Oracle virtual private database licensing

Select Enable File Synchronization. From the database home page, click on Schema , Change Management. All features, unctions, links, buttons, and drill-downs on this menu are licensed as part of Oracle Database Lifecycle Management Pack for Oracle Database. From the Enterprise Manager home page, click the Enterprise menu and Compliance. All reports in each of these sections are licensed as part of this pack. The following compliance views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:.

The following provisioning and patching views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:. The following patching views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:. The following configuration views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:.

The following Oracle home patching views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:. The following security views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:. The following client configuration views within the repository schema are licensed under Oracle Database Lifecycle Management Pack for Oracle Database:. Supporting functionality to perform per stream bottleneck detection and per component top wait event analysis.

In order to use the features listed above, you must purchase licenses for Oracle Diagnostics Pack. This parameter can be set to one of three values:. To determine which links in Enterprise Manager are part of Oracle Diagnostics Pack, click the Setup link on the top right-hand part of the Enterprise Manager Home page.

When you click the Setup link, the navigation bar contains the Management Pack Access link. Click this link. This will take you to the Management Pack Access page, which allows you to grant and remove access from all the management packs.

This procedure disables all the links and tabs associated with Oracle Diagnostics Pack in Enterprise Manager. All the disabled links and tabs are part of Oracle Diagnostics Pack and therefore require a pack license.

Oracle Diagnostics Pack features can also be accessed by way of database server APIs and command-line interfaces:. They can be used without the Oracle Diagnostics Pack license.

This procedure disables all the links and tabs associated with Oracle Tuning Pack in Enterprise Manager. All the disabled links and tabs are part of Oracle Tuning Pack and therefore require a pack license. Oracle Tuning Pack features can also be accessed by way of database server APIs and command-line interfaces:. This script lists, in two distinct sections:.

If you are not a My Oracle Support registered user, then click Register and follow the registration instructions. You can manually run the script on an individual database or use Oracle Enterprise Manager Job System to automatically run the script on multiple databases. The information obtained from this script will provide you an overview of the licensable Oracle Database options and Oracle management packs that were identified as used by your organization.

This is to be used for informational purposes only and this does not represent your license entitlement or requirement. The far sync instance can be installed and used on a server different from the server where the Oracle Database is installed and used.

It is not necessary to obtain a separate license for the server running the far sync instance. The GSM listener can be installed and used on a server different from the server where the Oracle Database is installed and used.

It is not necessary to obtain a separate license for the server running the GSM listener. It may not be used or deployed for other uses.

Enterprise Edition must be used for the infrastructure repository database s. Oracle will provide support services for Oracle ACFS only if the server it operates on also operates an Oracle product, which may include Oracle Linux or Oracle Solaris, which is under an Oracle support contract. Oracle Clusterware provides cluster membership and high availability monitoring and failover. Oracle Clusterware may be used to protect any application restarting or failing over the application in the event of a failure on any server, free of charge.

Oracle will provide support for Clusterware only if the server is running an Oracle product that is under a valid Oracle support contract. Oracle Connection Manager can be installed and used on a machine different from the machine where the Oracle Database is installed and used. It is not necessary to obtain a separate license for the machine running Oracle Connection Manager. You can install the broker command line interface DGMGRL and run the observer software on computer systems that are separate from the Oracle Data Guard primary and standby systems.

It is not necessary to obtain a separate license for a system hosting the observer. Oracle Database Backup Cloud Service includes use of the following two features from the Oracle Advanced Security option or the Oracle Advanced Compression option at no additional cost:.

To use additional features of the Oracle Advanced Security option or the Oracle Advanced Compression option, you must license those options separately. If you want to create Oracle Label Security policies, then you must purchase a full-use license for Oracle Label Security.

The following licensing information applies when using Oracle Real Application Clusters in a clustered server environment with Oracle Database Standard Edition Raw volumes, partitions, or third-party cluster file systems are not supported for storing Oracle database files with Oracle Database Standard Edition 2 and Oracle RAC. Refer to Oracle Automatic Storage Management Administrator's Guide for a comprehensive list of all database file types.

No Oracle-maintained copies of any non-database files can exist in any other locations, with the following exceptions:. No other cluster software can be installed on the system, including OCFS, OCFS2, third-party clusterware, third-party cluster volume managers, and third-party cluster file systems. The functionality available on Oracle9 i Database Release 2 is as follows:. Database Replay : Only the Workload Capture feature is supported, and the captured workload may only be replayed only on Oracle Database 11 g.

This feature can be used only to facilitate upgrades from Oracle 9 i Database Release 2 to Oracle Database 11 g or higher. The functionality available on Oracle Database 10 g Release 2 is as follows:.

Database Replay : Only the Workload Capture feature is supported, and the captured workload may be replayed only on Oracle Database 11 g. This feature can be used only to facilitate upgrades from Oracle Database 10 g Release 2 to Oracle Database 11 g. These features can be used only to facilitate upgrades from Oracle9 i Database Release 2 and Oracle Database 10 g Release 1 to Oracle Database 10 g Release 2 or higher.

Support for Oracle Secure Backup Express is provided exclusively through a free Oracle Discussion Forum monitored by Oracle employees as well as community experts. Oracle Secure Backup Express can back up an Oracle database as well as Oracle home files and other file system data requiring tape protection.

The Oracle database secure external password store feature stores passwords in an Oracle Wallet for password-based authentication to the Oracle database. The shard directors can be installed and used on a server different from the server where the Oracle Database is installed and used. It is not necessary to obtain a separate license for the server running the shard directors.

These data changes can be shared between Oracle databases and other systems, such as filesystems and non-Oracle databases. XStream is licensed via the Oracle GoldenGate product. Please contact your Oracle sales representative for additional information. Restricted use licenses for Oracle Advanced Compression and Oracle Advanced Security are granted when performing either of the following migrations:. These restricted use licenses are in effect only while the migration is being performed and apply solely for the purposes of the migration operation.

Oracle Advanced Security includes a restricted use license for the following Oracle Enterprise Manager features:. If you want to use the Oracle Enterprise Manager features listed above not solely for the purposes of Oracle Advanced Security, then you must purchase a full-use license for Oracle Data Masking and Subsetting Pack.

These options may be used only to support Oracle Applications Unlimited and may not be used or deployed for any other purpose. Oracle Database Mobile Server is a powerful tool for controlling networks of mobile or embedded devices from a centralized management console. It provides a secure, scalable method for connecting applications running locally on mobile or embedded devices to an Oracle enterprise backend. The synchronization system is robust and fault tolerant.

It is able to successfully synchronize over unreliable or intermittently available networks. Oracle Database Mobile Server provides management for applications, users, and devices.

On the client device side, it is designed to work with Oracle Berkeley DB as a data store, providing efficient, reliable, and secure data management running locally on mobile and embedded devices. It is also compatible with SQLite, a widely used open source data store.

If you want to use the Oracle Enterprise Manager features listed above not solely for the purposes of Oracle Label Security, then you must purchase a full-use license for Oracle Data Masking and Subsetting Pack. Oracle Programmer provides application programmers with a programmatic interface to any edition of Oracle Database.

However, in order to user Oracle Programmer, you must purchase a separate Oracle Programmer license. ORA may not be used or deployed for use with other Radius services. Oracle Secure Backup Express is a centralized tape backup management solution that provides data protection for single-server Oracle Database environments.

Oracle Secure Backup Express is limited to a single host with one direct-attached tape drive and has some restrictions on advanced feature usage.

Restricted use of Oracle Partitioning is allowed on all offerings, free of charge, for the sole purpose of supporting the RMAN recovery catalog. Previous Next JavaScript must be enabled to correctly display this content.

Oracle Database Enterprise Edition On-Premises EE Oracle Database Enterprise Edition provides performance, availability, scalability, and security for developing applications such as high-volume online transaction processing OLTP applications, query-intensive data warehouses, and demanding Internet applications.

Note: In addition to the Oracle Database offerings listed in the preceding table, this guide describes licensing policies for Authorized Cloud Environments. Unused SQL plan baselines are not auto-purged. The Automatic In-Memory feature is disabled.

Database Migration Workbench Database Migration Workbench, introduced in Oracle Enterprise Manager Cloud Control 13c Release 4, is a single workbench that integrates all needs for migration sizing and performance comparison. Support shared server, shared cluster, and shared database Schema-as-a-Service deployment models Virtual assembly provisioning. Snap Clone, a fast, storage efficient way of cloning Oracle databases Full clones using RMAN backups Role based access and resource control through quotas and retirement policies Schedule- and performance-based resource management policies Metering and chargeback based on fixed cost, utilization metrics and configuration parameters of the database Programmatic access to the Self-Service Portal Blueprint driven orchestration of cloud operations Prerequisites: Oracle Cloud Management Pack for Oracle Database requires Oracle Database Lifecycle Management Pack for Oracle Database.

Select: Cloud. Select Infrastructure Cloud. Licensed Links: The Licensed Links, features, and functions listed in the following sections apply only to the Oracle Database target and the associated host an Oracle Database is deployed on. Licensed Links — File Synchronization Use of the following Oracle Enterprise Manager pages and links requires a license for Oracle Database Lifecycle Management Pack for Oracle Database: When viewing comparison results differences as described in the Configuration Compare feature, select the configuration specification in the tree on the left.

Search for Document ID Note: The information obtained from this script will provide you an overview of the licensable Oracle Database options and Oracle management packs that were identified as used by your organization.

Oracle Clusterware Oracle Clusterware provides cluster membership and high availability monitoring and failover. Oracle Connection Manager Oracle Connection Manager can be installed and used on a machine different from the machine where the Oracle Database is installed and used. The functionality available on Oracle9 i Database Release 2 is as follows: Database Replay : Only the Workload Capture feature is supported, and the captured workload may only be replayed only on Oracle Database 11g.

The functionality available on Oracle Database 10g Release 2 is as follows: Database Replay : Only the Workload Capture feature is supported, and the captured workload may be replayed only on Oracle Database 11g. Shard Director The shard directors can be installed and used on a server different from the server where the Oracle Database is installed and used.

Oracle Database Mobile Server Oracle Database Mobile Server is a powerful tool for controlling networks of mobile or embedded devices from a centralized management console. Oracle Programmer Oracle Programmer provides application programmers with a programmatic interface to any edition of Oracle Database. Oracle Secure Backup Express Oracle Secure Backup Express is a centralized tape backup management solution that provides data protection for single-server Oracle Database environments.

Oracle Database Standard Edition 2. Oracle Database Enterprise Edition. Oracle Database Personal Edition. Includes Oracle Database Standard Edition 2 software. Includes Oracle Database Enterprise Edition software. CDB Fleet Management. PDB Snapshot Carousel. Refreshable PDB switchover. Requires Oracle Programmer. Oracle Developer Tools for Visual Studio.

Windows only. NET Stored Procedures. Application Continuity. Oracle Sharding. Standard Edition High Availability. Oracle Data Guard—Snapshot Standby. Online table organization.

Online table redefinition. Duplexed backup sets. Unused block compression in backups. Lost Write Protection. Flashback Table. Flashback Database. Flashback Transaction. Flashback Transaction Query. Online Datafile Move. Transaction Guard. Cross-platform Backup and Recovery. Global Data Services. Database Gateways. Messaging Gateway. Database Resource Manager.

Instance Caging. SQL Plan Management. Y See Notes. RDMA fabric. Network Compression. Automatic Indexing. SQL Quarantine. Real-Time Statistics. Query Results Cache. Adaptive Execution Plans. Requires Exadata or Supercluster. Automatic In-Memory. In-Memory Aggregation. Not available in Authorized Cloud Environments. Memoptimized Rowstore. Attribute Clustering. Zone Maps. Quality of Service Management. Enterprise User Security. Fine-grained Auditing.

Privilege Analysis. Transparent Sensitive Data Protection. Virtual Private Database. For example, in applications where database users or enterprise users are known to the database, the user needs the EXECUTE privilege on the package that sets the driving context. The setctx procedure which sets the correct policy group within the driving context does not perform any validation to determine which application is actually connecting.

Because the setctx does no further validation of the application, this user bypasses the more restrictive HR security policy. By contrast, if you implement proxy authentication with Oracle Virtual Private Database, then you can determine the identity of the middle tier and the application that is connecting to the database on behalf of a user. The correct policy will be applied for each application to mediate data access. If so, then it can set the driving context to use the HR policy group. The query is internally rewritten as follows:.

You can use context sensitive policies to share a policy with multiple objects. Specifying a policy type for your policies can optimize performance each the Oracle Virtual Private Database policy runs. Consider setting a policy type for your policies, because the execution of policy functions can use a significant amount of system resources.

Minimizing the number of times that a policy function can run optimizes database performance. These enable you to precisely specify how often a policy predicate should change. This policy type does not optimize database performance as the static and context sensitive policy types do. However, Oracle recommends that before you set policies as either static or context-sensitive, you should first test them as DYNAMIC policy types, which run every time.

Testing policy functions as DYNAMIC policies first enables you to observe how the policy function affects each query, because nothing is cached. This ensures that the functions work properly before you enable them as static or context-sensitive policy types to optimize performance. Auditing Functions, Procedures, Packages, and Triggers for information about how Oracle Database audits the underlying policy function for dynamic policies.

Oracle Database stores static policy predicates in SGA, so policy functions do not rerun for each query. This results in faster performance. When using shared static policies, ensure that the policy predicate does not contain attributes that are specific to a particular database object, such as a column name. Auditing Functions, Procedures, Packages, and Triggers for information about how Oracle Database audits the underlying policy function for static policies.

Static policies are ideal when every query requires the same predicate and fast performance is essential, such as hosting environments. For these situations when the policy function appends the same predicate to every query, rerunning the policy function each time adds unnecessary overhead to the system. For example, consider a data warehouse that contains market research data for customer organizations that are competitors.

The warehouse must enforce the policy that each organization can see only their own market research, which is expressed by the following predicate:. You do not need to rerun the function, so the predicate can be cached in the SGA, thus conserving system resources and improving performance. Context-sensitive policies are useful when different predicates must be applied depending on which executes the query.

A context-sensitive policy will enable you to present only the information that the managers must see when the managers log in, and only the information that the employees must see when they log in.

The policy uses application contexts to determine which predicate to use. In contrast to static policies, context-sensitive policies do not always cache the predicate. With context-sensitive policies, the database assumes that the predicate will change after statement parse time. But if there is no change in the local application context, then Oracle Database does not rerun the policy function within the user session.

If there is a change in any attribute of any application context during the user session, then by default the database re-executes the policy function to ensure that it captures all changes to the predicate since the initial parsing. This results in unnecessary re-executions of the policy function if none of the associated attributes have changed.

You can restrict the evaluation to a specific application context by including both the namespace and attribute parameters. If you plan to use the namespace and attribute parameters in your policy, then follow these guidelines:. Ensure that you specify both namespace and attribute parameters, not just one.

You cannot use the namespace and attribute parameters in static or dynamic policies. If there are no attributes associated with the Virtual Private Database policy function, then Oracle Database evaluates the context-sensitive function for any application context changes.

Shared context-sensitive policies operate in the same way as regular context-sensitive policies, except they can be shared across multiple database objects. For this policy type, all objects can share the policy function from the UGA, where the predicate is cached until the local session context changes. When using shared context-sensitive policies, ensure that the policy predicate does not contain attributes that are specific to a particular database object, such as a column name.

Use context-sensitive policies when a predicate does not need to change for a user session, but the policy must enforce multiple predicates for different users or groups. This policy states that analysts can see only their own products and regional employees can see only their own region. In this case, the database must rerun the policy function each time the type of user changes.

The performance gain is realized when a user can log in and issue several DML statements against the protected object without causing the server to rerun the policy function. For session pooling where multiple clients share a database session, the middle tier must reset the context during client switches.

Oracle Virtual Private Database provides five policy types, based on user needs such as hosting environments. Table summarizes the types of policy types available.

Applications where policy predicates must be generated for each query, such as time-dependent policies where users are denied access to database objects at certain times during the day. Once, then the predicate is cached in the SGA Foot 1. Hosting environments, such as data warehouses where the same predicate must be applied to multiple database objects. At statement execution time when the local application context changed since the last use of the cursor. Three-tier, session pooling applications where policies enforce two or more predicates for different users or groups.

Predicates are cached in the private session memory UGA so policy functions can be shared among objects. The tutorials in this section show how to create a simple Oracle Virtual Private VPD policies, a policy that has a database session-based application context, and a policy group. About This Tutorial. Step 2: Create a Policy Function. Step 4: Test the Policy. Step 5: Remove the Components of This Tutorial.

The status should be OPEN. Follow the guidelines in Minimum Requirements for Passwords to replace password with a password that is secure. For greater security, do not reuse the same password that was used in previous releases of Oracle Database.

First, define the parameter for the schema, and then define the parameter for the object, in this case, a table. Always create them in this order. But typically, it should be created in the schema of a security administrator. The policy is in effect for user OE : As you can see, only 7 of the rows in the orders table are returned. This tutorial demonstrates how to create an Oracle Virtual Private Database policy that uses a database session-based application context.

Step 5: Test the Logon Trigger. Step 7: Create the New Security Policy. Step 8: Test the New Policy. Step 9: Remove the Components of This Tutorial. This tutorial shows how to use a database session-based application context to implement a policy in which customers see only their own orders. When a user logs on, a database session-based application context checks whether the user is a customer. If a user is not a customer, the user still can log on, but this user cannot access the orders entry table you will create for this example.

If the user is a customer, he or she can log on. After the customer has logged on, an Oracle Virtual Private Database policy restricts this user to see only his or her orders.

As a further restriction, the Oracle Virtual Private Database policy prevents users from adding, modifying, or removing orders. The following SQL statements create this user and then grant the user the necessary privileges for completing this tutorial. Replace password with a password that is secure. When you enter the user email IDs, enter them in upper-case letters. Otherwise, you will be unable to set the application context for the user.

If the user is a registered customer, then Oracle Database sets an application context value for this user.

This function creates and returns a WHERE predicate that translates to "where the orders displayed belong to the user who has logged in. The namespace and attribute parameters specify the application context that you created earlier.

User tbrooke can log on because he has passed the requirements you defined in the application context. User tbrooke has passed the second test. He can access his own orders in the scott.

As with user tbrooke , user owoods can log on and see a listing of his own orders. You can create several predicates based on the position of a user. For example, a sales representative would be able to see records only for his customers, and an order entry clerk would be able to see any customer order. The use of an application context in a fine-grained access control package effectively gives you a bind variable in a parsed statement.

This means that you get the benefit of an optimized statement that executes differently for each user who issues the statement. You can set context attributes based on data from a database table or tables, or from a directory server using Lightweight Directory Access Protocol LDAP.

Compare this tutorial, which uses an application context within the dynamically generated predicate, with About Oracle Virtual Private Database Policies , which uses a subquery in the predicate.

Step 2: Create the Two Policy Groups. Step 4: Create the Driving Application Context. Step 6: Test the Policy Groups. Step 7: Remove the Components of This Tutorial. Oracle Virtual Private Database Policy Groups describes how you can group a set of policies for use in an application. When a nondatabase user logs onto the application, Oracle Database grants the user access based on the policies defined within the appropriate policy group.

For column-level access control, every column or set of hidden columns is controlled by one policy. In this tutorial, you must hide two sets of columns. So, you must create two policies, one for each set of columns that you want to hide. Note: Oracle does not recognize hard partitioning with Solaris Containers prior to Solaris 10; and even then there are many stipulations.

See Oracle Solaris Zones and hard partitioning for details. Other non-Solaris hard partitioning methods such as Dynamic System Domains DSD , plus many other lesser known hard partitioning techniques. For Solaris shops, only the Solaris Containers approach is considered hard partitioning:. Here is the official Oracle document on hard virtualization partitioning:. Using this approach, if you have an 32 core physical server and create a hard partitioned Virtual Machine VM with 16 virtual CPUs running the Oracle database, you will still need to buy database licenses for 32 cores.

If you are consolidating database workloads on to a server this is not a problem, but if you were planning to run mixed workloads, like 16 cores for one database and 16 cores for application server, you will be required to buy double the license. For shops that run all of their VM's solely for Oracle, there is no license benefit to virtualization. Oracle does not recognize software virtualization with soft partitioning as a means of reducing licensing costs.

Hence, consolidating mixed workloads on VMware products, which Oracle does not recognize as a "hard" partitioning of CPU resources , is not practical from an Oracle licensing savings perspective.

Remember, VMware is counted as soft partitioning method and therefore any dedication or restriction of the Oracle programs using it is considered as soft partitioning and hence you will still need to license the whole environment. Not all migrations into Oracle virtualization go smoothly.