Friday, December 4, 2009

Most Popular OTN articles in 2009 - two of my articles on Enterprise Manager

Fellow Readers,

Great News. The Oracle Technology Network (OTN) has just published
the list of Most Popular OTN articles in 2009 and two of my articles
on Enterprise Manager are in the list.

http://blogs.oracle.com/otn/2009/11/the_most_popular_articles_and.html

The OTN is the world's largest community of Developers, DBAs and Architects.
The two articles of mine in the top 10 are:

Oracle RMAN Backups: Pushing the "Easy" Button
Oracle Enterprise Manager Grid Control Architecture for Very Large Sites

Thanks for the tremendous support of the readers on this topic. My aim is to make Grid Control popular among the DBA and IT community, it really is a fantastic product that makes our lives easier.

Regards,

Porus.

2 comments:

Martin Nash said...

Hi Porus,

I have had a read through both of your articles and found them both interesting and informative. However, unless I have missed something obvious there is a misleading section in the RMAN backup article.

The section I refer to is:

create user ops$oracle identified externally;
grant dba to ops$oracle;

I believe this is totally redundant and also gives the impression that being granted the DBA role allows the use of RMAN, which it doesn't as demonstrated below:

C:\Documents and Settings\martinnash>sqlplus mnash as sysdba

SQL*Plus: Release 10.2.0.4.0 - Production on Tue Dec 8 07:09:39 2009

Copyright (c) 1982, 2007, Oracle. All Rights Reserved.

Enter password:

Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

SYS@XE> create user test_user identified by test;

User created.

SYS@XE> grant dba to test_user;

Grant succeeded.

SYS@XE> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

C:\Documents and Settings\martinnash>rman target mnash

Recovery Manager: Release 10.2.0.1.0 - Production on Tue Dec 8 07:11:10 2009

Copyright (c) 1982, 2005, Oracle. All rights reserved.

target database Password:
connected to target database: XE (DBID=2571453084)

RMAN> exit


Recovery Manager complete.

C:\Documents and Settings\martinnash>rman target test_user

Recovery Manager: Release 10.2.0.1.0 - Production on Tue Dec 8 07:11:27 2009

Copyright (c) 1982, 2005, Oracle. All rights reserved.

target database Password:
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-01031: insufficient privileges

The connections through RMAN are via database users, one with SYSDBA and the other with DBA. As you can see the one with SYSDBA (mnash) can connect to the database, but the one with DBA (test_user) cannot.

I suspect that could drop the ops$oracle user in your example and because the oracle user is a member of the OS dba group you would continue to be able to connect to RMAN via OS authentication.

Please let me know if I have overlooked something.

Thanks again for the articles.

Regards,

Martin

Porus Homi Havewala (પોરસ હોમી હવેવાલા) said...

Thanks Martin. The identified externally was used so that a password was not required, and in our case the DBAs were logging in as the oracle user to do all their DBA activities on the server. This itself may not be acceptable to some companies. The login details to RMAN need to be worked out as per the security in place. OPS$ is of course not required any longer.

Disclaimer

Opinions expressed in this blog are entirely the opinions of the writers of this blog, and do not reflect the position of Oracle corporation. No responsiblity will be taken for any resulting effects if any of the instructions or notes in the blog are followed. It is at the reader's own risk and liability.

Blog Archive