Database Reference
In-Depth Information
Noteworthy new RMAN features in Oracle 12.1
New backup and recovery related features for Oracle 12.1 have deliberately not featured in the previous Chapter 2 to
keep the information in context. After the introduction to Recovery Manager it is now time to provide more detail about
some interesting new RMAN 12c features. The next section is a selection of new features by the author with regard to the
consolidation and automation theme that you found throughout the topic. There may be more interesting features for
you to explore in the “What's new in Backup and Recovery” section of the Backup and Recovery User's Guide.
The SYSBACKUP role
Similar to the other roles that have been mentioned throughout the topic the SYSBACKUP role addresses a security
concern. The power of the SYSDBA role is indeed great, and the possibility to use it to see any data in the database can be
seen as too much of a risk. And besides: why should the backup operator be able to see the data he or she is backing up?
The solution is to use the SYSBACKUP role. You can find out whether it has been created by querying v$pwfile_users:
SYS@CDB$ROOT> select * from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM CON_ID
------------------------------ ----- ----- ----- ----- ----- ----- ----------
SYS TRUE TRUE FALSE FALSE FALSE FALSE 0
SYSDG FALSE FALSE FALSE FALSE TRUE FALSE 1
SYSBACKUP FALSE FALSE FALSE TRUE FALSE FALSE 1
SYSKM FALSE FALSE FALSE FALSE FALSE TRUE 1
As you can see all the different roles exist in the password file. You can use the existing SYSBACKUP user if you
like. Nothing prevents you from choosing a different (common) user account, just grant it the SYSBACKUP role and
you are ready to go.
First I would like to demonstrate that using the SYSBACKUP user has indeed been tightened up. Connecting to
the database as SYSBACKUP shows fewer privileges compared to SYSDBA:
SQL> connect sysbackup as sysbackup
Enter password:
Connected.
SYSBACKUP@CDB$ROOT> select count(1) from session_privs;
COUNT(1)
----------
14
SYSBACKUP@CDB$ROOT> select count(1) from session_roles;
COUNT(1)
----------
2
SYSBACKUP@CDB$ROOT> select role from session_roles;
ROLE
-------------------------------------------------------------
SELECT_CATALOG_ROLE
HS_ADMIN_SELECT_ROLE
 
Search WWH ::




Custom Search