3.5 Start up and shutdown an instance -------------------------------- - startup and shutdown steps: nomount, mount open. INIT.ORA file. - THREE STARTUP STAGES a) Startup Nomount The initSID.ora file is read. control files are determined at that time. size of the sga and pga is determined. Instance is started. SGA and background processes initialize. b) Startup Mount Opens control files defining database verifies that the control file is correct. Obtains a global "mount_db" instance lock for database. determines if this is the first instance mounting the database. c) Startup Open Opens "online" or "openable" database files defined in control file. Obtains global "startup" instance lock on the database. Is this the first instance opening this database? Verifies and opens the online redo logs. Instance locks are obtained for each "openable" data file. If first "startup" instance, perform crash recovery on all database files using current logs for all instances. Another instance can not start up during this time. If crash recovery is not possible because it needs older logs, then media recovery is needed and an error is signaled. - SHUTDOWNS: - NORMAL a) stops access to database b) WAIT UNTIL USERS EXIT c) purge cache and redo log, forcing dirty buffers to DB files d) dropping file locks e) update file headers and ongoing transactions are complete f) closes thread g) drops database instance lock. The control file and the database files are synchronized. - IMMEDIATE a) stops access to database b) cancel current calls and rollback c) purge cache and redo log, forcing dirty buffers to DB files d) dropping file locks e) update file headers and ongoing transactions are complete f) closes thread g) dropping database instance lock - ABORT a) stops access to database b) dropping file locks c) dropping instance lock - SQL*DBA or server manager - Altering the database. Changing parameters when database is online. - Restricted sessions. You may want to restrict access to the database during special processing period to allow high profile jobs to have the machines to themselves. A lot of reasons may require restricted access. In Oracle7 you may issue command: alter system enable restricted session; and alter system disable restricted session; DON'T forget to take database out of restricted mode to allow other normal users to work. If the database access was already unrestricted and you issue alter system disable restricted session; command then NO HARM done. - Client/Server Administrator Security - Database connnection security (Oracle7 Server documentation addendum, pp.5-1 - 5-14: - encrypted password for connections to database servers - improved CONNECT INTERNAL - ORA_ENCRYPT_LOGIN (true/false) and DBLINK_ENCRYPT_LOGIN (true/false) - REMOTE_LOGIN_PASSWORDFILE INIT.ORA parameter. - CONNECT / as sysoper - Maintaining a password file - Privileged Administrative Connettions (>= release 7.1) orapwd FILE= PASSWORD= [ENTRIES=n] On some platforms, the name of the password file is derived from the SID. In this case you CAN NOT change the password location. On other platforms the name is stored in environment variable, such as ORA_sid_PWFILE orapwd creates the initial password file and allows to: 1. CONNECT SYS/ AS SYSDBA (offline connection and normal connection to opened DBMS) 2. Allows to add n additional users having SYSOPER or SYSDBA. Such user should be created in usual oracle manner with "CREATE USER IDENTIFIED BY ;" statement and granted with SYSDBA and SYSOPER privileges via GRANT SYSDBA TO or GRANT SYSOPER TO during normal database operationinig in opened mode. Such a granting creates entry for this user in as well as in the data dictionary. After that this user can CONNECT / as {SYSOPER|SYSDBA} internally and perform SARTUP, RECOVERY or other privileged operations. SYSOPER privilege allows to STARTUP, SHUTDOWN, ALTER DATABASE OPEN/MOUNT, ALTER DATABASE ARCHIVELOG, RECOVER and includes RESTRICTED SESSION privilege. SYSDBA privilege contains all system privileges with ADMIN OPTION + SYSOPER + permits CREATE DATABASE and time-based recovery. To use password file from remote location you should set INIT.ORA parameter: REMOTE_LOGIN_PASSWORDFILE={ NONE | EXCLUSIVE | SHARED } EXCLUSVE means that this password can be used with only one database SHARED - with multiple databases and all privileged users MUST connect as SYS with appropriate password. For encrypted connections you should set ORA_ENCRYPT_LOGIN environment to TRUE on client side and DBLINK_ENCRYPT_LOGIN = TRUE (INIT.ORA on server side)