Skip Headers
Oracle® Cloud Using Oracle Database Cloud Service
Release 12.2

Part Number E27038-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

A Database Cloud Service Features and Implementation Considerations

The Oracle Database Cloud is a multi-tenant environment, based on schema isolation. To ensure the security of each tenant's data, as well as the overall performance integrity of the entire Oracle Database Cloud environment, some aspects of the Oracle Database, Enterprise Edition, have to be curtailed or completely eliminated.

The limitations required to protect security and performance integrity are detailed in this section. None of the limitations listed in this section were put in place as an attempt to limit the functionality of the Oracle Database Cloud. Virtually all standard SQL and PL/SQL syntax and constructs used with the Oracle Database work in the Oracle Database Cloud.

Topics:

Database Cloud Service

A Database Cloud Service is an individual Service within the Oracle Database Cloud. Data within an individual Database Cloud Service is completely separated from data in all other Services in the Oracle Database Cloud, as described in more detail below.

Database Cloud Service administrators can define users for the Services that they administer. Database Cloud Service users can be defined with the Cloud Identity Manager or within the Administration area of the development platform for the Database Cloud Service itself. If a user is defined with the Cloud Identity Manager, they must use the same tool to manage their profile; if a user is defined through the Administration area of the development platform, they must manage their profile through that platform. Administrators and developers for a Database Cloud Service must be defined with the Cloud Identity Manager and given the appropriate security role, as described below.

Summary of Security Threats

There are several types of threats which could be used to compromise the Oracle Database Cloud and some specifics areas that are potential security weaknesses.

Specifications

This section outlines the Oracle Database Cloud Service specifications.

Topics:

Oracle Database Version and Edition

The current version of the Oracle Database Cloud Service is based on Oracle Database 11g Release 2, Enterprise Edition with each quarterly security patch set applied. The only option included in the Oracle Database Cloud Service is the Partitioning Option.

Components not Available

The following features and components are not part of the current version of the Oracle Database Cloud Service:

  • Oracle Database Extensions for .NET

  • Oracle Database Vault

  • Oracle Java VM

  • Oracle Label Security

  • Oracle Multimedia

  • Oracle OLAP

  • Oracle Spatial

  • Oracle Text

  • Oracle Warehouse Builder

Schemas and Data

The following schemas and data are not accessible in the Oracle Database Cloud:

  • Sample schemas

  • Local Enterprise Manager repository

  • Oracle Data Mining RDBMS APIs for file access

SQL Syntax

The following sections describe various SQL syntax in the Oracle Database Cloud Service.

Topics:

Allowed CREATE Statements

CREATE statements have a broad range of syntax and options. The appendices for this paper list all allowed statements, but this list includes the most common allowed CREATE statements in an Oracle Database Cloud Service:

  • CREATE TABLE

  • CREATE INDEX

  • CREATE VIEW

  • CREATE PROCEDURE

  • CREATE PACKAGE

  • CREATE FUNCTION

  • CREATE SEQUENCE

  • CREATE TRIGGER

  • CREATE SESSION

  • CREATE DIMENSION

  • CREATE INDEXTYPE

  • CREATE OPERATOR

  • CREATE TYPE

Removed SQL Statements

The following SQL statements cannot be used in an Oracle Database Cloud Service:

  • CREATE CLUSTER

  • CREATE JOB (Background jobs can be created through the CLOUD_SCHEDULER package)

  • CREATE MATERIALIZED VIEW

  • CREATE SNAPSHOT

  • CREATE SYNONYM

  • CREATE JAVA

  • CREATE ROLE

  • CREATE DIRECTORY

  • CREATE TABLESPACE

  • CREATE SYNONYM

  • CREATE DATABASE LINK

  • Some ALTER SESSION options, although most session level changes for NLS or character sets are still allowed

Additionally, parallel operations are not supported on the Oracle Database Cloud, so any SQL DDL clauses that allow for parallel operations are not supported.

PL/SQL Packages and Types

Oracle Database 11g Release 2 includes many PL/SQL packages to deliver extended functionality. The following sections list the PL/SQL packages that are part of the Oracle Database Cloud Service and some prominent packages which are not included.

Included Supplied PL/SQL Packages and Types

The following PL/SQL packages and types are included in the Oracle Database Cloud Service:

  • ANYDATA

  • ANYDATASET

  • ANYTYPE

  • AQ$_AGENT

  • AQ$_SIG_PROP

  • AQ$_SUBSCRIBERS

  • DBMS_APPLICATION_INFO

  • DBMS_ASSERT

  • DBMS_CRYPTO

  • DBMS_DB_VERSION

  • DBMS_LCR

  • DBMS_LOB

  • DBMS_METADATA

  • DBMS_OUTPUT

  • DBMS_RANDOM

  • DBMS_SQL

  • DBMS_STANDARD

  • DBMS_STATS

  • DBMS_TYPES

  • All DBMS_XML% packages and types

  • DBMS_XPLAN

  • All DBMS_XQUERY% packages and types

  • DBMSOUTPUT_LINESARRAY

  • HTF

  • HTP

  • All ODCI% packages and types

  • All OWA% packages and types

  • PLITBLM

  • SCN_TO_TIMESTAMP

  • STANDARD

  • STRAGG

  • SYS_NT_COLLECT

  • SYS_STUB_FOR_PURITY_ANALYSIS

  • TIMESTAMP_TO_SCN

  • UTL_COLL

  • UTL_COMPRESS

  • UTL_ENCODE

  • UTL_GDK

  • UTL_I18N

  • UTL_IDENT

  • UTL_LMS

  • UTL_MATCH

  • All UTL_NLA% packages and types

  • UTL_RAW

  • UTL_REF

  • WPG_DOCLOAD

  • XMLGENFORMATTYPE

  • XMLSEQUENCE

  • XMLSEQUENCEFROMREFCURSOR

  • XMLSEQUENCEFROMREFCURSOR2

  • XMLSEQUENCEFROMXMLTYPE

  • XMLSEQUENCETYPE

  • XMLTYPE

  • XMLTYPEEXTRA

  • XMLTYPEI

  • All XQ% packages and types

All packages not listed here are not available in the Oracle Database Cloud Service.

Database Object Security

By default, all Application Express applications and RESTful Web Services execute with the privileges of the schema owner. You can create users within the Application Express environment and use authentication schemes to limit access to application objects at all levels in your application through Application Express.

You cannot use a GRANT command to assign access to another user, since other schema owners are not allowed to access your schema objects in the schema-isolation multi-tenant environment of the Oracle Database Cloud.

You can also assign security across multiple dimensions, including origin, application and users, for any RESTful Web Services. Please refer to the white paper on Oracle Database Cloud security for more details on these topics.

Topics:

Database Object Limitations

The following limitations apply to DDL, Data Definition Language, syntax: You cannot use any PARALLEL syntax in defining tables.

  • You cannot use quoted identifiers with special characters.

  • You cannot define BFILEs or external LOBs.

  • You cannot use external tables.

  • You cannot specify any caching for database objects.

Query Limitations

By default, you can use all Oracle SQL syntax for SQL statements used against your Oracle Database Cloud Service. The following limitations apply to SQL queries:

  • No PARALLEL hints allowed

Oracle Database Cloud Specific Limitations

The core of the Oracle Database Cloud development environment is Application Express, which is also a no-cost option for all versions of the Oracle Database since Oracle Database 10g Release 2. There are three areas of functionality which are limited when used for applications within the Oracle Database Cloud environment:

Data Dictionary Access

Access to standard data dictionary objects in the Oracle Database is limited, since the security requirements of schema isolation prevent any user from seeing or knowing the existence of other schemas.

The following data dictionary views and synonyms are accessible from an Oracle Database Cloud Service:

You can also view schema objects in both SQL Developer and the SQL section of the Application Express development environment.

Resource Limitations

The Oracle Database excels at managing shared resources among thousands of database users. The Oracle Database Cloud Service uses this proven ability to distribute machine resources among tenants.

The Oracle Database Cloud uses Database Resource Manager consumer groups to prevent any tenant from impacting the performance of others tenants. All tenant operations are initially placed in a consumer group with maximum access to resources. If a user exceeds the resource limitations of this initial consumer group, their user process is pushed to a lower priority user group, with a much longer limit on resource consumption, but a lower priority. If a user process exceeds this limit, they are pushed to a lower priority group with a much higher resource limit.

If a user process should exceed this last limit, the process may be terminated. Please be aware that this lowest consumer group allows for the consumption of up to 30 seconds of dedicated CPU time, a threshold which is normally only crossed by runaway processes.