1 – After Journal
Allows you to do any of the following with respect to after-image
journal (.aij) files:
o Enable or disable after-image journaling.
o Alter an .aij file (occurs only if .aij file is re-created).
o Add, drop, modify, or reserve .aij files.
o Suppress the use of an .aij file.
o Add AIJ caches.
o Set the initial .aij file allocation.
o Set the .aij file extent (for extensible journals).
o Enable or disable .aij file overwriting.
o Send OpenVMS operator communication manager (OPCOM) messages
when specific after-image journal events occur.
o Set the shutdown timeout period.
NOTE
Prior to Oracle Rdb Version 6.0, the ability to alter an
.aij file name was provided through the RdbALTER DEPOSIT
ROOT command. Beginning with Oracle Rdb Version 6.0, the
RdbALTER DEPOSIT ROOT command no longer provides this
capability; use the Alter qualifier with the RMU Set After_
Journal command instead.
1.1 – Description
Many of the RMU Set After_Journal functions are also available
through the use of the following SQL ALTER DATABASE clauses:
ADD JOURNAL clause
DROP JOURNAL clause
ALTER JOURNAL clause
1.2 – Format
(B)0[mRMU/Set After_Journal root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Add=(keyword[,...]) x No journals added
/Aij_Options=OptionsFile x None
/Allocation=number-blocks x See description
/Alter=(keyword[,...]) x No journals altered
/Backups=(keyword_list) x See description
/[No]Cache=file x See description
/Disable x None
/Drop=(Name=name) x No journals deleted
/Enable x None
/Extent=number-blocks x See description
/[No]Log x Current DCL verify value
/[No]Notify=(operator-class-list) x See description
/[No]Overwrite x None
/Reserve=number-journals x None
/Shutdown_Timeout=minutes x 60 minutes
/Suppress=(Name=name) x No journals suppressed
/Switch_Journal x None
1.3 – Parameters
1.3.1 – root-file-spec
Specifies the database root file for which you want to enable
journaling or set .aij file characteristics.
1.4 – Command Qualifiers
1.4.1 – Add
Add=(keyword, ...)
Adds an .aij file to the after-image journal file configuration.
You can add an .aij file while users are attached to the
database. If you specify the Suppress, Drop, or Alter qualifiers
in the same RMU Set After_Journal command, they are processed
before the Add qualifier. The Add qualifier can appear several
times in the same command.
Specify an .aij file to add by using the following keywords:
o Name=name
Specifies a unique name for the after-image journal object
to be added. An after-image journal object is the .aij file
specification plus all of its attributes, such as allocation,
extent, and backup file name.
This keyword is required.
o File=file
Specifies the file for the journal to be added. This keyword
is required. If you do not provide a full file specification,
and only the file name, the file is placed in your current
directory. If more than one journal resides in the same
directory, each journal must have a unique file name. However,
each fixed-size journal file should be located on a separate
device. This minimizes risks associated with journal loss or
unavailability should a device fail or be brought off line.
For example, if two or more journal files reside on the same
failed device, the loss of information or its unavailability
is far greater than that of a single journal file.
o Backup_File=file
Specifies the file to be used for automatic backup operations.
This keyword is optional. If you specify a file name, but
not a file extension, the .aij file extension is used by
default. If you supply only a file name (not a complete file
specification), the backed up .aij file is placed in the
database root file directory.
o Edit_Filename=(option)
Specifies an edit string to apply to the backup file
when an .aij is backed up automatically. This keyword is
optional. However, if it is specified, the Backup_File=file
keyword must be specified also. When you specify the Edit_
Filename=(options) keyword, the .aij backup file name is
modified by appending the options you specify.
See the description of the Edit_Filename keyword for the
Backups qualifier for a list of the available keyword options.
This keyword and the options you specify affect the backup
file name of the .aij file specified with the associated Name
keyword only. If you want the same edit string applied to all
backed up .aij files, you might find it more efficient to use
the Backups qualifier with the Edit_Filename keyword instead
of the Add qualifier with the Edit_Filename keyword.
If you use a combination of the Edit_Filename keyword with the
Add qualifier and the Edit_Filename keyword with the Backups
qualifier, the Add qualifier keyword takes precedence over the
Backups qualifier keyword for the named .aij file. In other
words, the options you specify with Edit_Filename keyword
to the Backups qualifier are applied to all backed up .aij
files except those for which you explicitly specify the Edit_
Filename keyword with the Add qualifier. See Example 6.
This keyword is useful for creating meaningful file names for
your backup files and makes file management easier.
o Allocation=number-blocks
Sets the initial size, in disk blocks, of the .aij file. If
this keyword is omitted, the default allocation is used.
The minimum valid value is 512, the maximum value is eight
million. The default is 512.
See the Oracle Rdb Guide to Database Maintenance for guidance
on setting the allocation size.
o Extent=number-blocks
Specifies the maximum size to extend an .aij file if it is,
or becomes, an extensible .aij file (in blocks). (If the
number of available after-image journal files falls to one,
extensible journaling is employed.)
If there is insufficient free space on the .aij file device,
the journal is extended using a smaller extension value than
specified. However, the minimum, and default, extension size
is 512 blocks.
See the Oracle Rdb Guide to Database Maintenance for guidance
on setting the extent size.
1.4.2 – AIJ Options
AIJ_Options=OptionsFile
Specifies an options file name. The default extension is .opt.
The OptionsFile is the same as that generated by an RMU Show
After_Journal command and is also used by the RMU Copy_Database,
Move_Area, Restore, and Restore Only_Root commands. The AIJ_
Options qualifier may be used alone or in combination with other
RMU Set After_Journal command qualifiers.
1.4.3 – Allocation
Allocation=number-blocks
Sets the default .aij file allocation. You can change the
allocation while users are attached to the database. If the
Allocation qualifier is omitted, the default allocation is
unchanged.
The minimum value you can specify is 512. The default is also
512.
See the Oracle Rdb Guide to Database Maintenance for guidance on
setting the allocation size.
1.4.4 – Alter
Alter=(keyword,...)
Specifies that an after-image journal object be altered.
You can alter an after-image journal object while users are
attached to the database. The Alter qualifier can be used
several times within the same RMU Set After_Journal command.
If you specify a previously suppressed .aij file with the
Alter qualifier, that named .aij file is unsuppressed. Oracle
RMU performs this unsuppress action as soon as the command is
processed.
The changes specified by the Alter qualifier are stored in the
database root file (and thus are visible in the dump file if you
issue an RMU Dump command), but the changes are not applied to
the .aij file until it is re-created (or backed up, in the case
of the Backup_File= file keyword). A new extensible .aij file is
re-created, for example, when the following are true:
o Fast commit is enabled.
o Extensible after-image journaling is being used.
o Users are actively updating the database.
o You issue an RMU Backup After_Journal command with the
Noquiet_Point qualifier.
Backing up an extensible .aij file does not ensure that a new
.aij file will be created. In most cases, the existing .aij file
is truncated and reused.
Specify an after-image journal object to alter by using the
following keywords:
o Name=name
Specifies the name of the after-image journal object. This
is a required keyword that must match the name of an existing
after-image journal object.
o File=file
This option only takes effect if a journal is, or becomes,
an extensible .aij file and only when that journal is re-
created. This option allows you to supply a new .aij file
specification to be used for the extensible .aij file if and
when it is re-created. This can be used to move the re-created
.aij file to a new location. If you do not provide a full file
specification, and only the file name, the file is placed in
your current directory. See the general description of the
Alter qualifier for an example of when an extensible .aij file
is re-created.
This option cannot be used to move a fixed-size .aij file. To
move a fixed-size .aij file, you must first create a new .aij
file and then drop the existing .aij file.
This keyword is optional.
o Backup_File=file
Specifies a new file to be used for automatic backup
operations.
This keyword is optional.
o Edit_Filename=(options)
Specifies a new edit string to apply to the backup file
name of the named .aij file when the .aij is backed up
automatically. This keyword is optional. See the description
of the Edit_Filename keyword for the Backups qualifier for a
list of the available keyword options.
o Allocation=number-blocks
Specifies the initial size of the .aij file that is re-created
if that file is, or becomes, a fixed-size .aij file.
o Extent=number-blocks
Specifies the extent size of the .aij file that is re-created
if it is, or becomes, extensible.
See the Oracle Rdb Guide to Database Maintenance for guidance
on setting the extent size.
1.4.5 – Backups
Backups=(keyword_list)
Specifies options to control the AIJ backup server. You can
select one or more of the following keywords:
o Automatic
Specifies that the AIJ backup server will run automatically,
as required. You cannot specify both the Automatic and Manual
keywords. If neither the Automatic nor the Manual keyword is
specified, the backup server state is unchanged.
o Manual
Specifies that the RMU Backup After_Journal command will be
used to back up the .aij files. The AIJ backup server will
not run automatically. You cannot specify both Automatic
and Manual keywords. If neither the Automatic nor the Manual
keyword is specified, the backup server state is unchanged.
o Backup_File=file
Specifies a default file specification for the AIJ backup
server to use as the backup file name if no backup file name
is associated with the .aij file to be backed up.
o Nobackup_File
Specifies that there is no default backup file specification.
Omission of this keyword retains the current default backup
file specification.
o Edit_Filename=(options)
The Edit_Filename keyword specifies an edit string to apply
to .aij files when they are backed up automatically. When
the Edit_Filename=(options) keyword is used, the .aij backup
file names are edited by appending any or all of the values
specified by the following options to the backup file name:
- Day_Of_Year
The current day of the year expressed as a 3-digit integer
(001 to 366).
- Day_Of_Month
The current day of the month expressed as a 2-digit integer
(01 to 31).
- Hour
The current hour of the day expressed as a 2-digit integer
(00 to 23).
- Julian_Date
The number of days passed since 17-Nov-1858.
- Minute
The current minute of the hour expressed as a 2-digit
integer (00 to 59).
- Month
The current month expressed as a 2-digit integer (01 to
12).
- Sequence
The journal sequence number of the first journal in the
backup operation.
- Vno
Synonymous with the Sequence option. See the description of
the Sequence option.
- Year
The current year (A.D.) expressed as a 4-digit integer.
If you specify more than one option, place a comma between
each option.
The edit is performed in the order specified. For example, the
file backup.aij and the keyword EDIT_FILENAME=(HOUR, MINUTE,
MONTH, DAY_OF_MONTH, SEQUENCE) creates a file with the name
backup_160504233.aij when journal 3 is backed up at 4:05 P.M.
on April 23rd.
You can make the name more readable by inserting quoted
strings between each Edit_Filename option. For example, the
option shown in the following code adds the string "$30_0155-
2" to the .aij file name if the day of the month is the 30th,
the time is 1:55 and the version number is 2:
/EDIT_FILENAME=("$",DAY_OF_MONTH,"_",HOUR,MINUTE,"-",SEQUENCE)
This keyword is useful for creating meaningful file names for
your backup files and makes file management easier.
If you use a combination of the Edit_Filename keyword with
the Add qualifier and the Edit_Filename keyword with the
Backups qualifier, the Add qualifier keyword takes precedence
over the Backups qualifier keyword for the named .aij file.
In other words, the options you specify with Edit_Filename
keyword to the Backups qualifier are applied to all .aij back
up files except those for which you explicitly specify the
Edit_Filename keyword with the Add qualifier. See Example 6.
o Quiet_Point
Specifies that the after-image journal backup operation is
to acquire the quiet-point lock prior to performing an .aij
backup operation for the specified database. This option
(as with all the other Backup options) affects only the
database specified in the RMU Set After_Journal command line.
For information on specifying that the quiet-point lock be
acquired before any .aij backup operation is performed on a
system, see the Usage Notes.
o Noquiet_Point
Specifies that the after-image journal backup operation will
not acquire the quiet-point lock prior to performing an .aij
backup operation for the specified database. This option (as
with all the other Backup options) affects only the database
specified in the RMU Set After_Journal command line. For
information on specifying that the quiet-point lock will not
be acquired prior to any .aij backup operations performed on a
system, see the Usage Notes.
1.4.6 – Cache
Cache=file
Nocache
Specifies an after-image journal cache file specification on a
solid-state disk. If the Cache qualifier is specified, after-
image journal caches are enabled. If you specify a file name, but
not a file extension, the file extension .aij is used by default.
If the Nocache qualifier is specified, AIJ caches are disabled.
You can use this qualifier only when users are detached from the
database.
This file must be written to a solid-state disk. If a solid-state
disk is not available, after-image journal caching should not be
used. Unless you are involved in a high performance, high-volume
environment, you probably do not need the features provided by
this qualifier.
You can determine whether the cache file is accessible by
executing the RMU Dump command with the Header qualifier. If
caching is enabled, but the cache file is unavailable, the cache
file is marked inaccessible and after-image journaling continues
as if caching was disabled. Once the cache file has been marked
inaccessible, it will remain so marked until either the existing
cache file is dropped from the database, or a new cache file is
added to the database (even if this is the same cache file as was
previously used).
If this qualifier is omitted, the AIJ cache state remains
unchanged.
1.4.7 – Disable
Disable
Disables after-image journaling if it has already been enabled.
If after-image journaling has already been disabled, this
qualifier has no effect. You can specify the Disable qualifier
only when users are detached from the database.
When the Disable qualifier and other qualifiers are specified
with the RMU Set After_Journal command, after-image journaling is
disabled before other requested operations.
There is no default for the Disable qualifier. If you do not
specify either the Disable or Enable qualifier, the after-image
journaling state remains unchanged.
1.4.8 – Drop
Drop=(Name=name)
Specifies that the named after-image journal object be deleted.
You can drop an after-image journal object while users are
attached to the database, but the named after-image journal
object must not be the current .aij file or be waiting to be
backed up. When the Drop qualifier is specified with the Alter
or Add qualifiers on the RMU Set After_Journal command, the named
after-image journal object is dropped before any after-image
journal objects are altered or added.
Each after-image journal object to be deleted is specified by
the required keyword, Name=name. This specifies the name of the
after-image journal object to be dropped, which must match the
name of an existing after-image journal object.
1.4.9 – Enable
Enable
Enables after-image journaling if it has been disabled. You can
specify the Enable qualifier only when users are detached from
the database and at least one unmodified .aij file is available
(unless you also specify the Overwrite qualifier). After-image
journaling is enabled after other specified qualifiers have been
processed.
1.4.10 – Extent
Extent=number-blocks
Sets the size, in blocks, of the default .aij file extension.
This qualifier has no effect on fixed-length .aij files. This
qualifier can be used while users are attached to the database.
The minimum valid number-blocks value is 512. The default is also
512.
If the Extent qualifier is omitted, the default extension remains
unchanged.
See the Oracle Rdb Guide to Database Maintenance for guidance on
setting the extent size.
1.4.11 – Log
Log
Nolog
Specifies whether the processing of the command is reported to
SYS$OUTPUT. Specify the Log qualifier to request log output and
the Nolog qualifier to prevent it. If you specify neither, the
default is the current setting of the DCL verify switch. (The DCL
SET VERIFY command controls the DCL verify switch.)
1.4.12 – Notify
Notify=(operator-class-list)
Nonotify
Sets the operator notification state for after-image journaling
and selects the operators to be notified when the journaling
state changes. Oracle RMU uses the OpenVMS operator communication
manager (OPCOM). The following events evoke operator
notification:
o An error writing to an .aij file.
o No .aij file is available for write operations.
o The .aij file has been overwritten.
o The RMU Backup After_Journal command fails.
You can use this qualifier while users are attached to the
database. If you specify the Nonotify qualifier, operator
notification is disabled. If the qualifier is omitted, the
operator notification state is unchanged.
The operator classes follow:
o [No]All
The All operator class broadcasts a message to all terminals
that are attached to the system or cluster. These terminals
must be turned on and have broadcast-message reception
enabled. The Noall operator class inhibits the display of
messages to the entire system or cluster.
o [No]Central
The Central operator class broadcasts messages to the central
system operator. The Nocentral operator class inhibits the
display of messages to the central system operator.
o [No]Disks
The Disks operator class broadcasts messages pertaining to
mounting and dismounting disk volumes. The Nodisks operator
class inhibits the display of messages pertaining to mounting
and dismounting disk volumes.
o [No]Cluster
The Cluster operator class broadcasts messages from the
connection manager pertaining to cluster state changes. The
Nocluster operator class inhibits the display of messages from
the connection manager pertaining to cluster state changes.
o [No]Security
The Security operator class displays messages pertaining to
security events. The Nosecurity operator class inhibits the
display of messages pertaining to security events.
o [No]Oper1 through [No]Oper12
The Oper1 through Oper12 operator classes display messages
to operators identified as OPER1 through OPER12. The Nooper1
through Nooper12 operator classes inhibit messages from being
sent to the specified operator.
NOTE
Use the Notify qualifier conservatively. Be sure that
messages regarding a private database are not broadcast
to an entire system or cluster of users who may not be
interested in the broadcast information. Similarly, be
conservative regarding even a clusterwide database. You
do not want to overload the operators with insignificant
messages.
1.4.13 – Overwrite
Overwrite
Nooverwrite
The Overwrite qualifier specifies that .aij files can be
overwritten without first being backed up. The Nooverwrite
qualifier specifies that only an .aij file that has been backed
up can be overwritten. You can specify the Nooverwrite qualifier
only when users are detached from the database. If you do
not specify either the Overwrite qualifier or the Nooverwrite
qualifier, the Overwrite characteristic remains unchanged.
This qualifier is ignored if only one .aij file is available.
When you specify the Overwrite qualifier, it is only activated
when two or more .aij files are, or become, available.
Note that if you use the Overwrite qualifier, you will be unable
to perform a rollforward from a restored backup file. Most users
will not want to use the Overwrite qualifier; it is provided for
layered applications that might want to take advantage of some
performance features provided by Oracle Rdb that require after-
image journaling, but where the use of after-image journaling is
not required for the application to run reliably.
1.4.14 – Reserve
Reserve=number-journals
Reserves additional space in the after-image journal
configuration for the specified number of .aij files. You can
specify the Reserve qualifier only when users are detached from
the database. If you do not specify the Reserve qualifier, no
space is reserved for additional .aij files.
Note that you cannot reserve space in a single-file database for
.aij files by using this qualifier with the RMU Set After_Journal
command. After-image journal file reservations for a single-
file database can be made only when you use the RMU Convert, RMU
Restore, or RMU Copy_Database commands.
Note that once you reserve space in the journal configuration
(using the Reserve=n qualifier), the reservations are permanent.
There is no way to unreserve this space unless you back up and
restore the database. Specify fewer reservations with RMU Restore
command After_Journal qualifier.
Each reservation uses two blocks of space in the root file and
the run-time global sections.
When you reserve journals slots to create additional journals
for your journal system, the reserve operation is not journaled.
Therefore, you should perform a full database backup operation to
ensure database consistency.
1.4.15 – Shutdown Timeout
Shutdown_Timeout=minutes
Modifies the after-image journal shutdown time in the event that
after-image journaling becomes unavailable. The after-image
journaling shutdown time is the period, in minutes, between
the point when after-image journaling becomes unavailable and
the point when the database is shut down. During the after-
image journaling shutdown period, all database update activity
is stalled.
If operator notification has been enabled, operator messages are
broadcast to all enabled operator classes and to the RMU Show
Statistics screen at 1-minute intervals.
To recover from the after-image journaling shutdown state
and to resume normal database operations, you must make an
.aij file available for use. You can do this by backing up an
existing modified journal, or, if you have a journal reservation
available, by adding a new journal to the after-image journaling
configuration. If you do not make a journal available before the
after-image journal shutdown time expires, the database is shut
down and all active database attaches are terminated.
The after-image journaling shutdown period is only in effect when
fixed-size AIJ journaling is used. When a single extensible .aij
file is used, the default action is to shut down all database
operations when the .aij file becomes unavailable.
If you do not specify the Shutdown_Timeout qualifier, the
database shuts down 60 minutes after the after-image journaling
configuration becomes unavailable. The maximum value you can
specify for the Shutdown_Timeout qualifier is 4320 minutes (3
days).
1.4.16 – Suppress
Suppress=(Name=name)
Prevents further use of the named after-image journal object. The
named after-image journal object must be an existing after-image
journal object.
This qualifier is useful when you want to temporarily disallow
the use of an .aij file. For example, suppose the disk containing
the next .aij file to use goes off line. You do not want the
database to attempt to access that file until the disk is back on
line. Use the Suppress qualifier so the database does not attempt
to access the specified .aij file. When the disk is back on line,
use the RMU Set After_Journal command with the Alter qualifier
to unsuppress the after-image journal object that references this
.aij file.
You can specify the Suppress qualifier while users are attached
to the database, but the .aij file referenced by the after-image
journal object must not be the current journal or be waiting
to be backed up. You must back up the referenced .aij file
before the after-image journal object that references it can
be suppressed.
The Suppress qualifier is processed prior to any Drop, Add, or
Alter qualifiers specified with the same command.
1.4.17 – Switch Journal
Switch_Journal
Changes the currently active .aij file to the next available .aij
file in a fixed-size after-image journaling configuration.
In an extensible journal file configuration, the Switch_Journal
qualifier has no effect and is ignored if specified.
The Switch_Journal qualifier is useful for forcing a switch to an
.aij file on another disk when you want to perform maintenance on
the disk containing the currently active journal file.
You cannot specify the Switch_Journal qualifier and the Enable
or the Disable qualifier on the same command line. In addition,
after-image journaling must be enabled when you issue the Switch_
Journal qualifier.
It is seldom necessary to specify this option because normally a
switch occurs automatically.
1.5 – Usage Notes
o You must have the RMU$ALTER, RMU$BACKUP, or RMU$RESTORE
privilege in the root file access control list (ACL) for the
database or the OpenVMS SYSPRV or BYPASS privilege to use the
RMU Set After_Journal command.
o Use the RMU Dump command with the Header qualifier to see if
after-image journaling additions or changes you have made have
been recorded as you expect. However, note that although the
AIJ attributes change as you specify, the changed .aij file
might be flagged as unmodified in the dump of the header. This
occurs because the transaction containing your changes to the
.aij file is captured in the current .aij file, not the .aij
file for which you specified modifications.
o When you use RMU Set After_Journal to specify a fixed-size
journal configuration, specify a different disk for each
.aij file, if possible. Using this method, you can suppress
a journal on a given disk if that disk should start to fail.
o If the disk fails on which the current .aij file resides,
Oracle Rdb immediately starts using a new .aij file if your
journal configuration contains more than one journal. For
example, if AIJ_DISK1 contains AIJ_ONE, the current .aij file,
and AIJ_DISK1 fails, Oracle Rdb will immediately start using
AIJ_TWO, the .aij file on AIJ_DISK2.
o Execute a full database backup operation after issuing an RMU
Set After_Journal command that displays the RMU-W-DOFULLBCK
warning message (such as a command that includes the Reserve
or the Enable qualifier).
o Use the Alter qualifier to unsuppress an .aij file that has
been suppressed with the Suppress qualifier.
o Use the Backup=(Quiet_Point) qualifier to specify that the
quiet-point lock must be acquired prior to performing an
.aij backup operation for the specified database. (Use the
Backup=(Noquiet_Point) qualifier to specify that the quiet-
point lock will not be acquired prior to an .aij backup
operation for the specified database.)
o Use the RDM$BIND_ABS_QUIET_POINT logical to specify whether or
not the quiet-point lock must be acquired prior to performing
any .aij backup operation on any database on a cluster.
Define the value for the logical to be 1 to specify that the
quiet-point lock must be acquired prior to performing .aij
backup operations; define the value to be 0 to specify that
the quiet-point lock need not be acquired prior to .aij backup
operations. You must define this logical in the system table
on all nodes in the cluster as shown in the following example:
$ DEFINE/SYSTEM RDM$BIND_ABS_QUIET_POINT 1
o The selection of which journal in a set of fixed-size journal
files is used by Oracle RMU is unpredictable and depends on
availability. For example, while a journal is temporarily
unavailable, it cannot be selected as the next journal file.
Thus, a journal file might be reused before all journals in
the set have been used once.
1.6 – Examples
Example 1
The following command reserves space for three .aij files, adds
two .aij files to the mf_personnel database, and then enables
after-image journaling:
$ RMU/SET AFTER_JOURNAL/ENABLE/RESERVE=3 -
_$ /ADD=(NAME=AIJ2, FILE=DISK1:[JOURNAL]AIJ_TWO) -
_$ /ADD=(NAME=AIJ3, FILE=DISK2:[JOURNAL]AIJ_THREE) -
_$ MF_PERSONNEL
%RMU-W-DOFULLBCK, full database backup should be done to
ensure future recovery
Example 2
The following example demonstrates how to switch the current .aij
file from DISK1:[DB]AIJ1 to the next available journal file in a
fixed-size journal configuration, and then suppress the original
journal in anticipation of maintenance on the disk that contains
it. The last Oracle RMU command moves AIJ1 to a new disk and
implicitly unsuppresses it.
$ RMU/DUMP/HEADER=(JOURNAL) MF_PERSONNEL
.
.
.
AIJ Journaling...
- After-image journaling is enabled
- Database is configured for 5 journals
- Reserved journal count is 5
- Available journal count is 3
- Journal switches to next available when full
- 1 journal has been modified with transaction data
- 2 journals can be created while database is active
- Journal "AIJ1" is current
- All journals are accessible
.
.
.
$ RMU/SET AFTER_JOURNAL/SWITCH_JOURNAL MF_PERSONNEL/LOG
%RMU-I-OPERNOTIFY, system operator notification: Oracle Rdb Database
USER1:[DB]MF_PERSONNEL.RDB;1 Event Notification
After-image journal 0 switch-over in progress (to 1)
%RMU-I-OPERNOTIFY, system operator notification: Oracle Rdb Database
USER1:[DB]MF_PERSONNEL.RDB;1 Event Notification
After-image journal switch-over complete
%RMU-I-LOGMODSTR, switching to after-image journal "AIJ2"
.
.
.
$ RMU/BACKUP/AFTER_JOURNAL MF_PERSONNEL DISK1:[DB]AIJ1_BCK/LOG
%RMU-I-AIJBCKBEG, beginning after-image journal backup operation
%RMU-I-OPERNOTIFY, system operator notification: Oracle Rdb Database
USER1:[DB]MF_PERSONNEL.RDB;1 Event Notification
AIJ backup operation started
%RMU-I-AIJBCKSEQ, backing up after-image journal sequence number 2
%RMU-I-LOGBCKAIJ, backing up after-image journal AIJ1 at 10:59:58.83
%RMU-I-LOGCREBCK, created backup file DISK1:[DB]AIJ1_BCK.AIJ;1
%RMU-I-OPERNOTIFY, system operator notification: Oracle Rdb Database
USER1:[DB]MF_PERSONNEL.RDB;1 Event Notification
AIJ backup operation completed
%RMU-I-AIJBCKEND, after-image journal backup operation completed
successfully
%RMU-I-LOGAIJJRN, backed up 1 after-image journal at 11:00:02.59
%RMU-I-LOGAIJBLK, backed up 254 after-image journal blocks
at 11:00:02.59
$ RMU/SET AFTER_JOURNAL/SUPPRESS=(NAME=AIJ1) MF_PERSONNEL/LOG
%RMU-I-LOGMODSTR, suppressed after-image journal "AIJ1"
$ RMU/SET AFTER_JOURNAL MF_PERSONNEL -
_$ /ALTER=(NAME=AIJ1,FILE=DISK2:[DB]AIJ1)/LOG
%RMU-I-LOGMODSTR, unsuppressed after-image journal "AIJ1"
Example 3
The following example turns on the automatic backup server for
.aij files and defines a default backup file name:
$ RMU/SET AFTER_JOURNAL /BACKUPS=(AUTOMATIC, -
_$ BACKUP_FILE=DISK:[AIJ_BACKUPS]AIJ_BACKUP.AIJ) -
_$ DB$DISK:[DIRECTORY]MF_PERSONNEL.RDB
Example 4
The following example turns off the automatic backup server for
.aij files and removes the default backup file name:
$ RMU/SET AFTER_JOURNAL /BACKUPS=(MANUAL,NOBACKUP_FILE) -
_$ DB$DISK:[DIRECTORY]MF_PERSONNEL.RDB
Example 5
The following example changes the .aij backup file name without
changing the setting of the AIJ backup server:
$ RMU/SET AFTER_JOURNAL /BACKUPS= -
_$ (BACKUP_FILE=NEW_DISK:[AIJ_BACKUPS]BETTER_BACKUP_NAME.AIJ) -
_$ DB$DISK:[DIRECTORY]MF_PERSONNEL.RDB
Example 6
The following example sets a local and a global edit string for
.aij backup files. When AIJ_ONE is backed up, it is appended with
the string _LOCAL. When AIJ_TWO or AIJ_THREE are backed up, they
are appended with the string _GLOBAL. Although it is unlikely
that you would select these edit strings, they demonstrate the
behavior of the Edit_Filename keyword when it is used with the
Backup qualifier (global effect) versus the behavior of the Edit_
Filename keyword when it is used with the Add qualifier (local
effect).
$ RMU/SET AFTER_JOURNAL/ENABLE/RESERVE=5 -
_$ /BACKUP=EDIT_FILENAME=("_GLOBAL")/ADD=(NAME=AIJ1, -
_$ FILE=DISK1:[AIJS]AIJ_ONE, -
_$ BACKUP_FILE=AIJ1BCK, -
_$ EDIT_FILENAME=("_LOCAL")) -
_$ /ADD=(NAME=AIJ2, -
_$ FILE=DISK1:[AIJS]AIJ_TWO, -
_$ BACKUP_FILE=AIJ2BCK) -
_$ /ADD=(NAME=AIJ3, -
_$ FILE=DISK1:[AIJS]AIJ_THREE, -
_$ BACKUP_FILE=AIJ3BCK) -
_$ MF_PERSONNEL
$ !
$ ! After these .aij files are backed up:
$ !
$ DIR .AIJ
AIJ1BCK_LOCAL.AIJ;1
AIJ2BCK_GLOBAL.AIJ;1
AIJ3BCK_GLOBAL.AIJ;1
AIJ_ONE.AIJ;1
AIJ_THREE.AIJ;1
AIJ_TWO.AIJ;1
2 – AIP
Allows the user to modify the contents of the AIP (Area Inventory
Pages) structure. The AIP structure provides a mapping for
logical areas to physical areas as well describing each of those
logical areas. Information such as the logical area name, length
of the stored record, and storage thresholds can now be modified
using this simple command interface.
2.1 – Description
This RMU command is used to modify some attributes of an existing
logical area. It cannot be used to add or delete a logical area.
This command can be used to correct the record length, thresholds
and name of a logical area described by an AIP entry. It can also
be used to rebuild the SPAM pages for a logical area stored in
UNIFORM page format areas so that threshold settings for a page
correctly reflect the definition of the table.
See also the RMU Repair Spam command for information on
rebuilding SPAM pages for MIXED areas.
2.2 – Format
(B)0[mRMU/Set AIP root-file-spec [larea-name]
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Larea=(n [,...]) x See description
/Length[=n] x See description
/Log x See description
/Rebuild_Spams x See description
/Rename_To=new-name x See description
/Threshold=(p,q,r) x See description
2.3 – Parameters
2.3.1 – root-file-spec
The file specification for the database root file to be
processed. The default file extension is .rdb.
2.3.2 – larea-name
An optional parameter that allows the logical areas to be
selected by name. Only those AIP entries are processed.
Any partitioned index or table will create multiple logical areas
all sharing the same name. This string may contain standard
OpenVMS wildcard characters (% and *) so that different names
can be matched. Therefore, it is possible for many logical areas
to match this name.
The value of larea-name may be delimited so that mixed case
characters, punctuation and various character sets can be used.
2.4 – Command Qualifiers
2.4.1 – Larea
Larea=(n [,...])
Specifies a list of logical area identifiers. The LAREA qualifier
and larea-name parameter are mutually exclusive.
2.4.2 – Length
Length[=value]
Sets the length of the logical area. If no value is provided on
the RMU Set AIP command, then Oracle Rdb will find the matching
table and calculate a revised AIP nominal record length and apply
it to the AIP.
2.4.3 – Log
Log
Logs the names and identifiers of logical areas modified by this
command.
2.4.4 – Rebuild Spams
Rebuild_Spams
Locate each logical area with the "rebuild-spam" flag set and
rebuild the SPAM pages.
2.4.5 – Rename To
Rename_To=new-name
Used to change the logical area name. This qualifier should be
used with caution as some RMU commands assume a strict mapping
between table/index names and names of the logical area. This
command can be used to repair names that were created in older
versions of Oracle Rdb where the rename table command did not
propagate the change to the AIP. The value of new-name may be
delimited so that mixed case, punctuation and various character
sets can be used.
2.4.6 – Threshold
Threshold=(t1 [,t2 [, t3]])
Changes the threshold on all logical areas specified using
the Larea qualifier or the larea-name parameter. RMU accepts
THRESHOLD=(0,0,0) as a valid setting to disable logical area
thresholds. Values must be in the range 0 through 100. Any
missing values default to 100.
2.5 – Usage Notes
o The database administrator requires RMU$ALTER privilege to run
the command and the Rdb server also requires SELECT and ALTER
privilege on the database.
o This command supersedes the RMU Repair Initialize=Larea_
Parameters command that can also change the Thresholds and
Length for a logical area. This command can be executed
online, whereas the RMU Repair command must be run offline.
o Wildcard names are not permitted with the following qualifiers
to prevent accidental propagation of values to the wrong
database objects.
- LENGTH qualifier with a value specified,
- RENAME_TO qualifier,
- and THRESHOLDS qualifier.
o RMU Set AIP may be used on a master database configured for
HOT STANDBY. All AIP changes and SPAM rebuild actions are
written to the after image journal and will be applied to the
standby database. This command cannot be applied to a STANDBY
database.
o THRESHOLDS for MIXED format areas are physical area attributes
and are not supported at the logical area (aka AIP) level.
Therefore, THRESHOLDS can not be applied to MIXED areas and
specifying logical areas will cause an exception to be raised.
o The REBUILD_SPAMS qualifier is only applied to logical areas
stored in UNIFORM page format storage areas.
o This command will implicitly commit any changes with no
opportunity to undo them using rollback. Access to the
functionality is controlled by privileges at the RMU and Rdb
database level. We suggest that RMU Show AIP be used prior to
any change so that you can compare the results and repeat the
RMU Set AIP command with corrections if necessary.
Some wildcard operations are restricted to prevent accidental
damage to the database. For instance, a wildcard matching
many objects will be rejected if more than one type of object
is being changed. If a wildcard selects both table and index
types then this command will be rejected.
o This command is an online command. Each logical area will be
processed within a single transaction and interact with other
online users.
o When the AIP entry is changed online, any existing users of
the table or index will start to use the new values if the
logical areas are reloaded.
o Various SQL alter commands will register changes for the AIP
and these are applied at COMMIT time. RMU Verify and RMU Show
AIP Option=REBUILD_SPAMS will report any logical areas that
require SPAM rebuilding. The database administrator can also
examine the output from the RMU Dump Larea=RDB$AIP command.
o How long can the SPAM rebuild be delayed? The fullness of
some page will have been calculated using the old AIP length
or THRESHOLD values. Therefore, it might appear that a page
is full when in fact the revised length will fit on the
page, or the page may appear to have sufficient free space
to store a row but once accessed the space is not available.
By rebuilding SPAM pages, you may reduce I/O during insert
operations. However, delaying the rebuild to a convenient time
will not affect the integrity of the database.
o The amount of I/O required for Rebuild_Spams depends upon
the number of pages allocated to the table or index involved.
Assuming just one logical area is selected then Oracle Rdb
will read the ABM (Area Bitmap) to locate all SPAM pages in
that area that reference this logical area. Rdb will then
read each page in the SPAM interval for that SPAM page and
recalculate the fullness based on the rows stored on each
page.
2.6 – Examples
Example 1
RMU will call Rdb for each logical area that requires rebuilding.
$ RMU/SET AIP/REBUILD_SPAMS MF_PERSONNEL
%RMU-I-AIPSELMOD, Logical area id 86, name ACCOUNT_AUDIT selected for
modification
%RMU-I-AIPSELMOD, Logical area id 94, name DEPARTMENTS_INDEX selected for
modification
Example 2
RMU will request that the EMPLOYEES table length be updated
in the AIP. Oracle Rdb will use the latest table layout to
calculate the length in the AIP and write this back to the AIP.
The EMPLOYEES table is partitioned across three storage areas and
therefore the Log qualifier shows these three logical areas being
updated.
$ RMU/SET AIP MF_PERSONNEL EMPLOYEES/LENGTH/LOG
%RMU-I-AIPSELMOD, Logical area id 80, name EMPLOYEES selected for modification
%RMU-I-AIPSELMOD, Logical area id 81, name EMPLOYEES selected for modification
%RMU-I-AIPSELMOD, Logical area id 82, name EMPLOYEES selected for modification
Example 3
RMU will request that the EMPLOYEES table length be updated
in the AIP and then the SPAM pages will be rebuilt. This is an
ONLINE operation. Note: there is an implied relationship between
the logical area name and the name of the object. This example
assumes that the EMPLOYEES object is mapped to a UNIFORM page
format area.
$ RMU/SET AIP MF_PERSONNEL EMPLOYEES/LENGTH/REBUILD_SPAMS
Example 4
When Thresholds for an index are modified they will not be
effective until the SPAM pages are updated (rebuilt) to use these
new values. The following example shows that index maintenance
performed by SQL. The SET FLAGS command is used to display
information about the change. Note that the change is applied at
COMMIT time and that the SPAM rebuild is deferred until a later
time. RMU Set AIP is then used to rebuild the SPAM pages.
$ SQL$
SQL> set flags 'index_stats';
SQL> alter index candidates_sorted store in rdb$system (thresholds are (32,56,
77));
~Ai alter index "CANDIDATES_SORTED" (hashed=0, ordered=0)
~Ai larea length is 215
~As locking table "CANDIDATES" (PR -> PU)
~Ai: reads: async 0 synch 58, writes: async 8 synch 0
SQL> commit;
%RDMS-I-LOGMODVAL, modified space management thresholds to (32%, 56%, 77%)
%RDMS-W-REBUILDSPAMS, SPAM pages should be rebuilt for logical area
CANDIDATES_SORTED
$
$ RMU/SET AIP MF_PERSONNEL CANDIDATES_SORTED/REBUILD_SPAMS/LOG
%RMU-I-AIPSELMOD, Logical area id 74, name CANDIDATES_SORTED selected for
modification
3 – Audit
Enables Oracle Rdb security auditing. When security auditing is
enabled, Oracle Rdb sends security alarm messages to terminals
that have been enabled as security operators and makes entries
in the database's security audit journal whenever specified audit
events are detected.
3.1 – Description
The RMU Set Audit command is the Oracle Rdb equivalent to the
DCL SET AUDIT command. Because Oracle Rdb security auditing uses
many OpenVMS system-level auditing mechanisms, certain auditing
characteristics (such as /FAILURE_MODE) can only be set and
modified by using the DCL SET AUDIT command, which requires the
OpenVMS SECURITY privilege.
3.2 – Format
(B)0[mRMU/Set Audit root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Disable=enable-disable-options x See description
/Enable=enable-disable-options x See description
/[No]Every x /Every
/First x Synonym for /Noevery
/[No]Flush x /Noflush
/Start x See description
/Stop x See description
/Type={Alarm|Audit} x Alarm and Audit
3.3 – Parameters
3.3.1 – root-file-spec
The file specification of the database root for which auditing
information will be modified.
3.4 – Command Qualifiers
3.4.1 – Disable
Disable=enable-disable-options
Disables security auditing for the specified audit event classes.
To disable alarms and audits for all classes, specify the All
option. You can also selectively disable alarms and audits for
one or more classes that are currently enabled. You must specify
at least one class when you specify the Disable qualifier. See
the Enable qualifier description for a list of the classes you
can specify with the Disable qualifier.
When you specify audit classes with the Disable qualifier, the
events you specify are immediately disabled. For other audit
events that have not been explicitly disabled with the Disable
qualifier, records continue to be recorded in the security
audit journal and alarms continue to be sent to security-enabled
terminals, as specified.
When processing the RMU Set Audit command, Oracle Rdb processes
the Disable qualifier last. If you accidentally specify both
Enable and Disable for the same event type in the same command,
the Disable qualifier prevails.
3.4.2 – Enable
Enable=enable-disable-options
Enables security auditing for the specified audit event classes.
To enable alarms and audits for all events, specify the All
option. You can also selectively enable alarms and audits for
one or more classes that are currently disabled. You must specify
at least one class when you specify the Enable qualifier.
When you specify audit classes with the Enable qualifier, the
audit events you specify are immediately enabled, so that audit
events of currently attached users are recorded in the security
audit journal and alarms are sent to security-enabled terminals,
as specified.
With the Enable and Disable qualifiers, you can specify one or
more of the following six valid class options: All, Daccess,
Daccess=object-type, Identifier=(identifier-list), Protection,
and Rmu. If you specify more than one class, separate the classes
with commas, and enclose the list of classes within parentheses.
The following list provides a description of each option:
o All
Enables or disables all possible audit event classes.
o Daccess
Enables or disables DACCESS (discretionary access) audit
events.
A DACCESS audit event occurs whenever a user issues a command
that causes a check to be made for the existence of the
appropriate privilege in an access privilege set (APS). To
monitor access to a particular database object or group of
objects, use the Daccess=object-type option to specify that a
DACCESS audit record be produced whenever an attempt is made
to access the object.
Specifying the general Daccess option enables or disables the
general DACCESS audit event type. If DACCESS event auditing is
enabled and started for specific objects, auditing takes place
immediately after you issue the RMU Set Audit command with
the Enable=Daccess qualifier. Auditing starts for any users
specified in the Identifier=(identifier-list) option who are
attached to the database when the command is issued.
o Daccess=object-type[=(object name)]/Privileges=(privilege-
list)
Allows you to audit access to database objects by users in the
Identifier=(identifier-list) option with the privileges you
specify.
A DACCESS type event record indicates the command issued, the
privilege used by the process issuing the command, and whether
the attempt to access the object was successful.
The object-type option enables or disables DACCESS auditing
for the specified object type. You can specify one or more
object types in an RMU Set Audit command. The three valid
object types are:
- DATABASE
When you specify the DATABASE object type, you must use the
Privileges qualifier to specify one or more privileges to
be audited for the database. Do not specify an object name
with the DATABASE object type.
- TABLE
Specify the TABLE option for both tables and views. When
you specify the TABLE object type, you must specify one or
more table names with the object name parameter. You must
also use the Privileges qualifier to specify one or more
privileges to be audited for the specified tables.
- COLUMN
When you specify the COLUMN object type, you must specify
one or more column names with the object name parameter.
Specify the table name that contains the column by using
the following syntax:
table-name.column-name
If you specify more than one column, separate the list
of table-name.column-names with commas, and enclose the
list within parentheses. You must also use the Privileges
qualifier to specify one or more privileges to be audited
for the specified columns.
The object name parameter enables or disables DACCESS auditing
for the specified object or objects. If you specify more than
one object name, separate the object names with commas, and
enclose the list of object names within parentheses.
If you specify one or more object names, you must select one
or more privileges to audit. Use the Privileges=privilege-list
qualifier to select the privileges that are to be audited for
each of the objects in the object name list when the selected
objects are accessed. The privileges that can be specified
with the Privileges qualifier are listed in DACCESS Privileges
for Database Objects.
Privilege names SUCCESS and FAILURE can be used as a
convenient way to specify that all successful or failed
accesses to that object for all privileges should be audited.
The privilege name All can be used with the Enable or Disable
qualifier to turn on or turn off auditing for all privileges
applicable to the object.
If you specify a privilege that does not apply to an object,
Oracle Rdb allows it, but will not produce any auditing for
that privilege. You can specify only SQL privileges with the
Privileges=(privilege-list) qualifier. The privileges that
can be specified for each Oracle Rdb object type are shown
in DACCESS Privileges for Database Objects. The Relational
Database Operator (RDO) privileges that correspond to
the SQL privileges are included in DACCESS Privileges for
Database Objects to help RDO users select the appropriate SQL
privileges for auditing.
Table 13 DACCESS Privileges for Database Objects
SQL RDO
Privilege Privilege Database Table/ViColumn
ALTER CHANGE Y Y N
CREATE DEFINE Y Y N
DBADM ADMINISTRATOR Y N N
DBCTRL CONTROL Y Y N
DELETE ERASE N Y N
DISTRIBTRAN DISTRIBTRAN Y N N
DROP DELETE Y Y N
INSERT WRITE N Y N
REFERENCES REFERENCES N Y Y
SECURITY SECURITY Y N N
SELECT READ Y Y N
UPDATE MODIFY N Y Y
SUCCESS SUCCESS Y Y Y
FAILURE FAILURE Y Y Y
ALL ALL Y Y Y
o Identifier=(identifier-list)
Enables or disables auditing of user access to objects listed
in the Enable=Daccess=object-type qualifier. If you do not
specify this option, no users are audited for the DACCESS
event. Any user whose identifier you specify is audited for
accessing the database objects with the privileges specified.
You can specify wildcard characters within the identifiers
to identify groups of users. The [*,*] identifier indicates
public, and causes all users to be audited. If you specify a
nonexistent identifier, you receive an error message.
The order of identifiers in the identifier list is not
significant. A user is audited if he or she holds any of the
identifiers specified in the identifier list.
You can specify user identification code (UIC) identifiers,
general identifiers, and system-defined identifiers in the
identifier list. For more information on identifiers, see the
Oracle Rdb Guide to Database Design and Definition.
If you specify more than one identifier, separate the
identifiers with commas, and enclose the identifier list
within parentheses. UIC identifiers with commas such as
[RDB,JONES] must be enclosed within quotation marks as
follows:
IDENTIFIER=(INTERACTIVE,"[RDB,JONES]",SECRETARIES)
When you use Identifier=(identifier-list) to specify one or
more identifiers to be audited, those identifiers are audited
whenever they access any object for which auditing has been
enabled.
o Protection
Allows you to audit changes made to access privilege sets
for database objects by means of the SQL GRANT and REVOKE
statements.
o Rmu
Audits the use of Oracle RMU commands by users with the
privilege to use them.
3.4.3 – Every
Noevery
Sets the granularity of DACCESS event auditing for the database.
When you specify the Every qualifier, every access check
for the specified objects using the specified privilege or
privileges during a database attachment is audited. When you
specify the Noevery qualifier, each user's first access check
for the specified audit objects using the specified privilege
or privileges during a database attachment is audited. The
First qualifier is a synonym for the Noevery qualifier; the two
qualifiers can be used interchangeably.
The default is the Every qualifier.
3.4.4 – First
Specifies that when DACCESS event auditing is enabled, each
user's first access check for the specified audit objects
using the specified privilege or privileges during a database
attachment is audited. The First qualifier is a synonym
for the Noevery qualifier; the two qualifiers can be used
interchangeably.
3.4.5 – Flush
Noflush
Indicates whether forced writes of audit journal records are
currently enabled for the database. Forced writes will cause
Oracle Rdb to write (flush) the audit journal record immediately
out to disk when the audit record is produced, rather than
waiting for the audit server to flush the audit records at
specified intervals of seconds.
The default is the Noflush qualifier, which flushes audit records
every interval of seconds. To specify the interval, use the DCL
command SET AUDIT/INTERVAL=JOURNAL_FLUSH=time.
3.4.6 – Start
Starts Oracle Rdb security auditing for the database. The Start
qualifier by itself starts both security alarms and security
audit journal records. Also, you can supply the Type=Alarm
qualifier or the Type=Audit qualifier to start security alarms
only or security audit journaling only.
When you specify the Start qualifier, auditing starts immediately
for all audit event classes that are currently enabled. Any
subsequent audit events of currently attached users are recorded
in the security audit journal, or alarms are sent to security-
enabled terminals, or both, depending on what you have specified
for your database.
3.4.7 – Stop
Stops Oracle Rdb security auditing for the database. The Stop
qualifier by itself stops both security alarms and security audit
journal records. Also, you can supply the Type=Alarm qualifier or
the Type=Audit qualifier to stop security alarms only or security
audit journaling only.
When you specify the Stop qualifier, the alarms or audits
(or both) of all audit event classes are immediately stopped
(depending on whether you specified the Type=Alarm qualifier,
the Type=Audit qualifier, or neither). The audit event classes
previously specified with the Enable qualifier remain enabled,
and you can start them again by using the Start qualifier.
3.4.8 – Type
Type=option
Specifies that security alarms or security audit journal records
(or both) be enabled or disabled. The following options are
available with the Type qualifier:
o Alarm
Causes subsequent qualifiers in the command line (Start, Stop,
Enable, and Disable) to generate or affect security alarm
messages that are sent to all terminals enabled as security
operator terminals.
o Audit
Causes subsequent qualifiers in the command line (Start,
Stop, Enable, and Disable) to generate or affect security
audit journal records that are recorded in the security audit
journal file.
If you do not specify the Type qualifier with the RMU Set
Audit command, Oracle RMU enables or disables both security
alarms and security audit journal records.
3.5 – Usage Notes
o To use the RMU Set Audit command for a database, you must
have the RMU$SECURITY privilege in the root file ACL for the
database or the OpenVMS SECURITY or BYPASS privilege.
o Audit journal records collected on a database can be stored
only in the database from which they were collected. The
database name specified with the RMU Load command with the
Audit qualifier identifies to Oracle Rdb both the audit
records to be loaded and the database into which they are
to be loaded.
o There is very little overhead associated with security
auditing; no extra disk I/O is involved. Therefore, you need
not be concerned about the impact to database performance
should you decide to enable security auditing.
o You can use the Daccess=object-type option to enable DACCESS
checking for specific objects, but the general DACCESS class
is not enabled until you explicitly enable it by using the
Enable=Daccess qualifier with the RMU Set Audit command.
Also, you need to use the Start qualifier with the RMU Set
Audit command to start the auditing and alarms that have been
enabled.
o Alarms are useful for real-time tracking of auditing
information. At the moment an alarm occurs, text messages
regarding the alarm are displayed on security-enabled
terminals.
To enable a terminal to receive Oracle Rdb security alarms,
enter the DCL REPLY/ENABLE=SECURITY command. You must have
both the OpenVMS SECURITY and OpenVMS OPER privileges to use
the REPLY/ENABLE=SECURITY command.
o Audit records are useful for periodic reviews of security
events. Audit records are stored in a security audit journal
file, and can be reviewed after they have been loaded into
a database table with the RMU Load command with the Audit
qualifier. Use the DCL SHOW AUDIT/JOURNAL command to determine
the security audit journal file being used by your database.
o The AUDIT class is always enabled for both alarms and audit
records, but does produce any alarms or audit records until
auditing is started. The AUDIT class cannot be disabled.
o When you specify the Daccess=object-type option and
one or more other options in an options list, the
Privileges=(privilege-list) qualifier must begin after the
closing parenthesis for the options list.
o To display the results of an RMU Set Audit command, enter the
RMU Show Audit command.
o You can use the Disable and Enable qualifiers with indirect
file references. See the Indirect-Command-Files help entry for
more information.
o When the RMU Set Audit command is issued for a closed
database, the command executes without other users being able
to attach to the database.
3.6 – Examples
Example 1
In the following example, the first command enables alarms
for the RMU and PROTECTION classes. The second command shows
that alarms for the RMU and PROTECTION classes are enabled but
not yet started. The AUDIT class is always enabled and cannot
be disabled. The third command starts alarms for the RMU and
PROTECTION classes. The fourth command shows that alarms for the
RMU and PROTECTION classes are enabled and started.
$ ! Enable alarms for RMU and PROTECTION classes:
$ RMU/SET AUDIT/TYPE=ALARM/ENABLE=(RMU,PROTECTION) MF_PERSONNEL
$ !
$ ! Show that alarms are enabled, but not yet started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Start alarms for the enabled RMU and PROTECTION classes:
$ RMU/SET AUDIT/START/TYPE=ALARM MF_PERSONNEL
$ !
$ ! Show that alarms are started for the RMU and PROTECTION classes:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 2
In this example, the first command shows that alarms are started
and enabled for the RMU class. The second command disables alarms
for the RMU class. The third command shows that alarms for RMU
class are disabled.
$ ! Show that alarms are enabled and started for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Disable alarms for the RMU class:
$ RMU/SET AUDIT/TYPE=ALARM/DISABLE=RMU MF_PERSONNEL
$ !
$ ! Show that alarms are disabled for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 3
In this example, the first command enables auditing for users
with the [SQL,USER1] and [RDB,USER2] identifiers. The second
command shows the enabled identifiers. The third command enables
DACCESS checks requiring SELECT and INSERT privileges for the
EMPLOYEES and COLLEGES tables. The fourth command displays the
DACCESS checks that have been specified for the COLLEGES and
EMPLOYEES tables. Note that because the general DACCESS type has
not been enabled, DACCESS for the EMPLOYEES and COLLEGES tables
is displayed as disabled.
$ ! Enable auditing for users with the [SQL,USER1] and
$ ! [RDB,USER2] identifiers:
$ RMU/SET AUDIT/ENABLE=IDENTIFIER=("[SQL,USER1]","[RDB,USER2]") -
_$ MF_PERSONNEL
$ !
$ ! Show that [SQL,USER1] and [RDB,USER2] are enabled identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=[RDB,USER2])
$ ! Enable and start DACCESS checks for the SELECT and INSERT
$ ! privileges for the COLLEGES and EMPLOYEES tables:
$ RMU/SET AUDIT/ENABLE=DACCESS=TABLE=(COLLEGES,EMPLOYEES) -
_$ /PRIVILEGES=(SELECT,INSERT)/START MF_PERSONNEL
$ !
$ ! Display the DACCESS checks that are enabled and
$ ! started for the COLLEGES and EMPLOYEES tables:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Security alarms STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Example 4
In this example, the first command enables auditing of the JOBS
and EMPLOYEES tables for DACCESS checks for users with the
[SQL,USER1] or BATCH identifier. The Privileges=All qualifier
specifies that auditing will be produced for every privilege.
The second command shows that auditing is enabled for users
with the [SQL,USER1] or BATCH identifier. The third command
shows that DACCESS checking for the JOBS and EMPLOYEES tables
for all privileges is specified. The fourth command enables the
general DACCESS class. The fifth command's output shows that the
general DACCESS class is now enabled. The sixth command starts
the auditing that is enabled, and the seventh command shows that
the enabled auditing is started.
$ ! Enable DACCESS checks for users with the [SQL,USER1] or
$ ! BATCH identifier for the JOBS and EMPLOYEES tables:
$ RMU/SET AUDIT/TYPE=AUDIT -
_$ /ENABLE=(IDENTIFIER=("[SQL,USER1]",BATCH), -
_$ DACCESS=TABLE=(JOBS,EMPLOYEES)) /PRIVILEGES=ALL MF_PERSONNEL
$ !
$ ! Show that auditing is enabled for users with the [SQL,USER1]
$ ! or BATCH identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
$ ! Show that DACCESS checking for all privileges for the
$ ! JOBS and EMPLOYEES tables is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (disabled)
$ ! Enable the general DACCESS class:
$ RMU/SET AUDIT/ENABLE=DACCESS MF_PERSONNEL
$ !
$ ! Show that the general DACCESS class is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (enabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (enabled)
$ ! Start the auditing that is enabled:
$ RMU/SET AUDIT/START MF_PERSONNEL
$ !
$ ! Show that the enabled auditing is started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
Example 5
In this example, the first command enables DACCESS checks
requiring the INSERT privilege for the mf_personnel database,
for the EMPLOYEES table, and for the EMPLOYEE_ID column of the
EMPLOYEES table. The second command shows that the DACCESS check
for the INSERT privilege is enabled for the specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! MF_PERSONNEL database, EMPLOYEES table, and EMPLOYEE_ID
$ ! column of the EMPLOYEES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(DATABASE,TABLE=EMPLOYEES, -
_$ COLUMN=EMPLOYEES.EMPLOYEE_ID) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Example 6
In this example, the first command enables a DACCESS check
requiring the INSERT privilege for the EMPLOYEES and COLLEGES
tables, as well as for the EMPLOYEE_ID and LAST_NAME columns of
the EMPLOYEES table and the COLLEGE_CODE column of the COLLEGES
table in the mf_personnel database. The second command shows that
the DACCESS check for the INSERT privilege is enabled for the
specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! EMPLOYEES and COLLEGES table, the LAST_NAME and EMPLOYEE_ID
$ ! column of the EMPLOYEES table, and the COLLEGE_CODE column
$ ! of the COLLEGES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(TABLE=(EMPLOYEES,COLLEGES), -
_$ COLUMN=(EMPLOYEES.EMPLOYEE_ID, -
_$ EMPLOYEES.LAST_NAME, -
_$ COLLEGES.COLLEGE_CODE)) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)
4 – Buffer Object
On a database basis, controls which database objects use the
OpenVMS Fast I/O and Buffer Objects features.
4.1 – Description
Use the RMU Set Buffer_Object command to control, on a database
basis, which database objects use the OpenVMS Fast I/O and Buffer
Objects features.
4.2 – Format
(B)0[mRMU/Set Buffer_Object root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Disable=enable-disable-options x See description
/Enable=enable-disable-options x See description
/[No]Log x Current DCL verify value
4.3 – Parameters
4.3.1 – root-file-spec
The root file specification of the database. The default file
extension is .rdb.
4.4 – Command Qualifiers
4.4.1 – Disable
Disable=enable-disable-options
Disables buffer objects for the specified Oracle Rdb buffers.
You can specify one or more of the following buffer objects:
Page, AIJ, RUJ, and Root. Refer to Buffer Object Control for more
information about these keywords. If you specify more than one
object, separate the objects with commas, and enclose the list of
objects within parentheses.
4.4.2 – Enable
Enable=enable-disable-options
Enables buffer objects for the specified Oracle Rdb buffers.
You can specify one or more of the following buffer objects:
Page, AIJ, RUJ, and Root. Refer to Buffer Object Control for more
information about these keywords. If you specify more than one
object, separate the objects with commas, and enclose the list of
objects within parentheses.
If you specify the Enable and Disable qualifiers for the same
buffer object, the Enable option prevails and the buffer object
state is enabled for the specified object type.
Table 14 Buffer Object Control
Object Keyword Logical Name
Data PAGE RDM$BIND_PAGE_BUFOBJ_ENABLED
pages
AIJ AIJ RDM$BIND_AIJ_BUFOBJ_ENABLED
output
RUJ RUJ RDM$BIND_RUJ_BUFOBJ_ENABLED
Root ROOT RDM$BIND_ROOT_BUFOBJ_ENABLED
file
NOTE
If a logical is defined as "1" then the corresponding buffer
will be created as an OpenVMS buffer object.
4.4.3 – Log
Log
Nolog
Specifies whether the processing of the command is reported to
SYS$OUTPUT. Specify the Log qualifier to request log output and
the Nolog qualifier to prevent it. If you specify neither, the
default is the current setting of the DCL verify switch.
4.5 – Usage Notes
o The Enable and Disable qualifiers are mutually exclusive.
o The RMU Set Buffer_Object command requires exclusive database
access; that is, the database cannot be open or be accessed by
other users.
o Buffer objects are memory resident and thus reduce the amount
of physical memory available to OpenVMS for other uses. Buffer
object use requires that the user be granted the VMS$BUFFER_
OBJECT_USER rights identifier. The system parameter MAXBOBMEM
needs to be large enough to allow all buffer objects for all
users to be created. For further information regarding Fast
I/O, consult the OpenVMS documentation.
4.6 – Example
The following example demonstrates enabling ROOT buffer objects
and disabling PAGE buffer objects. The RMU /DUMP /HEADER command
is used to validate the change.
$RMU /SET BUFFER_OBJECT /ENABLE=(ROOT) /DISABLE=(PAGE) MF_PERSONNEL
%RMU-I-MODIFIED, Buffer objects state modified
%RMU-W-DOFULLBCK, full database backup should be done to ensure futur
$ RMU/DUMP/HEAD MF_PERSONNEL
.
.
.
- OpenVMS Alpha Buffer Objects are enabled for
Root I/O Buffers
5 – Corrupt Pages
Allows you to set pages, storage areas, and snapshot files
as either corrupt or consistent in the corrupt page table
(CPT). A corrupt page is one that contains meaningless data; an
inconsistent page is one that contains old data (data that is not
at the same transaction level as the database root file). Corrupt
pages are logged to the CPT, which is maintained in the database
root file. When the CPT becomes full (due to a large number of
pages being logged), the area containing the most corrupt pages
is marked as corrupt and the individual corrupt pages for that
area are removed from the corrupt page table. The Oracle RMU Set
Corrupt_Pages operation is an offline operation.
If you reset a page or storage area in the CPT to consistent it
does not remove any true corruption or inconsistencies. However,
if you reset a snapshot file in the CPT to consistent, Oracle
RMU initializes the snapshot file and thus removes any true
corruption or inconsistency.
CAUTION
Use the RMU Set Corrupt_Pages command only after you
fully understand the internal data structure and know the
information the database should contain. Setting a page
in a storage area that is truly corrupt or inconsistent to
consistent does not remove the corruption or inconsistency.
Setting truly corrupt or inconsistent pages in a storage
area to consistent and continuing to access those pages can
result in unrecoverable corruptions to the database.
The RMU Restore and RMU Recover commands should be used
first and should be part of your normal operating procedure.
NOTE
This command replaces two RdbALTER statements: MAKE
CONSISTENT and UNCORRUPT. Both the RdbAlter statements,
MAKE CONSISTENT and UNCORRUPT, are deprecated commands that
may be removed in future versions.
When a storage area is restored from backup files on a by-area
basis, it does not reflect data that has been updated since
the backup operation. The transaction level of the restored
area reflects the transaction level of the backup file, not the
transaction level of the database. Therefore, the transaction
level of the restored area differs from that of the database.
Oracle Rdb marks the area by setting a flag in the storage area
file to inconsistent.
You can perform a recovery by area to upgrade the transaction
level of the restored area to that of the database. (After-
image journaling must be enabled in order to restore by area.)
If you are certain that no updates have been made to the database
since the backup operation, you can use the RMU Set Corrupt_Pages
command to change the setting of the flag from inconsistent to
consistent.
In addition, storage areas are corrupted by attempting an SQL
rollback with one or more storage areas opened in batch-update
transaction mode.
The RMU Set Corrupt_Pages command allows you to access a database
that is in an uncertain condition. Accordingly, the following
message and question are displayed when you enter it to correct a
corrupt or inconsistent storage area or storage area page. (This
message is not displayed if you enter it to correct a corrupt or
inconsistent snapshot file.)
***** WARNING! *****
Marking a storage area or page consistent does not
remove the inconsistencies. Remove any inconsistencies
or corruptions before you proceed with this action.
Do you wish to continue? [N]
5.1 – Description
The RMU Set Corrupt_Pages command allows you to override the
required RMU Recover command after a by-area restore operation.
Although Oracle RMU cannot determine when the recover operation
is superfluous, you might have that knowledge. If you are certain
of this knowledge, you can abridge the requirement for the
recover operation by using the RMU Set Corrupt_Pages command
to set corrupt pages to consistent.
Similarly, sometimes you might know of a problem that Oracle
RMU does not recognize. For example, you might find that a page
contains an index node that causes a bugcheck dump each time it
is accessed. You can use the RMU Set Corrupt_Pages command to
mark this page as corrupt and then follow your usual procedure
for recovering from database corruption.
Note that the RMU Set Corrupt_Pages command with the Consistent
qualifier does not make truly corrupt storage area pages usable.
Corrupt storage area pages detected during normal operation are
logged in the CPT, and likely have an invalid checksum value.
The RMU Set Corrupt_Pages command with the Consistent qualifier
removes the specified pages from the CPT, but the next time a
user tries to touch that storage area page, it is logged in the
CPT again because it is still physically corrupt. To correct a
storage area page that is truly corrupt, you must restore it from
a backup file.
The RMU Set Corrupt_Pages command with the Consistent qualifier
does make truly corrupt or inconsistent pages in a snapshot file
usable. When you use this command and specify a snapshot file
with the areas qualifier, Oracle RMU initializes the specified
snapshot file.
5.2 – Format
(B)0[mRMU/Set Corrupt_Pages root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Area=identity x None
/Consistent x None
/Corrupt x None
/Disk=device x None
/Page=(n,...) x None
5.3 – Parameters
5.3.1 – root-file-spec
The file specification of the database root file for which you
want to set pages or areas to corrupt or consistent.
5.4 – Command Qualifiers
5.4.1 – Area
Area=identity
Specifies a particular storage area file or snapshot file. The
identity for a storage area can be either the area name (for
example, EMPIDS_OVER), or a storage area ID number (for example,
5). The identity for a snapshot file must be the snapshot file
ID number. Use the RMU Dump command with the Header qualifier to
display the ID numbers associated with a storage area file or a
snapshot file.
When you use the Area qualifier with the Page=(n,...) qualifier,
the command specifies the named pages in the named storage area
or snapshot file. When you specify the Area qualifier without the
Page qualifier, the command specifies all pages of the specified
storage area or snapshot file.
The Area qualifier cannot be used with the Disk qualifier.
5.4.2 – Consistent
Consistent
Specifies that the pages, areas, or snapshot files specified with
the Page, Area, or Disk qualifier are to be considered consistent
with the remainder of the database.
If you make a storage area or page in a storage area consistent
while it is marked in the database as not corrupt, but
inconsistent, you receive a warning and are required to confirm
your request to carry out this operation before the operation
will complete.
You cannot use the Consistent qualifier with the Corrupt
qualifier.
5.4.3 – Corrupt
Corrupt
Specifies that the pages, areas, or snapshot files specified with
the Page, Area, or Disk qualifier are to be considered corrupt.
You cannot use the Corrupt qualifier with the Consistent
qualifier.
5.4.4 – Disk
Disk=device
Specifies all the pages, all the storage areas, and all the
snapshot files on the named device be set as you indicate with
the Corrupt or the Consistent qualifier.
You cannot use the Disk qualifier with the Page or the Area
qualifier.
5.4.5 – Page
Page=(n,...)
Specifies the listed page numbers.
You must specify the Area qualifier when you use the Page
qualifier.
You cannot use the Page qualifier with the Disk qualifier.
5.5 – Usage Notes
o You must have the RMU$ALTER, RMU$BACKUP, or RMU$RESTORE
privilege in the root file access control list (ACL) for a
database or the OpenVMS SYSPRV or BYPASS privilege to use the
RMU Set Corrupt_Pages command for the database.
o You can issue the RMU Set Corrupt_Pages command while users
are attached to the database.
o You must specify either the Corrupt or the Consistent
qualifier (but not both) when you use the RMU Set Corrupt_
Pages command.
o When you use the RMU Set Corrupt_Pages command to mark a page
as corrupt or consistent, the database is marked as having
been altered.
5.6 – Examples
Example 1
The following command sets storage area EMPIDS_MID in the mf_
personnel database as corrupt:
$ RMU/SET CORRUPT_PAGES/AREA=EMPIDS_MID/CORRUPT MF_PERSONNEL
%RMU-I-AREAMARKED, Area 4 was marked corrupt.
Example 2
The following command marks EMPIDS_MID as consistent. This is the
area that was marked as corrupt in Example 1. However, in this
case, instead of using the storage area name in the Oracle RMU
command, the storage area identifier is used.
$ RMU/SET CORRUPT_PAGES/AREA=4/CONSISTENT MF_PERSONNEL
***** WARNING! *****
Marking a storage area or page consistent does not
remove the inconsistencies. Remove any inconsistencies
or corruptions before you proceed with this action.
Do you wish to continue? [N] Y
%RMU-I-AREAMARKED, Area 4 was marked consistent .
Example 3
The following command marks page 1 in area 3 in the mf_personnel
database as corrupt. Using the RMU Show Corrupt_Pages command
confirms that the page has been marked as expected.
$ RMU/SET CORRUPT_PAGES/AREA=3/PAGE=1/CORRUPT MF_PERSONNEL
%RMU-I-PAGEMARKED, Page 1 in area 3 was marked corrupt.
$ RMU/SHOW CORRUPT_PAGES MF_PERSONNEL.RDB
*--------------------------------------------------------------------
* Oracle Rdb V7.0-00 3-JUL-1996 17:01:20.62
*
* Dump of Corrupt Page Table
* Database: USER1:[DB]MF_PERSONNEL.RDB;1
*
*--------------------------------------------------------------------
Entries for storage area EMPIDS_LOW
-----------------------------------
Page 1
- AIJ recovery sequence number is -1
- Live area ID number is 3
- Consistency transaction sequence number is 0:0
- State of page is: corrupt
*--------------------------------------------------------------------
* Oracle Rdb V7.0-00 3-JUL-1996 17:01:20.82
*
* Dump of Storage Area State Information
* Database: USER1:[DB]MF_PERSONNEL.RDB;1
*
*--------------------------------------------------------------------
All storage areas are consistent.
Example 4
The following example sets page 4 of the snapshot file for
EMPIDS_OVER to consistent. Because Oracle RMU initializes
snapshot files specified with the Set Corrupt_Pages command,
the snapshot file is removed from the corrupt page table and is
now usable.
$ RMU/SET CORRUPT_PAGES MF_PERSONNEL.RDB/AREA=14/PAGE=3/CONSISTENT
%RMU-I-PAGEMARKED, Page 3 in area 14 was marked consistent.
6 – Database
Allows you to alter the database-allowed transaction modes
without marking the database as modified.
6.1 – Description
The RMU /SET command "DATABASE /TRANSACTION_MODE=(...)" allows
altering of the database-allowed transaction modes without
marking the database as modified. This command is intended to be
used to set the transaction modes allowed on a standby database.
This command requires exclusive database access (the database
cannot be open or be accessed by other users).
Because only read-only transactions are allowed on a standby
database, you may wish to use the TRANSACTION_MODE=READ_ONLY
qualifier setting on a standby database. This setting prevents
modifications to the standby database at all times, even when
replication operations are not active.
The RMU /SET DATABASE command requires a database specification.
Valid keywords for the RMU /SET DATABASE /TRANSACTION_MODE=(...)
qualifier are:
o ALL - Enables all transaction modes
o CURRENT - Enables all transaction modes that are set in the
database
o NONE - Disables all transaction modes
o [NO]BATCH_UPDATE
o [NO]READ_ONLY
o [NO]EXCLUSIVE
o [NO]EXCLUSIVE_READ
o [NO]EXCLUSIVE_WRITE
o [NO]PROTECTED
o [NO]PROTECTED_READ
o [NO]PROTECTED_WRITE
o [NO]READ_WRITE
o [NO]SHARED
o [NO]SHARED_READ
o [NO]SHARED_WRITE
If you specify more than one transaction mode in the mode-list,
enclose the list in parenthesis and separate the transaction
modes from one another with a comma. Note the following:
o When you specify a negated transaction mode, it indicates
that a mode is not an allowable access mode. For example, if
you specify the Noexclusive_Write access mode, it indicates
that exclusive write is not an allowable access mode for the
restored database.
o If you specify the Shared, Exclusive, or Protected transaction
mode, Oracle RMU assumes you are referring to both reading and
writing in that transaction mode.
o No mode is enabled unless you add that mode to the list or you
use the All option to enable all transaction modes.
o You can list one transaction mode that enables or disables a
particular mode followed by another that does the opposite.
For example, /TRANSACTION_MODE=(NOSHARED_WRITE, SHARED) is
ambiguous because the first value disables Shared_Write access
and the second value enables Shared_Write access. Oracle
RMU resolves the ambiguity by first enabling the modes as
specified in the modes-list and then disabling the modes as
specified in the modes-list. The order of items in the list is
irrelevant. In the example presented previously, Shared_Read
is enabled and Shared_Write is disabled.
6.2 – Format