the certificate type
[1] Use self-signed certificate (generates automatically)
[2] Use my SSL certificate (requires SSL certificate and SSL certificate private key)
Choose [1]:
Enter the SSL hostname: orasrv1
Enter the APEX static resources location: /oracle/apex/images
The setting named: db.connectionType was set to: basic in configuration: default
The setting named: db.hostname was set to: orasrv1 in configuration: default
The setting named: db.port was set to: 1521 in configuration: default
The setting named: db.servicename was set to: ADB in configuration: default
The setting named: plsql.gateway.mode was set to: proxied in configuration: default
The setting named: db.username was set to: ORDS_PUBLIC_USER in configuration: default
The setting named: db.password was set to: ****** in configuration: default
The setting named: feature.sdw was set to: true in configuration: default
The global setting named: database.api.enabled was set to: true
The setting named: restEnabledSql.active was set to: true in configuration: default
The setting named: security.requestValidationFunction was set to: ords_util.authorize_plsql_gateway in onfiguration: default
The global setting named: standalone.https.port was set to: 8443
The global setting named: standalone.https.host was set to: orasrv1
The global setting named: standalone.static.path was set to: /oracle/apex/images/
The global setting named: standalone.static.context.path was set to: /i
The global setting named: standalone.context.path was set to: /ords
The global setting named: standalone.doc.root was set to: /oracle/ords_conf/global/doc_root
2024-02-22T03:00:32.213Z INFO Created folder /oracle/ords/logs
2024-02-22T03:00:32.214Z INFO The log file is defaulted to the current working directory located at /oracle/ords/logs
2024-02-22T03:00:32.432Z INFO Installing Oracle REST Data Services version 23.4.0.r3461619 in NON_CDB
2024-02-22T03:00:33.913Z INFO ... Verified database prerequisites
2024-02-22T03:00:34.311Z INFO ... Created Oracle REST Data Services proxy user
2024-02-22T03:00:34.912Z INFO ... Created Oracle REST Data Services schema
2024-02-22T03:00:35.474Z INFO ... Granted privileges to Oracle REST Data Services
2024-02-22T03:00:39.099Z INFO ... Created Oracle REST Data Services database objects
2024-02-22T03:00:50.174Z INFO Completed installation for Oracle REST Data Services version 23.4.0.r3461619. Elapsed time: 00:00:17.662
2024-02-22T03:00:50.244Z INFO Completed configuring PL/SQL gateway user for Oracle REST Data Services version 23.4.0.r3461619. Elapsed time: 00:00:00.66
2024-02-22T03:00:50.245Z INFO Log file written to /oracle/ords/logs/ords_install_2024-02-22_060032_21483.log
2024-02-22T03:00:50.725Z INFO HTTP and HTTP/2 cleartext listening on host: 0.0.0.0 port: 8080
2024-02-22T03:00:50.726Z INFO HTTPS and HTTPS/2 listening on host: 0.0.0.0 port: 8443
2024-02-22T03:00:50.746Z INFO Disabling document root because the specified folder does not exist: /oracle/ords_conf/global/doc_root
2024-02-22T03:00:50.746Z INFO Default forwarding from / to contextRoot configured.
2024-02-22T03:00:50.803Z SEVERE Could not start Standalone Mode because the listen port: 8080 is already in use by another process. Check if another instance of ords is already running/oracle:DBA>
When
2024-02-22T03:00:50.245Z INFO Log file written to /oracle/ords/logs/ords_install_2024-02-22_060032_21483.log
2024-02-22T03:00:50.725Z INFO HTTP and HTTP/2 cleartext listening on host: 0.0.0.0 port: 8080
2024-02-22T03:00:50.726Z INFO HTTPS and HTTPS/2 listening on host: 0.0.0.0 port: 8443
2024-02-22T03:00:50.746Z INFO Disabling document root because the specified folder does not exist: /oracle/ords_conf/global/doc_root
2024-02-22T03:00:50.746Z INFO Default forwarding from / to contextRoot configured.
2024-02-22T03:00:50.803Z SEVERE Could not start Standalone Mode because the listen port: 8080 is already in use by another process. Check if another instance of ords is already running

/oracle:DBA>ords --config /oracle/ords_conf serve

The main reason for the error is the port 8080 already in use by another processes.

The ports 80 and 8080 are common ports for Web servers (HTTP) to use. First check is ORDS is already running by checking the processes.

$ps -ef |grep ords

If you don’t see any processes, then there might be another processes using the 8080 port and run below command to check the process

$ netstat -lnptu |grep 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN

If you see any processes, you have few options,

1. Check is it safe to kill the application that is using port 8080, unless you know that is this application or processes I don’t recommend this
2. Change the ORDS port to any another port such as 8088

First run the below command to check any value set for

$ords config get standalone.http.port

Cannot get setting standalone.http.port because the setting is not found in database pool default located at /oracle/ords_conf/databases/default

As you see ORDS setting “standalone.http.port” doesn’t have any value set in the config. So we are safe to assign another port

$ords config set standalone.http.port 8081

Now you can try to bring up the ORDS using below command

ords --config /oracle/ords_conf serve

When ORDS processes comes online you should see below message

apped local pools from /oracle/ords_conf/databases:
/ords/ => default => VALID
2024-02-22T07:04:22.648Z INFO Oracle REST Data Services initialized

Saturday, June 1, 2024

Warning When installing ORDS 23.x

When trying to install ORDS I got below message. You will see this message as Oracle recommends using a different configuration folder outside of ORDS.

2024-02-27T01:14:10.925Z INFO        Your configuration folder /oracle/ords is located in ORDS product folder.  Oracle recommends to use a different configuration folder

I have created a folder and resuming the ORDS install and received below warning.

ADB>java -jar ords.war install advanced
Warning: Support for executing: java -jar ords.war has been deprecated.
Please add ords to your PATH and use the ords command instead.
Run the following command to add ords to your PATH:
echo -e 'export PATH="$PATH:/oracle/ords/bin"' >> ~/.bash_profile

Start a new shell to pick up this change.

2024-02-27T01:14:10.925Z INFO Your configuration folder /oracle/ords is located in ORDS product folder. Oracle recommends to use a different configuration folder.


ORDS: Release 23.4 Production on Mon Feb 26 17:14:10 2024
Copyright (c) 2010, 2024, Oracle.

Configuration:
/oracle/ords/

Unknown command: ords install [advanced]


I realized that from ORDS 23.x+ the commands are changed using “java -jar ords.war” has been deprecated.

I would already suggest following Oracle documentation so that you have latest commands and updates.

https://docs.oracle.com/en/database/oracle/apex/index.html

I have come across an issue when using Oracle Java version lower than 11 and the installation fails with an error message.

Error: ORDS requires Java 11 and above to run.
Found Java version 1.

Please set JAVA_HOME to appropriate version and update PATH if necessary.

Make sure you are using Oracle Java version 11, or 17

Thanks
https://oracleracexpert.com

Tuesday, March 5, 2024

Bugs in Oracle Apex 23.2 and ORDS 23.4

I have recently installed Apex 23.2, ORDS 23.4 for POC purpose and come across below issues when working with APEX and ORDS.

Bug: Oracle Apex 23.2 with Interactive Grid

When working with Interactive Grid, the filters saved in the Interactive Grid not displaying correct values. The issue happens intermittently, and filter values change from date to string or filter operators may drop out of the list.

When users working with operators they see inconsistency in the values, which is a big concern.

After research I found that its known issue ang filed bug #36200437

For more detailed info please check below Oracle forum link

BUG in APEX 23.2 Interactive Grid: Multiple Criteria Filter Issue - Oracle Forums

Bug: ORDS 23.4 with PL/SQL

Please see the cause and action for error PLS-00306: wrong number or types of arguments in call to 'string”

Cause: 
This error occurs when the named subprogram call cannot be matched to any declaration for that subprogram name. The subprogram name might be misspelled, a parameter might have the wrong datatype, the declaration might be faulty, or the declaration might be placed incorrectly in the block structure. For example, this error occurs if the built-in square root function SQRT is called with a misspelled name or with a parameter of the wrong datatype.

Action: 
Check the spelling and declaration of the subprogram name. Also confirm that its call is correct, its parameters are of the right datatype, and, if it is not a built-in function, that its declaration is placed correctly in the block structure.

But in my case when working with PL/SQL code users receiving “PLS-00306: wrong number or types of arguments in call”. The same code works after some time, after research found that it’s a known bug.

For more details, please see the below Oracle forums link.

ORDS 23.4 with PL/SQL. PLS-00306: wrong number or types of arguments in call to - Oracle Forums

Hope this helps.

Thanks & Regards.
Satishbabu Gunukula, Oracle ACE Pro

Wednesday, February 7, 2024

SQL Firewall in Oracle 23c

SQL Firewall inspects all incoming statements and ensures only authorized SQL is run and it is embedded in the Oracle Database and unauthorized SQL Statements will be logged and blocked.

SQL firewall provides real-time protection from attacks and mitigate risks from SQL injection attacks, anomalous access, credential abuse or theft. SQL Firewall supports all commands except transaction control commands such as SAVEPOINT, COMMIT, ROLLBACK.

To administer SQL Firewall user must have SQL_FIREWALL_ADMIN role. To query DBA_SQL_FIREWALL* data dictionary the user must have SQL_FIREWALL_VIEWER role

You can Configure SQL Firewall using DBMS_SQL_FIREWALL package or Oracle Data Safe. SQL Firewall can be used in both root and Pluggable Database (PDB)


You can enable SQL Firewall using below command.
SQL> EXEC DBMS_SQL_FIREWALL.ENABLE;

Create and enable SQL Firewall capture for a user using below command

SQL> BEGIN
DBMS_SQL_FIREWALL.CAPTURE_CAPTURE (
Username => ‘SCOTT’
top_level_only => TRUE,
Start_capture => TRUE
);
END;


Enable SQL Firewall Allow List

SQL>BEGIN
DBMS_SQL_FIREWALL.ENABLE_ALLOW_LIST (
username => ‘SCOTT’,
enforce => DBMS_SQL_FIREWALL.ENFORCE_SQL,
block => TRUE );
END;

You can use below commands to START and STOP capture.

SQL> EXEC DBMS_SQL_FIREWALL.START_CAPTURE (‘SCOTT’);
SQL> EXEC DBMS_SQL_FIREWALL.STOP_CAPTURE (‘SCOTT’);

You can generate an allow list using below procedures.

DBMS_SQL_FIREWALL.ADD_ALLOWED_CONTEXT
DBMS_SQL_FIREWALL.DELETE_ALLOWED_CONTEXT
DBMS_SQL_FIREWALL.DELETE_ALLOWED_SQL

The SQL Firewall may generate large volume of capture logs and to minimize performance impact the database memory needs to be sized to handle the load. It is advised to add additional 2GB to LARGE_POOL_SIZE parameter and also it advised to have SGA_TARGET to 8GB or more.

To purge logs you can use below procedure

BEGIN
DBMS_SQL_FIREWALL.PURGE_LOG (
username => ‘SCOTT’,
purge_time => '2024-01-10 12:00:00.00 -08:00',
log_type => 'DBMS_SQL_FIREWALL.ALL_LOGS'
);
END;
/

You can also enable and disable SQL Firewall Trace using below commands. The trace level value should be LOW, HIGH, HIGHEST based upon how much detail tracing you want to have.

-Session level Tracing Enable and Disable
ALTER SESSION SET EVENTS 'TRACE SQL_FIREWALL DISK=trace_level
ALTER SESSION SET EVENTS 'TRACE SQL_FIREWALL OFF

-System Level Tracing Enable and Disable
ALTER SYSTEM SET EVENTS 'TRACE SQL_FIREWALL DISK=trace_level
ALTER SYSTEM SET EVENTS 'TRACE SQL_FIREWALL OFF


You can query below Data Dictionary Views for SQL Firewall protections
DBA_SQL_FIREWALL_ALLOWED_SQL - View shows allowed SQL and Accessed objects
DBA_SQL_FIREWALL_ALLOWED_IP_ADDR – View shows the Users allowed IP address
DBA_SQL_FIREWALL_CAPTURE_LOGS – View shows the Capture log entries
DBA_SQL_FIREWALL_VIOLATIONS – View shows the SQL Firewall Violations

Thanks & Regards
https://oracleracexpert.com
Oracle ACE Pro


Friday, January 5, 2024

Oracle Agile Application or Quick Search performance issue and how to resolve?

When you come across any performance issue on agile first, you need to verify schema integrity by running agile9_check.sql.

The agile9_check.sql it verifies Database Schema version with Agile Schema version, and it MUST match. Also, it validates schema objects against Agile schema version and report any errors or warnings.

You may see ERRORS/WARNINGS
ERROR: Missing or INVALID index (columns) XXXXXXXXX on table XXXXX.
ERROR: Missing or INVALID FTS CTX indexes XXXXXXX.
WARNING: ACTIVITY_BASELINE_XXXXX does not belong to AGILE DB. Please Drop the Table if not required.

In case of any Errors/Warnings you need we need to fix the issue. If you have created any custom objects you will see WARNING that object doesn't  below to Agile DB and you can ignore. 

Once user fix the schema integrity download listFTSInfo.sql and run the script as Agile user and it will generate listFTSInfo_xxxxxxxxxx.log file. You need to search for "029", where it says "List Index Percent of Fragmentation" where you can see the indexes that has fragmentation.

If you see any fragmentation, it will effect Quick search and stuck threads will be generated.

<[STUCK] ExecuteThread: '19' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "1,247" seconds working on the request "Http Request Information: weblogic.servlet.internal.ServletRequestImpl@2f2fb94[GET /Agile/PCMServlet]
", which is more than the configured time (StuckThreadMaxTime) of "1,200" seconds in "server-failure-trigger". Stack trace:
java.net.SocketInputStream.socketRead0(Native Method)


To resolve the issue, Log into sqlplus as agile database user, and run agile_ctx_recreate.sql found under %Oracle_base%\admin\{SID}\create\{agile_schema_username} to rebuild CTX indexes.

Oracle support recommends stopping Agile application, run agile_ctx_recreate.sql and Start the Application.

It is highly advisable to run complie_Invalid_objects.sql, agile9stats.sql to recompile invalid objects and collect stats to improve the performance.

Refer Oracle Agile support doc for Full Text search (FTS) Enablement, synchronization, Indexing and optimization.

Frequently Asked Questions on Agile Product Lifecycle Management (PLM) Full Text Search (FTS) Enablement, Synchronization, Indexing, and Optimization (Doc ID 1503311.1)

For Agile Stuck thread issue, refer below Oracle support Doc ID

Agile Managed Servers Goes to Warning State, Having Stuck Thread at com.agile.cs.query.QuerySessionBean (Doc ID 2919154.1)

Thanks & Regards
https://oracleracexpert.com, Oracle ACE