Don’t just grow your TEMP tablespace, examine it!

Recently I was facing a problem not unusual in high-throughput Oracle databases… a full TEMP tablespace. I’ve run into this before and it can be frustrating trying to determine where all the space went. In this case we are using a 6 gig temporary tablespace and for some reason it was full.

Well, all the gorey details aside, one thing that helped me determine what was going on was this tip from Oracle which contains code to examine who is using your temporary tablespace up.

By running the following command (reprinted here for easy reference and because there are nasty line breaks on Oracle’s site) you get a fairly good idea of the usage of temporary space by tablespace, username and amount used.

set pagesize 10000
set linesize 133
column tablespace format a15 heading 'Tablespace Name'
column segfile# format 9,999 heading 'File|ID'
column spid format 9,999 heading 'Unix|ID'
column segblk# format 999,999,999 heading 'Block|ID'
column size_mb format 999,999,990.00 heading "Mbytes|Used"
column username format a15
column program format a15

select b.tablespace, b.segfile#, b.segblk#,
round(((b.blocks*p.value)/1024/1024),2) size_mb,
a.sid, a.serial#, a.username, a.osuser, a.program, a.status
from v$session a, v$sort_usage b, v$process c, v$parameter p
where p.name='db_block_size' and a.saddr = b.session_addr
and a.paddr=c.addr
order by b.tablespace,b.segfile#,b.segblk#,b.blocks;

While I consider rewriting this into a somewhat more palatable form, on the occasion that I need this I don’t typically care about nice formatting… I just want the numbers in a hurry.

To clear up unused TEMP space Oracle also recommends running this as sysdba:

alter tablespace temp default storage(pctincrease 0);

oracle, dba, database, database administration, database administrator, database tuning

What are the valid characters for Oracle passwords? This is a more complicated question than you would think. Here are the basic restrictions on Oracle passwords. I believe these apply to all (8i or later) Oracle database versions; however I did these examples in a 10gR2 instance.

First the rules:

Passwords can be from 1 to 30 characters.

The first character in an Oracle password must be a letter.

Only letters, numbers, and the symbols “#”, “_” and “$” are acceptable in a password.

Examples:

SQL> alter user jemmons identified by abc123;

User altered.

SQL> alter user jemmons identified by 123abc;
alter user jemmons identified by 123abc
*
ERROR at line 1:
ORA-00988: missing or invalid password(s)

SQL> alter user jemmons identified by abc!123;
alter user jemmons identified by abc!123
*
ERROR at line 1:
ORA-00922: missing or invalid option

In the first example we see a password that meets all the rules. The second password starts with a number and therefore fails. The third example contains the special character “!” and fails.

Now the exception:

By placing double quotes around a password you can use most standard ASCII characters in a password.

Examples:

SQL> alter user jemmons identified by "123abc";

User altered.

SQL> connect jemmons/123abc;
Connected.
SQL> alter user jemmons identified by "abc!123";

User altered.

SQL> connect jemmons/abc!123;
Connected.

We see that the quotes let us work around some of these restrictions. This is useful if you are working in a fairly simple environment, however if it is possible that a user’s password could be changed by means which you do not control it is likely doing this would cause more confusion than it would solve.

It is also worth note that capitalization is not considered when storing Oracle passwords. Here’s an example:

SQL> alter user jemmons identified by ABC123;

User altered.

SQL> connect jemmons/abc123;
Connected.

Before the password is encrypted into the database it is put in all caps. When you enter a password for authentication it is capitalized so it can be compared against the stored encrypted password.

oracle, dba, database, database administration, database security, database administrator

With Oracle 10g there has been a small but useful change made to Oracle’s Optimal Flexible Architecture.

The Optimal Flexible Architecture standards are a guideline for setting up Oracle databases to minimize downtime and maximize scalability. For more information, check out my article on OFA.

In 10g, Oracle has added one level to the ORACLE_HOME path. An Oracle home directory which was formerly /u01/app/oracle/product/9.2.0 is now one more level deeper at /u01/app/oracle/product/10g/db_1.

By adding install type and an install number as the final level of the Oracle home variable it is now possible to have two or more installs of the same version of Oracle in the same Oracle directory.

Oracle offers up the idea of using db_1, db_2 and so-on for full database releases and client_1, client_2 and so-on for client installs I can also see using this method to install Oracle applications servers in the same directory as well.

To read more about OFA, check out my earlier article on the topic and Oracle’s explanation of OFA.

oracle, sql, dba, database administration, database development, database security, database, oracle security

No Oracle geek should be without one of these.

If you’ve been an Oracle DBA for long you know the horrors of navigating through Oracle’s “data dictionary”, the tables and views which contain all the metadata about your database. While views like dba_objects and dba_tab_privs are their own level of hell, one thing is certain… the v$ views are far worse.

While the names of the v$ views are not terrible in themselves (e.g. v$session, v$datafile, v$tablespace) the true crux of the problem is you never use them. Any time your database is running fine, you would go to the dba_ tables and the like. Only when your database refuses to open after a fairly nasty crash and users are knocking on your door asking when you will have the database up do you finally need the v$ views, and then you can’t remember any of them.

v$viewsEnter tusc.com. I’m not sure how long they have been doing this, but they offer a free poster of the Oracle v$ views. I’ve seen these as far back as Oracle 8.0, and the company has been around since 1988, so clearly they know what they’re doing.

Well, they seem to be a little confused about “free”, but basically they want eight bucks to send you one of these and two bucks for each additional one. I figure they’re not making any money on this, just covering shipping and handling (and not in the same way eBay-ers need $50 to cover shipping and handling so they can sell something for cheap).

Still not convinced? Tusc has also been nice enough to offer the poster in PDF format. Download it, check it out, put it somewhere and forget about it until you have a database misbehaving then go frantically after it.

oracle, sql, dba, database administration, database recovery, database

There are a couple ways of tracking logon and logoff information within an Oracle database, however few offer the simplicity and flexibility of the use of an logon and logoff trigger. Here is how I built a simple set of triggers and accompanying table to track usernames, logon time, logoff time, machine connected from and program used.

I performed these steps as system. If you want to install these as another user you will need to assign the appropriate permissions first.

The first step is to create a table to store the information. This table may grow quickly if this is a very active system so we want to put it somewhere other than the system tablespace. For reference, mine currently has around 3000 records in it and is around 200k in size. Of course mileage may vary.

CREATE TABLE session_audit
(
user_id VARCHAR2(30),
session_id NUMBER,
host VARCHAR2(30),
program VARCHAR2(60),
logon_time DATE,
logoff_time DATE
)
TABLESPACE users;

This will be the table you query to determine login information. Of course you will probably want to purge data from here occasionally to keep it from getting too big.

Next we create the logon trigger which will populate all but the logoff_time of the session_audit table. This uses the sys_context function to lookup the host and session id (different from the SID) of the session. The program is retrieved by a subquery on the V$SESSION table.

CREATE OR REPLACE TRIGGER tr_session_audit_logon
AFTER LOGON ON DATABASE
DECLARE
session_id number;
BEGIN
select sys_context('USERENV','SESSIONID') into session_id from dual;
IF session_id != 0 --ignore internal connections
THEN
BEGIN
INSERT INTO session_audit (
user_id,
session_id,
host,
program,
logon_time,
logoff_time
)
VALUES(
user,
session_id,
sys_context('USERENV','HOST'),
(SELECT program FROM v$session
WHERE sys_context('USERENV','SESSIONID') = AUDSID),
sysdate,
NULL
);
END;
END IF;
END;

UPDATE: I have found that the old version of this resulted in an ORA-1427 error when someone made an internal connection. The problem also came up when dbms_jobs were run. The code now ignores internal connections (where the session id is 0).

Finally we create the logoff trigger to fill in the logoff_time.

CREATE OR REPLACE TRIGGER tr_session_audit_logoff
BEFORE LOGOFF ON DATABASE
BEGIN
UPDATE session_audit
SET logoff_time = sysdate
WHERE sys_context('USERENV','SESSIONID') = session_id;
END;

That’s it. You can now search the session_audit table for logins durring a time window or all logins for a specific user. You could even check who is using a certain application.

I mentioned one possible issue, that you don’t want the session_audit table to fill up your system tablespace, however it is also important to mention that if your logon trigger fails for some reason people will not be able to log in, so watch the space, no matter where you put it.

Donald Burleson (who desperately needs a new portrait for his website) of Burleson Consulting offers these instructions for a similar trigger, however he is grabbing more information and fills most of it in at the end.

oracle, sql, dba, database administration, database development, database security, database, oracle security

« Previous PageNext Page »