Database Reference
In-Depth Information
Note
These commands can be found in the file
Chapter11/apver/NewSys.sql.
Create a
create_session_role
role identical to what we created on the
orcl
instance, and then
create the
appsec
user. See Listing 11-46. Be sure to give a complex password for
appsec
. Also give a
sufficiently large
QUOTA
on a default tablespace for
appsec
in order to hold structures and data for
application verification.
Listing 11-46.
Create Initial Role and User
CREATE ROLE create_session_role NOT IDENTIFIED;
GRANT CREATE SESSION TO create_session_role;
GRANT create_session_role TO appsec IDENTIFIED BY password;
ALTER USER appsec DEFAULT TABLESPACE USERS QUOTA 10M ON USERS;
Create a Database Link to the ORCL Instance
As I mentioned at the onset of this section, we will be configuring the bare minimum configuration in
order to do application verification in this new,
apver
instance. For that reason, we will rely on the
SYS
user to configure all our structures, even those in the
appsec
schema. Well, that is except for one item
that we might as well get out of the way right now.
We want to create a database link to be used by the
appsec
structures in particular to do two-factor
authentication. Recall that we have stored an e-mail address in the
HR.EMPLOYEES
table, and we created
another table with addresses to use for two-factor authentication in the
HR
schema,
emp_mobile_nos
.
However, those tables are on a different Oracle instance,
orcl
. As a part of our application verification
process, occurring on the
apver
instance, we need to read those tables across a database link.
Update TNSNAMES.ora for our Database Link
The way we read data from a different instance is by using a database link. To use the database link,
the database that wants to read data,
apver
needs to know how to find the other database instance. This
location and direction information is normally retained in a
TNSNAMES.ora
file on the Oracle database,
as in Listing 11-47. Assure you have an entry for the
orcl
instance. While we are here, add another entry
for the new
apver
instance.
