如何安裝DBMS_NETWORK_ACL_ADMIN包？

時間 2021-04-13

標籤 css node sql 服務器網絡 oracle app less ide post 欄目系統網絡简体版

原文原文鏈接

如何安裝DBMS_NETWORK_ACL_ADMIN包？ css

若安裝了 XDB組件，則DBMS_NETWORK_ACL_ADMIN會自動安裝。若安裝了XDB組件，可是 DBMS_NETWORK_ACL_ADMIN不可用，則能夠單獨執行以下的腳本進行安裝：

node

點擊(此處)摺疊或打開sql

sqlplus / as sysdba
run ?/rdbms/admin/catnacl.sql
run ?/rdbms/admin/dbmsnacl.sql
run ?/rdbms/admin/prvtnacl.plb

執行以下腳本能夠判斷是否已經安裝了XDB組件：
服務器

SELECT SCHEMA,COMP_NAME, VERSION, STATUS FROM DBA_REGISTRY WHERE COMP_NAME LIKE '%Oracle XML Database%';

網絡

官網： https://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm#CHDJFJFF

When you create access control lists for network connections, you should create one access control list dedicated to a group of common users, for example, users who need access to a particular application that resides on a specific host computer. For ease of administration and for good system performance, do not create too many access control lists. Network hosts accessible to the same group of users should share the same access control list.

簡單點說：Oracle容許使用幾個PL/SQL API（UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP和 UTL_INADDR）訪問外部網絡服務。須要進行權限受權才能夠，好比須要經過oracle發送郵件。

下面是幾個經常使用的定義acl的相關方法：

1. 建立訪問控制列表
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl         => 'www.xml',
                                    description => 'WWW ACL',
                                    principal   => 'HR', -- 賦予權限給哪一個用戶
                                    is_grant    => true, -- true表示授予權限 false表示取消權限
                                    privilege   => 'connect');

2. 使用ADD_PRIVILEGE存儲過程將其餘的用戶或角色添加到訪問控制列表中，它的參數與CREATE_ACL存儲過程的參數相似，
省略了DESCRIPTION參數，同時增長了POSITION參數，它用於設置優先順序。
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl       => 'www.xml',
                                       principal => 'HR',
                                       is_grant => true,
                                       privilege => 'resolve');


3.使用ASSIGN_ACL存儲過程給網絡分配訪問控制列表
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(acl => 'www.xml',
                                    host => '*.qq.com'); --主機名,域名,ip地址或分配的子網，主機名大小寫敏感，ip地址和域名容許使用通配符　　


4.UNASSIGN_ACL存儲過程容許你手動刪除訪問控制列表，它使用的參數與ASSIGN_ACL存儲過程相同，使用NULL參數做爲通配符。
DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(host => 'www.qq.com');

5.刪除上面的控制列表
DBMS_NETWORK_ACL_ADMIN.drop_acl ( acl => 'www.xml');

6. 查詢建立的ACL信息
SELECT host, lower_port, upper_port, acl,
     DECODE(
         DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE_ACLID(aclid, 'HR', 'connect'),
            1, 'GRANTED', 0, 'DENIED', NULL) privilege
     FROM dba_network_acls

oracle

ORA-24247: network access denied by access control list (ACL) 錯誤處理 app

及DBMS_NETWORK_ACL_ADMIN用法彙總 less

經過oracle的存儲過程發郵件，出現問題，具體過程以下： ide

發郵件的存儲過程PROC_SENDMAIL_SIMPLE在A用戶，而B用戶要調用A用的PROC_SENDMAIL_SIMPLE來發郵件。 post

其中，A用戶已經把PROC_SENDMAIL_SIMPLE的執行權限給了B用戶

grant execute on PROC_SENDMAIL_SIMPLE to B;

可是在B用戶的存儲過程當中調用PROC_SENDMAIL_SIMPLE依然報錯

ORA-24247: 網絡訪問被訪問控制列表 (ACL) 拒絕

ORA-24247: network access denied by access control list (ACL)

發生這個錯誤是由於網絡訪問控制列表管理着用戶訪問網絡的權限。

========

解決辦法：

========

擁有DBA權限的用戶執行下面的SQL，分3部分

BEGIN

--1.建立訪問控制列表sendmail.xml，sendmail.xml控制列表擁有connect權限，並把這個權限給了B用戶，

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(

acl=> 'sendmail.xml', -- ACL的名字，本身定義

description => 'sendmail ACL', -- ACL的描述

principal => 'B', -- 這裏是用戶名，大寫，表示把這個ACL的權限賦給B用戶

is_grant => true, --true：受權 ;false：禁止

privilege => 'connect'); --授予或者禁止的網絡權限

--2.爲sendmail.xml控制列表添加resolve權限，且賦給B用戶

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(

acl=> 'sendmail.xml',

principal => 'B',

is_grant => true,

privilege => 'resolve');

--3.爲控制列表ACL sendmail.xml分配能夠connect和resolve的host

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(

acl => 'sendmail.xml',

host => 'smtp.163.com'); --smtp.163.com是郵箱服務器主機名

END;

COMMIT;

再次在用戶B調用A的PROC_SENDMAIL_SIMPLE發郵件過程，成功發送郵件。

======================聯想到其餘狀況======================

狀況1：同一個ACL給多個用戶使用

用戶B調用A的發郵件存儲過程PROC_SENDMAIL_SIMPLE，那麼C用戶極可能也要這麼作。

這時，沒必要建立一個新的ACL，用原有的ACL sendmail.xml便可，也就是把sendmail.xml給用戶C使用。

這樣C用戶天然能夠訪問網絡發送郵件。

BEGIN

--給C用戶resolve權限

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'sendmail.xml',

principal => 'C',

is_grant => true,

privilege => 'resolve');

--給C用戶 conenct權限

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(acl => 'sendmail.xml',

principal => 'C',

is_grant => true,

privilege => 'connect');

END;

COMMIT;

狀況2：取消給ACL sendmail.xml 指派的主機smtp.163.com ，也就是全部使用sendmail.xml 的用戶都不能connect和resolve主機smtp.163.com

<1>查看一下

select * from dba_network_acls;

HOST LOWER_PORT UPPER_PORT ACL ACLID

----------------- ------------------ ----------------- --------------------- --------------------------

smtp.163.com /sys/acls/sendmail.xml D07B6F4707E7EFFDE040007F01005C7F

<2>收回sendmail.xml控制列表中訪問smtp.163.com的權限

BEGIN

DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(host => 'smtp.163.com');

END;

COMMIT;

<3>

select * from dba_network_acls;

空

不過這時ACL sendmail.xml依然存在，只不過sendmail.xml中沒有任何主機信息

<4>那麼怎麼讓sendmail.xml從新能訪問smtp.163.com呢？

BEGIN

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(

acl => 'sendmail.xml',

host => 'smtp.163.com');

END;

COMMIT;

<5>再次看,sendmail.xml中含有主機smtp.163.com了

select * from dba_network_acls;

HOST LOWER_PORT UPPER_PORT ACL ACLID

-------------------- ---------- ---------- ------------------------------ --------------------------------

smtp.163.com /sys/acls/sendmail.xml D07B6F4707xFFDExx007F01005C7F

狀況3：取消B用戶使用sendmail.xml ACL，B用戶不能訪問smtp.163.com 主機了

BEGIN

DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE(

acl => 'sendmail.xml',

principal => 'B')

END;

=========================================================================

================DBMS_NETWORK_ACL_ADMIN知識彙總==================

=========================================================================

說了這麼多，其實都是對DBMS_NETWORK_ACL_ADMIN過程的使用。

下面是DBMS_NETWORK_ACL_ADMIN的相關只是彙總。

1.建立ACL

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (

acl IN VARCHAR2,

description IN VARCHAR2,

principal IN VARCHAR2,

is_grant IN BOOLEAN,

privilege IN VARCHAR2,

start_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL,

end_date IN TIMESTAMP WITH TIMEZONE DEFAULT NULL );

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(acl => 'www.xml',

description => 'WWW ACL',

principal => 'SCOTT',

is_grant => true,

privilege => 'connect');

END;

COMMIT;

2.爲ACL添加權限

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE (

acl IN VARCHAR2,

principal IN VARCHAR2,

is_grant IN BOOLEAN,

privilege IN VARCHAR2,

position IN PLS_INTEGER DEFAULT NULL,

start_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL,

end_date IN TIMESTAMP WITH TIMESTAMP DEFAULT NULL );

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(

acl => 'www.xml',

principal => 'SCOTT',

is_grant => true,

privilege => 'resolve');

END;

COMMIT;

3.指派ACL能夠訪問的host

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (

acl IN VARCHAR2,

host IN VARCHAR2,

lower_port IN PLS_INTEGER DEFAULT NULL,

upper_port IN PLS_INTEGER DEFAULT NULL);

注意：host這個參數能夠寫做

一個網址：www.us.oracle.com

也能夠是一個網段：*.us.oracle.com或者*.oracle.com或者*.com

固然也能夠是全部host：*

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(

acl => 'us-oracle-com-permissions.xml',

host => '*.us.oracle.com',

lower_port => 80);

END;

4.檢測用戶是否擁有某個ACL中的某個權限

DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE (

acl IN VARCHAR2,

user IN VARCHAR2,

privilege IN VARCHAR2)

RETURN NUMBER;

Returns 1 when the privilege is granted; 0 when the privilege is denied; NULL when the privilege is neither granted or denied.

例子：

如scott擁有sendmail.xml中的resolve權限

SELECT DECODE(

DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(

'sendmail.xml', 'SCOTT', 'resolve'),

1, 'GRANTED', 0, 'DENIED', NULL) PRIVILEGE

FROM DUAL;

PRIVILE

-------

GRANTED

5.刪除acl中的connect或者resolve權限

DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE (

acl IN VARCHAR2,

principal IN VARCHAR2,

is_grant IN BOOLEAN DEFAULT NULL,

privilege IN VARCHAR2 DEFAULT NULL);

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.DELETE_PRIVILEGE(

acl => 'us-oracle-com-permissions.xml',

principal => 'ST_USERS')

END;

6.刪除ACL

DBMS_NETWORK_ACL_ADMIN.DROP_ACL (

acl IN VARCHAR2);

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.DROP_ACL(

acl => 'us-oracle-com-permissions.xml');

END;

7.取消ACL已分配的host

DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL (

acl IN VARCHAR2 DEFAULT NULL,

host IN VARCHAR2 DEFAULT NULL,

lower_port IN PLS_INTEGER DEFAULT NULL,

upper_port IN PLS_INTEGER DEFAULT NULL);

例子：

BEGIN

DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(

host => '*.us.oracle.com',

lower_port => 80);

END;

8.查看語句

--ACL的信息，包括host，ACL名字等。

select * from dba_network_acls;

--各用戶對應的ACL，用戶擁有的權限

select acl,principal,privilege,is_grant,to_char(start_date, 'dd-mon-yyyy') as start_date,to_char(end_date, 'dd-mon-yyyy') as end_date from dba_network_acl_privileges;

參考

http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_networkacl_adm.htm

How To Install Package DBMS_NETWORK_ACL_ADMIN (文檔 ID 1118447.1)

In this Document

Goal

Fix

References

APPLIES TO:

Oracle Server - Enterprise Edition - Version 11.2.0.1 and later
Information in this document applies to any platform.
***Checked for relevance on 24-Oct-2012***

GOAL

How to install the dbms_network_acl_admin package?

FIX

The DBMS_NETWORK_ACL_ADMIN package is installed when the XDB component is being installed. To install XDB follow the procedure outlined in Note 1292089.1 - Master Note for Oracle XML Database (XDB) Installation.

If XDB is already installed but the ACL package is not available and a reinstall of XDB is not possible then the only way to install the DBMS_NETWORK_ACL_ADMIN package is to run the *nacl scripts:

sqlplus / as sysdba

run ?/rdbms/admin/catnacl.sql
run ?/rdbms/admin/dbmsnacl.sql
run ?/rdbms/admin/prvtnacl.plb

REFERENCES

NOTE:207959.1 - All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
NOTE:1292089.1 - Master Note for Oracle XML Database (XDB) Install / Deinstall

Master Note for Oracle XML Database (XDB) Install / Deinstall (文檔 ID 1292089.1)

In this Document

Details

Actions

Best Practices

Reloading XDB

Oracle 9i - XDB Reload

Oracle 10.1 and above - XDB Reload

Deinstalling and Reinstalling XDB

9.2 - XDB Removal and Reinstall

10g - XDB Removal and Reinstall

11g - XDB Removal and Reinstall

11.1 - XDB Removal and Reinstall

11.2 - XDB Removal and Reinstall

Verify XDB Installation

Known Issues

Contacts

References

APPLIES TO:

Oracle Database - Enterprise Edition - Version 9.2.0.3 to 12.1.0.1 [Release 9.2 to 12.1]
Oracle Multimedia - Version 11.2.0.3 to 11.2.0.3 [Release 11.2]
Information in this document applies to any platform.
***Checked for relevance on 13-Oct-2014***

DETAILS

This master note provides information for DBA's on removing and installing XML Database (XDB). This note covers releases 9.2.0.3 through 11.2.

If XDB must be reinstalled in a database supporting Ebusiness Suite there are some actions to do on the database before removing XDB and that needs to be defined with the EBS team.

For example if iSetup exists, iSetup dependency with Deinstall and Reinstall of XMLDB (Doc ID 402785.1)
should be followed before and after the XDB reinstallation.

For an EBS database please consult with the EBS team before reinstalling XDB.

Ask Questions, Get Help, And Share Your Experiences With This Article

Would you like to explore this topic further with other Oracle Customers, Oracle Employees, and Industry Experts?
( Click here to join the discussion where you can ask questions, get help from others, and share your experiences with this specific article.)

Discover discussions about other articles and helpful subjects by clicking here to access the main My Oracle Support Community page for Oracle XDB.

ACTIONS

Best Practices

Please note that 9.2.0.3 is a mandatory minimum patch level for XDB. Customers using XDB must be on Oracle database version 9.2.0.3 or higher.

If the XML DB features are currently being utilized and you have experienced an invalid XML DB repository or installation, point-in-time recovery to a point prior to when the problem occurred is recommended. If XDB is removed and reinstalled, and the feature is being used, data loss can occur. Removing XDB by running catnoqm.sql does the following:

- Deletes all information stored in the oracle XML DB repository and XDB database schema.
- Permanently invalidates any xmltype tables or columns that are associated with a registered XML schema. If the XDB user is dropped, there is no way to recover the data in these xmltype tables or columns.

Please confirm whether XDB is being used in your environment prior to attempting removal and reinstall. To accomplish this, refer to the following documents:

( Doc ID 742156.1) 9iR2: How to Determine if XDB is Being Used in the Database?
( Doc ID 742113.1) 10g: How to Determine if XDB is Being Used in the Database?
( Doc ID 733667.1) 11g: How to Determine if XDB is Being Used in the Database?

Please note, later versions of RDA provides some details on the current status of the XDB component. Please see the following document for more information on RDA:

( Doc ID 314422.1) Remote Diagnostic Agent (RDA) 4 - Getting Started

The following database components / features also use XDB:

Oracle Application Express (APEX)

Oracle Expression Filter

Oracle interMedia / Multimedia DICOM

Oracle Multimedia Image metadata extraction of EXIF, ORDIMAGE, IPTC and XMP metadata

Spatial (including Oracle Locator)

OLAP

Oracle Applications such as iRecruitment

Any procedure using UTL_TCP, UTL_HTTP, UTL_SMTP

XMLTYPE operations

XBRL (Extensible Business Reporting Language) from 11.2.0.2 onwards

It is recommended to take a full backup of the database before removing / reinstalling XDB. This is a good precautionary measure for situations where it is needed to go back to the original state of the database. Please see the following document for more information:

( Doc ID 858321.1) How To Backup XML Database (XDB)

Be sure to follow the exact steps listed whenever reloading the XDB component or reinstalling XDB. This includes a startup/shutdown of the database, as failure to do so can cause the XDB installation to fail with an internal error similar to the following: ORA-7445 [qmr_hdl_copy()+48].
AL32UTF8 is the recommended characterset for XML Database (XDB). AL32UTF8 supports all valid characters for XDB. You should only use a non-AL32UTF8 characterset if you can guarantee that all your XDB data is part of the characterset. If you aren't using AL32UTF8, it is typically recommended to convert to the database character set AL32UTF8. If you are not using AL32UTF8, there could be possible character losses or characterset conversion errors.

RAC procedures.
- If you are reloading XDB on an RAC cluster, all nodes must be shutdown and restarted to avoid inconsistent memory structures.
- Please note, if running xdbrelod.sql for a RAC environment to avoid errors ORA-1092 and ORA-39701:

- Shutdown database database cleanly
- The "cluster_database" parameter should be set to value "false" so for init.ora parameter file set cluster_database=false
- Start only one instance and execute script for XDB reload
- Revert cluster_database=true and restart database

Always review the compatibility parameter to ensure that it is set to the same version as the database so that all XDB functionality associated with that database version is available.

Before installing or upgrading XDB, make sure the LD_LIBRARY_PATH / LIBPATH / SHLIB_PATH environment variable is set correctly. That is, the first directory referenced should be $ORACLE_HOME/lib. This environment variable is used to resolve the location of the shared library "libxdb.so (libxdb.sl on HP)".

XDB must have execute permissions on the DBMS_LOB, UTL_FILE, DBMS_JOB, UTL_RAW and DBMS_SQL packages. XDB automatically has these privileges because they are granted to PUBLIC by default. If these privileges have been revoked from PUBLIC for security reasons, errors will be reported during the installation / upgrade of XDB and some XDB objects will become invalid, making the component itself invalid. Therefore, it is recommended to grant these privileges back to PUBLIC before installing /upgrading XDB. Then after the install/upgrade, grant execute permissions on these packages directly to XDB and revoke the privileges from PUBLIC. After a successful installation of XDB, execute the following:

                  connect / as sysdba
                  grant execute on DBMS_LOB to XDB;
                  grant execute on UTL_FILE to XDB;
                  grant execute on DBMS_SQL to XDB;
                  grant execute on DBMS_JOB to XDB;
                  grant execute on DBMS_STATS to XDB;
                  grant execute on UTL_RAW to XDB;
                  revoke execute on DBMS_LOB from PUBLIC;
                  revoke execute on UTL_FILE from PUBLIC;
                  revoke execute on DBMS_SQL from PUBLIC;
                  revoke execute on DBMS_JOB from PUBLIC;
                  revoke execute on UTL_RAW from PUBLIC;

Please be sure to review the note listed below whenever revoking execute permissions from PUBLIC:

(Doc ID 247093.1) Be Cautious When Revoking Privileges Granted to PUBLIC

Make sure you do not have a table named XDB or any synonyms pointing to XDB objects. Otherwise, this will lead to errors such as ORA-01422: exact fetch returns more than requested number of rows. Please see the following documents for more information:

(Doc ID 1332182.1) ORA-01422 from DBMS_XS_PRINCIPAL_EVENTS_INT DBA|ALL|USER_XSC_* and DBA|ALL|USER_XDS_*

(Doc ID 1574173.1) Selecting from SYS.RESOURCE_VIEW Fails with ORA-01422 and selecting from SYS.DBA_NETWORK_ACLS Fails with ORA-600 [qmxqtmChkXQAtomMapSQL:2]

XDB is included with the Oracle RDBMS. It is not licensed separately.

Reloading XDB

The reload procedure recreates all of the PL/SQL packages and types. It can be helpful in addressing an INVALID status of XDB in DBA_REGISTRY, invalid XDB-specific objects, etc. An XDB reload is always preferred over an XDB removal and reinstall. Since xdbrelod.sql is called in xdbpatch.sql, you can alternatively run xdbpatch.sql to recreate all of the XDB related packages.

Oracle 9i - XDB Reload

spool xdbreload.log
connect / as sysdba
set echo on;
shutdown immediate;
startup migrate;
@?/rdbms/admin/xdbrelod.sql
shutdown immediate;
startup;
@?/rdbms/admin/utlrp.sql
spool off

Oracle 10.1 and above - XDB Reload

spool xdbreload.log
connect / as sysdba
set echo on;
shutdown immediate;
startup upgrade;
@?/rdbms/admin/xdbrelod.sql
shutdown immediate;
startup;
@?/rdbms/admin/utlrp.sql
spool off

Deinstalling and Reinstalling XDB

Prior to upgrading a database with XML Database (XDB) installed or installing XDB, be sure to run the following code listed below to determine if any objects need to be dropped. Please note, failure to run the code listed below could result in data loss of user objects like tables, indexes. This is fully documented in:

(Doc ID 1573175.1) Upgrading or Installing XDB could result in data loss if XDB_INSTALLATION_TRIGGER exists

connect / as sysdba
set serveroutput on

DECLARE
    v_xdb_installation_trigger number;
    v_dropped_xdb_instll_trigger number;
    v_dropped_xdb_instll_tab number;

BEGIN
    select count(*) into v_xdb_installation_trigger
    from dba_triggers
    where trigger_name = 'XDB_INSTALLATION_TRIGGER' and owner = 'SYS';

    select count(*) into v_dropped_xdb_instll_trigger
    from dba_triggers
    where trigger_name = 'DROPPED_XDB_TRIGGER' and owner = 'SYS';

    select count(*) into V_dropped_xdb_instll_tab
    from dba_tables
    where table_name = 'DROPPED_XDB_INSTLL_TAB' and owner = 'SYS';

IF v_xdb_installation_trigger > 0 OR v_dropped_xdb_instll_trigger > 0 OR v_dropped_xdb_instll_tab > 0 then

IF v_xdb_installation_trigger > 0 THEN

dbms_output.put_line('Please proceed to run the command SQL> drop trigger sys.xdb_installation_trigger');
--   drop trigger sys.xdb_installation_trigger;
END IF;

IF v_dropped_xdb_instll_trigger > 0 THEN
   dbms_output.put_line('Please proceed to run the command SQL> drop trigger sys.dropped_xdb_instll_trigger');
--   drop trigger sys.dropped_xdb_instll_trigger;
END IF;

IF v_dropped_xdb_instll_tab > 0 THEN
   dbms_output.put_line('Please proceed to run the command SQL> drop table sys.dropped_xdb_instll_tab');
--   drop table sys.dropped_xdb_instll_tab;
END IF;

   ELSE
   dbms_output.put_line('Please proceed to run the XDB install or upgrade');

END IF;

END;
/

Use XDB removal and reinstall only if not using this feature or under the direction of Oracle Support after it has been verified which objects will need to be recreated.

For database releases 10.1.x and above, XDB is mandatory in order to use any of the XMLTYPE functions. This is true even if the XDB repository is not being used and/or there are no registered schemas.

Prior to Oracle 11.1, a valid installation of JAVA Virtual Machine (JVM) is required.

Prior to Oracle 10.2, a valid installation of XDK is also required.

Allocate at least 350 MB or enable the autoextend on the datafile for the XDB repository tablespace datafile. To determine if the XDB tablespace has the necessary space to run the XDB installation, execute the following PL/SQL procedure:

set serveroutput on

DECLARE
    v_exists number;
    V_size number;

BEGIN
    select count(*) into v_exists
    from dba_tablespaces
    where tablespace_name = 'XDB';

IF v_exists > 0 THEN

    select bytes into v_size
    from dba_data_files
    where tablespace_name = 'XDB';

IF v_size > 209715200 then

   dbms_output.put_line('XDB tablespace exists and is greater than 200 MB.
   Please proceed with XDB install.');
ELSE
    dbms_output.put_line('XDB tablespace exists and but is smaller than
                          200 MB. If you wish to install all the XDB
metadata into the XDB tablespace, then please add
more space so that its greater than 200 MB before
installing XDB.');
END IF;
ELSE
    dbms_output.put_line('XDB tablespace does not exist. Please either
create XDB tablespace of at least 200 MB or
specify another tablespace when installing XDB.');
END IF;
END;
/

Ensure that the SHARED_POOL_SIZE and JAVA_POOL_SIZE is set to at least 250 MB.

When XDB has been deinstalled and reinstalled for whatever reason the XML Schemas for Oracle Multimedia/interMedia and Spatial will have to be reinstalled as well. Please reference the following documents:

10g for both Spatial/interMedia:

(Doc ID 558834.1) How To Re-register XML Schemas After XDB Has Been Re-installed?

11g:

For Multimedia please look at (Doc ID 965892.1) How To Reload Oracle Multimedia Related Information When XML Database (=XDB) Has Been Reinstalled

For Spatial please look at (Doc ID 1180293.1) How To Reload Oracle Spatial Related Information When XML Database (XDB) Has Been Reinstalled

If you have any doubts/concerns with reinstalling XDB or you need further assistance, please contact Oracle Support and log a Service Request.

9.2 - XDB Removal and Reinstall

XDB Removal

spool xdb_removal.log
set echo on;

connect / as sysdba
shutdown immediate;
startup
@?/rdbms/admin/catnoqm.sql
@?/rdbms/admin/catproc.sql
@?/rdbms/admin/utlrp.sql

set pagesize 1000
col owner format a8
col object_name format a35

select owner, object_name, object_type, status
from dba_objects
where status = 'INVALID' and owner = 'SYS';

spool off;

Some XDB related objects in the SYS schema are not dropped during the removal of XDB. Please see the following document for cleaning up these objects:

(Doc ID 285045.1) Resolving Invalid XDB Objects After XDB Has Been Deinstalled From A Database

XDB Installation

The catqm.sql script requires the following parameters be passed to it when run:

A. XDB user password

B. XDB user default tablespace

   * The SYSTEM, UNDO and TEMP tablespace cannot be specified.

   * The specified tablespace must already exist prior to running the script.

   * A tablespace other than SYSAUX should be specified, especially if you expect Oracle XML DB Repository to contain a large amount of data.

   * For example:

      create tablespace XDB
    datafile 'xxxxxxxxx.dbf' size 2000M
      extent management local uniform size 256K segment space management auto;

C. XDB user temporary tablespace

The syntax to run catqm.sql is the following:
SQL> @?/rdbms/admin/catqm.sql A B C

For example:
SQL> @?/rdbms/admin/catqm.sql xdb XDB TEMP

## IMPORTANT: You must shutdown and restart the database between removal and reinstall ##

spool xdb_install.log
set echo on;
connect / as sysdba
shutdown immediate;
startup;
@?/rdbms/admin/catqm.sql -- substitute the parameters with appropriate values
@?/rdbms/admin/catxdbj.sql
@?/rdbms/admin/utlrp.sql
spool off

10g - XDB Removal and Reinstall

XDB Removal

The catnoqm.sql script drops XDB.

spool xdb_removal.log
set echo on;

connect / as sysdba
shutdown immediate;
startup
@?/rdbms/admin/catnoqm.sql
@?/rdbms/admin/catproc.sql
@?/rdbms/admin/utlrp.sql

set pagesize 1000
col owner format a8
col object_name format a35

select owner, object_name, object_type, status
from dba_objects
where status = 'INVALID' and owner = 'SYS';

spool off;

Some XDB related objects in the SYS schema are not dropped during the removal of XDB. Also, the SYS.KU$_% views will become invalid. Please see the following document for cleaning up these objects:

(Doc ID 1375280.1) Invalid KU$ Views and CATALOG, CATPROC components after XDB Deinstall in 10.2

XDB Installation

The catqm.sql script requires the following parameters be passed to it when run:

A. XDB user password

B. XDB user default tablespace

   * The SYSTEM, UNDO and TEMP tablespace cannot be specified.

   * The specified tablespace must already exist prior to running the script.

   * A tablespace other than SYSAUX should be specified, especially if you expect Oracle XML DB Repository to contain a large amount of data.

   * For example:

      create tablespace XDB
    datafile 'xxxxxxxxx.dbf' size 2000M
      extent management local uniform size 256K segment space management auto;

C. XDB user temporary tablespace

11g - XDB Removal and Reinstall

When a binary XMLType is created, the data is stored in a proprietary format on disk that represents a post parse persistence model. This requires the need to store information about how to transverse the XML data without having to parse it again. The data that is stored in order to accomplish this is maintained in dictionary type tables in the XDB user schema, not in the user schema that created the table. What this means is that the removal script drops the XDB user and in turn loses this information from both Binary and Object-Relational xmltype tables/columns. So if directed to remove and reinstall XDB with the catnoqm.sql and catqm.sql scripts, run the following code block to verify that no Binary and/or Object Relational XMLType tables and columns exist:

connect / as sysdba
--
-- Check the storage of XMLType tables.
--
select owner, table_name
from dba_xml_tables
where storage_type in ('OBJECT-RELATIONAL', 'BINARY');

-- A default seed database with the example schemas installed
-- will have ones owned by XDB, MDSYS and OE.
--
-- Check the storage of XMLType columns.
--
select owner, table_name
from dba_xml_tab_cols
where storage_type in ('OBJECT-RELATIONAL', 'BINARY');

-- A default seed database with the example schemas installed
-- will have ones owned by XDB, MDSYS, ORDDATA, APEX_030200 and OE.
-- Please see the following section as it relates to ORDDATA and APEX_030200

If it is necessary to re-install XDB and you would like to put back all binary data into the database without having to reload this from XML files, please contact support on how to do this:

What if the database is using the DICOM and/or Oracle Application Express (APEX) features?

If the above code block has objects owned by ORDDATA and/or APEX_030200, it means those components are installed in the database. If those components are being used in a production capacity, XDB should not be removed and reinstalled as data that is maintained in the XDB user schema will be lost.

The default XMLType storage model is used if a storage model is not specified when creating an XMLType table or column. Prior to Oracle Database 11g Release 2, unstructured (CLOB) storage was used by default. The default storage model is now binary XML storage.

Please see the following document for more information:

( Doc ID 1207893.1) Change in default storage model of XMLType to BINARY XML in 11.2.0.2

Beginning with 11g, JAVA Virtual Machine (JVM) is no longer required for a successful installation of XDB. However, if an attempt is made to run XQUERY statements which use a functional evaluation path, an error will be thrown stating that JVM is not installed. Also note that JVM must be installed for XDK functionality.

Beginning with 11.2, XDB now supports SecureFiles. To use SecureFiles, compatibility must be set to 11.2. If SecureFiles will be used, the tablespace specified for the XDB repository must be using Automatic Segment Space Management (ASSM).

Since SecureFiles is now supported with 11.2, an additional parameter was added to the catqm.sql script in that release.

11.1 - XDB Removal and Reinstall

XDB Removal

The catnoqm.sql script drops XDB.

spool xdb_removal.log
set echo on;

connect / as sysdba
shutdown immediate;
startup
@?/rdbms/admin/catnoqm.sql
@?/rdbms/admin/catproc.sql
@?/rdbms/admin/utlrp.sql

set pagesize 1000
col owner format a8
col object_name format a35

select owner, object_name, object_type, status
from dba_objects
where status = 'INVALID' and owner = 'SYS';

spool off;

XDB Installation

The catqm.sql script requires the following parameters be passed to it when run:

A. XDB user password

B. XDB user default tablespace

   * The SYSTEM, UNDO and TEMP tablespace cannot be specified.

   * The specified tablespace must already exist prior to running the script.

   * A tablespace other than SYSAUX should be specified, especially if you expect Oracle XML DB Repository to contain a large amount of data.

   * For example:

      create tablespace XDB
    datafile 'xxxxxxxxx.dbf' size 2000M
      extent management local uniform size 256K segment space management auto;

C. XDB user temporary tablespace

11.2 - XDB Removal and Reinstall

XDB Removal

The catnoqm.sql script drops XDB.

spool xdb_removal.log
set echo on;

connect / as sysdba
shutdown immediate;
startup
@?/rdbms/admin/catnoqm.sql
@?/rdbms/admin/catproc.sql
@?/rdbms/admin/utlrp.sql

set pagesize 1000
col owner format a8
col object_name format a35

select owner, object_name, object_type, status
from dba_objects
where status = 'INVALID' and owner = 'SYS';

spool off;

Some XDB related objects in the SYS schema are not dropped during the removal of XDB. Also, the SYS.KU$_% views will become invalid. Please see the following document for cleaning up these objects:

(Doc ID 1269470.1) XDB Deinstallation script catnoqm.sql leads to Invalid SYS Objects

XDB Installation

The catqm.sql script requires the following parameters be passed to it when run:

A. XDB user password

B. XDB user default tablespace

   * The SYSTEM, UNDO and TEMP tablespace cannot be specified.

   * The specified tablespace must already exist prior to running the script.

   * A tablespace other than SYSAUX should be specified, especially if you expect Oracle XML DB Repository to contain a large amount of data.

   * For example:

     create tablespace XDB
     datafile 'xxxxxxxxx.dbf' size 2000M
     extent management local uniform size 256K segment space management auto;

C. XDB user temporary tablespace

D. YES or NO

   * If YES is specified, the XDB repository will use SecureFile storage.

   * If NO is specified, LOBS will be used.

   * To use SecureFiles, compatibility must be set to 11.2.

   * The tablespace specified for the XDB repository must be using Automatic Segment Space Management (ASSM) for SecureFiles to be used.

The syntax to run catqm.sql is the following:
SQL> catqm.sql A B C D

For Example:
SQL> @?/rdbms/admin/catqm.sql xdb XDB TEMP YES

## IMPORTANT: You must shutdown and restart the database between removal and reinstall ##

spool xdb_install.log
set echo on;
connect / as sysdba
shutdown immediate;
startup;
@?/rdbms/admin/catqm.sql -- substitute the parameters with appropriate values
@?/rdbms/admin/utlrp.sql
spool off

12.1 - XDB is Mandatory

Oracle XML DB is now a mandatory component of Oracle Database. You cannot uninstall it, and if Oracle XML DB is not already installed in your database prior to an upgrade to Oracle Database 12c Release 1 (12.1.0.1) or later, then it is automatically installed in tablespace SYSAUX during the upgrade. If Oracle XML DB has thus been automatically installed, and if you want to use Oracle XML DB, then, after the upgrade operation, you must set the database compatibility to at least 12.1.0.1. If the compatibility is less than 12.1.0.1 then an error is raised when you try to use Oracle XML DB.

Verify XDB Installation

spool xdb_status.txt

set echo on;
connect / as sysdba
set pagesize 1000
col comp_name format a36
col version format a12
col status format a8
col owner format a12
col object_name format a35
col name format a25

-- Check status of XDB

select comp_name, version, status
from dba_registry
where comp_id = 'XDB';

-- Check for invalid objects

select owner, object_name, object_type, status
from dba_objects
where status = 'INVALID'
and owner in ('SYS', 'XDB');

spool off;

Known Issues

If for any reason the catqm.sql script fails, it is recommended to look at log files to determine the reason why the install failed. If the script doesn't complete OR if the following error is reported after repeating the XDB installation:

ORA-04098: trigger 'SYS.XDB_INSTALLATION_TRIGGER' is invalid and failed re-validation.

If this occurs, implement the steps in the following documents:

( Doc ID 1573175.1) Upgrading or Installing XDB could result in data loss if XDB_INSTALLATION_TRIGGER exists

( Doc ID 331378.1) Running catqm.sql Leads to ORA-4098 Trigger 'SYS.XDB_INSTALLATION_TRIGGER' is Invalid

Some times one or more of the following errors can be encountered when installing XDB, upgrading XDB, configuring APEX, running an Export, or selecting from xdb.xdb$resource/sys.dba_network_acls:

ORA-31159: XML DB is in an invalid state
ORA-00600: internal error code, arguments: [unable to load XDB library]
ORA-00600: internal error code, arguments: [qmx: no ref]
ORA-00600: internal error code, arguments: [qmtGetColumnInfo1]
ORA-00600: internal error code, arguments: [qmtb_init_len]
ORA-00600: internal error code, arguments: [qmtGetBaseType]
ORA-00600: internal error code, arguments: [psdnop-1], [600]
ORA-00600: internal error code, arguments: [qmtInit1]
ORA-07445: exception encountered: core dump [_memcpy()+224] [SIGSEGV] [Address not mapped to object]
ORA-19051 Cannot Use Fast Path Insert For This XMLType Table
ORA-31011: XML parsing failed

Errors of this sort generally occur when the init routines for the internal XDB functions are run in an invalid environment, causing memory corruption.

This can happen if the database was ever started with the LD_LIBRARY_PATH (LIBPATH for AIX or SHLIB_PATH for HP) pointing to the wrong $ORACLE_HOME/lib directory rather than to the correct location for the instance. The LD_LIBRARY_PATH/LIBPATH/SHLIB_PATH environment variable is used to resolve the location of the shared library "libxdb.so (libxdb.sl on HP)".

To resolve this issue, please do the following:

1. Stop the listener and shutdown the database

2. Set LD_LIBRARY_PATH (LIBPATH for AIX or SHLIB_PATH for HP) as follows:

csh: setenv LD_LIBRARY_PATH $ORACLE_HOME/lib:
ksh: export LD_LIBRARY_PATH=$ORACLE_HOME/lib:

3. If a client connects to an 11g instance using a 10g listener, modify or add the ENVS= "LD_LIBRARY_PATH" to the listener.ora file
so that it points to the 11g instance:

    SID_LIST_LISTENER =
     (SID_LIST =
     (SID_DESC =
     (SID_NAME = PLSExtProc)
    ...
   )
    (SID_DESC =
     (SID_NAME =11gSID)
     (ORACLE_HOME =/opt/oracle/product/11.1.0)
     (ENVS= "LD_LIBRARY_PATH=/opt/oracle/product/11.1.0/lib")
     )
    )

4. If a client connects to a 10g instance using an 11g listener, modify or add the ENVS= "LD_LIBRARY_PATH" to the listener.ora file
    so that it points to the 10g instance:

SID_LIST_LISTENER =
   (SID_LIST =
   (SID_DESC =
   (SID_NAME = PLSExtProc)
    ...
   )
(SID_DESC =
   (SID_NAME =10gSID)
     (ORACLE_HOME =/opt/oracle/product/10.2.0)
   (ENVS= "LD_LIBRARY_PATH=/opt/oracle/product/10.2.0/lib")
   )
    )

5. On AIX only, to remove any currently unused modules in the kernel and library memory, run /usr/sbin/slibclean as root.

6. Restart the database and the listener.

It is possible to check the current settings of LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH by referencing the following document:

(Doc ID 373303.1) How to Check the Environment Variables for an Oracle Process

XDB is invalid after installation or upgrade and there are invalid XDB objects which fail to compile with the following errors:

           PLS-00201: identifier 'DBMS_LOB' must be declared
           or
           PLS-00201: identifier 'UTL_FILE' must be declared

           XDB does not have execute permissions on the DBMS_LOB and UTL_FILE packages.

           Please reference the following documents:

           (Doc ID 429551.1) Invalid XDB Objects After XDB Install
           (Doc ID 1105245.1) XDB Is INVALID In DBA_REGISTRY After Having Revoked Privileges: What Privileges Are Needed?

(Doc ID 243555.1) Create DB or Installing XDB Fails ORA-22973

(Doc ID 1168180.1) Error ORA-46105 When Trying To Create An ACL

If the error message "ORA-04043: object XDB_DATASTORE_PROC does not exist" is encountered during XDB installation, this indicates that Oracle Text was not installed.

Please reference the following document for details:

( Doc ID 360907.1) Catupgrd.sql Gives ORA-4043 Error On XDB_DATASTORE_PROC

Prior to 11.2, if XDB is deinstalled and not reinstalled, orphaned XSD objects can exist that will need to be dropped manually. Please review the document below:

( Doc ID 1273520.1) After de-installing XDB many XSD objects are invalid

On release 11.2 onwards, catnoqm.sql will remove these objects.

Specific to 11.2

(Doc ID 1273944.1) Installation of XDB failed with ORA-20004: Tablespace system is not ASSM, ORA-43853

(Doc ID 1086092.1) ORA-60019: Creating initial extent of size X installing XDB with SECUREFILES

(Doc ID 1168180.1) Error ORA-46105 When Trying To Create An ACL

Regardless of the option specified for SECUREFILES when installing XDB, XDB's default tablespace MUST BE an ASSM tablespace if COMPATIBLE >= 11.2. Please review the document below:

(Doc ID 1337065.1) XDB is INVALID after ORA-31084 ORA-43853 errors during install

If you have 'Password Complexity Verification' function enabled at the time of manual install then in 11.1.x or 11.2.x install may fail with the error message:

             ORA-28003: password verification for the specified password failed
             ORA-20001: Password length less than 8

             Please reference the following document for details:

            (Doc ID 1297620.1) XDB is INVALID in DBA_REGISTRY after Fresh Installation

The window below is a live discussion of this article (not a screenshot). We encourage you to join the discussion by clicking the "Reply" link below for the entry you would like to provide feedback on. If you have questions or implementation issues with the information in the article above, please share that below.

CONTACTS

My Oracle Support Community for XDB

OTN Discussion Forums: XDB

REFERENCES

NOTE:373303.1 - How to Check the Environment Variables for an Oracle Process NOTE:1337065.1 - XDB is INVALID after ORA-31084 ORA-43853 errors during install NOTE:247093.1 - Be Cautious When Revoking Privileges Granted to PUBLIC NOTE:733667.1 - 11g: How to Determine if XDB is Being Used in the Database? NOTE:958129.1 - How To Set Network ACLs in Oracle To Access Packages UTL_TCP, UTL_SMTP, UTL_MAIL, UTL_HTTP, UTL_INADDR NOTE:1332182.1 - ORA-01422 from DBMS_XS_PRINCIPAL_EVENTS_INT DBA|ALL|USER_XSC_* and DBA|ALL|USER_XDS_* NOTE:742113.1 - 10g: How to Determine if XDB is Being Used in the Database? NOTE:944088.1 - ORA-00600 [qmx: no ref] Xdb Uninitialized Xdb$Schema Not Accessible NOTE:558834.1 - How To Re-register XML Schemas After XDB Has Been Re-installed? NOTE:1299774.1 - ORA-19051 Cannot Use Fast Path Insert For This XMLType Table NOTE:1127179.1 - ORA-07445 [qmkmgetConfig()+52] During Catupgrd.sql (11.2.0.1) NOTE:965892.1 - How To Reload Oracle Multimedia Related Information when XML Database (=XDB) Has Been Reinstalled NOTE:2212664.1 - JSON DB and SODA DB Health-Check Script