11

When installing an Oracle Database, what non-default settings would you normally apply (or consider applying) ?

I'm not after hardware dependent setting (eg memory allocation) or file locations, but more general items. Similarly anything that is a particular requirement for a specific application rather than generally applicable isn't really useful.

Do you separate out code/API schemas (PL/SQL owners) from data schemes (table owners) ? Do you use default or non-default roles, and if the latter, do you password protect the role ?

I'm also interested in whether there's any places where you do a REVOKE of a GRANT that is installed by default. That may be version dependent as 11g seems more locked down for its default install.

These are ones I used in a recent setup. I'd like to know whether I missed anything or where you disagree (and why).

Database Parameters

  • Auditing (AUDIT_TRAIL to DB and AUDIT_SYS_OPERATIONS to YES)
  • DB_BLOCK_CHECKSUM and DB_BLOCK_CHECKING (both to FULL)
  • GLOBAL_NAMES to true
  • OPEN_LINKS to 0 (did not expect them to be used in this environment)

Character set - AL32UTF8

Profiles
I created an amended password verify function that used the apex dictionary table (FLOWS_030000.wwv_flow_dictionary$) as an extra check to prevent simple passwords.

Developer logins

CREATE PROFILE profile_dev LIMIT FAILED_LOGIN_ATTEMPTS 8 PASSWORD_LIFE_TIME 32 PASSWORD_REUSE_TIME 366 PASSWORD_REUSE_MAX 12 PASSWORD_LOCK_TIME 6 PASSWORD_GRACE_TIME 8 PASSWORD_VERIFY_FUNCTION verify_function_11g SESSIONS_PER_USER unlimited CPU_PER_SESSION unlimited CPU_PER_CALL unlimited PRIVATE_SGA unlimited CONNECT_TIME 1080 IDLE_TIME 180 LOGICAL_READS_PER_SESSION unlimited LOGICAL_READS_PER_CALL unlimited;

Application login

CREATE PROFILE profile_app LIMIT FAILED_LOGIN_ATTEMPTS 3 PASSWORD_LIFE_TIME 999 PASSWORD_REUSE_TIME 999 PASSWORD_REUSE_MAX 1 PASSWORD_LOCK_TIME 999 PASSWORD_GRACE_TIME 999 PASSWORD_VERIFY_FUNCTION verify_function_11g SESSIONS_PER_USER unlimited CPU_PER_SESSION unlimited CPU_PER_CALL unlimited PRIVATE_SGA unlimited CONNECT_TIME unlimited IDLE_TIME unlimited LOGICAL_READS_PER_SESSION unlimited LOGICAL_READS_PER_CALL unlimited;

Privileges for a standard schema owner account

CREATE CLUSTER CREATE TYPE CREATE TABLE CREATE VIEW CREATE PROCEDURE CREATE JOB CREATE MATERIALIZED VIEW CREATE SEQUENCE CREATE SYNONYM CREATE TRIGGER
Improve this question

2 Answers 2

Reset to default
1

Here is something I ran across once, which is an example of someone elses best practices on the older version of Oracle :

http://www.akadia.com/services/ora_linux_install_10g.html

Improve this answer
1
  • with 11g Oracle recommends installing Grid Manager, that in itself is a big piece of installation... Commented Nov 5, 2011 at 17:38
0

Auditing -- off unless there's a requirement from the customer to have it enabled.

Separation of Code Schema from Data Schema: No, but definitely isolate the Code and Data schema from the users, where they access the underlying tables/code via roles or grants.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.