<< 返回文章列表
Oracle 20c 不再支持特性:传统审计不支持 统一审计(Unified Auditing)成主流
2020年4月22日
盖国强
167
墨天轮原文链接:https://www.modb.pro/db/21964
在 Oracle 20c 中,传统审计(Traditional Auditing)不再支持,统一审计(Unified Auditing)成为主流。
官方文档的说明如下:
Deprecated Features: The following features are deprecated in this release. Traditional auditing Starting in Oracle Database 20c, traditional auditing is deprecated. Oracle recommends that you use unified auditing, which enables selective and more effective auditing inside Oracle Database.
统一审计是 Oracle Database 12c 推出的一套全新的审计架构,通过利用策略和条件在 Oracle 数据库内部有选择地执行有效的审计。新架构将现有审计跟踪统一为单一审计跟踪,从而简化了管理,提高了数据库生成的审计数据的安全性。
统一审计可以通过 V$OPTION 视图查询其是否启用:
SQL> SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing'; VALUE ---------------------------------------------------------------- FALSE
注意:由于 Bug 的影响,即使完全的统一审计有效的情况下, V$OPTION 的 Unified Auditing 行也表示为 FALSE 。
如果没有启用该特性,可以通过如下方式启用:
[oracle@enmotech 20c]$ cd $ORACLE_HOME/rdbms/lib [oracle@enmotech lib]$ make -f ins_rdbms.mk uniaud_on ioracle /usr/bin/ar cr /opt/oracle/20c/rdbms/lib/libknlopt.a /opt/oracle/20c/rdbms/lib/kzaiang.o chmod 755 /opt/oracle/20c/bin - Linking Oracle rm -f /opt/oracle/20c/rdbms/lib/oracle /opt/oracle/20c/bin/orald -o /opt/oracle/20c/rdbms/lib/oracle -m64 -z noexecstack -Wl,--disable-new-dtags -L/opt/oracle/20c/rdbms/lib/ -L/opt/oracle/20c/lib/ -L/opt/oracle/20c/lib/stubs/ -Wl,-E /opt/oracle/20c/rdbms/lib/opimai.o /opt/oracle/20c/rdbms/lib/ssoraed.o /opt/oracle/20c/rdbms/lib/ttcsoi.o -Wl,--whole-archive -lperfsrv -Wl,--no-whole-archive /opt/oracle/20c/lib/nautab.o /opt/oracle/20c/lib/naeet.o /opt/oracle/20c/lib/naect.o /opt/oracle/20c/lib/naedhs.o /opt/oracle/20c/rdbms/lib/config.o -ldmext -lserver -loraodm -lofs -lcellst -lnnet -lskgxp -lsnls -lnls -lcore -lsnls -lnls -lcore -lsnls -lnls -lxml -lcore -lunls -lsnls -lnls -lcore -lnls -lclient -lvsnst -lcommon -lgeneric -lknlopt -loraolap -lskjcx -lslax -lpls -lrt -lplp -ldmext -lserver -lclient -lvsnst -lcommon -lgeneric `if [ -f /opt/oracle/20c/lib/libavserver.a ] ; then echo "-lavserver" ; else echo "-lavstub"; fi` `if [ -f /opt/oracle/20c/lib/libavclient.a ] ; then echo "-lavclient" ; fi` -lknlopt -lslax -lpls -lrt -lplp -ljavavm -lserver -lwwg `cat /opt/oracle/20c/lib/ldflags` -lncrypt -lnsgr -ln -lnl -lngsmshd -lnro `cat /opt/oracle/20c/lib/ldflags` -lncrypt -lnsgr -ln -lnl -lngsmshd -lnnzst -lzt -lztkg -lmm -lsnls -lnls -lcore -lsnls -lnls -lcore -lsnls -lnls -lxml -lcore -lunls -lsnls -lnls -lcore -lnls -lztkg `cat /opt/oracle/20c/lib/ldflags` -lncrypt -lnsgr -ln -lnl -lngsmshd -lnro `cat /opt/oracle/20c/lib/ldflags` -lncrypt -lnsgr -ln -lnl -lngsmshd -lnnzst -lzt -lztkg -lsnls -lnls -lcore -lsnls -lnls -lcore -lsnls -lnls -lxml -lcore -lunls -lsnls -lnls -lcore -lnls `if /usr/bin/ar tv /opt/oracle/20c/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo -lserver"; fi` -L/opt/oracle/20c/lib/ -lctxc -lctx -lzx -lgx -lctx -lzx -lgx -lclscest -loevm -lclsra -ldbcfg -lhasgen -lskgxn2 -lnnzst -lzt -lxml -lgeneric -locr -locrb -locrutl -lhasgen -lskgxn2 -lnnzst -lzt -lxml -lgeneric -lcell -lgeneric -lorazip -loraz -llzopro5 -lorabz2 -lorazstd -loralz4 -lipp_z -lipp_bz2 -lippdc -lipps -lippcore -lippcp -lsnls -lnls -lcore -lsnls -lnls -lcore -lsnls -lnls -lxml -lcore -lunls -lsnls -lnls -lcore -lnls -lsnls -lunls -llxled -lsnls -lnls -lcore -lsnls -lnls -lcore -lsnls -lnls -lxml -lcore -lunls -lsnls -lnls -lcore -lnls -lasmclnt -lcommon -lcore -ledtn -laio -lons -lmql1 -lipc1 -lmql1 -lipc1 -lfthread `cat /opt/oracle/20c/lib/sysliblist` -Wl,-rpath,/opt/oracle/20c/lib -lm `cat /opt/oracle/20c/lib/sysliblist` -ldl -lm -L/opt/oracle/20c/lib `test -x /usr/bin/hugeedit -a -r /usr/lib64/libhugetlbfs.so && test -r /opt/oracle/20c/rdbms/lib/shugetlbfs.o && echo -Wl,-zcommon-page-size=2097152 -Wl,-zmax-page-size=2097152 -lhugetlbfs` rm -f /opt/oracle/20c/bin/oracle mv /opt/oracle/20c/rdbms/lib/oracle /opt/oracle/20c/bin/oracle chmod 6751 /opt/oracle/20c/bin/oracle (if [ ! -f /opt/oracle/20c/bin/crsd.bin ]; then \ getcrshome="/opt/oracle/20c/srvm/admin/getcrshome" ; \ if [ -f "$getcrshome" ]; then \ crshome="`$getcrshome`"; \ if [ -n "$crshome" ]; then \ if [ $crshome != /opt/oracle/20c ]; then \ oracle="/opt/oracle/20c/bin/oracle"; \ $crshome/bin/setasmgidwrap oracle_binary_path=$oracle; \ fi \ fi \ fi \ fi\ );
现在来看:
[oracle@enmotech lib]$ sqlplus / as sysdba SQL*Plus: Release 20.0.0.0.0 - Production on Mon Feb 17 09:16:03 2020 Version 20.2.0.0.0 Copyright (c) 1982, 2020, Oracle. All rights reserved. Connected to an idle instance. SQL> startup ORACLE instance started. Total System Global Area 788529032 bytes Fixed Size 9572232 bytes Variable Size 515899392 bytes Database Buffers 260046848 bytes Redo Buffers 3010560 bytes Database mounted. Database opened. SQL> SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing'; VALUE ---------------------------------------------------------------- TRUE
禁用该功能,则需要反向操作:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk uniaud_off ioracle
通过 audit_unified_enabled_policies 可以查询数据库中启用的审计策略:
SQL> select * from audit_unified_enabled_policies; POLICY_NAME ENABLED_OPTION ENTITY_NAME ENTITY_ SUC FAI ------------------------------ --------------- ------------------------------ ------- --- --- ORA_SECURECONFIG BY USER ALL USERS USER YES YES ORA_LOGON_FAILURES BY USER ALL USERS USER NO YES
通过统一审计功能 - unified auditing, 可以收集来自不同操作的审计信息,包括:
Fine-grained audit records from the DBMS_FGA PL/SQL package Oracle Database Real Application Security audit records Oracle Recovery Manager audit records Oracle Database Vault audit records Oracle Label Security audit records Oracle Machine Learning for SQL records Oracle Data Pump Oracle SQL*Loader Direct Load
审计信息记录在SYSAUX表空间的 AUDSYS 模式下,通过一个只读表 AUD$UNIFIED 存储 , 数据字典视图 UNIFIED_AUDIT_TRAIL 也可以用于查询,该字典还集合了 X$UNIFIED_AUDIT_TRAIL 的当前信息, 角色 AUDIT_ADMIN 和 AUDIT_VIEWER 用于控制权限。
SQL> select OWNER,SEGMENT_NAME,SEGMENT_TYPE,PARTITION_NAME,bytes/1024/1024 "MB" 2 from dba_segments where OWNER='AUDSYS'; OWNER SEGMENT_NAME SEGMENT_TYPE PARTITION_NAME MB ---------- ------------------------------ -------------------- ------------------------------ ---------- AUDSYS AUD$UNIFIED TABLE PARTITION SYS_P301 .1875 AUDSYS SYS_IL0000019480C00097$$ INDEX PARTITION SYS_IL_P307 .0625 AUDSYS SYS_IL0000019480C00031$$ INDEX PARTITION SYS_IL_P305 .0625 AUDSYS SYS_IL0000019480C00030$$ INDEX PARTITION SYS_IL_P303 .0625 AUDSYS SYS_LOB0000019480C00030$$ LOB PARTITION SYS_LOB_P302 .25 AUDSYS SYS_LOB0000019480C00031$$ LOB PARTITION SYS_LOB_P304 .25 AUDSYS SYS_LOB0000019480C00097$$ LOB PARTITION SYS_LOB_P306 .25
这个特性的好处是:你不再需要担心 aud$ 占用大量空间了:
SQL> select count(*) from aud$; COUNT(*) ---------- 0
记录一下我的当前数据库的统一审计信息:
SQL> select action_name,sql_text from unified_audit_trail; ACTION_NAME SQL_TEXT ------------------------------ -------------------------------------------------------------------------------- LOGON CONNECT STARTUP STARTUP LOGON SELECT SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA, S ALTER DATABASE ALTER DATABASE MOUNT LOGOFF LOGON ALTER TABLE ALTER TABLE ts_set_table ADD CONSTRAINT ts_set_ts FOREIGN KEY (tablespace_nam ALTER TABLE ALTER TABLE ts_set_table ADD CONSTRAINT ts_set_gt FOREIGN KEY (table_obj#) ALTER TABLE alter table XDB.XDB$RESOURCE add (ref(xmldata.XMLREF) with rowid) ALTER TABLE alter table XDB.XDB$RESOURCE add (ref(xmldata.XMLREF) allow primary key) ALTER TABLE alter table xdb.xdb$tsetmap add constraint xdb$tsetmap_uniq1 unique (guid, ALTER TABLE ALTER TABLE "XDB"."XDB$SCHEMA" ADD (acloid RAW(16), ownerid RAW(16)) ALTER TABLE ALTER TABLE "XDB"."XDB$ACL" ADD (acloid RAW(16), ownerid RAW(16)) ALTER TABLE ALTER TABLE vncr ADD CONSTRAINT pk_vncr primary key(hostid) ALTER TABLE ALTER TABLE vncr ADD CONSTRAINT vncr_name UNIQUE(name) ALTER TABLE ALTER TABLE shard_space ADD CONSTRAINT ss_in_pool FOREIGN KEY (database_pool) ALTER TABLE ALTER TABLE broker_configs ADD CONSTRAINT bk_in_shardspace FOREIGN KEY (shard ALTER TABLE ALTER TABLE shard_group ADD CONSTRAINT sg_in_region FOREIGN KEY (region_num) ALTER TABLE ALTER TABLE shard_group ADD CONSTRAINT sg_in_shardspace FOREIGN KEY (shardspa ALTER TABLE ALTER TABLE DATABASE ADD CONSTRAINT in_vncr FOREIGN KEY (hostid) REFERENCE ALTER TABLE ALTER TABLE DATABASE ADD CONSTRAINT in_shardgroup FOREIGN KEY (shardgroup_id) ALTER TABLE ALTER TABLE DATABASE ADD CONSTRAINT in_drset FOREIGN KEY (drset_number) RE ALTER TABLE ALTER TABLE DATABASE ADD CONSTRAINT in_shardspace FOREIGN KEY (shardspace_id) ALTER TABLE ALTER TABLE database ADD CONSTRAINT name_unique UNIQUE(name) ALTER TABLE ALTER TABLE database ADD CONSTRAINT in_container FOREIGN KEY (container) R ALTER TABLE ALTER TABLE shardkey_columns ADD CONSTRAINT sc_in_family FOREIGN KEY (family_ ALTER TABLE ALTER TABLE service ADD CONSTRAINT in_family FOREIGN KEY (table_family) RE ALTER TABLE ALTER TABLE service_preferred_available ADD constraint fk_db_spa foreign key( ALTER TABLE ALTER TABLE service_preferred_available ADD constraint pk_spa primary key( ALTER TABLE ALTER TABLE service_preferred_available ADD constraint fk_sp_spa foreign k ALTER TABLE ALTER TABLE service_preferred_available ADD constraint spa_in_pool foreign ke ALTER TABLE ALTER TABLE catalog_requests ADD CONSTRAINT cr_dbsrc FOREIGN KEY (source_db) ALTER TABLE ALTER TABLE catalog_requests ADD CONSTRAINT cr_dbtrgt FOREIGN KEY (target_db) ALTER TABLE ALTER TABLE catalog_requests ADD CONSTRAINT cr_database FOREIGN KEY (exec_db) ALTER TABLE ALTER TABLE chunks ADD CONSTRAINT chunk_shardspace FOREIGN KEY (shardspace_id ALTER TABLE ALTER TABLE all_chunks ADD CONSTRAINT allchunk_shardspace FOREIGN KEY (shards ALTER TABLE ALTER TABLE chunk_loc ADD CONSTRAINT cl_database FOREIGN KEY (database_num) ALTER TABLE ALTER TABLE chunk_loc ADD CONSTRAINT cl_shardgroup FOREIGN KEY (shardgroup_id ALTER TABLE ALTER TABLE chunk_loc ADD CONSTRAINT cl_shardspace FOREIGN KEY (shardspace_id ALTER TABLE ALTER TABLE chunk_loc ADD CONSTRAINT cl_chunk FOREIGN KEY (chunk_number, shar ALTER TABLE ALTER TABLE partition_set ADD CONSTRAINT ps_family FOREIGN KEY (family_id) ALTER TABLE ALTER TABLE tablespace_set ADD CONSTRAINT ts_family FOREIGN KEY (family_id) ALTER TABLE ALTER TABLE tablespace_set ADD CONSTRAINT ts_partset FOREIGN KEY (partition_s ALTER TABLE ALTER TABLE shard_ts ADD CONSTRAINT sts_ts FOREIGN KEY (tablespace_set) RE ALTER TABLE ALTER TABLE global_table ADD CONSTRAINT gt_family FOREIGN KEY (family_id)
ALTER TABLE alter table wmsys.wm$ric_table add constraint wm$ric_pk primary key (ct_owner, r ALTER TABLE alter table wmsys.wm$ric_triggers_table add constraint wm$ric_triggers_pk primar ALTER TABLE alter table wmsys.wm$insteadof_trigs_table add constraint wm$insteadof_trigs_pk ALTER TABLE alter table wmsys.wm$workspaces_table add constraint wm$workspaces_pk primary ke ALTER TABLE alter table wmsys.wm$version_table add constraint wm$version_pk primary key (wor ALTER TABLE alter table wmsys.wm$version_hierarchy_table add constraint wm$version_hierarchy ALTER TABLE alter table wmsys.wm$versioned_tables add constraint wm$versioned_tables__pk pri ALTER TABLE alter table wmsys.wm$workspace_sessions_table add constraint wm$workspace_sessio ALTER TABLE alter table wmsys.wm$workspace_savepoints_table add constraint wm$workspace_save ALTER TABLE alter table wmsys.wm$modified_tables add constraint modified_tables_pk primary k ALTER TABLE alter table wmsys.wm$udtrig_info add constraint wm$udtrig_info_pk primary key (t ALTER TABLE alter table wmsys.wm$udtrig_dispatch_procs add constraint wm$udtrig_dispatch_pro ALTER TABLE alter table wmsys.wm$resolve_workspaces_table add constraint wm$resolve_workspac ALTER TABLE alter table wmsys.wm$vt_errors_table add constraint wm$vt_errors_pk primary key ALTER TABLE alter table wmsys.wm$env_vars add constraint wm$env_vars_pk primary key (name) ALTER TABLE alter table WMSYS.WM$workspaces_table modify freeze_mode varchar2(20) ALTER TABLE alter table WMSYS.WM$workspaces_table add freeze_owner varchar2(30) ALTER TABLE alter table WMSYS.WM$workspaces_table add session_duration integer ALTER TABLE alter table WMSYS.WM$versioned_tables add (sitesList varchar2(4000)) ALTER TABLE alter table WMSYS.WM$versioned_tables add(repSiteCount integer default 0) ALTER TABLE alter table wmsys.wm$nested_columns_table add constraint wm$nested_columns_pk pr ALTER TABLE alter table WMSYS.WM$workspaces_table add(implicit_sp_cnt integer default 0) ALTER TABLE alter table wmsys.wm$constraints_table add constraint wm$constraints_table_pk pr ALTER TABLE alter table wmsys.wm$hint_table add constraint hint_table_unq1 unique(hint_id, o ALTER TABLE alter table WMSYS.WM$udtrig_info rename column trig_type to trig_flag ALTER TABLE alter table WMSYS.WM$udtrig_info add (event_flag integer) ALTER TABLE alter table WMSYS.WM$udtrig_info add (tmp_flag integer) ALTER TABLE alter table WMSYS.WM$udtrig_info modify (trig_flag integer) ALTER TABLE alter table WMSYS.WM$udtrig_info drop (tmp_flag, TAB_MERGE_WO_REMOVE_COL, TAB_ME ALTER TABLE alter table WMSYS.WM$udtrig_dispatch_procs add (trig_flag integer) ALTER TABLE alter table WMSYS.WM$udtrig_dispatch_procs drop (bir_flag, air_flag, bur_flag, a ALTER TABLE alter table WMSYS.WM$env_vars add (hidden integer default 0) ALTER TABLE alter table wmsys.wm$constraints_table drop constraint wm$constraints_table_pk ALTER TABLE alter table wmsys.wm$constraints_table add constraint wm$constraints_table_pk pr ALTER TABLE alter table wmsys.WM$RIC_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$RIC_TRIGGERS_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$WORKSPACES_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$VERSION_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$VERSION_HIERARCHY_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$VERSIONED_TABLES drop primary key drop index ALTER TABLE alter table wmsys.WM$SYSPARAM_ALL_VALUES drop primary key drop index ALTER TABLE alter table wmsys.WM$WORKSPACE_SAVEPOINTS_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$MODIFIED_TABLES drop primary key drop index ALTER TABLE alter table wmsys.WM$UDTRIG_DISPATCH_PROCS drop primary key drop index ALTER TABLE alter table wmsys.WM$RESOLVE_WORKSPACES_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$VT_ERRORS_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$ENV_VARS drop primary key drop index ALTER TABLE alter table wmsys.WM$REPLICATION_TABLE drop primary key drop index ALTER TABLE alter table wmsys.WM$NESTED_COLUMNS_TABLE drop primary key drop index ALTER TABLE alter table WMSYS.WM$versioned_tables add (bl_workspace varchar2(30)) ALTER TABLE alter table WMSYS.WM$versioned_tables add (bl_version integer) ALTER TABLE alter table WMSYS.WM$workspaces_table add (cr_status varchar2(20)) ALTER TABLE alter table WMSYS.WM$workspaces_table add (sync_parver integer) ALTER TABLE alter table WMSYS.WM$workspaces_table add (last_change date default sysdate) ALTER TABLE alter table WMSYS.WM$workspaces_table add (depth integer) ALTER TABLE alter table WMSYS.WM$version_table add (anc_depth integer) ALTER TABLE alter table wmsys.wm$sysparam_all_values add constraint wm$env_sys_pk primary ke ALTER TABLE alter table WMSYS.WM$udtrig_info add ( internal_type varch
ALTER TABLE alter table WMSYS.WM$workspaces_table add (mp_root varchar2(30) default null) ALTER TABLE alter table WMSYS.WM$version_table add (refCount integer default 1) ALTER TABLE alter table wmsys.wm$mp_parent_workspaces_table add constraint wm$mp_parent_pk p ALTER TABLE alter table wmsys.wm$mp_graph_workspaces_table add constraint wm$mp_graph_worksp ALTER TABLE alter table wmsys.wm$workspaces_table add constraint workspace_lock_id_unq uniqu ALTER TABLE alter table WMSYS.WM$udtrig_info add(TABLE_IMPORT_COL varchar2(4) default 'ON') ALTER TABLE alter table WMSYS.WM$constraints_table modify (search_condition clob) ALTER TABLE alter table WMSYS.WM$udtrig_info modify (trig_code clob) ALTER TABLE alter table wmsys.wm$replication_table add (isWriterSite varchar2(1)) ALTER TABLE alter table WMSYS.WM$versioned_tables add(validTime integer default 0) ALTER TABLE alter table WMSYS.WM$versioned_tables add (initVTRange wmsys.wm_period) ALTER TABLE alter table wmsys.wm$replication_table add (status varchar2(1) default 'E') ALTER TABLE alter table wmsys.wm$adt_func_table add constraint wm$adt_func_tab_pk primary ke ALTER TABLE alter table wmsys.wm$log_table add constraint log_tab_pk primary key(group#, ord ALTER TABLE alter table wmsys.wm$removed_workspaces_table add constraint removed_workspaces_ ALTER TABLE ALTER TABLE "XDB"."XDB$RESCONFIG" ADD (acloid RAW(16), ownerid RAW(16)) ALTER TABLE alter table xdb.xdb$resconfig add (refcount number default 0) ALTER TABLE alter table xdb.xdb$dxptab add (tablespace varchar2(128)) ALTER TABLE alter table xdb.xdb$dxptab add (table_attrs varchar2(4000)) ALTER TABLE alter table xdb.xdb$dxptab add (nbpendtabobj# number) ALTER TABLE alter table xdb.xdb$dxptab add (nberrtabobj# number) ALTER TABLE ALTER TABLE "XDB"."XDB$STATS" ADD (acloid RAW(16), ownerid RAW(16)) ALTER TABLE ALTER TABLE "XDB"."XDB$CONFIG" ADD (acloid RAW(16), ownerid RAW(16)) ALTER TABLE alter table XDB.JSON$COLLECTION_METADATA add constraint JSON$COLLECTI
ontainer_data=all for "PUBLIC".gv$wlm_db_mode ALTER USER alter user gsmadmin_internal set container_data = all for cdb_services containe ALTER USER alter user gsmadmin_internal set container_data = all for "PUBLIC".gv$active_se ALTER USER alter user "DBSNMP" account lock ALTER USER alter user "APPQOSSYS" account lock ALTER USER alter user "GSMCATUSER" account lock ALTER USER alter user "DBSFWUSER" account lock ALTER USER alter user "SYSBACKUP" account lock ALTER USER alter user "REMOTE_SCHEDULER_AGENT" account lock ALTER USER alter user "GGSYS" account lock ALTER USER alter user "ANONYMOUS" password expire account lock ALTER USER alter user "GSMUSER" account lock ALTER USER alter user "GSMROOTUSER" account lock ALTER USER alter user "AUDSYS" account lock ALTER USER alter user "GSMADMIN_INTERNAL" account lock ALTER USER alter user "SYSKM" account lock ALTER USER alter user "DGPDB_INT" account lock ALTER USER alter user "OUTLN" account lock ALTER USER alter user "SYS$UMF" account lock ALTER USER alter user "ORACLE_OCM" account lock ALTER USER alter user "XDB" account lock ALTER USER alter user "WMSYS" account lock ALTER USER alter user "SYSDG" account lock CREATE ROLE CREATE ROLE ggsys_role CREATE ROLE CREATE role xdbadmin CREATE ROLE create role OEM_ADVISOR CREATE ROLE create role OEM_MONITOR CREATE ROLE CREATE ROLE gsmadmin_role CREATE ROLE CREATE ROLE gsm_pooladmin_role CREATE ROLE CREATE ROLE gds_catalog_select CREATE ROLE create role wm_admin_role CREATE ROLE create role XDB_SET_INVOKER CREATE ROLE create role authenticatedUser CREATE ROLE create role XDB_WEBSERVICES CREATE ROLE create role XDB_WEBSERVICES_WITH_PUBLIC CREATE ROLE create role XDB_WEBSERVICES_OVER_HTTP CREATE ROLE create role SODA_APP CREATE ROLE CREATE ROLE datapatch_role CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XMLDIR AS '/opt/oracle/20c/rdbms/xml' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY ORACLE_OCM_CONFIG_DIR AS '/scratch/app/user/homes/Or CREATE DIRECTORY CREATE OR REPLACE DIRECTORY ORACLE_OCM_CONFIG_DIR2 AS '/scratch/app/user/homes/O CREATE DIRECTORY CREATE OR REPLACE directory opatch_log_dir AS '/scratch/app/user/homes/OraDB20Ho CREATE DIRECTORY CREATE OR REPLACE directory opatch_script_dir AS '/opt/oracle/20c/QOpatch' CREATE DIRECTORY CREATE OR REPLACE directory opatch_inst_dir AS '/opt/oracle/20c/OPatch' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' CREATE DIRECTORY CREATE OR REPLACE DIRECTORY XSDDIR AS '/opt/oracle/20c/rdbms/xml/schema' ALTER PLUGGABLE DATABASE alter pluggable database application app$cdb$pdbonly$ncdbtopdb end upgrade ALTER PLUGGABLE DATABASE alter pluggable database application app$cdb$pdbonly$ncdbtopdb purge ALTER PLUGGABLE DATABASE alter pluggable database application app$cdb$pdbonly$ncdbtopdb begin install '1. ALTER PLUGGABLE DATABASE alter pluggable database close immediate instances=all ALTER PLUGGABLE DATABASE alter pluggable database open upgrade ALTER PLUGGABLE DATABASE alter pluggable database application app$cdb$pdbonly$ncdbtopdb end install ALTER PLUGGABLE DATABASE alter pluggable database application app$cdb$pdbonly$ncdbtopdb begin upgrade to ALTER PLUGGABLE DATABASE ALTER PLUGGABLE DATABASE close immediate instances=all ALTER PLUGGABLE DATABASE ALTER PLUGGABLE DATABASE OPEN ALTER PLUGGABLE DATABASE alter pluggable database pdb$seed close ALTER PLUGGABLE DATABASE alter pluggable database pdb$seed open ALTER AUDIT POLICY ALTER AUDIT POLICY ORA_SECURECONFIG ADD ACTIONS EXECUTE ON remote_scheduler_ag
AUDIT 让数据库安全起来!