Annotations in Oracle 23ai

Oracle Database23ai introduced new feature annotations, using this feature user can add additional comments to objects and allow storing database object metadata. It helps to share the metadata across applications.

You can add annotations to any supported schema objects with CREATE privilege and you can add or drop annotations using ALTER privilege, the object can have more than one annotation as well. The supported schema objects include tables, indexes, views, materialized views. An annotation will consist of a name and an optional value, which can be entered as freeform text fields.

You can drop the annotations, or it will be dropped when a schema object is dropped. You can query USER|ALL|DBA_ANNOTATIONS_USAGE to view annotations for an object.

Annotation has three clauses i.e ADD, DROP or REPLACE

ADD – create annotations for an existing object.
DROP – removes the annotation from an object.
REPLACE – change annotation_value. This clause used with ALTER statements.

In below example, we’re adding annotation both table and columns

CREATE TABLE emp (
emp_id number ANNOTATIONS (ColumnInfo ‘Employee ID’),
emp_name varchar2(30) ANNOTATIONS (ColumInfo ‘Employee Name’),
dept varchar2(20) )
ANNOTATIONS ( TableInfo ‘Employee Table’);

SQL> SELECT ANNOTATION_NAME, ANNOTATION_VALUE from USER_ANNOTATIONS_USAGE WHERE Object_Name ='EMP' AND Object_Type = 'TABLE' AND Column_Name IS NULL;

ANNOTATION_NAME ANNOTATION_VALUE
-------------------- --------------------
TABLEINFO Employee Table

You can drop annotation from an existing table using below example
SQL> ALTER TABLE emp ANNOTATIONS (DROP TableInfo);

You can add annotation to the table using below example, note that ADD keyword is optional.
SQL> ALTER TABLE emp ANNOTATIONS (ADD TableInfo ‘Employee Table’);

SQL> SELECT ANNOTATION_NAME, ANNOTATION_VALUE from USER_ANNOTATIONS_USAGE WHERE Object_Name ='EMP' AND Object_Type = 'TABLE' AND Column_Name IS NOT NULL;

ANNOTATION_NAME ANNOTATION_VALUE
-------------------- --------------------
EMP_ID Employee ID
EMP_NAME Employee Name

In below example you can add, replace and drop annotations at column level. Note that ADD keyword is optional.

SQL> ALTER TABLE EMP modify dept ANNOTATIONS (ADD ColumnInfo ‘Dept Name’);
SQL> ALTER TABLE EMP modify dept ANNOTATIONS (REPLACE ColumnInfo ‘Deptartment Name’);
SQL> ALTER TABLE EMP modify dept ANNOTATIONS (DROP ColumnInfo);

Thanks & Regards,

https://oracleracexpert.com

Authentication enhancements in Oracle 23c

Oracle 23c offers longer passwords improved security in authentication now supports up to 1024 bytes

• Oracle Data pump Export and import support longer encryption passwords up to 2024 bytes long

• Oracle Call interface (OCI) and Oracle C++ Call interface support up to 1024 bytes long password for user authentication.
• JDBC think driver support up to 1024 characters for password
• Oracle Database (including Autonomous) and clients supports password up to 1024 bytes

You can login into Oracle Database using Microsoft Azure Active Directory single sing-on OAuth2 access token. Multicloud feature integrates Oracle Database and Azure AD and you can perform this integration on

• Oracle 19.16 and later (Back ported) but not for Oracle 21c.
• Oracle Autonomous Database on Dedicated/Shared Exadata Infrastructure
• Oracle Exadata Clod Service
• Oracle Base Database Service

You can map AD users to Oracle Database schema and roles and also you can login ODP.NET can login into Oracle Database Using Microsoft Azure Active Directory. The UTL_HTTP support SHA-256/512 and XDB HTTP supports SHA512, authentication and updated Kerberos Library support.

The password length helps accommodating Oracle Identity Access management (IAM) and Identity Cloud service (IDCS) and helps enabling uniform password rules.

Oracle 23c offers many Improvements in Kerberos security and MIT Kerberos version 1.20.1 supports cross domain, windows credential guard and multiple principals.

KERBEROS5_CC_NAME and KERBEROS5_PRINCIPAL can be specified in tnsnames.ora and the values must match for user authentication.

kuser =
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orahost)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=ORCL))
(SECURITY=(KERBEROS5_CC_NAME = /tmp/kuser/krb.cc) (KERBEROS5_PRINCIPAL = kprinc)))

Kerberos parameters can be specified in Sqlnet.ora file but note that some parameters you can set at server level, and some are at client level and few you can set on both.

You can set below parameters on both client and server

SQLNET.AUTHENTICATION_SERVICES=(KERBEROS5)

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE=oracle

SQLNET.KERBEROS5_CONF=<Kerberos_configfile_path >

SQLNET.KERBEROS5_CONF_MIT=(TRUE)

SQLNET.FALLBACK_AUTHENTICATION=FALSE

SQLNET.KERBEROS5_CLOCKSKEW=1200

The below parameter is not required on the server, but in case if your client in Microsoft Windows then you may want to consider setting OSMSFT:// or MSLSA

SQLNET.KERBEROS5_CC_NAME= <Kerberos_CC_name_withpath>

This setting is not usually required for the client or the server.

SQLNET.KERBEROS5_REALMS=<Kerberos_realms_path >

Only set this parameter on the server

SQLNET.KERBEROS5_KEYTAB=<Kerberos_keytab_path > 

Thanks & Regards,

https://oracleracexpert.com