alter table credit_rating modify (person_id encrypt);
-- if you plan to create indexes on an encrypted column, you must create it with NO SALT
-- see if the columns in question are part of a foreign key relationship. 

ALTER TABLE orders MODIFY (credit_card_number) ENCRYPT NO SALT) 

-- rekey the master key
alter system set key identified by “e3car61”;

-- rekey the column keys without changing the encryption algorithm:
ALTER TABLE employee REKEY;



CREATE TABLE test_lob (
      id           NUMBER(15)
    , clob_field   CLOB
    , blob_field   BLOB
    , bfile_field  BFILE
)
/

alter table test_lob modify (clob_field encrypt no salt);


-- error on 11gR1
04:33:36 HR@db01> alter table test_lob modify (clob_field encrypt no salt);
alter table test_lob modify (clob_field encrypt no salt)
*
ERROR at line 1:
ORA-43854: use of a BASICFILE LOB where a SECUREFILE LOB was expected


-- error on 11gR2
00:06:54 HR@dbv_1> alter table test_lob modify (clob_field encrypt no salt);
alter table test_lob modify (clob_field encrypt no salt)
*
ERROR at line 1:
ORA-43856: Unsupported LOB type for SECUREFILE LOB operation



-- table should be altered to securefile first.. then encrypt
CREATE TABLE test1 (doc CLOB ENCRYPT USING 'AES128') 
	LOB(doc) STORE AS SECUREFILE 
(CACHE NOLOGGING ); 

this of course can be done with online redef http://gjilevski.com/2011/05/11/migration-to-securefiles-using-online-table-redefinition-in-oracle-11gr2/
http://www.oracle-base.com/articles/11g/secure-files-11gr1.php#migration_to_securefiles
see tiddler about dbms_redef

migration to securefiles

-- query table info 

col column_name format a30
select table_name, column_name, securefile, encrypt from user_lobs;

TABLE_NAME                     COLUMN_NAME                    SEC
------------------------------ ------------------------------ ---
TEST_LOB                       CLOB_FIELD                     NO
TEST_LOB                       BLOB_FIELD                     NO


col clob format a30
col blob format a30
SELECT
      id
    , clob_field "Clob"
    , UTL_RAW.CAST_TO_VARCHAR2(blob_field) "Blob"
FROM hr.test_lob;


-- create interim table
	
CREATE TABLE hr.test_lob_tmp (
      id           NUMBER(15)
    , clob_field   CLOB 
    , blob_field   BLOB
    , bfile_field  BFILE
)
LOB(clob_field) STORE AS SECUREFILE (CACHE)
/
alter table hr.test_lob_tmp modify (clob_field encrypt no salt);


-- after encrypt and migration to securefiles

select table_name, column_name, securefile, encrypt from user_lobs;05:30:45 HR@db01> 05:30:45 HR@db01>

TABLE_NAME                     COLUMN_NAME                    SEC ENCR
------------------------------ ------------------------------ --- ----
TEST_LOB                       CLOB_FIELD                     NO  NONE
TEST_LOB                       BLOB_FIELD                     NO  NONE
TEST_LOB_TMP                   CLOB_FIELD                     YES YES
TEST_LOB_TMP                   BLOB_FIELD                     NO  NONE


-- do the redefinition

  
begin
execute immediate 'ALTER SESSION ENABLE PARALLEL DML';
execute immediate 'ALTER SESSION FORCE PARALLEL DML PARALLEL 4';
execute immediate 'ALTER SESSION FORCE PARALLEL QUERY PARALLEL 4';
dbms_redefinition.start_redef_table
(
uname => 'HR',
orig_table => 'TEST_LOB',
int_table => 'TEST_LOB_TMP',
options_flag => dbms_redefinition.CONS_USE_ROWID
);
end start_redef;
/

ERROR at line 1:
ORA-12088: cannot online redefine table "HR"."TEST_LOB" with unsupported datatype
ORA-06512: at "SYS.DBMS_REDEFINITION", line 52
ORA-06512: at "SYS.DBMS_REDEFINITION", line 1631
ORA-06512: at line 5

Do not attempt to online redefine a table containing a LONG column, an ADT column, or a FILE column. <-- of course!

alter table credit_rating modify (person_id encrypt);
-- if you plan to create indexes on an encrypted column, you must create it with NO SALT
-- see if the columns in question are part of a foreign key relationship. 

ALTER TABLE orders MODIFY (credit_card_number) ENCRYPT NO SALT) 

-- rekey the master key
alter system set key identified by “e3car61”;

-- rekey the column keys without changing the encryption algorithm:
ALTER TABLE employee REKEY;



CREATE TABLE test_lob (
      id           NUMBER(15)
    , clob_field   CLOB
    , blob_field   BLOB
    , bfile_field  BFILE
)
/

alter table test_lob modify (clob_field encrypt no salt);


-- error on 11gR1
04:33:36 HR@db01> alter table test_lob modify (clob_field encrypt no salt);
alter table test_lob modify (clob_field encrypt no salt)
*
ERROR at line 1:
ORA-43854: use of a BASICFILE LOB where a SECUREFILE LOB was expected


-- error on 11gR2
00:06:54 HR@dbv_1> alter table test_lob modify (clob_field encrypt no salt);
alter table test_lob modify (clob_field encrypt no salt)
*
ERROR at line 1:
ORA-43856: Unsupported LOB type for SECUREFILE LOB operation



-- table should be altered to securefile first.. then encrypt
CREATE TABLE test1 (doc CLOB ENCRYPT USING 'AES128') 
	LOB(doc) STORE AS SECUREFILE 
(CACHE NOLOGGING ); 

this of course can be done with online redef http://gjilevski.com/2011/05/11/migration-to-securefiles-using-online-table-redefinition-in-oracle-11gr2/
http://www.oracle-base.com/articles/11g/secure-files-11gr1.php#migration_to_securefiles
see tiddler about dbms_redef

migration to securefiles

-- query table info 

col column_name format a30
select table_name, column_name, securefile, encrypt from user_lobs;

TABLE_NAME                     COLUMN_NAME                    SEC
------------------------------ ------------------------------ ---
TEST_LOB                       CLOB_FIELD                     NO
TEST_LOB                       BLOB_FIELD                     NO


col clob format a30
col blob format a30
SELECT
      id
    , clob_field "Clob"
    , UTL_RAW.CAST_TO_VARCHAR2(blob_field) "Blob"
FROM hr.test_lob;


-- create interim table
	
CREATE TABLE hr.test_lob_tmp (
      id           NUMBER(15)
    , clob_field   CLOB 
    , blob_field   BLOB
    , bfile_field  BFILE
)
LOB(clob_field) STORE AS SECUREFILE (CACHE)
/
alter table hr.test_lob_tmp modify (clob_field encrypt no salt);


-- after encrypt and migration to securefiles

select table_name, column_name, securefile, encrypt from user_lobs;05:30:45 HR@db01> 05:30:45 HR@db01>

TABLE_NAME                     COLUMN_NAME                    SEC ENCR
------------------------------ ------------------------------ --- ----
TEST_LOB                       CLOB_FIELD                     NO  NONE
TEST_LOB                       BLOB_FIELD                     NO  NONE
TEST_LOB_TMP                   CLOB_FIELD                     YES YES
TEST_LOB_TMP                   BLOB_FIELD                     NO  NONE


-- do the redefinition

  
begin
execute immediate 'ALTER SESSION ENABLE PARALLEL DML';
execute immediate 'ALTER SESSION FORCE PARALLEL DML PARALLEL 4';
execute immediate 'ALTER SESSION FORCE PARALLEL QUERY PARALLEL 4';
dbms_redefinition.start_redef_table
(
uname => 'HR',
orig_table => 'TEST_LOB',
int_table => 'TEST_LOB_TMP',
options_flag => dbms_redefinition.CONS_USE_ROWID
);
end start_redef;
/

ERROR at line 1:
ORA-12088: cannot online redefine table "HR"."TEST_LOB" with unsupported datatype
ORA-06512: at "SYS.DBMS_REDEFINITION", line 52
ORA-06512: at "SYS.DBMS_REDEFINITION", line 1631
ORA-06512: at line 5

Do not attempt to online redefine a table containing a LONG column, an ADT column, or a FILE column. <-- of course!

migration to securefiles.. 2nd take.. without the bfile

mkdir -p /home/oracle/oralobfiles
grant create any directory to hr;


DROP TABLE test_lob CASCADE CONSTRAINTS
/

CREATE TABLE test_lob (
      id           NUMBER(15)
    , clob_field   CLOB
    , blob_field   BLOB
)
/

CREATE OR REPLACE DIRECTORY
    EXAMPLE_LOB_DIR
    AS
    '/home/oracle/oralobfiles'
/

INSERT INTO test_lob
    VALUES (  1001
            , 'Some data for record 1001'
            , '48656C6C6F' || UTL_RAW.CAST_TO_RAW(' there!') 
    );

COMMIT;

col clob format a30
col blob format a30
SELECT
      id
    , clob_field "Clob"
    , UTL_RAW.CAST_TO_VARCHAR2(blob_field) "Blob"
FROM test_lob;

######

-- create interim table
	
CREATE TABLE hr.test_lob_tmp (
      id           NUMBER(15)
    , clob_field   CLOB 
    , blob_field   BLOB
)
LOB(clob_field) STORE AS SECUREFILE (CACHE)
/
alter table hr.test_lob_tmp modify (clob_field encrypt no salt);


-- after encrypt and migration to securefiles

select table_name, column_name, securefile, encrypt from user_lobs;

TABLE_NAME                     COLUMN_NAME                    SEC ENCR
------------------------------ ------------------------------ --- ----
TEST_LOB                       CLOB_FIELD                     NO  NONE
TEST_LOB                       BLOB_FIELD                     NO  NONE
TEST_LOB_TMP                   CLOB_FIELD                     YES YES
TEST_LOB_TMP                   BLOB_FIELD                     NO  NONE


-- do the redefinition

  
begin
dbms_redefinition.start_redef_table
(
uname => 'HR',
orig_table => 'TEST_LOB',
int_table => 'TEST_LOB_TMP',
options_flag => dbms_redefinition.CONS_USE_ROWID
);
end start_redef;
/



begin
dbms_redefinition.sync_interim_table(
uname => 'HR',
orig_table => 'TEST_LOB',int_table => 'TEST_LOB_TMP');
end;
/



begin
dbms_redefinition.finish_redef_table
(
uname => 'HR',
orig_table => 'TEST_LOB',
int_table => 'TEST_LOB_TMP'
);
end;
/

select table_name, column_name, securefile, encrypt from user_lobs;

TABLE_NAME                     COLUMN_NAME                    SEC ENCR
------------------------------ ------------------------------ --- ----
TEST_LOB_TMP                   CLOB_FIELD                     NO  NONE
TEST_LOB_TMP                   BLOB_FIELD                     NO  NONE
TEST_LOB                       CLOB_FIELD                     YES YES       <-- it works!!
TEST_LOB                       BLOB_FIELD                     NO  NONE

13:38:55 HR@db01> desc test_lob
 Name                                                                                                                                             Null?     Type
 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------- --------------------------------------------------------------------------------------------------------------------
 ID                                                                                                                                        NUMBER(15)
 CLOB_FIELD                                                                                                                                CLOB ENCRYPT
 BLOB_FIELD                                                                                                                                BLOB

Install rlwrap and set alias

-- if you are subscribed to the EPEL repo
yum install rlwrap

-- if you want to build from source
# wget http://utopia.knoware.nl/~hlub/uck/rlwrap/rlwrap-0.37.tar.gz
# tar zxf rlwrap-0.37.tar.gz
# rm rlwrap-0.37.tar.gz
The configure utility will shows error: you need the GNU readline library.
It just needs the readline-devel package 
# yum install readline-devel*
# cd rlwrap-0.37
# ./configure
# make
# make install
# which rlwrap
/usr/local/bin/rlwrap



alias sqlplus='rlwrap sqlplus'
alias rman='rlwrap rman'

Install environment framework - karlenv

# name: environment framework - karlenv
# source URL: http://karlarao.tiddlyspot.com/#%5B%5Bstep%20by%20step%20environment%5D%5D
# notes: 
#      - I've edited/added some lines on the setsid and showsid from 
#         Coskan's code making it suitable for most unix(solaris,aix,hp-ux)/linux environments http://goo.gl/cqRPK
#      - added lines of code before and after the setsid and showsid to get the following info:
#         - software homes installed
#         - get DBA scripts location
#         - set alias
#

cat `cat /etc/oraInst.loc | grep -i inventory | sed 's/..............\(.*\)/\1/'`/ContentsXML/inventory.xml | grep "HOME NAME" 2> /dev/null
export PATH=""
export PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:$SQLPATH:~/dba/bin:$PATH
export myid="`whoami`@`hostname`"
export PS1='${myid}':'$PWD':'$ORACLE_SID
$ '
export EDITOR=vi

export GLOGIN=`ls /tmp/login.sql 2> /dev/null | wc -l`
        if [ "$GLOGIN" -eq 1 ] ; then
                        echo ""
        else
						echo "SET SQLPROMPT \"_USER'@'_CONNECT_IDENTIFIER'>' \"
						SET LINES 300 TIME ON"> /tmp/login.sql
        fi

setsid ()
        {
        unset ORATAB
        unset ORACLE_BASE
        unset ORACLE_HOME
        unset ORACLE_SID

        export ORATAB_OS=`ls /var/opt/oracle/oratab 2> /dev/null | wc -l`
        if [ "$ORATAB_OS" -eq 1 ] ; then
                        export ORATAB=/var/opt/oracle/oratab
        else
                        export ORATAB=/etc/oratab
        fi

        export ORAENVFILE=`ls /usr/local/bin/oraenv 2> /dev/null | wc -l`
        if [ "$ORAENVFILE" -eq 1 ] ; then
                        echo ""
        else
                        cat $ORATAB | grep -v "^#" | grep -v "*"
                        echo ""
                        echo "Please enter the ORACLE_HOME: "
                        read RDBMS_HOME
                        export ORACLE_HOME=$RDBMS_HOME
        fi

        if tty -s
        then
                if [ -f $ORATAB ]
                then
                        line_count=`cat $ORATAB | grep -v "^#" | grep -v "*" | sed 's/:.*//' | wc -l`
                        # check that the oratab file has some contents
                        if [ $line_count -ge 1 ]
                                then
                                sid_selected=0
                                while [ $sid_selected -eq 0 ]
                                do
                                        sid_available=0
                                        for i in `cat $ORATAB | grep -v "^#" | grep -v "*" | sed 's/:.*//'`
                                                do
                                                sid_available=`expr $sid_available + 1`
                                                sid[$sid_available]=$i
                                                done
                                        # get the required SID
                                        case ${SETSID_AUTO:-""} in
                                                YES) # Auto set use 1st entry
                                                sid_selected=1 ;;
                                                *)
                                                i=1
                                                while [ $i -le $sid_available ]
                                                do
                                                        printf "%2d- %10s\n" $i ${sid[$i]}
                                                        i=`expr $i + 1`
                                                done
                                                echo ""
                                                echo "Select the Oracle SID with given number [1]:"
                                                read entry
                                                if [ -n "$entry" ]
                                                then
                                                        entry=`echo "$entry" | sed "s/[a-z,A-Z]//g"`
                                                        if [ -n "$entry" ]
                                                        then
                                                                entry=`expr $entry`
                                                                if [ $entry -ge 1 ] && [ $entry -le $sid_available ]
                                                                then
                                                                        sid_selected=$entry
                                                                fi
                                                        fi
                                                        else
                                                        sid_selected=1
                                                fi
                                        esac
                                done
                                #
                                # SET ORACLE_SID
                                #
                                export PATH=$HOME/bin:/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin:$ORACLE_HOME/bin:$ORACLE_PATH:$PATH
                                export ORACLE_SID=${sid[$sid_selected]}
                                echo "Your profile configured for $ORACLE_SID with information below:"
                                unset LD_LIBRARY_PATH
                                ORAENV_ASK=NO
                                . oraenv
                                unset ORAENV_ASK
                                #
                                #GIVE MESSAGE
                                #
                                else
                                echo "No entries in $ORATAB. no environment set"
                        fi
                fi
        fi
        }

showsid()
        {
        echo ""
        echo "ORACLE_SID=$ORACLE_SID"
        echo "ORACLE_BASE=$ORACLE_BASE"
        echo "ORACLE_HOME=$ORACLE_HOME"
        echo ""
        }

        
# SET ORACLE ENVIRONMENT
setsid
showsid

# SCRIPTS LOCATION
export TANEL=~/dba/tanel
export KERRY=~/dba/scripts
export SQLPATH=~/:$TANEL:$KERRY


# ALIAS 
alias s='rlwrap -D2 -irc -b'\''"@(){}[],+=&^%#;|\'\'' -f $TANEL/setup/wordfile_11gR2.txt sqlplus / as sysdba @/tmp/login.sql'
alias s1='sqlplus / as sysdba @/tmp/login.sql'
alias oradcli='dcli -l oracle -g /home/oracle/dbs_group'
# alias celldcli='dcli -l root -g /root/cell_group'

Usage

[root@desktopserver ~]# su - oracle
[oracle@desktopserver ~]$
[oracle@desktopserver ~]$ vi .karlenv      <-- copy the script from the "Install environment framework - karlenv" section of the wiki link above
[oracle@desktopserver ~]$
[oracle@desktopserver ~]$ ls -la | grep karl
-rw-r--r--  1 oracle dba   6071 Dec 14 15:58 .karlenv
[oracle@desktopserver ~]$
[oracle@desktopserver ~]$ . ~oracle/.karlenv      <-- set the environment
<HOME_LIST>
<HOME NAME="Ora11g_gridinfrahome1" LOC="/u01/app/11.2.0/grid" TYPE="O" IDX="1" CRS="true"/>
<HOME NAME="OraDb11g_home1" LOC="/u01/app/oracle/product/11.2.0/dbhome_1" TYPE="O" IDX="2"/>
</HOME_LIST>
<COMPOSITEHOME_LIST>
</COMPOSITEHOME_LIST>


 1-       +ASM
 2-         dw

Select the Oracle SID with given number [1]:
2      <-- choose an instance
Your profile configured for dw with information below:
The Oracle base has been set to /u01/app/oracle

ORACLE_SID=dw
ORACLE_BASE=/u01/app/oracle
ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1

oracle@desktopserver.local:/home/oracle:dw
$ s      <-- rlwrap'd sqlplus alias, also you can use the "s1" alias if you don't have rlwrap installed

SQL*Plus: Release 11.2.0.3.0 Production on Thu Jan 5 15:41:15 2012

Copyright (c) 1982, 2011, Oracle.  All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP and Real Application Testing options


USERNAME             INST_NAME    HOST_NAME                 SID   SERIAL#  VERSION    STARTED  SPID            OPID  CPID            SADDR            PADDR
-------------------- ------------ ------------------------- ----- -------- ---------- -------- --------------- ----- --------------- ---------------- ----------------
SYS                  dw           desktopserver.local       5     8993     11.2.0.3.0 20111219 27483           24    27480           00000000DFB78138 00000000DF8F9FA0


SQL> @gas      <-- calling one of Kerry's scripts from the /home/oracle/dba/scripts directory

 INST   SID PROG       USERNAME      SQL_ID         CHILD PLAN_HASH_VALUE        EXECS       AVG_ETIME SQL_TEXT                                  OSUSER                         MACHINE
----- ----- ---------- ------------- ------------- ------ --------------- ------------ --------------- ----------------------------------------- ------------------------------ -------------------------
    1     5 sqlplus@de SYS           bmyd05jjgkyz1      0        79376787            3         .003536 select a.inst_id inst, sid, substr(progra oracle                         desktopserver.local
    1   922 OMS        SYSMAN        2b064ybzkwf1y      0               0       50,515         .004947 BEGIN EMD_NOTIFICATION.QUEUE_READY(:1, :2 oracle                         desktopserver.local

SQL>
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP and Real Application Testing options
oracle@desktopserver.local:/home/oracle:dw

making a generic environment script.. called as "dbaenv"

• mkdir -p $HOME/dba/bin
• then add the $HOME/dba/bin on the path of .bash_profile

$ cat .bash_profile
# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:$HOME/dba/bin

export PATH
export ORACLE_HOME=/u01/app/oracle/product/11.2.0.3/dbhome_1
export PATH=$ORACLE_HOME/bin:.:$PATH

. dbaenv

$ cat pmoncheck
dcli -l oracle -g /home/oracle/dbs_group ps -ef | grep pmon | grep -v grep | grep -v ASM

-- create the wallet directory, do a "ln -s" on the db_unique_name if it's upper case
mkdir -p /oracle/admin/db01/wallet 

-- create a symbolic link on ORACLE_HOME
cd $ORACLE_HOME
ln -s /oracle/admin admin

-- auto login wallet
orapki wallet create -wallet /oracle/admin/db01/wallet -auto_login -pwd "welcome1%"<-- use this on 10gR2,11gR1
orapki wallet create -wallet /u01/app/oracle/admin/testdb/wallet -auto_login_local -pwd "welcome1%"<-- use this on 11gR2 & switch logfile+checkpoint
alter system switch logfile;
alter system switch logfile;
alter system checkpoint;

alter system set encryption wallet open identified by "welcome1%";
alter system set encryption key identified by "welcome1%";


alter system set encryption wallet close;
select * from gv$encryption_wallet;
select CUST_EMAIL from OE.CUSTOMERS where rownum < 2;
select * from gv$encryption_wallet;

alter system set encryption wallet open identified by "welcome1%";
select CUST_EMAIL from OE.CUSTOMERS where rownum < 2;
select * from gv$encryption_wallet;


-- creating a different wallet but same password.. this should error
orapki wallet create -wallet /oracle/admin/db01/wallet -pwd "welcome1%"
* it will error "ORA-28362: master key not found" if not the same wallet

orapki wallet create -wallet /u01/app/oracle/admin/testdb/wallet -auto_login_local -pwd "welcome1%"
alter system set encryption wallet open identified by "welcome1%";
alter system set encryption key identified by "welcome1%";

alter system set encryption wallet close identified by "welcome1%";
select * from gv$encryption_wallet;
alter system set encryption wallet open identified by "welcome1%";


col name format a50
select name from v$datafile where rownum < 2;
NAME
--------------------------------------------------
/oracle/oradata/db01/users01.dbf


CREATE SMALLFILE TABLESPACE data_encypt
DATAFILE '/oracle/oradata/db01/encrypt_01.dbf'
SIZE 50M LOGGING EXTENT MANAGEMENT LOCAL
SEGMENT SPACE MANAGEMENT AUTO
ENCRYPTION USING 'AES192' DEFAULT STORAGE(ENCRYPT);


drop table hr.test_lob;
drop table hr.test_lob_tmp;


select a.table_name,b.tablespace_name,b.encrypted
from dba_tables a, dba_tablespaces b
where a.tablespace_name=b.tablespace_name
and owner='HR'
and table_name in ('TEST_LOB');

TABLE_NAME                     TABLESPACE_NAME                ENC
------------------------------ ------------------------------ ---
TEST_LOB                       USERS                          NO


alter table hr.test_lob move tablespace data_encypt;

* rebuild indexes if necessary


TABLE_NAME                     TABLESPACE_NAME                ENC
------------------------------ ------------------------------ ---
TEST_LOB                       DATA_ENCYPT                    YES


-- then move the LOBs to the encrypted tablespace as well


15:53:02 SYS@db01> select a.table_name,b.tablespace_name,b.encrypted
from dba_tables a, dba_tablespaces b
where a.tablespace_name=b.tablespace_name
and owner='HR'
and table_name in ('TEST_LOB');15:53:49   2  15:53:49   3  15:53:49   4  15:53:49   5

TABLE_NAME                     TABLESPACE_NAME                ENC
------------------------------ ------------------------------ ---
TEST_LOB                       DATA_ENCYPT                    YES


col column_name format a10
select
OWNER           
,TABLE_NAME      
,COLUMN_NAME     
,SEGMENT_NAME    
,TABLESPACE_NAME 
,INDEX_NAME      
,CHUNK           
,PCTVERSION      
,RETENTION       
,FREEPOOLS       
,CACHE           
,LOGGING         
,ENCRYPT         
,COMPRESSION     
,DEDUPLICATION   
,IN_ROW          
,FORMAT          
,PARTITIONED     
from dba_lobs
where owner in ('HR')
and table_name = 'TEST_LOB';

15:52:45 SYS@db01> col column_name format a10
15:52:57 SYS@db01> select
15:52:57   2  OWNER
15:52:57   3  ,TABLE_NAME
15:52:57   4  ,COLUMN_NAME
15:52:57   5  ,SEGMENT_NAME
15:52:57   6  ,TABLESPACE_NAME
15:52:57   7  ,INDEX_NAME
,CHUNK
15:52:57   8  15:52:57   9  ,PCTVERSION
15:52:57  10  ,RETENTION
15:52:57  11  ,FREEPOOLS
15:52:57  12  ,CACHE
15:52:57  13  ,LOGGING
15:52:57  14  ,ENCRYPT
15:52:57  15  ,COMPRESSION
15:52:57  16  ,DEDUPLICATION
15:52:57  17  ,IN_ROW
15:52:57  18  ,FORMAT
15:52:57  19  ,PARTITIONED
15:52:57  20  from dba_lobs
15:52:57  21  where owner in ('HR')
15:52:57  22  and table_name = 'TEST_LOB';

OWNER                          TABLE_NAME                     COLUMN_NAM SEGMENT_NAME                   TABLESPACE_NAME                INDEX_NAME                      CHUNK PCTVERSION  RETENTION  FREEPOOLS CACHE      LOGGING ENCR COMPRE DEDUPLICATION   IN_ FORMAT          PAR
------------------------------ ------------------------------ ---------- ------------------------------ ------------------------------ ------------------------------ ---------- ---------- ---------- ---------- ---------- ------- ---- ------ --------------- --- --------------- ---
HR                             TEST_LOB                       CLOB_FIELD SYS_LOB0000071750C00002$$      USERS                          SYS_IL0000071750C00002$$         8192                   900            NO         YES     NONE NONE   NONE            YES ENDIAN NEUTRAL  NO
HR                             TEST_LOB                       BLOB_FIELD SYS_LOB0000071750C00003$$      USERS                          SYS_IL0000071750C00003$$         8192                   900            NO         YES     NONE NONE   NONE            YES NOT APPLICABLE  NO




col segment_name format a30
select segment_name, tablespace_name, segment_type, round(bytes/1024/1024,2) segment_mb
from dba_segments where owner='HR' and segment_type = 'LOBSEGMENT'
order by 4 asc;



select 'alter table '||owner||'.'||table_name||' move LOB ('||column_name||') store as (tablespace DATA_ENCYPT);'
from dba_lobs
where table_name = 'TEST_LOB';

alter table hr.test_lob move lob (CLOB_FIELD) store as (tablespace DATA_ENCYPT);


OWNER                          TABLE_NAME                     COLUMN_NAM SEGMENT_NAME                   TABLESPACE_NAME                INDEX_NAME                      CHUNK PCTVERSION  RETENTION  FREEPOOLS CACHE      LOGGING ENCR COMPRE DEDUPLICATION   IN_ FORMAT          PAR
------------------------------ ------------------------------ ---------- ------------------------------ ------------------------------ ------------------------------ ---------- ---------- ---------- ---------- ---------- ------- ---- ------ --------------- --- --------------- ---
HR                             TEST_LOB                       CLOB_FIELD SYS_LOB0000071750C00002$$      DATA_ENCYPT                    SYS_IL0000071750C00002$$         8192                   900            NO         YES     NONE NONE   NONE            YES ENDIAN NEUTRAL  NO
HR                             TEST_LOB                       BLOB_FIELD SYS_LOB0000071750C00003$$      USERS                          SYS_IL0000071750C00003$$         8192                   900            NO         YES     NONE NONE   NONE            YES NOT APPLICABLE  NO


-- using the script
OWNER                          TABLE_NAME                     COLUMN_NAM SEGMENT_NAME                   TABLESPACE_NAME                INDEX_NAME                      CHUNK PCTVERSION  RETENTION  FREEPOOLS CACHE      LOGGING ENCR COMPRE DEDUPLICATION   IN_ FORMAT          PAR
------------------------------ ------------------------------ ---------- ------------------------------ ------------------------------ ------------------------------ ---------- ---------- ---------- ---------- ---------- ------- ---- ------ --------------- --- --------------- ---
HR                             TEST_LOB                       CLOB_FIELD SYS_LOB0000071750C00002$$      DATA_ENCYPT                    SYS_IL0000071750C00002$$         8192                   900            NO         YES     NONE NONE   NONE            YES ENDIAN NEUTRAL  NO
HR                             TEST_LOB                       BLOB_FIELD SYS_LOB0000071750C00003$$      DATA_ENCYPT                    SYS_IL0000071750C00003$$         8192                   900            NO         YES     NONE NONE   NONE            YES NOT APPLICABLE  NO

wallet error if it does not exist

/home/oracle/dba/rman/backup.reco.sh testdb PROD FULL FULLDBBKUP_012 > /home/oracle/dba/rman/backup.reco.$ORACLE_SID.log
/home/oracle/dba/rman/rmanDuplicate.sh testdb LATEST FULLDBBKUP_012 NOPURGE testdb2 > rmanDuplicate.testdb.log



-- if we don't have wallet open then it will error

contents of Memory Script:
{
   sql clone "alter system set  db_name =
 ''TESTDB2'' comment=
 ''Reset to original value by RMAN'' scope=spfile";
   sql clone "alter system reset  db_unique_name scope=spfile";
   shutdown clone immediate;
}
executing Memory Script

Errors in memory script
RMAN-03015: error occurred in stored script Memory Script
RMAN-06136: ORACLE error from auxiliary database: ORA-01507: database not mounted
ORA-06512: at "SYS.X$DBMS_RCVMAN", line 13466
ORA-06512: at line 1
RMAN-03015: error occurred in stored script Memory Script
RMAN-10035: exception raised in RPC:
ORA-19583: conversation terminated due to error
ORA-19870: error while restoring backup piece /reco/rman/duplicate/TESTDB/2013_04_17/FULLDBBKUP/o1_mf_nnnd0_FULLDBBKUP_8pxxk2x7_.bkp
ORA-19913: unable to decrypt backup
ORA-28365: wallet is not open
ORA-06512: at "SYS.X$DBMS_BACKUP_RESTORE", line 2338
RMAN-10031: RPC Error: ORA-19583  occurred during call to DBMS_BACKUP_RESTORE.RESTOREBACKUPPIECE
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of Duplicate Db command at 04/17/2013 14:38:41
RMAN-05501: aborting duplication of target database

Oracle Exadata Recipes A Problem-Solution Approach by John Clarke

####################################
Part1: Exadata Architecture
####################################

CH1: Exadata Hardware
1-1. Identifying Exadata Database Machine Components
1-2. Displaying Storage Server Architecture Details
1-3. Displaying Compute Server Architecture Details
1-4. Listing Disk Storage Details on the Exadata Storage Servers
1-5. Listing Disk Storage Details on the Compute Servers
1-6. Listing Flash Storage on the Exadata Storage Servers
1-7. Gathering Configuration Information for the InfiniBandSwitches

CH2: Exadata Software
2-1. Understanding the Role of Exadata Storage Server Software
2-2. Validating Oracle 11gR2 Databases on Exadata
2-3. Validating Oracle 11gR2 Grid Infrastructure on Exadata
2-4. LocatingtheOracleClusterRegistryandVotingDisksonExadata
2-5. Validating Oracle 11gR2 Real Application Clusters Installation and Database Storage on Exadata
2-6. Validating Oracle 11gR2 Real Application Clusters Networking on Exadata

CH3: How Oracle Works on Exadata
3-1. Mapping Physical Disks, LUNs, and Cell Disks on the Storage Servers
3-2. Mapping ASM Disks, Grid Disks, and Cell Disks
3-3. Mapping Flash Disks to Smart Flash Storage
3-4. Identifying Cell Server Software Processes
3-5. Tracing Oracle I/O Requests on Exadata Compute Nodes
3-6. Validating That Your Oracle RAC Interconnect Is Using InfiniBand
3-7. Tracing cellsrv on the Storage Servers

####################################
Part2: Preparing for Exadata
####################################

CH4: Workload Qualification
4-1. Quantifying I/O Characteristics of Your Current Database
4-2. Conducting a Smart Scan Fit Analysis Using AWR
4-3. Conducting a Smart Scan Fit Analysis Using Exadata Simulation
4-4. Performing a Hybrid Columnar Compression Fit Assessment

CH5: Sizing Exadata
5-1. Determining CPU Requirements
5-2. Determining IOPs Requirements
5-3. Determining I/O Bandwidth Requirements
5-4. Determining ASM Redundancy Requirements
5-5. Forecasting Storage Capacity
5-6. Planning for Database Growth
5-7. Planning for Disaster Recovery
5-8. Planning for Backups
5-9. Determining Your Fast Recovery Area and RECO Disk Group Size Requirements

CH6: Preparing for Exadata
6-1. Planning and Understanding Exadata Networking
6-2. Configuring DNS
6-3. Running checkip.sh
6-4. Customizing Your InfiniBand Network Configuration
6-5. Determining Your DATA and RECO Storage Requirements
6-6. Planning for ASM Disk Group Redundancy
6-7. Planning Database and ASM Extent Sizes
6-8. Completing the Pre-Delivery Survey
6-9. Completing the Configuration Worksheet

####################################
Part3: Exadata Administration
####################################

CH7: Administration and Diagnostics Utilities
7-1. Logging in to the Exadata Compute and Storage Cells Using SSH
7-2. Configuring SSH Equivalency
7-3. Locating Key Configuration Files and Directories on the Cell Servers
7-4. Locating Key Configuration Files and Directories on the Compute Nodes
7-5. Starting and Stopping Cell Server Processes
7-6. Administering Storage Cells Using CellCLI
7-7. Administering Storage Cells Using dcli
7-8. Generating Diagnostics from the ILOM Interface
7-9. Performing an Exadata Health Check Using exachk
7-10. Collecting Compute and Cell Server Diagnostics Using the sundiag.sh Utility
7-11. Collecting RAID Storage Information Using the MegaCLI utility
7-12. Administering the Storage Cell Network Using ipconf
7-13. Validating Your InfiniBand Switches with the CheckSWProfile.sh Utility
7-14. Verifying Your InfiniBand Network Topology
7-15. Diagnosing Your InfiniBand Network
7-16. Connecting to Your Cisco Catalyst 4948 Switch and Changing Switch Configuration

CH8: Backup and Recovery
8-1. Backing Up the Storage Servers
8-2. Displaying the Contents of Your CELLBOOT USB Flash Drive
8-3. Creating a Cell Boot Image on an External USB Drive
8-4. Backing Up Your Compute Nodes Using Your Enterprise Backup Software
8-5. Backing Up the Compute Servers Using LVM Snapshots
8-6. Backing Up Your Oracle Databases with RMAN
8-7. Backing Up the InfiniBand Switches
8-8. Recovering Storage Cells from Loss of a Single Disk
8-9. Recovering Storage Cells from Loss of a System Volume Using CELLBOOT Rescue
8-10. Recovering from a Failed Storage Server Patch
8-11. Recovering Compute Server Using LVM Snapshots
8-12. Reimaging a Compute Node
8-13. Recovering Your InfiniBand Switch Configuration
8-14. Recovering from Loss of Your Oracle Cluster Registry and Voting Disks

CH9: Storage Administration
9-1. Building ASM Disk Groups on Exadata
9-2. Properly Configuring ASM Disk Group Attributes on Exadata
9-3. Identifying Unassigned Grid Disks
9-4. Configuring ASM Redundancy on Exadata
9-5. Displaying ASM Partner Disk Relationships on Exadata
9-6. Measuring ASM Extent Balance on Exadata
9-7. Rebuilding Cell Disks
9-8. Creating Interleaved Cell Disks and Grid Disks
9-9. Rebuilding Grid Disks
9-10. Setting smart_scan_capable on ASM Disk Groups
9-11. Creating Flash Grid Disks for Permanent Storage	 

CH10: Network Administration
10-1. Configuring the Management Network on the Compute Nodes
10-2. Configuring the Client Access Network
10-3. Configuring the Private Interconnect on the Compute Nodes
10-4. Configuring the SCAN Listener
10-5. Managing Grid Infrastructure Network Resources
10-6. Configuring the Storage Server Ethernet Network
10-7. Changing IP Addresses on Your Exadata Database Machine

CH11: Patching and Upgrades
11-1. Understanding Exadata Patching Definitions, Alternatives, and Strategies
11-2. Preparing to Apply Exadata Patches
11-3. Patching Your Exadata Storage Servers
11-4. Patching Your Exadata Compute Nodes and Databases
11-5. Patching the InfiniBand Switches
11-6. Patching Your Enterprise Manager Systems Management Software

CH12: Security
12-1. Configuring Multiple Oracle Software Owners on Exadata Compute Nodes
12-2. Installing Multiple Oracle Homes on Your Exadata Compute Nodes
12-3. Configuring ASM-Scoped Security
12-4. Configuring Database-Scoped Security

####################################
Part4: Monitoring Exadata
####################################

CH13: Monitoring Exadata Storage Cells
13-1. Monitoring Storage Cell Alerts
13-2. Monitoring Cells with Active Requests
13-3. Monitoring Cells with Metrics
13-4. Configuring Thresholds for Cell Metrics
13-5. Using dcli with Special Characters
13-6. Reporting and Summarizing metrichistory Using R
13-7. Reporting and Summarizing metrichistory Using Oracle and SQL
13-8. Detecting Cell Disk I/O Bottlenecks
13-9. Measuring Small I/O vs. Large I/O Requests
13-10. Detecting Grid Disk I/O Bottlenecks
13-11. Detecting Host Interconnect Bottlenecks
13-12. Measuring I/O Load and Waits per Database, Resource Consumer Group, and Resource Category

CH14: Host and Database Performance Monitoring
14-1. Collecting Historical Compute Node and Storage Cell Host Performance Statistics
14-2. Displaying Real-Time Compute Node and Storage Cell Performance Statistics
14-3. Monitoring Exadata with Enterprise Manager
14-4. Monitoring Performance with SQL Monitoring
14-5. Monitoring Performance by Database Time
14-6. Monitoring Smart Scans by Database Time and AAS
14-7. Monitoring Exadata with Wait Events
14-8. Monitoring Exadata with Statistics and Counters
14-9. Measuring Cell I/O Statistics for a SQL Statement

####################################
Part5: Exadata Software
####################################

CH15: Smart Scan and Cell Offload
15-1. Identifying Cell Offload in Execution Plans
15-2. Controlling Cell Offload Behavior
15-3. Measuring Smart Scan with Statistics
15-4. Measuring Offload Statistics for Individual SQL Cursors
15-5. Measuring Offload Efficiency
15-6. Identifying Smart Scan from 10046 Trace Files
15-7. Qualifying for Direct Path Reads
15-8. Influencing Exadata’s Decision to Use Smart Scans
15-9. Identifying Partial Cell Offload
15-10. Dealing with Fast Object Checkpoints

CH16: Hybrid Columnar Compression
16-1. Estimating Disk Space Savings for HCC
16-2. Building HCC Tables and Partitions
16-3. Contrasting Oracle Compression Types
16-4. Determining the Compression Type of a Segment
16-5. Measuring the Performance Impact of HCC for Queries
16-6. Direct Path Inserts into HCC Segments
16-7. Conventional Inserts to HCC Segments
16-8. DML and HCC
16-9. Decompression and the Performance Impact

CH17: I/O Resource Management and Instance Caging
17-1. Prioritizing I/O Utilization by Database
17-2. Limiting I/O Utilization for Your Databases
17-3. Managing Resources within a Database
17-4. Prioritizing I/O Utilization by Category of Resource Consumers
17-5. Prioritizing I/O Utilization by Categories of Resource Consumers and Databases
17-6. Monitoring Performance When IORM Is Enabled
17-7. Obtaining IORM Plan Information
17-8. Controlling Smart Flash Cache and Smart Flash Logging with IORM
17-9. Limiting CPU Resources with Instance Caging

CH18: Smart Flash Cache and Smart Flash Logging
18-1. Managing Smart Flash Cache and Smart Flash Logging
18-2. Determining Which Database Objects Are Cached
18-3. Determining What’s Consuming Your Flash Cache Storage
18-4. Determining What Happens When Querying Uncached Data
18-5. Measuring Smart Flash Cache Performance
18-6. Pinning Specific Objects in Smart Flash Cache
18-7. Quantifying Benefits of Smart Flash Logging

CH19: Storage Indexes
19-1. Measuring Performance Impact of Storage Indexes
19-2. Measuring Storage Index Performance with Not-So-Well-Ordered Data
19-3. Testing Storage Index Behavior with Different Query Predicate Conditions
19-4. Tracing Storage Index Behavior
19-5. Tracing Storage Indexes When More than Eight Columns Are Referenced
19-6. Tracing Storage Indexes when DML Is Issued against Tables
19-7. Disabling Storage Indexes
19-8. Troubleshooting Storage Indexes

####################################
Post Implementation Tasks
####################################

CH20: Post-Installation Monitoring Tasks
20-1. Installing Enterprise Manager 12c Cloud Control Agents for Exadata
20-2. Configuring Enterprise Manager 12c Cloud Control Plug-ins for Exadata
20-3. Configuring Automated Service Requests

CH21: Post-Install Database Tasks
21-1. Creating a New Oracle RAC Database on Exadata
21-2. Setting Up a DBFS File System on Exadata
21-3. Configuring HugePages on Exadata
21-4. Configuring Automatic Degree of Parallelism
21-5. Setting I/O Calibration on Exadata
21-6. Measuring Impact of Auto DOP and Parallel Statement Queuing
21-7. Measuring Auto DOP and In-Memory Parallel Execution
21-8. Gathering Optimizer Statistics on Exadata

15:40:12 SYS@ifstst_1> conn dvowner/<password>
Connected.
15:40:25 DVOWNER@ifstst_1>
15:40:27 DVOWNER@ifstst_1>
15:40:27 DVOWNER@ifstst_1> grant DV_ACCTMGR to remotedba2;
grant DV_ACCTMGR to remotedba2
*
ERROR at line 1:
ORA-47410: Realm violation for GRANT on DV_ACCTMGR


15:40:43 DVOWNER@ifstst_1> conn dvadmin/<password>
Connected.
15:40:59 DVADMIN@ifstst_1> grant DV_ACCTMGR to remotedba2;

Grant succeeded.

15:39:30 REMOTEDBA2@ifstst_1> create user karlarao identified by karlarao;
create user karlarao identified by karlarao
                                   *
ERROR at line 1:
ORA-01031: insufficient privileges


15:39:50 REMOTEDBA2@ifstst_1> create user karlarao identified by karlarao;     <-- after grant of DV_ACCTMGR

User created.

15:41:19 REMOTEDBA2@ifstst_1> drop user karlarao;

User dropped.

15:41:24 REMOTEDBA2@ifstst_1> create user karlarao identified by karlarao;
create user karlarao identified by karlarao
                                   *
ERROR at line 1:
ORA-01031: insufficient privileges

$ cat SecHealthCheck_IFSTST_20130418.txt | grep -i "edm_file_storage_tab"
OWNER      GRANTOR    GRANTEE                   TABLE_NAME                     GO  S I U D A R I E
---------- ---------- ------------------------- ------------------------------ --- - - - - - - - -

IFSAPP     IFSAPP     IFSINFO                   EDM_FILE_STORAGE_TAB           YES X
IFSAPP     IFSAPP     IFSSYS                    EDM_FILE_STORAGE_TAB           NO  X
IFSAPP     IFSAPP     IFSINFO                   EDM_FILE_STORAGE_TAB           YES X
IFSAPP     IFSAPP     IFSSYS                    EDM_FILE_STORAGE_TAB           NO  X



ON DBV
* create a user called remotedba
* create a realm name LimitedOracleAdmin
* create command rule/rule set on SELECT for remotedba user


conn dvadmin/<password>
create user remotedba identified by <password>;
create user remotedba2 identified by <password>;

conn / as sysdba
grant dba to remotedba;
grant dba to remotedba2;


conn remotedba/<password>   <-- he is a contractor, not allowed
conn remotedba2/<password>  <-- he is an internal DBA and is allowed 

15:34:22 REMOTEDBA@ifstst_1> select count(*) from IFSAPP.EDM_FILE_STORAGE_TAB where rownum < 2;

  COUNT(*)
----------
         1
         
### this realm may not be implemented.. and you can just go with the SELECT command rule but what this does for you
# is whenever there are new DBA accounts that will be created you don't have to create a SELECT command rule for them on this table
# since by default if the DBA is not on the realm then he's not allowed to access the table
# but this can be used as an exception rule.. where you have a DBA that is really allowed to query this table then just make 
# him a participant of this realm then he'll be able to access it.. 
# and take note even if you make the DBA with SELECT command rule restrictions as a participant.. the command rule will still take precedence
     
-- realm         
[begin DVSYS.DBMS_MACADM.CREATE_REALM(realm_name => 'LimitedOracleAdmin', description => '', enabled => 'Y', audit_options => '2' ); DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM(realm_name => 'LimitedOracleAdmin', object_owner => 'IFSAPP', object_name => 'EDM_FILE_STORAGE_TAB', object_type => 'TABLE' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS', rule_set_name => '', auth_options => '0' ); end; ]
--edit
[begin DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP'); DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO'); DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS'); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'REMOTEDBA', rule_set_name => '', auth_options => '0' ); end; ]
-- just the app schema
[begin DVSYS.DBMS_MACADM.CREATE_REALM(realm_name => 'LimitedOracleAdmin', description => '', enabled => 'Y', audit_options => '2' ); DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM(realm_name => 'LimitedOracleAdmin', object_owner => 'IFSAPP', object_name => 'EDM_FILE_STORAGE_TAB', object_type => 'TABLE' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS', rule_set_name => '', auth_options => '0' ); end; ]
-- adding remotedba and remotedba2
[begin DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS'); DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP'); DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO'); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSSYS', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSAPP', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'IFSINFO', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'REMOTEDBA', rule_set_name => '', auth_options => '0' ); DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'LimitedOracleAdmin', grantee => 'REMOTEDBA2', rule_set_name => '', auth_options => '0' ); end; ]



-- rule set
remotedba_noselect
-- rule
remotedba_noselect_rule
dvf.f$session_user != 'REMOTEDBA'
[begin DVSYS.DBMS_MACADM.CREATE_RULE_SET(rule_set_name => 'remotedba_noselect', description => '', enabled => 'Y', eval_options => 1, audit_options => 1, fail_options => 1, fail_message => '', fail_code => '', handler_options => 0, handler => ''); DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET(rule_set_name => 'remotedba_noselect', rule_name => 'remotedba_noselect_rule', rule_order => '1', enabled => 'Y'); end; ]


-- command rule
begin  DVSYS.DBMS_MACADM.CREATE_COMMAND_RULE(command=> 'SELECT', rule_set_name   => 'remotedba_noselect', object_owner    => 'IFSAPP', object_name     => 'EDM_FILE_STORAGE_TAB',enabled         => 'Y');  end;





15:35:24 REMOTEDBA@ifstst_1> select count(*) from IFSAPP.EDM_FILE_STORAGE_TAB where rownum < 2;
select count(*) from IFSAPP.EDM_FILE_STORAGE_TAB where rownum < 2
                            *
ERROR at line 1:
ORA-01031: insufficient privileges

on E7 comparison (x3-8)

$ cat spec.txt | grep -i intel | grep 8870 | sort -rnk1
27, 40, 4, 10, 2, 1010, 1080, Unisys Corporation, Unisys ES7000 Model 7600R G3 (Intel Xeon E7-8870)
26.75, 40, 4, 10, 2, 1010, 1070, NEC Corporation, Express5800/A1080a-S (Intel Xeon E7-8870)
26.75, 40, 4, 10, 2, 1010, 1070, NEC Corporation, Express5800/A1080a-D (Intel Xeon E7-8870)
26.5, 40, 4, 10, 2, 1000, 1060, Oracle Corporation, Sun Server X2-8 (Intel Xeon E7-8870 2.40 GHz)
25.875, 80, 8, 10, 2, 1960, 2070, Supermicro, SuperServer 5086B-TRF (X8OBN-F Intel E7-8870)
24.875, 80, 8, 10, 2, 1890, 1990, Oracle Corporation, Sun Server X2-8 (Intel Xeon E7-8870 2.40 GHz)

on E5 comparison (x3-2)

$ cat spec.txt | grep -i intel | grep -i "E5-26" | grep -i sun | sort -rnk1
44.0625, 16, 2, 8, 2, 632, 705, Oracle Corporation, Sun Blade X6270 M3 (Intel Xeon E5-2690 2.9GHz)
44.0625, 16, 2, 8, 2, 632, 705, Oracle Corporation, Sun Blade X3-2B (Intel Xeon E5-2690 2.9GHz)
44.0625, 16, 2, 8, 2, 630, 705, Oracle Corporation, Sun Server X3-2L (Intel Xeon E5-2690 2.9GHz)
44.0625, 16, 2, 8, 2, 630, 705, Oracle Corporation, Sun Fire X4270 M3 (Intel Xeon E5-2690 2.9GHz)
43.875, 16, 2, 8, 2, 628, 702, Oracle Corporation, Sun Server X3-2 (Intel Xeon E5-2690 2.9GHz)
43.875, 16, 2, 8, 2, 628, 702, Oracle Corporation, Sun Fire X4170 M3 (Intel Xeon E5-2690 2.9GHz)

* Release Notes
e15589.pdf <- Oracle® Exadata Storage Server Hardware Read This First 11g Release 2 ##
e13875.pdf <- Oracle Exadata Database Machine Release Notes 11g Release 2 ##
e13862.pdf <- Oracle® Exadata Storage Server Software Release Notes 11g Release 2 ##
e13106.pdf <- Oracle® Enterprise Manager Release Notes for System Monitoring Plug-In for Oracle Exadata Storage Server ##
* Site/Hardware Readiness
e17431.pdf <- Sun Oracle Database Machine Site Planning Guide
e16099.pdf <- Oracle® Exadata Database Machine Configuration Worksheets 11g Release 2 ##
e10594.pdf <- Oracle® Database Licensing Information 11g Release 2 ###
* Installation
e17432.pdf <- Sun Oracle Database Machine Installation Guide
e13874.pdf <- Oracle® Exadata Database Machine Owner's Guide 11g Release 2 ##
install.pdf <- Oracle Exadata Quick-Installation Guide
e14591.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Installation Guide for Oracle Exadata Storage Server ##
* Administration 112240
e13861.pdf <- Oracle® Exadata Storage Server Software User's Guide 11g Release 2 ##
* Cabling/Monitoring 112240
e17435.pdf <- SunOracle Database Machine Multi-Rack Cabling Guide
e13105.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Metric Reference Manual for Oracle Exadata Storage Server ##

* Release Notes
e15589.pdf <- Oracle® Exadata Storage Server Hardware Read This First 11g Release 2
e13875.pdf <- Oracle Exadata Database Machine Release Notes 11g Release 2
e13862.pdf <- Oracle® Exadata Storage Server Software Release Notes 11g Release 2
e13106.pdf <- Oracle® Enterprise Manager Release Notes for System Monitoring Plug-In for Oracle Exadata Storage Server
* Site/Hardware Readiness
e17431.pdf <- Sun Oracle Database Machine Site Planning Guide
e16099.pdf <- Oracle® Exadata Database Machine Configuration Worksheets 11g Release 2
e10594.pdf <- Oracle® Database Licensing Information 11g Release 2
* Installation
e17432.pdf <- Sun Oracle Database Machine Installation Guide
e13874.pdf <- Oracle® Exadata Database Machine Owner's Guide 11g Release 2
install.pdf <- Oracle Exadata Quick-Installation Guide
e14591.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Installation Guide for Oracle Exadata Storage Server
* Administration 112232
e13861.pdf <- Oracle® Exadata Storage Server Software User's Guide 11g Release 2
* Cabling/Monitoring 112232
e17435.pdf <- SunOracle Database Machine Multi-Rack Cabling Guide
e13105.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Metric Reference Manual for Oracle Exadata Storage Server

* Release Notes
e15589.pdf <- Oracle® Exadata Storage Server Hardware Read This First 11g Release 2
e13875.pdf <- Oracle Exadata Database Machine Release Notes 11g Release 2
e13862.pdf <- Oracle® Exadata Storage Server Software Release Notes 11g Release 2
e13106.pdf <- Oracle® Enterprise Manager Release Notes for System Monitoring Plug-In for Oracle Exadata Storage Server
* Site/Hardware Readiness 112220
e17431.pdf <- Sun Oracle Database Machine Site Planning Guide
e16099.pdf <- Oracle® Exadata Database Machine Configuration Worksheets 11g Release 2
e10594.pdf <- Oracle® Database Licensing Information 11g Release 2
* Installation 112220
e17432.pdf <- Sun Oracle Database Machine Installation Guide
e13874.pdf <- Oracle® Exadata Database Machine Owner's Guide 11g Release 2
install.pdf<- Oracle Exadata Quick-Installation Guide
e14591.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Installation Guide for Oracle Exadata Storage Server
* Administration 112220
e13861.pdf <- Oracle® Exadata Storage Server Software User's Guide 11g Release 2
* Cabling/Monitoring 112220
e17435.pdf <- SunOracle Database Machine Multi-Rack Cabling Guide
e13105.pdf <- Oracle® Enterprise Manager System Monitoring Plug-In Metric Reference Manual for Oracle Exadata Storage Server

-- DR ICASH
drauroaixp21 


20:54:34 SYS@icashps> show parameter cpu_count

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
cpu_count                            integer     8
20:54:38 SYS@icashps>
20:54:39 SYS@icashps> show parameter resource

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
resource_limit                       boolean     FALSE
resource_manager_plan                string
20:54:52 SYS@icashps> set lines 300
col window_name format a17
col RESOURCE_PLAN format a25
col LAST_START_DATE format a50
col duration format a15
col enabled format a5
select window_name, RESOURCE_PLAN, LAST_START_DATE, DURATION, enabled from DBA_SCHEDULER_WINDOWS;20:55:07 SYS@icashps> 20:55:07 SYS@icashps> 20:55:07 SYS@icashps> 20:55:07 SYS@icashps> 20:55:07 SYS@icashps> 20:55:07 SYS@icashps>

WINDOW_NAME       RESOURCE_PLAN             LAST_START_DATE                                    DURATION        ENABL
----------------- ------------------------- -------------------------------------------------- --------------- -----
WEEKNIGHT_WINDOW                            26-FEB-13 10.00.00.599802 PM CST6CDT               +000 08:00:00   TRUE
WEEKEND_WINDOW                              23-FEB-13 08.43.38.102855 AM CST6CDT               +002 00:00:00   TRUE


oracle@drauroaixp21:/apps/oracle/dba/benchmark:icashps
$ prtconf
System Model: IBM,8204-E8A
Machine Serial Number: 0659956
Processor Type: PowerPC_POWER6
Processor Implementation Mode: POWER 6
Processor Version: PV_6_Compat
Number Of Processors: 4
Processor Clock Speed: 4204 MHz
CPU Type: 64-bit
Kernel Type: 64-bit
LPAR Info: 2 drauroaixp21
Memory Size: 16384 MB
Good Memory Size: 16384 MB
Platform Firmware level: Not Available
Firmware Version: IBM,EL350_071
Console Login: enable
Auto Restart: true
Full Core: false


$ lsattr -El proc0
frequency   4204000000     Processor Speed       False
smt_enabled true           Processor SMT enabled False
smt_threads 2              Processor SMT threads False
state       enable         Processor state       False
type        PowerPC_POWER6 Processor type        False


$ uname -M
IBM,8204-E8A


$ lsdev -Cc processor
proc0 Available 00-00 Processor
proc2 Available 00-02 Processor
proc4 Available 00-04 Processor
proc6 Available 00-06 Processor


$ lscfg -vp |grep -ip proc |grep "PROC"
      2 WAY PROC CUOD :
      2 WAY PROC CUOD :
      2 WAY PROC CUOD :
      2 WAY PROC CUOD :


$ lparstat -i
Node Name                                  : drauroaixp21
Partition Name                            : drauroaixp21
Partition Number                           : 2
Type                                       : Shared-SMT
Mode                                       : Capped
Entitled Capacity                          : 4.00
Partition Group-ID                         : 32770
Shared Pool ID                             : 0
Online Virtual CPUs                        : 4
Maximum Virtual CPUs                       : 8
Minimum Virtual CPUs                       : 1
Online Memory                              : 16384 MB
Maximum Memory                             : 32768 MB
Minimum Memory                             : 512 MB
Variable Capacity Weight                   : 0
Minimum Capacity                           : 0.10
Maximum Capacity                           : 8.00
Capacity Increment                         : 0.01
Maximum Physical CPUs in system            : 8
Active Physical CPUs in system             : 8
Active CPUs in Pool                        : 8
Shared Physical CPUs in system             : 8
Maximum Capacity of Pool                   : 800
Entitled Capacity of Pool                  : 800
Unallocated Capacity                       : 0.00
Physical CPU Percentage                    : 100.00%
Unallocated Weight                         : 0
Desired Virtual CPUs                       : 4
Desired Memory                             : 16384 MB
Desired Variable Capacity Weight           : 0
Desired Capacity                           : 4.00


$ lparstat

System configuration: type=Shared mode=Capped smt=On lcpu=8 mem=16384 psize=8 ent=4.00

%user  %sys  %wait  %idle physc %entc  lbusy  vcsw phint
----- ----- ------ ------ ----- ----- ------ ----- -----
  2.4   0.6    1.0   96.0  0.13   3.1    1.9 7239417888 2097575355




mpsat
vmstat
lparstat


while :; do ./runit.sh 0 17; done

go to aix dir
edit the runit
copy the reader.sql