Summary of DBMS_CLOUD_ADMIN Subprograms

This section covers the DBMS_CLOUD_ADMIN subprograms provided with Autonomous Database.

Subprogram Description

CREATE_DATABASE_LINK Procedure

This procedure creates a database link to a target database in the schema calling the API. You first need to upload the wallet (cwallet.sso) containing the certificates for the target database using DBMS_CLOUD.GET_OBJECT and then create the database link using the wallet.

DISABLE_APP_CONT Procedure

This procedure disables database application continuity for the session associated with the specified service name in Autonomous Database.

DISABLE_EXTERNAL_AUTHENTICATION Procedure

This procedure disables external authentication for the Autonomous Database instance.

DISABLE_PRINCIPAL_AUTH Procedure

This procedure revokes principal based authentication for the specified provider and applies to the ADMIN user or to the specified user.

DISABLE_RESOURCE_PRINCIPAL Procedure

This procedure disables resource principal credential and creates the credential OCI$RESOURCE_PRINCIPAL. With a user name specified, other than ADMIN, the procedure grants the specified schema access to the resource principal credential.

DROP_DATABASE_LINK Procedure

This procedure drops a database link.

ENABLE_APP_CONT Procedure

This procedure enables database application continuity for the session associated with the specified service name in Autonomous Database.

ENABLE_AWS_ARN Procedure

This procedure enables a user to create AWS ARN credentials in Autonomous Database.

ENABLE_EXTERNAL_AUTHENTICATION Procedure

This procedure enables a user to logon to Autonomous Database using the specified external authentication scheme.

ENABLE_FEATURE Procedure

This procedure enables the specified feature on the Autonomous Database instance.

ENABLE_PRINCIPAL_AUTH Procedure

This procedure enables principal authentication for the specified provider and applies to the ADMIN user or the specified user.

ENABLE_RESOURCE_PRINCIPAL Procedure

This procedure enables resource principal credential and creates the credential OCI$RESOURCE_PRINCIPAL. With a user name specified, other than ADMIN, the procedure grants the specified schema access to the resource principal credential.

REPLAY_WORKLOAD Procedure This procedure is overloaded. It initiates the workload replay.

CREATE_DATABASE_LINK Procedure

This procedure creates a database link to a target database in the schema calling the API. The overloaded form enables you to create a database link with Oracle-managed heterogeneous connectivity to a supported non-Oracle database.

Syntax

DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
       db_link_name         IN VARCHAR2,
       hostname             IN VARCHAR2,
       port                 IN NUMBER,
       service_name         IN VARCHAR2,
       ssl_server_cert_dn   IN VARCHAR2, 
       credential_name      IN VARCHAR2,
       directory_name       IN VARCHAR2 DEFAULT,
       gateway_link         IN BOOLEAN DEFAULT,
       public_link          IN BOOLEAN DEFAULT,
       private_target       IN BOOLEAN DEFAULT);

DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
       db_link_name         IN VARCHAR2,
       hostname             IN VARCHAR2,
       port                 IN NUMBER,
       service_name         IN VARCHAR2,
       ssl_server_cert_dn   IN VARCHAR2, 
       credential_name      IN VARCHAR2,
       directory_name       IN VARCHAR2 DEFAULT,
       gateway_params       IN CLOB DEFAULT);

Parameters

Parameter Description

db_link_name

The name of the database link to create.

hostname

The hostname for the target database.

When you specify a connection with Oracle-managed heterogeneous connectivity by supplying the gateway_params parameter, note the following:

port

The port for the connections to the target database.

To ensure security, when the connection is to an Oracle Database, ports are restricted to: 1521-1525, or 2484.

When you specify a connection with Oracle-managed heterogeneous connectivity using the gateway_params parameter, set the port based on the db_type value:

  • AWSREDSHIFT: use port 5439
  • MYSQL: use port 3306
  • POSTGRES: use port 5432
  • SNOWFLAKE: use port 443

See Oracle-Managed Heterogeneous Connectivity Database Types and Ports for more information.

service_name

The service_name for the database to link to. For a target Autonomous Database, find the service name by one of the following methods:

  • Look in the tnsnames.ora file in the wallet.zip that you download from an Autonomous Database for your connection.

  • Click DB Connection on the Oracle Cloud Infrastructure Console. In the Connection Strings area, each connection string includes a service_name entry with the connection string for the corresponding service. When both Mutual TLS (mTLS) and TLS connections are allowed, under TLS Authentication select TLS to view the TNS names and connection strings for connections with TLS authentication. See View TNS Names and Connection Strings for an Autonomous Database Instance for more information.

  • Query V$SERVICES view. For example:

    SELECT name FROM V$SERVICES;

When you specify a connection with Oracle-managed heterogeneous connectivity using the gateway_params parameter, the service_name is the database name of the non-Oracle database.

ssl_server_cert_dn

The DN value found in the server certificate.

Oracle-managed heterogeneous connectivity is preconfigured with a wallet that contains most of the common trusted root and intermediate SSL certificates. The ssl_server_cert_dn must be NULL when you supply the gateway_params parameter.

T o connect to an Oracle Database on a private endpoint without a wallet, specify a NULL value for the ssl_server_cert_dn parameter. In addition, to connect to an Oracle Database with TCP, the following must be true:

  • The target database must be on a private endpoint.
  • The directory_name parameter must be NULL.
  • The private_target parameter must be TRUE.
credential_name

The name of a stored credential created with DBMS_CLOUD.CREATE_CREDENTIAL. This is the credentials to access the target database.

directory_name

The directory for the stored cwallet.sso file. The default value for this parameter is 'data_pump_dir'.

Oracle-managed heterogeneous connectivity is preconfigured with a wallet that contains most of the common trusted root and intermediate SSL certificates. The directory_name is not required when you supply the gateway_params parameter.

T o connect to an Oracle Database with TCP, specify a NULL value for the directory_name parameter. In addition, to connect to an Oracle Database with TCP, the following must be true:

  • The target database must be on a private endpoint.
  • The directory_name parameter must be NULL.
  • The private_target parameter must be TRUE.
gateway_link

Indicates if the database link is created to another Oracle Database or to an Oracle Database Gateway.

If gateway_link is set to FALSE, this specifies a database link to another Autonomous Database or to another Oracle Database.

If gateway_link is set to TRUE, this specifies a database link to a non-Oracle system. This creates a connect descriptor in the database link definition that specifies (HS=OK).

The default value for this parameter is FALSE.

public_link

Indicates if the database link is created as a public database link.

To run DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK with this parameter set to TRUE, the user invoking the procedure must have EXECUTE privilege on the credential associated with the public database link and must have the CREATE PUBLIC DATABASE LINK system privilege. The EXECUTE privilege on the credential can be granted either by the ADMIN user or by the credential owner.

The default value for this parameter is FALSE.

private_target

When a database link accesses a hostname that needs to be resolved in a VCN DNS server, specify the private_target parameter with value TRUE.

When private_target is TRUE, the hostname parameter must be a single hostname. Using an IP address or SCAN IP for the hostname is not supported.

The default value for this parameter is FALSE.

gateway_params

Specify the target database type for Oracle-managed heterogeneous connectivity to connect to non-Oracle databases. The db_type value must be one of:
  • AWSREDSHIFT
  • AZURE
  • MYSQL
  • POSTGRES
  • SNOWFLAKE

Specify the parameter with the json_object form. For example:

gateway_params => json_object('db_type' value 'AWSREDSHIFT')

See Oracle-Managed Heterogeneous Connectivity Database Types and Ports for required port values for each database type.

Usage Notes

  • When you use the private_target parameter, note that database links from an Autonomous Database to a database service that is on a private endpoint are only supported in commercial regions and US Government regions.

    This feature is enabled by default in all commercial regions.

    This feature is enabled by default in US Government regions for newly provisioned databases.

    For existing US Government databases on a private endpoint, if you want to create database links from an Autonomous Database to a target in a US Government region, please file a Service Request at Oracle Cloud Support and request to enable the private endpoint in government regions database linking feature.

    US Government regions include the following:

  • When connecting to a non-Oracle database, database linking is only supported if the target database is accessible through a public IP or a public hostname. See Create Database Links to Non-Oracle Databases for more information.
  • To run DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK with a user other than ADMIN you need to grant EXECUTE and CREATE DATABASE LINK privileges to that user. For example, run the following command as ADMIN to grant privileges to adb_user:

    GRANT EXECUTE ON DBMS_CLOUD_ADMIN TO adb_user;
    GRANT CREATE DATABASE LINK TO adb_user;
  • Only one wallet file is valid per directory specified with the directory_name parameter. You can only upload one cwallet.sso at a time to the directory you choose for wallet files. This means with a cwallet.sso in a directory, you can only create database links to the databases for which the wallet in that directory is valid. To use multiple cwallet.sso files with database links you need to create additional directories and put each cwallet.sso in a different directory.

    See Create Directory in Autonomous Database for information on creating directories.

  • To create a database link to an Autonomous Database, set GLOBAL_NAMES to FALSE on the source database (non-Autonomous Database).

    SQL> ALTER SYSTEM SET GLOBAL_NAMES = FALSE;
     
    System altered.
    
    SQL> SHOW PARAMETER GLOBAL_NAMES
    NAME                     TYPE        VALUE
    ----------------------   ----------- -----------
    global_names             boolean     FALSE
    
  • When the private_target parameter is TRUE, the hostname parameter specifies a private host inside the VCN.

Examples

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
     credential_name => 'DB_LINK_CRED',
     username => 'adb_user',
     password => 'password');
  DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
     db_link_name => 'SALESLINK', 
     hostname => 'adb.eu-frankfurt-1.oraclecloud.com', 
     port => '1522',
     service_name => 'example_medium.adb.example.oraclecloud.com',
     ssl_server_cert_dn => 'CN=adb.example.oraclecloud.com,OU=Oracle BMCS FRANKFURT,O=Oracle Corporation,L=Redwood City,ST=California,C=US',
     credential_name => 'DB_LINK_CRED');
END;
/
BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'AWS_REDSHIFT_LINK_CRED',
    username => 'NICK',
    password => 'password'
  );
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
          db_link_name => 'AWSREDSHIFT_LINK', 
          hostname => 'example.com', 
          port => '5439',
          service_name => 'example_service_name',
          credential_name => 'AWS_REDSHIFT_LINK_CRED',
          gateway_params => JSON_OBJECT('db_type'  value 'AWSREDSHIFT'),
          ssl_server_cert_dn => NULL);
END;
/
BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'PRIVATE_ENDPOINT_CRED',
    username => 'db_user',
    password => 'password'
  );
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
          db_link_name => 'PRIVATE_ENDPOINT_DB_LINK', 
          hostname => 'exampleHostname', 
          port => '1521',
          service_name => 'exampleServiceName',
          credential_name => 'PRIVATE_ENDPOINT_CRED',
          ssl_server_cert_dn => NULL,
          directory_name => NULL,
          private_target => TRUE);
END;
/

DISABLE_APP_CONT Procedure

This procedure disables database application continuity for the session associated with the specified service name in Autonomous Database.

Syntax

DBMS_CLOUD_ADMIN.DISABLE_APP_CONT(
    service_name      IN VARCHAR2);

Parameters

Parameter Description

service_name

The service_name for the Autonomous Database service.

To find service names:

  • Look in the tnsnames.ora file in the wallet.zip that you download from an Autonomous Database for your connection.

  • Click DB Connection on the Oracle Cloud Infrastructure Console. In the Connection Strings area, each connection string includes a service_name entry that contains the connection string for the corresponding service. When both Mutual TLS (mTLS) and TLS connections are allowed, under TLS Authentication select TLS to view the TNS names and connection strings for connections with TLS authentication. See View TNS Names and Connection Strings for an Autonomous Database Instance for more information.

  • Query V$SERVICES view. For example:

    SELECT name FROM V$SERVICES;

Usage Notes

See Overview of Application Continuity for more information on Application Continuity.

Example

BEGIN
    DBMS_CLOUD_ADMIN.DISABLE_APP_CONT(
        service_name => 'nv123abc1_adb1_high.adb.oraclecloud.com' );
END;
/

Verify the value as follows:

SELECT name, failover_type FROM DBA_SERVICES;

NAME                                                    FAILOVER_TYPE
------------------------------------------------------- --------------
nv123abc1_adb1_high.adb.oraclecloud.com      

DISABLE_EXTERNAL_AUTHENTICATION Procedure

Disables user authentication with external authentication schemes for the database.

Syntax

DBMS_CLOUD_ADMIN.DISABLE_EXTERNAL_AUTHENTICATION;

Exceptions

Exception Error Description
invalid_ext_auth ORA-20004

See the accompanying message for a detailed explanation.

Example

BEGIN 
   DBMS_CLOUD_ADMIN.DISABLE_EXTERNAL_AUTHENTICATION;
END;
/

PL/SQL procedure successfully completed.

DISABLE_PRINCIPAL_AUTH Procedure

This procedure revokes principal based authentication for a specified provider on Autonomous Database and applies to the ADMIN user or to the specified user.

Syntax

DBMS_CLOUD_ADMIN.DISABLE_PRINCIPAL_AUTH(
       provider    IN VARCHAR2,
       username    IN VARCHAR2 DEFAULT 'ADMIN' );

Parameters

Parameter Description

provider

Specifies the type of provider. Valid values are: OCI, AWS, or AZURE.

username

Specifier the user to disable principal based authentication for.

A null value is valid for the username. If username is not specified, the procedure applies for the "ADMIN" user.

Usage Notes

  • When the provider value is AZURE and the username is ADMIN, the procedure disables Azure service principal based authentication on Autonomous Database and deletes the Azure application on the Autonomous Database instance.

  • When the provider value is AZURE and the username is a user other than the ADMIN user, the procedure revokes the privileges from the specified user. The ADMIN user and other users that are enabled to use the Azure service principal can continue to use ADMIN.AZURE$PA and the application that is created for the Autonomous Database instance remains on the instance.

Example

BEGIN 
     DBMS_CLOUD_ADMIN.DISABLE_PRINCIPAL_AUTH(
       provider => 'AZURE',
       username => 'SCOTT');
END;
/

DISABLE_RESOURCE_PRINCIPAL Procedure

Disable resource principal credential for the database or for the specified schema.

Syntax

DBMS_CLOUD_ADMIN.DISABLE_RESOURCE_PRINCIPAL(
   username         IN VARCHAR2);

Parameter

Parameter Description

username

Specifies an optional user name. The name of the database schema to remove resource principal access.

If you do not supply a username, the username is set to ADMIN and the command removes the OCI$RESOURCE_PRINCIPAL credential.

Exceptions

Exception Error Description
resource principal is already disabled ORA-20031

If you attempt to disable the resource principal when it is already disabled.

Usage Notes

Example

EXEC DBMS_CLOUD_ADMIN.DISABLE_RESOURCE_PRINCIPAL();

PL/SQL procedure successfully completed. 

SQL> select owner, credential_name from dba_credentials where credential_name = 'OCI$RESOURCE_PRINCIPAL'; 

No rows selected.

DROP_DATABASE_LINK Procedure

This procedure drops a database link.

Syntax

DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK(
        db_link_name      IN VARCHAR2,
        public_link       IN BOOLEAN DEFAULT);

Parameters

Parameter Description

db_link_name

The name of the database link to drop.

public_link

To run DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK with public_link set to TRUE, you must have the DROP PUBLIC DATABASE LINK system privilege.

The default value for this parameter is FALSE.

Example

BEGIN
    DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK(
        db_link_name => 'SALESLINK' );
END;
/

Usage Notes

After you are done using a database link and you run DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK, to ensure security of your Oracle database remove any stored wallet files. For example:

  • Remove the wallet file in Object Store.

  • Use DBMS_CLOUD.DELETE_FILE to remove the wallet file from the data_pump_dir directory or from the user defined directory where the wallet file was uploaded.

ENABLE_APP_CONT Procedure

This procedure enables database application continuity for the session associated with the specified service name in Autonomous Database.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_APP_CONT(
    service_name      IN VARCHAR2);

Parameters

Parameter Description

service_name

The service_name for the Autonomous Database service.

To find service names:

  • Look in the tnsnames.ora file in the wallet.zip that you download from an Autonomous Database for your connection.

  • Click DB Connection on the Oracle Cloud Infrastructure Console. In the Connection Strings area, each connection string includes a service_name entry that contains the connection string for the corresponding service. When both Mutual TLS (mTLS) and TLS connections are allowed, under TLS Authentication select TLS to view the TNS names and connection strings for connections with TLS authentication. See View TNS Names and Connection Strings for an Autonomous Database Instance for more information.

  • Query V$SERVICES view. For example:

    SELECT name FROM V$SERVICES;

Usage Notes

See Overview of Application Continuity for more information on Application Continuity.

Example

BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_APP_CONT(
        service_name => 'nvthp2ht_adb1_high.adb.oraclecloud.com'
    );
END;
/

Verify the value as follows:

SELECT name, failover_type FROM DBA_SERVICES;

NAME                                                    FAILOVER_TYPE
------------------------------------------------------- -------------
nvthp2ht_adb1_high.adb.oraclecloud.com                 TRANSACTION

ENABLE_AWS_ARN Procedure

This procedure enables an Autonomous Database instance to use Amazon Resource Names (ARNs) to access AWS resources.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_AWS_ARN(
       username     IN VARCHAR2 DEFAULT NULL,
       grant_option IN BOOLEAN DEFAULT FALSE);

Parameters

Parameter Description

username

Name of the user to enable to use Amazon Resource Names (ARNs).

A null value is valid for the username. If username is not specified, the procedure applies for the "ADMIN" user.

grant_option

When username is supplied, if grant_option is TRUE the specified username can enable Amazon Resource Names (ARNs) usage for other users.

Example

BEGIN
    DBMS_CLOUD_ADMIN.ENABLE_AWS_ARN(
        username => 'adb_user'); 
END;
/

Usage Note

  • You must be the ADMIN user to run the procedure DBMS_CLOUD_ADMIN.ENABLE_AWS_ARN.

See Use Amazon Resource Names (ARNs) to Access AWS Resources for more information.

ENABLE_EXTERNAL_AUTHENTICATION Procedure

Enable users to login to the database with external authentication schemes.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
   type         IN VARCHAR2,
   force        IN BOOLEAN DEFAULT FALSE,
   params       IN CLOB DEFAULT NULL
);

Parameter

Parameter Description

type

Specifies the external authentication type. Valid values: or .

  • 'OCI_IAM'
  • 'AZURE_AD'
  • 'CMU'
  • 'KERBEROS'

force

(Optional) Override a currently enabled external authentication scheme. Valid values are TRUE or FALSE.

The default value is FALSE.

params

A JSON string that provides additional parameters for the external authentication.

CMU parameters:

  • location_uri: specifies the cloud storage URI for the bucket where files required for CMU are stored.

    If you specify location_uri there is a fixed name directory object CMU_WALLET_DIR created in the database at the path 'cmu_wallet' to save the CMU configuration files. In this case, you do not need to supply the directory_name parameter.

  • credential_name: specifies the credentials that are used to download the CMU configuration files from the Object Store to the directory object.

    Default value is NULL which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder.

  • directory_name: specifies the directory name where configuration files required for CMU are stored. If directory_name is supplied, you are expected to copy the CMU configuration files dsi.ora and cwallet.sso to this directory object.

KERBEROS parameters:

  • location_uri: specifies the cloud storage URI for the the bucket where files required for Kerberos are stored.

    If you specify location_uri there is a fixed name directory object KERBEROS_DIR created in the database to save the Kerberos configuration files. In this case, you do not need to supply the directory_name parameter.

  • credential_name: specifies the credential that are used to download Kerberos configuration files from the Object Store location to the directory object.

    Default value is NULL which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder.

  • directory_name: specifies the directory name where files required for Kerberos are stored. If directory_name is supplied, you are expected to copy the Kerberos configuration files to this directory object.

AZURE_AD parameters:

  • tenant_id: Tenant ID of the Azure Account. Tenant Id specifies the Autonomous Database instance's Azure AD application registration.
  • application_id: Azure Application ID created in Azure AD to assign roles/schema mappings for external authentication in the Autonomous Database instance.
  • application_id_uri: Unique URI assigned to the Azure Application.

    This it the identifier for the Autonomous Database instance. The name must be domain qualified (this supports cross tenancy resource access).

    The maximum length for this parameter is 256 characters.

Exceptions

Exception Error Description
invalid_ext_auth ORA-20004

See the accompanying message for a detailed explanation.

Usage Notes

  • With type OCI_IAM, if the resource principal is not enabled on the Autonomous Database instance, this routine enables resource principal with DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL.

  • This procedure sets the system parameters IDENTITY_PROVIDER_TYPE and IDENTITY_PROVIDER_CONFIG to required users to access the instance with Oracle Cloud Infrastructure Identity and Access Management authentication and authorization.

Examples

Enable OCI_IAM Authentication

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'OCI_IAM',
     force=> TRUE );
END;
/

PL/SQL procedure successfully completed.

Enable CMU Authentication for Microsoft Active Directory

You pass in a directory name that contains the CMU configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'CMU',
     force => TRUE,
     params => JSON_OBJECT('directory_name' value 'CMU_DIR'); // CMU_DIR directory object already exists
END;
/

PL/SQL procedure successfully completed.

You pass in a location URI pointing to an Object Storage location that contains CMU configuration files through params JSON argument.

BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
       type     => 'CMU',
       params   => JSON_OBJECT('location_uri' value 'https://objectstorage.us-phoenix-1.oraclecloud.com/n/namespace-string/b/bucketname/o',
                               'credential_name' value 'my_credential_name')
   );
END;
/

PL/SQL procedure successfully completed.

Enable Azure AD Authentication

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'AZURE_AD',
     force => TRUE,
     params   => JSON_OBJECT( 'tenant_id' VALUE '....',
                              'application_id' VALUE '...',
                              'application_id_uri' VALUE '.....' ));
END;
/

PL/SQL procedure successfully completed.

Enable Kerberos Authentication

You pass in a directory name that contains Kerberos configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'KERBEROS',
     force => TRUE,
     params => JSON_OBJECT('directory_name' value 'KERBEROS_DIR'); // KERBEROS_DIR directory object already exists
END;
/

PL/SQL procedure successfully completed.

You pass in a location URI pointing to an Object Storage location that contains Kerberos configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'KERBEROS',
     force => TRUE,
     params => JSON_OBJECT('location_uri' value 'https://objectstorage.us-phoenix-1.oraclecloud.com/n/namespace-string/b/bucketname/o',
                           'credential_name' value 'my_credential_name');
END;
/

PL/SQL procedure successfully completed.

ENABLE_FEATURE Procedure

This procedure enables the specified feature on the Autonomous Database instance.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_FEATURE(
    feature_name     IN VARCHAR2);

Parameters

Parameter Description

feature_name

Name of the feature to enable. The only supported value is: 'JAVAVM'.

Example

BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_FEATURE (
        feature_name => 'JAVAVM' );
END;
/

Usage Note

  • After you run DBMS_CLOUD_ADMIN.ENABLE_FEATURE with feature_name value 'JAVAVM', you must restart the Autonomous Database instance to install Oracle Java.

ENABLE_PRINCIPAL_AUTH Procedure

This procedure enables principal authentication on Autonomous Database for the specified provider and applies to the ADMIN user or the specified user.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
       provider    IN VARCHAR2,
       username    IN VARCHAR2 DEFAULT 'ADMIN',
       params      IN CLOB DEFAULT NULL);

Parameters

Parameter Description

provider

Specifies the type of provider.

Valid values: OCI, AWS, or AZURE.

username

Name of the user who has principal authentication usage enabled.

A null value is valid for the username. If username is not specified, the procedure applies for the "ADMIN" user.

params

Specifies the configuration parameters.

When the provider parameter is AWS or OCI, params is not required. The default value is NULL.

When the provider parameter is AZURE, the following options are valid:

azure_tenantid: with the value of the Azure tenant ID.

grant_option: with the value specified as a boolean value: TRUE or FALSE. The default is FALSE. When TRUE and a username is specified, the specified user can enable Azure principal authentication for other users.

Usage Note

When the provider parameter is AZURE, the params parameter must include the azure_tenantid in the following cases:

  • When DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH is called for the first time.

  • When DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH is called for the first time after DBMS_CLOUD_ADMIN.DISABLE_PRINCIPAL_AUTH is called with the provider parameter AZURE and the username ADMIN.

Example

BEGIN 
     DBMS_CLOUD_ADMIN.ENABLE_PRINCIPAL_AUTH(
       provider => 'AZURE',
       username => 'SCOTT',
       params   => JSON_OBJECT('azure_tenantid' value 'azure_tenantid'));
END;
/

ENABLE_RESOURCE_PRINCIPAL Procedure

Enable resource principal credential for the database or for the specified schema. This procedure creates the credential OCI$RESOURCE_PRINCIPAL.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL(
   username         IN VARCHAR2,
   grant_option     IN BOOLEAN DEFAULT FALSE);

Parameter

Parameter Description

username

Specifies an optional user name. The name of the database schema to be granted resource principal access.

If you do not supply a username, the username is set to ADMIN.

grant_option

When username is supplied, if grant_option is TRUE the specified username can enable resource principal usage for other users.

Exceptions

Exception Error Description
resource principal is already enabled ORA-20031

If you attempt to enable the resource principal when it is already enabled.

Usage Notes

  • You must call DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL with the ADMIN username or with no arguments before you call DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL with a username for a database user schema.

  • Resource principal is not available with refreshable clones.

  • You must set up a dynamic group and policies for the dynamic group before you call DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL.

    See the following for more information: for more information on creating a dynamic group and creating rules.

    See for more information on policies.

Example

EXEC DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL();

PL/SQL procedure successfully completed. 

SQL> select owner, credential_name from dba_credentials where credential_name = 'OCI$RESOURCE_PRINCIPAL'; 

OWNER    CREDENTIAL_NAME
-------  ---------------
ADMIN    OCI$RESOURCE_PRINCIPAL

REPLAY_WORKLOAD Procedure

This procedure enables the ADMIN user to initiate a workload replay. This procedure allows you to replay the capture files from an on-premises database or other cloud service databases.

Syntax


DBMS_CLOUD_ADMIN.REPLAY_WORKLOAD(
        location_uri      IN VARCHAR2,               
        credential_name   IN VARCHAR2 DEFAULT NULL,
        synchronization   IN BOOLEAN  DEFAULT TRUE,
        process_capture   IN BOOLEAN  DEFAULT TRUE);

Parameters

Parameter Description
location_uri Specifies URI, that points to an Object Storage location that contains the captured files.

This parameter is mandatory.

credential_name Specifies the credential to access the object storage bucket.

If you do not supply a credential_name value, the credential_name is set to NULL.

synchronization Specifies the synchronization method used during workload replay.
  • TRUE specifies that the synchronization is based on SCN.

  • FALSE specifies that the synchronization is based on TIME.

If you do not supply a synchronization value, the synchronization is set to TRUE.

process_capture Specifies whether you need to specify process_capture value or not. It can be set to FALSE only when you replay the same workload on the target database repeatedly.

If you do not supply a process_capture value, the process_capture is set to TRUE.

Example to replay the workload from an on-premises or other cloud service database into an Autonomous Database:

BEGIN 
  DBMS_CLOUD_ADMIN.REPLAY_WORKLOAD(
        location_uri    => 'https://objectstorage.us-phoenix-1.oraclecloud.com/n/namespace-string/b/bucketname/o',
        credential_name => 'CRED_TEST',
        synchronization => TRUE,
        process_capture => TRUE);    
END;
/

When you run this procedure, it:

  • Downloads the capture files from the Object Storage location specified in location_uri, processes the capture files based on the process_capture parameter value.

  • Replays the captured workload based on the synchronization parameter value.

In this example, namespace-string is the Oracle Cloud Infrastructure object storage namespace and bucketname is the bucket name. See Understanding Object Storage Namespaces for more information.

See Navigate to Oracle Cloud Infrastructure Object Storage and Create Bucket for more information on Object Storage.

See Upload Files to Your Oracle Cloud Infrastructure Object Store Bucket for more information on uploading files to Object Storage.

The credential_name you use in this step is the credentials for the Object Store.

You don't need to create a credential to access Oracle Cloud Infrastructure Object Store if you enable resource principal credentials. See Use Resource Principal to Access Oracle Cloud Infrastructure Resources for more information.

Usage Notes

  • Run this procedure as the ADMIN user.

  • Before you start replay, you should upload the cap and capfiles subdirectories containing capture files that are created during capture to the Object Storage location.