天天看点

如何安装DBMS_NETWORK_ACL_ADMIN包?

如何安装DBMS_NETWORK_ACL_ADMIN包?

若安装了 XDB组件,则DBMS_NETWORK_ACL_ADMIN会自动安装。若安装了XDB组件,但是

 DBMS_NETWORK_ACL_ADMIN不可用,则可以单独执行如下的脚本进行安装:

点击(此处)折叠或打开

  1. sqlplus / as sysdba
  2. run ?/rdbms/admin/catnacl.sql
  3. run ?/rdbms/admin/dbmsnacl.sql
  4. run ?/rdbms/admin/prvtnacl.plb

执行如下脚本可以判断是否已经安装了XDB组件:

SELECT SCHEMA,COMP_NAME, VERSION, STATUS FROM DBA_REGISTRY WHERE COMP_NAME LIKE '%Oracle XML Database%';

官网: https://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm#CHDJFJFF

When you create access control lists for network connections, you should create one access control list dedicated to a group of common users, for example, users who need access to a particular application that resides on a specific host computer. For ease of administration and for good system performance, do not create too many access control lists. Network hosts accessible to the same group of users should share the same access control list.

 简单点说:Oracle允许使用几个PL/SQL API(UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP和 UTL_INADDR)访问外部网络服务。需要进行权限授权才可以,比如需要通过oracle发送邮件。

下面是几个常用的定义acl的相关方法:

1. 创建访问控制列表

  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'www.xml',

                                    description => 'WWW ACL',

                                    principal   => 'HR',  -- 

 赋予权限给哪个用户

                                    is_grant    => true, -- true表示授予权限 false表示取消权限

                                    privilege   => 'connect');

2.   使用ADD_PRIVILEGE存储过程将其他的用户或角色添加到访问控制列表中,它的参数与CREATE_ACL存储过程的参数类似,

省略了DESCRIPTION参数,同时增加了POSITION参数,它用于设置优先顺序。

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'www.xml',

                                       principal => 'HR',

                                       is_grant  => true,

                                       privilege => 'resolve');

3.使用ASSIGN_ACL存储过程给网络分配访问控制列表

  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl  => 'www.xml',

                                    host => '*.qq.com'); --主机名,域名,ip地址或分配的子网,主机名大小写敏感,ip地址和域名允许使用通配符  

4.UNASSIGN_ACL存储过程允许你手动删除访问控制列表,它使用的参数与ASSIGN_ACL存储过程相同,使用NULL参数作为通配符。

DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(host => 'www.qq.com');

5.删除上面的控制列表

DBMS_NETWORK_ACL_ADMIN.drop_acl ( acl => 'www.xml');

6. 查询创建的ACL信息

SELECT host, lower_port, upper_port, acl,

     DECODE(

         DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'HR', 'connect'),

            1, 'GRANTED', 0, 'DENIED', NULL) privilege

     FROM dba_network_acls

ORA-24247: network access denied by access control list (ACL) 错误处理

及DBMS_NETWORK_ACL_ADMIN用法汇总

通过oracle的存储过程发邮件,出现问题,具体过程如下:

发邮件的存储过程PROC_SENDMAIL_SIMPLE在A用户,而B用户要调用A用的PROC_SENDMAIL_SIMPLE来发邮件。

其中,A用户已经把PROC_SENDMAIL_SIMPLE的执行权限给了B用户

grant execute on PROC_SENDMAIL_SIMPLE to B;

但是在B用户的存储过程中调用PROC_SENDMAIL_SIMPLE依然报错

ORA-24247: 网络访问被访问控制列表 (ACL) 拒绝

ORA-24247: network access denied by access control list (ACL) 

发生这个错误是因为网络访问控制列表管理着用户访问网络的权限。

========

解决办法:

========

拥有DBA权限的用户执行下面的SQL,分3部分

BEGIN

--1.创建访问控制列表sendmail.xml,sendmail.xml控制列表拥有connect权限,并把这个权限给了B用户,

  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(

                       acl=> 'sendmail.xml',                       -- ACL的名字,自己定义    

                       description => 'sendmail ACL',          -- ACL的描述

                       principal   => 'B',                              -- 这里是用户名,大写,表示把这个ACL的权限赋给B用户

                       is_grant    => true,                            --true:授权 ;false:禁止

                        privilege   => 'connect');                     --授予或者禁止的网络权限

--2.为sendmail.xml控制列表添加resolve权限,且赋给B用户

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(

                           acl=> 'sendmail.xml',

                                       principal => 'B',

                                       is_grant  => true,

                                       privilege => 'resolve');

--3.为控制列表ACL sendmail.xml分配可以connect和resolve的host

  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(

                        acl  => 'sendmail.xml',

                                    host => 'smtp.163.com'); --smtp.163.com是邮箱服务器主机名

END;

/

COMMIT;

再次在用户B调用A的PROC_SENDMAIL_SIMPLE发邮件过程,成功发送邮件。

======================联想到其他情况======================

情况1:同一个ACL给多个用户使用

用户B调用A的发邮件存储过程PROC_SENDMAIL_SIMPLE,那么C用户很可能也要这么做。

这时,不必创建一个新的ACL,用原有的ACL sendmail.xml即可,也就是把sendmail.xml给用户C使用。

这样C用户自然可以访问网络发送邮件。

BEGIN

--给C用户resolve权限

  DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'sendmail.xml',

                                       principal => 'C',

--给C用户 conenct权限

                                       privilege => 'connect');

情况2:取消给ACL sendmail.xml 指派的主机smtp.163.com ,也就是所有使用sendmail.xml 的用户都不能connect和resolve主机smtp.163.com

<1>查看一下

select * from dba_network_acls;

HOST          LOWER_PORT  UPPER_PORT          ACL               ACLID

-----------------     ------------------     -----------------     ---------------------     --------------------------

smtp.163.com                              /sys/acls/sendmail.xml     D07B6F4707E7EFFDE040007F01005C7F

<2>收回sendmail.xml控制列表中访问smtp.163.com的权限

  DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(host => 'smtp.163.com');

<3>

不过这时ACL sendmail.xml依然存在,只不过sendmail.xml中没有任何主机信息

<4>那么怎么让sendmail.xml重新能访问smtp.163.com呢?

                                    host => 'smtp.163.com');

<5>再次看,sendmail.xml中含有主机smtp.163.com了

HOST               LOWER_PORT UPPER_PORT ACL                      ACLID

-------------------- ---------- ---------- ------------------------------ --------------------------------

smtp.163.com                       /sys/acls/sendmail.xml       D07B6F4707xFFDExx007F01005C7F

情况3:取消B用户使用sendmail.xml ACL,B用户不能访问smtp.163.com 主机了

  DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE(

        acl         => 'sendmail.xml',

        principal   => 'B')

=========================================================================

================DBMS_NETWORK_ACL_ADMIN知识汇总==================

说了这么多,其实都是对DBMS_NETWORK_ACL_ADMIN过程的使用。

下面是DBMS_NETWORK_ACL_ADMIN的相关只是汇总。

1.创建ACL

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (

   acl             IN VARCHAR2,

   description     IN VARCHAR2,

   principal       IN VARCHAR2,

   is_grant        IN BOOLEAN,

   privilege       IN VARCHAR2,

   start_date      IN TIMESTAMP WITH TIMEZONE DEFAULT NULL,

   end_date        IN TIMESTAMP WITH TIMEZONE DEFAULT NULL );

例子:

  DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'www.xml',

                                    description => 'WWW ACL',

                                    principal   => 'SCOTT',

                                    is_grant    => true,

                                    privilege   => 'connect');

2.为ACL添加权限

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (

   position        IN PLS_INTEGER DEFAULT NULL,

   start_date      IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL,

   end_date        IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL );

                          acl => 'www.xml',

                                       principal => 'SCOTT',

3.指派ACL可以访问的host

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (

   acl         IN VARCHAR2,

   host        IN VARCHAR2,

   lower_port  IN PLS_INTEGER DEFAULT NULL,

   upper_port  IN PLS_INTEGER DEFAULT NULL);

注意:host这个参数可以写作

一个网址:www.us.oracle.com

也可以是一个网段:*.us.oracle.com或者*.oracle.com或者*.com

当然也可以是所有host:*

   DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(

     acl         => 'us-oracle-com-permissions.xml',

     host        => '*.us.oracle.com',

     lower_port  => 80);

4.检测用户是否拥有某个ACL中的某个权限

DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE (

   user            IN VARCHAR2,

   privilege       IN VARCHAR2)

  RETURN NUMBER;

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

如scott拥有sendmail.xml中的resolve权限

SELECT DECODE(

  DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(

       'sendmail.xml', 'SCOTT', 'resolve'),

  1, 'GRANTED', 0, 'DENIED', NULL) PRIVILEGE

FROM DUAL;

PRIVILE

-------

GRANTED

5.删除acl中的connect或者resolve权限

DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE (

   acl           IN VARCHAR2,

   principal     IN VARCHAR2,

   is_grant      IN BOOLEAN DEFAULT NULL,

   privilege     IN VARCHAR2 DEFAULT NULL);

        acl         => 'us-oracle-com-permissions.xml',

        principal   => 'ST_USERS')

6.删除ACL

DBMS_NETWORK_ACL_ADMIN.DROP_ACL (

   acl           IN VARCHAR2);

   DBMS_NETWORK_ACL_ADMIN.DROP_ACL(

      acl => 'us-oracle-com-permissions.xml');

7.取消ACL已分配的host

DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL (

   acl         IN VARCHAR2 DEFAULT NULL,

   host        IN VARCHAR2 DEFAULT NULL,

   DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(

8.查看语句

--ACL的信息,包括host,ACL名字等。

--各用户对应的ACL,用户拥有的权限

select acl,principal,privilege,is_grant,to_char(start_date, 'dd-mon-yyyy') as start_date,to_char(end_date, 'dd-mon-yyyy') as end_date from dba_network_acl_privileges;

参考

http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm

How To Install Package DBMS_NETWORK_ACL_ADMIN (文档 ID 1118447.1)

In this Document

Goal
Fix
References

APPLIES TO:

Oracle Server - Enterprise Edition - Version 11.2.0.1 and later

Information in this document applies to any platform.

***Checked for relevance on 24-Oct-2012*** 

GOAL

How to install the dbms_network_acl_admin package?

FIX

The DBMS_NETWORK_ACL_ADMIN package is installed when the XDB component is being installed. To install XDB follow the procedure outlined in  Note 1292089.1 - Master Note for Oracle XML Database (XDB) Installation.

If XDB is already installed but the ACL package is not available and a reinstall of XDB is not possible then the only way to install the DBMS_NETWORK_ACL_ADMIN package is to run the *nacl scripts: 

sqlplus / as sysdba 

run ?/rdbms/admin/catnacl.sql 

run ?/rdbms/admin/dbmsnacl.sql

run ?/rdbms/admin/prvtnacl.plb

REFERENCES

NOTE:207959.1

  - All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault

NOTE:1292089.1

  - Master Note for Oracle XML Database (XDB) Install / Deinstall

Master Note for Oracle XML Database (XDB) Install / Deinstall (文档 ID 1292089.1)

In this Document

Details
Actions
Best Practices
Reloading XDB
Oracle 9i - XDB Reload
Oracle 10.1 and above - XDB Reload
Deinstalling and Reinstalling XDB
9.2 - XDB Removal and Reinstall
10g - XDB Removal and Reinstall
11g - XDB Removal and Reinstall
11.1 - XDB Removal and Reinstall
11.2 - XDB Removal and Reinstall
Verify XDB Installation
Known Issues
Contacts

Oracle Database - Enterprise Edition - Version 9.2.0.3 to 12.1.0.1 [Release 9.2 to 12.1]

Oracle Multimedia - Version 11.2.0.3 to 11.2.0.3 [Release 11.2]

***Checked for relevance on 13-Oct-2014*** 

DETAILS

如何安装DBMS_NETWORK_ACL_ADMIN包?

This master note provides information for DBA's on removing and installing XML Database (XDB). This note covers releases 9.2.0.3 through 11.2.

If XDB must be reinstalled in a database supporting Ebusiness Suite there are some actions to do on the database before removing XDB and that needs to be defined with the EBS team.

For example if iSetup exists, iSetup dependency with Deinstall and Reinstall of XMLDB (Doc ID 402785.1)

should be followed before and after the XDB reinstallation.

For an EBS database please consult with the EBS team before reinstalling XDB.

Ask Questions, Get Help, And Share Your Experiences With This Article

Would you like to explore this topic further with other Oracle Customers, Oracle Employees, and Industry Experts?

(

  Click here to join the discussion where you can ask questions, get help from others, and share your experiences with this specific article.)

Discover discussions about other articles and helpful subjects by clicking 

  here to access the main My Oracle Support Community page for Oracle XDB.

ACTIONS

  • Please note that 9.2.0.3 is a mandatory minimum patch level for XDB. Customers using XDB must be on Oracle database version 9.2.0.3 or higher.
  • If the XML DB features are currently being utilized and you have experienced an invalid XML DB repository or installation, point-in-time recovery to a point prior to when the problem occurred is recommended. If XDB is removed and reinstalled, and the feature is being used, data loss can occur. Removing XDB by running catnoqm.sql does the following:
    • Deletes all information stored in the oracle XML DB repository and XDB database schema.
    • Permanently invalidates any xmltype tables or columns that are associated with a registered XML schema. If the XDB user is dropped, there is no way to recover the data in these xmltype tables or columns.
  • Please confirm whether XDB is being used in your environment prior to attempting removal and reinstall. To accomplish this, refer to the following documents:

(

  Doc ID 742156.1) 9iR2: How to Determine if XDB is Being Used in the Database? 

  Doc ID 742113.1) 10g: How to Determine if XDB is Being Used in the Database? 

  Doc ID 733667.1) 11g: How to Determine if XDB is Being Used in the Database?

Please note, later versions of RDA provides some details on the current status of the XDB component. Please see the following document for more information on RDA:
  Doc ID 314422.1) Remote Diagnostic Agent (RDA) 4 - Getting Started
  • The following database components / features also use XDB:
  • Oracle Application Express (APEX)
  • Oracle Expression Filter
  • Oracle interMedia / Multimedia DICOM
  • Oracle Multimedia Image metadata extraction of EXIF, ORDIMAGE, IPTC and XMP metadata
  • Spatial (including Oracle Locator)
  • OLAP
  • Oracle Applications such as iRecruitment
  • Any procedure using UTL_TCP, UTL_HTTP, UTL_SMTP
  • XMLTYPE operations
  • XBRL (Extensible Business Reporting Language) from 11.2.0.2 onwards
  • It is recommended to take a full backup of the database before removing / reinstalling XDB. This is a good precautionary measure for situations where it is needed to go back to the original state of the database. Please see the following document for more information:
  Doc ID 858321.1) How To Backup XML Database (XDB)
  • Be sure to follow the exact steps listed whenever reloading the XDB component or reinstalling XDB. This includes a startup/shutdown of the database, as failure to do so can cause the XDB installation to fail with an internal error similar to the following: ORA-7445 [qmr_hdl_copy()+48].
  • AL32UTF8 is the recommended characterset for XML Database (XDB). AL32UTF8 supports all valid characters for XDB. You should only use a non-AL32UTF8 characterset if you can guarantee that all your XDB data is part of the characterset. If you aren't using AL32UTF8, it is typically recommended to convert to the database character set AL32UTF8. If you are not using AL32UTF8, there could be possible character losses or characterset conversion errors.
  • RAC procedures. 
    • If you are reloading XDB on an RAC cluster, all nodes must be shutdown and restarted to avoid inconsistent memory structures.
    • Please note, if running xdbrelod.sql for a RAC environment to avoid errors ORA-1092 and ORA-39701:
    • Shutdown database database cleanly
    • The "cluster_database" parameter should be set to value "false" so for init.ora parameter file set cluster_database=false
    • Start only one instance and execute script for XDB reload
    • Revert cluster_database=true and restart database
  • Always review the compatibility parameter to ensure that it is set to the same version as the database so that all XDB functionality associated with that database version is available.
  • Before installing or upgrading XDB, make sure the LD_LIBRARY_PATH / LIBPATH / SHLIB_PATH environment variable is set correctly.  That is, the first directory referenced should be $ORACLE_HOME/lib.  This environment variable is used to resolve the location of the shared library "libxdb.so (libxdb.sl on HP)". 
  • XDB must have execute permissions on the DBMS_LOB, UTL_FILE, DBMS_JOB, UTL_RAW  and DBMS_SQL packages.  XDB automatically has these privileges because they are granted to PUBLIC by default.  If these privileges have been revoked from PUBLIC for security reasons, errors will be reported during the installation / upgrade of XDB and some XDB objects will become invalid, making the component itself invalid.  Therefore, it is recommended to grant these privileges back to PUBLIC before installing /upgrading XDB. Then after the install/upgrade, grant execute permissions on these packages directly to XDB and revoke the privileges from PUBLIC.  After a successful installation of XDB, execute the following:

                  connect / as sysdba

                  grant execute on DBMS_LOB to XDB;

                  grant execute on UTL_FILE to XDB;

                  grant execute on DBMS_SQL to XDB;

                  grant execute on DBMS_JOB to XDB;

                  grant execute on DBMS_STATS to XDB;

                  grant execute on UTL_RAW  to XDB;

                  revoke execute on DBMS_LOB from PUBLIC;

                  revoke execute on UTL_FILE from PUBLIC;

                  revoke execute on DBMS_SQL from PUBLIC;

                  revoke execute on DBMS_JOB from PUBLIC;

                  revoke execute on UTL_RAW  from PUBLIC;

         Please be sure to review the note listed below whenever revoking execute permissions from PUBLIC:

         (Doc ID 247093.1) Be Cautious When Revoking Privileges Granted to PUBLIC

  • Make sure you do not have a table named XDB or any synonyms pointing to XDB objects.  Otherwise, this will lead to errors such as ORA-01422: exact fetch returns more than requested number of rows. Please see the following documents for more information:

           (Doc ID 1332182.1) ORA-01422 from DBMS_XS_PRINCIPAL_EVENTS_INT DBA|ALL|USER_XSC_* and DBA|ALL|USER_XDS_*

          (Doc ID 1574173.1) Selecting from SYS.RESOURCE_VIEW Fails with ORA-01422 and selecting from SYS.DBA_NETWORK_ACLS Fails with ORA-600 [qmxqtmChkXQAtomMapSQL:2]

  • XDB is included with the Oracle RDBMS.  It is not licensed separately.

The reload procedure recreates all of the PL/SQL packages and types. It can be helpful in addressing an INVALID status of XDB in DBA_REGISTRY, invalid XDB-specific objects, etc.  An XDB reload is always preferred over an XDB removal and reinstall. Since xdbrelod.sql is called in xdbpatch.sql, you can alternatively run xdbpatch.sql to recreate all of the XDB related packages.

spool xdbreload.log

connect / as sysdba

set echo on;

shutdown immediate;

startup migrate;

@?/rdbms/admin/xdbrelod.sql

startup;

@?/rdbms/admin/utlrp.sql

spool off

startup upgrade;

  • Prior to upgrading a database with XML Database (XDB) installed or installing XDB, be sure to run the following code listed below to determine if any objects need to be dropped. Please note, failure to run the code listed below could result in data loss of user objects like tables, indexes. This is fully documented in:

          (Doc ID 1573175.1) Upgrading or Installing XDB could result in data loss if XDB_INSTALLATION_TRIGGER exists

connect  / as sysdba

set serveroutput on

DECLARE

    v_xdb_installation_trigger number;

    v_dropped_xdb_instll_trigger number;

    v_dropped_xdb_instll_tab number;

BEGIN

    select count(*) into v_xdb_installation_trigger

    from dba_triggers

    where trigger_name = 'XDB_INSTALLATION_TRIGGER' and owner = 'SYS';

    select count(*) into v_dropped_xdb_instll_trigger

    where trigger_name = 'DROPPED_XDB_TRIGGER' and owner = 'SYS';

    select count(*) into V_dropped_xdb_instll_tab

    from dba_tables

    where table_name = 'DROPPED_XDB_INSTLL_TAB' and owner = 'SYS';

  IF v_xdb_installation_trigger > 0 OR v_dropped_xdb_instll_trigger > 0 OR v_dropped_xdb_instll_tab > 0 then

  IF v_xdb_installation_trigger > 0 THEN

dbms_output.put_line('Please proceed to run the command SQL> drop trigger sys.xdb_installation_trigger');

--   drop trigger sys.xdb_installation_trigger;

  END IF;

  IF v_dropped_xdb_instll_trigger > 0 THEN

   dbms_output.put_line('Please proceed to run the command SQL> drop trigger sys.dropped_xdb_instll_trigger');

--   drop trigger sys.dropped_xdb_instll_trigger;

  IF v_dropped_xdb_instll_tab > 0 THEN

   dbms_output.put_line('Please proceed to run the command SQL> drop table sys.dropped_xdb_instll_tab');

--   drop table sys.dropped_xdb_instll_tab;

   ELSE

   dbms_output.put_line('Please proceed to run the XDB install or upgrade');

END;

/

  • Use XDB removal and reinstall only if not using this feature or under the direction of Oracle Support after it has been verified which objects will need to be recreated.
  • For database releases 10.1.x and above, XDB is mandatory in order to use any of the XMLTYPE functions. This is true even if the XDB repository is not being used and/or there are no registered schemas.
  • Prior to Oracle 11.1, a valid installation of JAVA Virtual Machine (JVM) is required.
  • Prior to Oracle 10.2, a valid installation of XDK is also required.
  • Allocate at least 350 MB or enable the autoextend on the datafile for the XDB repository tablespace datafile. To determine if the XDB tablespace has the necessary space to run the XDB installation, execute the following PL/SQL procedure:

set serveroutput on

    v_exists number;

    V_size number;

    select count(*) into v_exists

    from dba_tablespaces

    where tablespace_name = 'XDB';

  IF v_exists > 0 THEN

    select bytes into v_size

    from dba_data_files

  IF v_size > 209715200 then

   dbms_output.put_line('XDB tablespace exists and is greater than 200 MB.

                         Please proceed with XDB install.');

  ELSE

    dbms_output.put_line('XDB tablespace exists and but is smaller than 

                          200 MB. If you wish to install all the XDB

                          metadata into the XDB tablespace, then please add

                          more space so that its greater than 200 MB before

                          installing XDB.');

    dbms_output.put_line('XDB tablespace does not exist. Please either

                          create XDB tablespace of at least 200 MB or

                          specify another tablespace when installing XDB.');

 END IF;

  • Ensure that the SHARED_POOL_SIZE and JAVA_POOL_SIZE is set to at least 250 MB.
  • When XDB has been deinstalled and reinstalled for whatever reason the XML Schemas for Oracle Multimedia/interMedia and Spatial will have to be reinstalled as well. Please reference the following documents:

    10g for both Spatial/interMedia:

    (Doc ID 558834.1) How To Re-register XML Schemas After XDB Has Been Re-installed?

    11g:

    For Multimedia please look at (Doc ID 965892.1) How To Reload Oracle Multimedia Related Information When XML Database (=XDB) Has Been Reinstalled

    For Spatial please look at (Doc ID 1180293.1) How To Reload Oracle Spatial Related Information When XML Database (XDB) Has Been Reinstalled

  • If you have any doubts/concerns with reinstalling XDB or you need further assistance, please contact Oracle Support and log a Service Request.

XDB Removal

spool xdb_removal.log

connect / as sysdba

startup

@?/rdbms/admin/catnoqm.sql

@?/rdbms/admin/catproc.sql

set pagesize 1000

col owner format a8

col object_name format a35

select owner, object_name, object_type, status

from dba_objects

where status = 'INVALID' and owner = 'SYS';

spool off;

Some XDB related objects in the SYS schema are not dropped during the removal of XDB.  Please see the following document for cleaning up these objects:

(Doc ID 285045.1) Resolving Invalid XDB Objects After XDB Has Been Deinstalled From A Database

XDB Installation

The catqm.sql script requires the following parameters be passed to it when run:

A. XDB user password

B. XDB user default tablespace

   * The SYSTEM, UNDO and TEMP tablespace cannot be specified.

   * The specified tablespace must already exist prior to running the script.

   * A tablespace other than SYSAUX should be specified, especially if you expect Oracle XML DB Repository to contain a large amount of data.

   * For example:

      create tablespace XDB

      datafile 'xxxxxxxxx.dbf' size 2000M

      extent management local uniform size 256K segment space management auto;

C. XDB user temporary tablespace

The syntax to run catqm.sql is the following:

SQL> @?/rdbms/admin/catqm.sql A B C

For example:

SQL> @?/rdbms/admin/catqm.sql xdb XDB TEMP

## IMPORTANT: You must shutdown and restart the database between removal and reinstall ##

spool xdb_install.log

@?/rdbms/admin/catqm.sql -- substitute the parameters with appropriate values

@?/rdbms/admin/catxdbj.sql 

The catnoqm.sql script drops XDB.

Some XDB related objects in the SYS schema are not dropped during the removal of XDB.  Also, the SYS.KU$_% views will become invalid.  Please see the following document for cleaning up these objects:

(Doc ID 1375280.1) Invalid KU$ Views and CATALOG, CATPROC components after XDB Deinstall in 10.2

The syntax to run catqm.sql is the following:

  • When a binary XMLType is created, the data is stored in a proprietary format on disk that represents a post parse persistence model. This requires the need to store information about how to transverse the XML data without having to parse it again. The data that is stored in order to accomplish this is maintained in dictionary type tables in the XDB user schema, not in the user schema that created the table. What this means is that the removal script drops the XDB user and in turn loses this information from both Binary and Object-Relational xmltype tables/columns. So if directed to remove and reinstall XDB with the catnoqm.sql and catqm.sql scripts, run the following code block to verify that no Binary and/or Object Relational XMLType tables and columns exist:

connect / as sysdba

--

-- Check the storage of XMLType tables.

select owner, table_name

from dba_xml_tables

where storage_type in ('OBJECT-RELATIONAL', 'BINARY');

-- A default seed database with the example schemas installed

-- will have ones owned by XDB, MDSYS and OE.

-- Check the storage of XMLType columns.

from dba_xml_tab_cols

-- will have ones owned by XDB, MDSYS, ORDDATA, APEX_030200 and OE.

-- Please see the following section as it relates to ORDDATA and APEX_030200

  • If it is necessary to re-install XDB and you would like to put back all binary data into the database without having to reload this from XML files, please contact support on how to do this:
  • What if the database is using the DICOM and/or Oracle Application Express (APEX) features?
If the above code block has objects owned by ORDDATA and/or APEX_030200, it means those components are installed in the database. If those components are being used in a production capacity, XDB should not be removed and reinstalled as data that is maintained in the XDB user schema will be lost.
  • The default XMLType storage model is used if a storage model is not specified when creating an XMLType table or column. Prior to Oracle Database 11g Release 2, unstructured (CLOB) storage was used by default. The default storage model is now binary XML storage.

Please see the following document for more information:

  Doc ID 1207893.1) Change in default storage model of XMLType to BINARY XML in 11.2.0.2

  • Beginning with 11g, JAVA Virtual Machine (JVM) is no longer required for a successful installation of XDB. However, if an attempt is made to run XQUERY statements which use a functional evaluation path, an error will be thrown stating that JVM is not installed. Also note that JVM must be installed for XDK functionality.
  • Beginning with 11.2, XDB now supports SecureFiles. To use SecureFiles, compatibility must be set to 11.2. If SecureFiles will be used, the tablespace specified for the XDB repository must be using Automatic Segment Space Management (ASSM).
Since SecureFiles is now supported with 11.2, an additional parameter was added to the catqm.sql script in that release.

(Doc ID 1269470.1) XDB Deinstallation script catnoqm.sql leads to Invalid SYS Objects 

     create tablespace XDB

     datafile 'xxxxxxxxx.dbf' size 2000M

     extent management local uniform size 256K segment space management auto;

D. YES or NO

   * If YES is specified, the XDB repository will use SecureFile storage.

   * If NO is specified, LOBS will be used.

   * To use SecureFiles, compatibility must be set to 11.2.

   * The tablespace specified for the XDB repository must be using Automatic Segment Space Management (ASSM) for SecureFiles to be used.

SQL> catqm.sql A B C D

For Example:

SQL> @?/rdbms/admin/catqm.sql xdb XDB TEMP YES

12.1 - XDB is Mandatory

Oracle XML DB is now a mandatory component of Oracle Database. You cannot uninstall it, and if Oracle XML DB is not already installed in your database prior to an upgrade to Oracle Database 12c Release 1 (12.1.0.1) or later, then it is automatically installed in tablespace SYSAUX during the upgrade. If Oracle XML DB has thus been automatically installed, and if you want to use Oracle XML DB, then, after the upgrade operation, you must set the database compatibility to at least 12.1.0.1. If the compatibility is less than 12.1.0.1 then an error is raised when you try to use Oracle XML DB.

spool xdb_status.txt

set pagesize 1000

col comp_name format a36

col version format a12

col status format a8

col owner format a12

col name format a25

-- Check status of XDB

select comp_name, version, status

from dba_registry

where comp_id = 'XDB';

-- Check for invalid objects

select owner, object_name, object_type, status

where status = 'INVALID'

and owner in ('SYS', 'XDB');

spool off;

  • If for any reason the catqm.sql script fails, it is recommended to look at log files to determine the reason why the install failed. If the script doesn't complete OR if the following error is reported after repeating the XDB installation:

ORA-04098: trigger 'SYS.XDB_INSTALLATION_TRIGGER' is invalid and failed re-validation. 

If this occurs, implement the steps in the following documents:

  Doc ID 1573175.1) Upgrading or Installing XDB could result in data loss if XDB_INSTALLATION_TRIGGER exists
  Doc ID 331378.1) Running catqm.sql Leads to ORA-4098 Trigger 'SYS.XDB_INSTALLATION_TRIGGER' is Invalid
  • Some times one or more of the following errors can be encountered when installing XDB, upgrading XDB, configuring APEX, running an Export, or selecting from xdb.xdb$resource/sys.dba_network_acls:

ORA-31159: XML DB is in an invalid state

ORA-00600: internal error code, arguments: [unable to load XDB library]

ORA-00600: internal error code, arguments: [qmx: no ref]

ORA-00600: internal error code, arguments: [qmtGetColumnInfo1]

ORA-00600: internal error code, arguments: [qmtb_init_len]

ORA-00600: internal error code, arguments: [qmtGetBaseType]

ORA-00600: internal error code, arguments: [psdnop-1], [600]

ORA-00600: internal error code, arguments: [qmtInit1]

ORA-07445: exception encountered: core dump [_memcpy()+224] [SIGSEGV] [Address not mapped to object]

ORA-19051 Cannot Use Fast Path Insert For This XMLType Table

ORA-31011: XML parsing failed

Errors of this sort generally occur when the init routines for the internal XDB functions are run in an invalid environment, causing memory corruption.

This can happen if the database was ever started with the LD_LIBRARY_PATH (LIBPATH for AIX or SHLIB_PATH for HP) pointing to the wrong $ORACLE_HOME/lib directory rather than to the correct location for the instance. The LD_LIBRARY_PATH/LIBPATH/SHLIB_PATH environment variable is used to resolve the location of the shared library "libxdb.so (libxdb.sl on HP)".

To resolve this issue, please do the following:

1. Stop the listener and shutdown the database
2. Set LD_LIBRARY_PATH (LIBPATH for AIX or SHLIB_PATH for HP) as follows:

    csh: setenv LD_LIBRARY_PATH $ORACLE_HOME/lib:

    ksh: export LD_LIBRARY_PATH=$ORACLE_HOME/lib:

3. If a client connects to an 11g instance using a 10g listener, modify or add the ENVS= "LD_LIBRARY_PATH" to the listener.ora file 

    so that it points to the 11g instance:

    SID_LIST_LISTENER =

     (SID_LIST =

     (SID_DESC =

     (SID_NAME = PLSExtProc)

    ...

     )

    (SID_DESC =

     (SID_NAME =11gSID)

     (ORACLE_HOME =/opt/oracle/product/11.1.0)

     (ENVS= "LD_LIBRARY_PATH=/opt/oracle/product/11.1.0/lib")

     )

    )

4. If a client connects to a 10g instance using an 11g listener, modify or add the ENVS= "LD_LIBRARY_PATH" to the listener.ora file 

    so that it points to the 10g instance:

    SID_LIST_LISTENER =

     (SID_LIST =

     (SID_DESC =

     (SID_NAME = PLSExtProc)

    (SID_DESC =

     (SID_NAME =10gSID)

     (ORACLE_HOME =/opt/oracle/product/10.2.0)

     (ENVS= "LD_LIBRARY_PATH=/opt/oracle/product/10.2.0/lib")

    )

5.  On AIX only, to remove any currently unused modules in the kernel and library memory, run /usr/sbin/slibclean as root.

6. Restart the database and the listener.

  • It is possible to check the current settings of LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH by referencing the following document:

           (Doc ID 373303.1)  How to Check the Environment Variables for an Oracle Process

  • XDB is invalid after installation or upgrade and there are invalid XDB objects which fail to compile with the following errors:

           PLS-00201: identifier 'DBMS_LOB' must be declared

           or

           PLS-00201: identifier 'UTL_FILE' must be declared

           XDB does not have execute permissions on the DBMS_LOB and UTL_FILE packages.

           Please reference the following documents:

           (Doc ID 429551.1)  Invalid XDB Objects After XDB Install 

           (Doc ID 1105245.1)  XDB Is INVALID In DBA_REGISTRY After Having Revoked Privileges: What Privileges Are Needed?

  • (Doc ID 243555.1) Create DB or Installing XDB Fails ORA-22973
  • (Doc ID 1168180.1) Error ORA-46105 When Trying To Create An ACL
  • If the error message "ORA-04043: object XDB_DATASTORE_PROC does not exist" is encountered during XDB installation, this indicates that Oracle Text was not installed.

Please reference the following document for details:

  Doc ID 360907.1) Catupgrd.sql Gives ORA-4043 Error On XDB_DATASTORE_PROC

  • Prior to 11.2, if XDB is deinstalled and not reinstalled, orphaned XSD objects can exist that will need to be dropped manually. Please review the document below:

  Doc ID 1273520.1) After de-installing XDB many XSD objects are invalid 

On release 11.2 onwards, catnoqm.sql will remove these objects.

Specific to 11.2

  • (Doc ID 1273944.1) Installation of XDB failed with ORA-20004: Tablespace system is not ASSM, ORA-43853
  • (Doc ID 1086092.1) ORA-60019: Creating initial extent of size X installing XDB with SECUREFILES
  • Regardless of the option specified for SECUREFILES when installing XDB, XDB's default tablespace MUST BE an ASSM tablespace if COMPATIBLE >= 11.2. Please review the document below:

          (Doc ID 1337065.1) XDB is INVALID after ORA-31084 ORA-43853 errors during install

  • If you have 'Password Complexity Verification' function enabled at the time of manual install then in 11.1.x or 11.2.x install may fail with the error message:

             ORA-28003: password verification for the specified password failed

             ORA-20001: Password length less than 8

             Please reference the following document for details:

            (Doc ID 1297620.1) XDB is INVALID in DBA_REGISTRY after Fresh Installation

The window below is a live discussion of this article (not a screenshot). We encourage you to join the discussion by clicking the "Reply" link below for the entry you would like to provide feedback on. If you have questions or implementation issues with the information in the article above, please share that below.

CONTACTS

继续阅读