Fellow Readers,
Great News. The Oracle Technology Network (OTN) has just published
the list of Most Popular OTN articles in 2009 and two of my articles
on Enterprise Manager are in the list.
http://blogs.oracle.com/otn/2009/11/the_most_popular_articles_and.html
The OTN is the world's largest community of Developers, DBAs and Architects.
The two articles of mine in the top 10 are:
Oracle RMAN Backups: Pushing the "Easy" Button
Oracle Enterprise Manager Grid Control Architecture for Very Large Sites
Thanks for the tremendous support of the readers on this topic. My aim is to make Grid Control popular among the DBA and IT community, it really is a fantastic product that makes our lives easier.
Regards,
Porus.
Hi Porus,
ReplyDeleteI have had a read through both of your articles and found them both interesting and informative. However, unless I have missed something obvious there is a misleading section in the RMAN backup article.
The section I refer to is:
create user ops$oracle identified externally;
grant dba to ops$oracle;
I believe this is totally redundant and also gives the impression that being granted the DBA role allows the use of RMAN, which it doesn't as demonstrated below:
C:\Documents and Settings\martinnash>sqlplus mnash as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Tue Dec 8 07:09:39 2009
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Enter password:
Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
SYS@XE> create user test_user identified by test;
User created.
SYS@XE> grant dba to test_user;
Grant succeeded.
SYS@XE> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
C:\Documents and Settings\martinnash>rman target mnash
Recovery Manager: Release 10.2.0.1.0 - Production on Tue Dec 8 07:11:10 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
target database Password:
connected to target database: XE (DBID=2571453084)
RMAN> exit
Recovery Manager complete.
C:\Documents and Settings\martinnash>rman target test_user
Recovery Manager: Release 10.2.0.1.0 - Production on Tue Dec 8 07:11:27 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
target database Password:
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-00554: initialization of internal recovery manager package failed
RMAN-04005: error from target database:
ORA-01031: insufficient privileges
The connections through RMAN are via database users, one with SYSDBA and the other with DBA. As you can see the one with SYSDBA (mnash) can connect to the database, but the one with DBA (test_user) cannot.
I suspect that could drop the ops$oracle user in your example and because the oracle user is a member of the OS dba group you would continue to be able to connect to RMAN via OS authentication.
Please let me know if I have overlooked something.
Thanks again for the articles.
Regards,
Martin
Thanks Martin. The identified externally was used so that a password was not required, and in our case the DBAs were logging in as the oracle user to do all their DBA activities on the server. This itself may not be acceptable to some companies. The login details to RMAN need to be worked out as per the security in place. OPS$ is of course not required any longer.
ReplyDelete