Forum Stats

  • 3,851,383 Users
  • 2,263,969 Discussions
  • 7,904,691 Comments

Discussions

Constrain PDB datafiles into specific directory

Franck Pachot
Franck Pachot Member Posts: 912 Bronze Trophy
edited Jan 11, 2016 6:09PM in Database Ideas - Ideas

Hi,

I like multitenant because it may be a good idea to give PDB DBA rights to the application owner (at least in dev/prod) so that they manage their database. But I can't do that for the moment because a PDB admin can create datafiles anywhere on the server, and that can be very difficult to manager.

A good idea would be to constrain a PDB to a specific directory (and subdirectories), so that all related files (datafiles and tempfiles) cannot go elsewhere. Then the CDB admin can give admin access to a PDB with the guarantee that he will not go outside of the assigned filesystem. Should be available for ASM as well.

I've seen a PDB_LOCKDOWN undocumented parameter that appeared in 12.1.0.2 but I don't know if it is related to that. But would be a good name for it

Regards,

Franck.

Franck PachotUser_DGG74User259623 -OracleRichard Harrison .Geeky NerdmanDavid HueberUser_T3EKAnico_nijStew Ashtonhervedbi880720mdiIvica ArsovGugs-OracleErnst Leberuser11980779vinaykumar2pankajrangaPravin TakpirectriebManish ChaturvediTSharma-OracleKiran PawarLothar FlatzborneselphilippefJagadekarabhagatsinghMartin PreisscaadecarvalhoZlatko SiroticBPeaslandDBAulohmannSven W.Andreas BuckenhoferberxAparna Dutta-OracleBeGinMike RipleyThomas Teske-OraclePS_orclNerdGregVGbenga AjakayeMathias ZarickSri AnnamDaniel HillingerAndreas HuberShirish ReddyPeter HraškoLoïc Lefèvre-OracleEmad Al-Mousa
52 votes

Active · Last Updated

Comments

  • Tmicheli-Oracle
    Tmicheli-Oracle Member Posts: 24 Red Ribbon

    We, Oracle are working on our internal process as to how to evaluate and prioritize the IDEAS submitted.  But the more votes obviously the more priority we will put on the request.  However votes/popularity alone will not determine the priority.

    As we move through the process the IDEA will change stages: (not in flow order)

    - Active

    - Already Offered

    - Archived

    - Coming Soon

    - For Future Consideration

    - in Progress

    - Partially Implemented

    - Under Review

  • Richard Harrison .
    Richard Harrison . Member Posts: 2,065 Gold Trophy

    Hi,

    This is kind of related to this https://docs.oracle.com/database/121/NEWFT/chapter12102.htm#BGBGCDFG - but that won;t constrain it completely - it can still be manually overwritten. Would be nice if it could be constrained to just this OMF directory only.

    Up vote from me.

    Rich

    Franck Pachot
  • nico_nij
    nico_nij Member Posts: 12 Blue Ribbon

    Hi,

    This can be interesting on some environment with segregation of duty.

    But in my opinion the best is to get it as an option to give us the choice.

    Nicolas

  • Pravin Takpire
    Pravin Takpire Technical Services Manager Member Posts: 1,762 Gold Trophy

    I think it is one of the required feature where we can define only directory where only datafile/redolog will be created. And it should not be just for OMF, but for normal files too.

    regards

    Pravin

    Franck Pachot
  • Lothar Flatz
    Lothar Flatz Member Posts: 687 Silver Badge

    always good to keep things tidy

  • abhinivesh.jain
    abhinivesh.jain Member Posts: 307 Blue Ribbon

    I don't agree with giving PDB DBA rights to application owners since it defeats the purpose of having DBAs. In other words, you are suggesting to limit DBA functionality so that DBA work can be done by non-DBA.

  • Franck Pachot
    Franck Pachot Member Posts: 912 Bronze Trophy

    I don't agree with giving PDB DBA rights to application owners since it defeats the purpose of having DBAs. In other words, you are suggesting to limit DBA functionality so that DBA work can be done by non-DBA.

    Hi Abhinivesh,

    One goal of multitenant is the separation of duty between the CDB administrator (managing availability, storage, backups, etc) and the PDB administrator (managing schemas, users, performance, etc)

    Regards,

    Franck.

    Gbenga Ajakaye
  • Sven W.
    Sven W. Member Posts: 10,550 Gold Crown
    edited Aug 9, 2016 7:30AM

    Excellent idea!

    The OS-user who owns the database process (usually user oracle) is used to check for privileges on the file system.

    In the past when running two databases on the same server, it was possible to have two different os-users with different privileges. Now when we consolidate the databases using a multi-tenanent architecture, this separation of os-privileges seems not possible anymore.

    I guess a good way to implement it, would be to set some kind of ACL that restricts or frees up certain folders and storage quotas.

    Franck Pachot
  • Gbenga Ajakaye
    Gbenga Ajakaye Member Posts: 3,422 Gold Trophy

    This can be very useful. Vote up.

  • Mathias Zarick
    Mathias Zarick Member Posts: 106 Silver Badge

    makes sense. I would like to have that feature. If OMF is used, things are tidied up already, but here we need to make sure, that the pdb admin does not circumvent its usage.

    my 2 cents Mathias