Monday, 29 August 2011

EUS-SQL queries

-- Get the database version
select * from v$version;
select * from role_role_privs;
select * from role_tab_privs;

-- Read all global roles present in DB
select role from dba_roles where password_required='GLOBAL';
-- Global roles to local roles mapping
select * from dba_role_privs where grantee in (select role from dba_roles where password_required='GLOBAL');
select * from dba_role_privs where grantee in ('SS_D2DB0156_INTERNAL');

-- Object privileges assigned to the user
desc DBA_TAB_PRIVS;
select * from dba_tab_privs;
select * from dba_tab_privs where grantee='GUSER_SYSDBA_D2DB0156';
select distinct grantee,table_name, privilege from DBA_TAB_PRIVS where grantee in (select granted_role from dba_role_privs where grantee in (select role from dba_roles where password_required='GLOBAL'));
select distinct grantee,table_name, privilege from DBA_TAB_PRIVS where grantee in ('LROLE_EASI_ETL');

-- System Privileges assigned to a user/Role
desc dba_sys_privs;
select * from dba_sys_privs where grantee='NAGS_CONSOLIDATION_SHARED_SCH';
select * from dba_sys_privs where grantee='GROLE_EASI_ETL';

--Grant local role to global role
grant LROLE_EASI_ETL to GROLE_EASI_ETL;

--Grant connect to GUSER_SYSDBA_D2DB0156
grant CONNECT to PROXY_USER_EUSTEST;
grant CREATE TABLE to GLOBAL_EXC_SCHEMA_TEST;

-- Global users/Shared schemas created in DB
select * from dba_users where password='GLOBAL';
select * from dba_users where username='SS_D3DB0156_INTERNAL';
select distinct password from dba_users;

-- Read the roles of the user session
select * from session_roles;
-- Read privileges of the user session
select * from session_privs;

-- Read the schmea user logged into
select sys_context('userenv','db_name'), sys_context('userenv','session_user') from dual;
SELECT sys_context('USERENV', 'CURRENT_SCHEMA') FROM DUAL;

-- Creating exclusive schema
CREATE USER global_exc_schema_test1 IDENTIFIED GLOBALLY;
drop user global_exc_schema_test1;

-- Create proxy user for EUS
CREATE USER proxy_user_eustest identified by abcd1234;
commit;
drop user proxy_user_eustest;

-- Grant connect through enterprise users to proxy user
ALTER USER global_exc_schema_test1 GRANT CONNECT THROUGH ENTERPRISE USERS;
Posted by at No comments:

Saturday, 27 August 2011

SUSE Linux

To install additional rpm's , Insert Disk 1 of the ISO image
1. start -> Yast -> software management
2. Uncheck Name and properties and check "rpm libraries"
3. Search for the rpm, entering the name in search box.
You can see the rpms available. Select the required rpm, click accept and then install the required rpms


To disable firewall in SUSE
1. Login as root
2. Execute "/etc/init.d/SUSEfirewall2 stop"


To check the swap space availabe in SUSE
1. Login as root
2. Execute "swapon -s"


To add extra swap space

a) Login as the root user
b) Type following command to create 512MB swap file (1024 * 512MB = 524288 block size):
# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288
c) Set up a Linux swap area:
# mkswap /swapfile1
d) Activate /swapfile1 swap space immediately:
# swapon /swapfile1
e) To activate /swapfile1 after Linux system reboot, add entry to /etc/fstab file. Open this file using text editor such as vi:
# vi /etc/fstab
Append following line:
/swapfile1 swap swap defaults 0 0
So next time Linux comes up after reboot, it enables the new swap file for you automatically.
g) How do I verify swap is activated or not?
Simply use free command:
$ free -m
Posted by at No comments:

Thursday, 7 July 2011

OID 11g Installation

This post will detail the installation of Oracle Internet Directory 11.1.1.5.0.


Before starting the installation refer to the below links:
1. Link for certification matrix of OFM 11g
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html


2. Pre-requisites for installation of OID:
http://download.oracle.com/docs/html/E18558_01/fusion_requirements.htm#BABEFJBE 


Check these prior to installing OID:
 a) Make sure you have all the OS packages listed in Section 4 are installed. To do so execute:
    #rpm -q rpmName command will print the package name, version and release number of installed package 'pkgName'.


 b) The minimum open file limit required for the installation is 4096. To change open file limit login as root and edit the /etc/security/limits.conf file. Add the following two lines:
* soft  nofile  4096
* hard  nofile  4096
Then reboot the machine




Softwares required for the installation:
1. Oracle Weblogic Server 10.3.5
2. Oracle Database 11.2.0.1.0
3. Oracle Identity Management Installer 11.1.1.0
4. Oracle Identity Management Patchset 11.1.1.5.0


Installation of Oracle Weblogic Server 10.3.4:
 1. Download the software from here  
 2. Execute "wls1035_oepe111172_linux32.bin" file
 3. Specify the path of Middleware Home directory and click on next



 4. Select the Installation Type as Custom and click on next
             
 5. Select the Oracle Coherence component of WLS also and click on next
 6. Select the JDK type and click on next.
7. Give the installation path for Weblogic server and Oracle Coherence and click on Next
8. Installer will show the components to be installed and disk space required. Verify the details and Click Next to continue.
9. Installation progress screen will be shown
10. Click on Done to finish the installation



Posted by at No comments:
Labels:

Wednesday, 22 June 2011

OID-EUS Tips

Database privileges which cannot be assigned directly to roles
  •  Assigning any privilege with “WITH GRANT OPTION”
  •  INDEX privilege 
  •  REFERENCES privilege.
  • SYSDBA

These can be assigned only to users and assigning them to a user in DB and defining proxy for the user worked fine.

We cannot implement SYSDBA privilege for 10g or earlier versions of database through EUS. This feature is introduced in 11g database.
 To implement:
  1. Add the entry "cn=<sid>,cn=OracleContext,dc=com,GLOBAL_ROLE=SYSDBA" similar to other entries in uniquemember attribute of the enterprise role in OID using ldap commands.
 2. Make sure LDAP_DIRECTORY_SYSAUTH parameter is set to YES in the target database where EUS is enabled. This parameter is introduced in 11g and this tells the database to authenticate superuser against directory.
  # Present value of the parameter can be found by:
        sql>select * from v$parameter where name='LDAP_DIRECTORY_SYSAUTH';
 # If the value of this parameter is set to NO, then change the parameter value to YES by running:
        sql> alter system set LDAP_DIRECTORY_SYSAUTH='YES' scope=spfile
        sql> startup force; (to restart database)
PS: LDAP_DIRECTORY_SYSAUTH is not a dynamic parameter, so alter it through spfile and restart the database.
Posted by at No comments:
Subscribe to: Posts (Atom)