19c New Features Guide
19c New Features Guide
19c New Features Guide
19c
E96230-03
February 2019
Oracle Database Database New Features Guide, 19c
E96230-03
Copyright © 2015, 2019, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are
"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-
specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the
programs, including any operating system, integrated software, any programs installed on the hardware,
and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications.
It is not developed or intended for use in any inherently dangerous applications, including applications that
may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you
shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its
safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this
software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron,
the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise
set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be
responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,
products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface
Audience vii
Documentation Accessibility vii
Related Documents vii
Conventions vii
iii
General 1-8
Simplified Database Parameter Management in a Broker Configuration 1-8
Dynamically change Fast-Start Failover (FSFO) target 1-8
Observe only mode for Broker's Fast_Start Failover (FSFO) 1-9
Flashback Standby database when Primary database is flashed back 1-9
Propagate Restore Points from Primary to Standby site 1-9
Oracle Data Guard Multi-Instance Redo Apply works with the In-Memory
Column Store 1-10
Active Data Guard DML Redirection 1-10
PDB Recovery catalog 1-10
Clear Flashback logs periodically for increased FRA size predictability 1-10
New Parameters for tuning automatic outage resolution with Data Guard 1-11
Finer granularity Supplemental Logging 1-11
Sharding 1-11
Propagation of Parameter Settings Across Shards 1-12
Support for Multiple PDB Shards in the Same CDB 1-12
Multiple Table Family Support for System-Managed Sharding 1-12
Support for Multi-Shard Query Coordinators on Shard Catalog Standby
Databases 1-12
Generation of Unique Sequence Numbers Across Shards 1-13
Big Data and Data Warehousing 1-13
General 1-13
SQL Diagnostics and Repair Enhancements 1-13
Automatic Indexing 1-14
Bitmap based count distinct SQL Function 1-14
Big Data and Performance Enhancements for In-Memory External Tables 1-14
Automatic Resolution of SQL Plan Regressions 1-15
Real-Time Statistics 1-15
High-Frequency Automatic Optimizer Statistics Collection 1-15
Hybrid Partitioned Tables 1-15
Database Overall 1-16
Automated install, config, and patch 1-16
Ability to Create a Duplicate of an Oracle Database Using DBCA in Silent
Mode 1-16
Ability to Create a PDB by Cloning a Remote PDB Using DBCA in Silent
Mode 1-16
Ability to Relocate a PDB to Another CDB Using DBCA in Silent Mode 1-16
Simplified Image Based Oracle Database Client Installation 1-17
Root Scripts Automation Support for Oracle Database Installation 1-17
Support for Dry-Run Validation of Oracle Clusterware Upgrade 1-17
Automated upgrade, migration and utilities 1-17
Oracle Data Pump Ability to Exclude ENCRYPTION Clause on Import 1-18
iv
Oracle Data Pump Allows Tablespaces to Stay Read-Only During TTS
Import 1-18
O)racle Data Pump Test Mode for Transportable Tablespaces 1-18
Oracle Data Pump Support for Resource Usage Limitations 1-18
General 1-19
Data Pump command-line parameter ENABLE_SECURE_ROLES 1-19
Data Pump Import supports wildcard dump file names for URL-based dump
files maintained in object stores 1-19
Data Pump command-line parameter CREDENTIAL allows Import from
object stores 1-19
Diagnosability 1-20
General 1-20
Oracle Trace File Analyzer REST API Support 1-20
Oracle Trace File Analyzer Search Extended to Support Metadata Searches
1-20
Oracle Trace File Analyzer Supports New Service Request Data Collections 1-21
Oracle ORAchk and Oracle EXAchk Support for Encrypting Collection Files 1-21
Oracle ORAchk and Oracle EXAchk REST Support 1-21
Oracle Cluster Health Advisor Integration into Oracle Trace File Analyzer 1-21
Oracle ORAchk and Oracle EXAchk Support for Remote Node Connections
without Requiring Passwordless SSH 1-22
Oracle ORAchk and Oracle EXAchk Now Show Only the Most Critical
Checks by Default 1-22
Oracle Trace File Analyzer Support for Using an External SMTP Server for
Notifications 1-22
Performance 1-23
General 1-23
SQL Quarantine 1-23
Resource Manager Automatically Enabled for Database In-Memory 1-23
Database In-Memory Wait on Populate 1-24
Memoptimized Rowstore - Fast Ingest 1-24
Automatic Database Diagnostic Monitor (ADDM) Support for Pluggable
Databases (PDBs) 1-24
Real-Time SQL Monitoring for Developers 1-24
Workload Capture and Replay in a PDB 1-25
RAC and Grid 1-25
General 1-25
Parity Protected Files 1-25
Automated PDB Relocation 1-25
Automated Transaction Draining for Oracle Grid Infrastructure Upgrades 1-26
Oracle Restart Patching and Upgrading 1-26
Zero-Downtime Oracle Grid Infrastructure Patching 1-26
Security 1-27
v
General 1-27
New ALTER SYSTEM Clause FLUSH
PASSWORDFILE_METADATA_CACHE 1-27
Transparent Online Conversion Support for Auto-Renaming in Non-Oracle-
Managed Files Mode 1-28
Key Management of Encrypted Oracle-Managed Tablespaces in
Transparent Data Encryption 1-28
Support for Additional Algorithms for Offline Tablespace Encryption 1-28
Support for Host Name-Based Partial DN Matching for Host Certificates 1-29
Privilege Analysis Now Available in Oracle Database Enterprise Edition 1-29
Support for Oracle Native Encryption and SSL Authentication for Different
Users Concurrently 1-29
Ability to Grant or Revoke Administrative Privileges to and from Schema-
Only Accounts 1-30
Automatic Support for Both SASL and Non-SASL Active Directory
Connections 1-30
Unified Auditing Top-Level Statements 1-30
Passwords Removed from Oracle Database Accounts 1-30
Signature-Based Security for LOB Locators 1-31
New EVENT_TIMESTAMP_UTC Column in the UNIFIED_AUDIT_TRAIL
View 1-31
New PDB_GUID Audit Record Field for SYSLOG and the Windows Event
Viewer 1-31
Database Vault Operations Control for Infrastructure Database
Administrators 1-32
Database Vault Command Rule Support for Unified Audit Policies 1-32
vi
Preface
This document describes new features implemented in Oracle Database 18c.
• Audience
• Documentation Accessibility
• Related Documents
• Conventions
Audience
Oracle Database New Features Guide is addressed to people familiar with previous
releases of Oracle Database who would like to become familiar with features, options,
and enhancements that are new in this release of the database.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at http://www.oracle.com/pls/topic/lookup?
ctx=acc&id=docacc.
Related Documents
For more information, see the following documents in the Oracle Database 18c
documentation set:
• Oracle Database Error Messages
• Oracle Database Administrator’s Guide
• Oracle Database Concepts
• Oracle Database Reference
Conventions
The following text conventions are used in this document:
vii
Preface
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
viii
1
Oracle Database Release 19c New
Features
This chapter contains descriptions of all of the features that are new to Oracle
Database Release 19c.
• Application Development
• Availability
• Big Data and Data Warehousing
• Database Overall
• Diagnosability
• Performance
• RAC and Grid
• Security
Application Development
• Application Express
• General
• Java
• JSON
• SQL
Application Express
• Social Sign-In Authentication
• REST Enabled SQL Support
• Improved Create Application Wizard
• Improved Create Page Wizard
• Web Source Modules
• New REST Workshop
1-1
Chapter 1
Application Development
• Your application is internet facing and you expect an unknown number of users
from social networks to use your application.
• Your company has standardized on one of these providers, Oracle Identity Cloud
Service, an internal OpenIDConnect or OAuth2 system for authentication.
User credential verification is performed by these systems. Be aware that anyone who
is registered at this provider can use your application, unless you use authorization
schemes for protection.
Related Topics
• Oracle® Application Express App Builder User's Guide
1-2
Chapter 1
Application Development
The primary benefits of utilizing this new wizard are the ability to quickly create new
Oracle Application Express applications with zero coding, and more advanced pages.
Another key benefit is the ability to refine a previous wizard definition. Developers can
go back into the Create Application Wizard, retrieve the definition from a previous
wizard (blueprint), update the definitions and regenerate another application.
Related Topics
• Oracle® Application Express App Builder User's Guide
1-3
Chapter 1
Application Development
components. Defining such services was manual, time consuming, and error prone.
The new Web Source Modules are highly declarative as they use discovery to
understand and define the incoming structure of the web service.
Related Topics
• Oracle® Application Express App Builder User's Guide
General
• Application Continuity for Java: New States Management
• Application Continuity for Java: Declarative Request Demarcation
• Oracle Network Log File Segmentation
• SQL*Net: Auto-Detection of Support for Out-of-Band Breaks
1-4
Chapter 1
Application Development
This feature ensures Zero Downtime for Java applications and third-party connection
pools without the need to make code changes.
Related Topics
• Oracle® Database JDBC Developer's Guide
Java
• Java Library for Reactive Streams Ingestion
1-5
Chapter 1
Application Development
JSON
• Materialized View Support for Queries containing JSON_TABLE
• SQL/JSON Syntax Simplifications
• New SQL/JSON Function JSON_SERIALIZE and JSON Data Guide Support for
GeoJSON Data
• JSON Update Operations
• JSON-Object Mapping
This feature is particularly useful when the JSON documents in a table contain arrays.
This type of materialized view provides fast performance for accessing data within
those JSON arrays.
Related Topics
• Oracle® Database JSON Developer's Guide
Related Topics
• Oracle® Database JSON Developer's Guide
1-6
Chapter 1
Availability
Related Topics
• Oracle® Database JSON Developer's Guide
JSON-Object Mapping
This feature enables the mapping of JSON data to and from SQL object types and
collection types.
This feature makes it easier for programs that use SQL objects and collections to
interact with JSON-based applications.
Related Topics
• Oracle® Database JSON Developer's Guide
SQL
• DISTINCT option for LISTAGG aggregate
The LISTAGG aggregate function orders the rows for each group in a query according
to the ORDER BY expression and then concatenates the values into a single string.
With the new DISTINCT keyword, duplicate values can be removed from the specified
expression before concatenation into a single string. This removes the need to create
complex query processing to find the distinct values before using the aggregate
LISTAGG function. With the DISTINCT option, the processing to remove duplicate
values can be done directly within the LISTAGG function.
Availability
• General
• Sharding
1-7
Chapter 1
Availability
General
• Simplified Database Parameter Management in a Broker Configuration
• Dynamically change Fast-Start Failover (FSFO) target
• Observe only mode for Broker's Fast_Start Failover (FSFO)
• Flashback Standby database when Primary database is flashed back
• Propagate Restore Points from Primary to Standby site
• Oracle Data Guard Multi-Instance Redo Apply works with the In-Memory Column
Store
• Active Data Guard DML Redirection
• PDB Recovery catalog
• Clear Flashback logs periodically for increased FRA size predictability
• New Parameters for tuning automatic outage resolution with Data Guard
• Finer granularity Supplemental Logging
1-8
Chapter 1
Availability
1-9
Chapter 1
Availability
Oracle Data Guard Multi-Instance Redo Apply works with the In-Memory
Column Store
The Oracle Database In-Memory Column Store and Data Guard Multi-Instance Redo
Apply can now be enabled at the same time on an Active Data Guard standby.
Previously the two features were mutually exclusive.
You can now use the fastest redo apply technology (Multi-instance Redo Apply) and
the fastest analytical query technology (In-Memory Column Store) on the same Oracle
Active Data Guard standby to gain the best of both features. Multi-Instance Redo
Apply uses information in the In-Memory Column Store on the Active Data Guard
standby to increase apply speed where possible.
Related Topics
• Oracle® Data Guard Concepts and Administration
1-10
Chapter 1
Availability
New Parameters for tuning automatic outage resolution with Data Guard
Oracle Data Guard has several processes on the Primary and Standby databases that
handle redo transport and archiving which communicate with each other over the
network. In certain failure situations, network hangs, disconnects, and disk I/O issues,
these processes can hang potentially causing delays in redo transport and gap
resolution. Data Guard has an internal mechanism to detect these hung processes
and terminate them allowing the normal outage resolution to occur. In Oracle
Database 19c, the DBA can tune the amount of wait time for this detection period by
using two new parameters, DATA_GUARD_MAX_IO_TIME and
DATA_GUARD_MAX_LONGIO_TIME. These parameters allow the waits times to be
tuned for a specific Data Guard configuration based on the user network and Disk I/O
behavior.
Users can now tune Oracle Data Guard automatic outage resolution to fit their specific
needs.
Related Topics
• Oracle® Database Reference
Sharding
• Propagation of Parameter Settings Across Shards
• Support for Multiple PDB Shards in the Same CDB
• Multiple Table Family Support for System-Managed Sharding
• Support for Multi-Shard Query Coordinators on Shard Catalog Standby Databases
• Generation of Unique Sequence Numbers Across Shards
1-11
Chapter 1
Availability
1-12
Chapter 1
Big Data and Data Warehousing
Related Topics
• Oracle® Database Using Oracle Sharding
General
• SQL Diagnostics and Repair Enhancements
• Automatic Indexing
• Bitmap based count distinct SQL Function
• Big Data and Performance Enhancements for In-Memory External Tables
• Automatic Resolution of SQL Plan Regressions
• Real-Time Statistics
• High-Frequency Automatic Optimizer Statistics Collection
• Hybrid Partitioned Tables
1-13
Chapter 1
Big Data and Data Warehousing
Automatic Indexing
The automatic indexing feature automates index management tasks, such as creating,
rebuilding, and dropping indexes in an Oracle database based on changes in the
application workload.
This feature improves database performance by managing indexes automatically in an
Oracle database.
Related Topics
• Oracle® Database Administrator's Guide
In most scenarios, bitvector SQL functions combined with materialized views can
provide significant performance improvements for queries with COUNT(DISTINCT)
operations, which are common in data warehousing environments. The new operators
are naturally evaluated in parallel and take advantage of hardware optimized bitmap
operations. By creating materialized views with bitvectors at lower-level aggregation
levels, the same materialized view can be reused to rewrite queries at higher level of
aggregation levels by using ROLLUP.
Related Topics
• Oracle® Database Data Warehousing Guide
1-14
Chapter 1
Big Data and Data Warehousing
Real-Time Statistics
Oracle Database automatically gathers online statistics during conventional DML
operations.
Statistics can go stale between execution of DBMS_STATS statistics gathering jobs. By
gathering some statistics automatically during DML operations, the database
augments the statistics gathered by DBMS_STATS. Fresh statistics enable the
optimizer to produce more optimal plans.
Related Topics
• Oracle® Database SQL Tuning Guide
1-15
Chapter 1
Database Overall
Database Overall
• Automated install, config, and patch
• Automated upgrade, migration and utilities
• General
Ability to Create a PDB by Cloning a Remote PDB Using DBCA in Silent Mode
You can now create a PDB by cloning a remote PDB using the
createFromRemotePDB parameter of the createPluggableDatabase command
of DBCA in silent mode.
This feature enables automating the PDB life cycle operation of cloning a PDB using
DBCA in silent mode.
Related Topics
• Oracle® Database Administrator's Guide
1-16
Chapter 1
Database Overall
1-17
Chapter 1
Database Overall
Oracle Data Pump Allows Tablespaces to Stay Read-Only During TTS Import
A new option allows the user to restore pre-12.2 default behavior, such that tablespace
data files can be read-only during the Transportable Tablespace (TTS) import process.
The benefit is that this allows a tablespace data file to be mounted on two databases,
so long as it remains read-only. However, using this option requires that the source
and target databases have exactly the same daylight savings time (DST) version
because TIMESTAMP WITH TIMEZONE data will not be adjusted upon import. Also, if
this parameter is specified then the database does not automatically rebuild
tablespace bitmaps to reclaim space during import. This can make the import process
faster at the expense of regaining free space within the tablespace datafiles.
You can now import tablespace files mounted on two different databases as long as
the files are set as read-only.
Related Topics
• Oracle® Database Utilities
1-18
Chapter 1
Database Overall
Related Topics
• Oracle® Database Utilities
General
• Data Pump command-line parameter ENABLE_SECURE_ROLES
• Data Pump Import supports wildcard dump file names for URL-based dump files
maintained in object stores
• Data Pump command-line parameter CREDENTIAL allows Import from object
stores
Data Pump Import supports wildcard dump file names for URL-based dump
files maintained in object stores
Data Pump Import now supports wildcard dump file names for URL-based dump files
maintained in object stores. Note that the wildcard character can only be specified in
the file-name component of the URL (and not, for example, in the bucket-name
component).
Data Pump support for wildcard dump file names makes it easier migrate data from
multiple dump files into a managed Oracle cloud service from the Oracle Object Store
Service.
1-19
Chapter 1
Diagnosability
Diagnosability
• General
General
• Oracle Trace File Analyzer REST API Support
• Oracle Trace File Analyzer Search Extended to Support Metadata Searches
• Oracle Trace File Analyzer Supports New Service Request Data Collections
• Oracle ORAchk and Oracle EXAchk Support for Encrypting Collection Files
• Oracle ORAchk and Oracle EXAchk REST Support
• Oracle Cluster Health Advisor Integration into Oracle Trace File Analyzer
• Oracle ORAchk and Oracle EXAchk Support for Remote Node Connections
without Requiring Passwordless SSH
• Oracle ORAchk and Oracle EXAchk Now Show Only the Most Critical Checks by
Default
• Oracle Trace File Analyzer Support for Using an External SMTP Server for
Notifications
1-20
Chapter 1
Diagnosability
Oracle Trace File Analyzer Supports New Service Request Data Collections
Service Request Data Collections (SRDCs) simplify the collection of required logs and
data for specific issues. This release adds additional database SRDCs that cover more
ORA errors and problems in infrastructure such as Oracle Automatic Storage
Management (ASM), Oracle Automatic Storage Management Cluster File System
(ACFS), Listeners, auditing, and Recovery Manager (RMAN).
When operations or Oracle Database issues occur that require Oracle Support
Services, it is essential to send all the data and logs necessary to diagnose and
resolve the issue in one compact complete archive. Oracle Trace File Analyzer's
SRDCs provide this functionality while minimizing the steps required to compile and
send the archive efficiently. This improves recovery time while improving the
administrator's efficiency.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Oracle ORAchk and Oracle EXAchk Support for Encrypting Collection Files
Oracle ORAchk and Oracle EXAchk diagnostic collection files may contain sensitive
data. Starting in this release, you can encrypt and decrypt diagnostic collection ZIP
files and protect them with a password. This feature is available only on Linux and
Solaris platforms.
Companies are increasingly concerned about the leakage of sensitive data. Oracle
ORAchk and Oracle EXAchk collections and their reports can include such data. When
these reports are transferred to repositories or emailed, it's critical that such data is
viewed only by the intended recipients. To prevent leaks, you can restrict access to
sensitive data by encrypting the diagnostic collections and protecting them with a
password.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Oracle Cluster Health Advisor Integration into Oracle Trace File Analyzer
Oracle Trace File Analyzer now integrates with Oracle Cluster Health Advisor and
consumes the problem events that Oracle Cluster Health Advisor detects. When
1-21
Chapter 1
Diagnosability
Oracle Cluster Health Advisor detects a problem event, Oracle Trace File Analyzer
automatically triggers the relevant diagnostic collection and sends an email
notification. You can configure email notification through the standard Oracle Trace
File Analyzer notification process.
Oracle Cluster Health Advisor provides early warnings for Oracle Real Application
Clusters (Oracle RAC) database and cluster node performance issues. By delivering
email notifications with root cause analysis and corrective recommendations through
Oracle Trace File Analyzer's daemon, operations and database administrators can
proactively prevent application performance and availability issues.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Oracle ORAchk and Oracle EXAchk Support for Remote Node Connections
without Requiring Passwordless SSH
In earlier releases, remotely running Oracle ORAchk or Oracle EXAchk required
configuration of passwordless SSH between the remote nodes. Starting in this release,
you can configure Oracle ORAchk and Oracle EXAchk to autogenerate the private key
files for the remote nodes. Alternatively, you can provide a private key.
To centrally manage many database servers or clusters, it is more efficient to perform
operations remotely. In many cases, corporate policies prevent passwordless SSH
configuration. Using private key authentication, you can run Oracle ORAchk and
Oracle EXAchk remotely in these deployments and improve operational efficiency.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Oracle ORAchk and Oracle EXAchk Now Show Only the Most Critical Checks
by Default
By default, only the most critical checks are shown in the report output. The critical
checks are those that Oracle judges to have the most severe potential effect. All other
checks are still run and are available in the report. You can view them by selecting the
appropriate option under the "Show checks with the following status" control.
In earlier versions, Oracle EXAchk and Oracle ORAchk reports included over a
hundred checks and made analysis more time-consuming. When only the most critical
checks are included, analyzing the reports becomes more efficient, and you can more
quickly resolve critical problems to prevent downtime or performance issues.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Oracle Trace File Analyzer Support for Using an External SMTP Server for
Notifications
In earlier releases, Oracle Trace File Analyzer required monitored hosts to have local
sendmail or SMTP support in order to deliver email notifications of alerts. Starting in
this release, you can configure an external SMTP server to receive these notifications
from Oracle Trace File Analyzer and alert the administrators.
1-22
Chapter 1
Performance
Oracle Trace File Analyzer's ability to alert administrators immediately when it detects
an anomaly or issue is essential to maintain availability and rapidly recover from
problems. By extending email notification support to Oracle Trace File Analyzer
deployments that cannot send email locally, these deployments can minimize
downtime and maximize availability.
Related Topics
• Oracle® Autonomous Health Framework User's Guide
Performance
• General
General
• SQL Quarantine
• Resource Manager Automatically Enabled for Database In-Memory
• Database In-Memory Wait on Populate
• Memoptimized Rowstore - Fast Ingest
• Automatic Database Diagnostic Monitor (ADDM) Support for Pluggable Databases
(PDBs)
• Real-Time SQL Monitoring for Developers
• Workload Capture and Replay in a PDB
SQL Quarantine
SQL statements that are terminated by Oracle Database Resource Manager due to
their excessive consumption of CPU and I/O resources can be automatically
quarantined. The execution plans associated with the terminated SQL statements are
quarantined to prevent them from being executed again.
This feature protects an Oracle database from performance degradation by preventing
execution of SQL statements that excessively consume CPU and I/O resources.
Related Topics
• Oracle® Database Administrator's Guide
1-23
Chapter 1
Performance
1-24
Chapter 1
RAC and Grid
General
• Parity Protected Files
• Automated PDB Relocation
• Automated Transaction Draining for Oracle Grid Infrastructure Upgrades
• Oracle Restart Patching and Upgrading
• Zero-Downtime Oracle Grid Infrastructure Patching
1-25
Chapter 1
RAC and Grid
1-26
Chapter 1
Security
Security
• General
General
• New ALTER SYSTEM Clause FLUSH PASSWORDFILE_METADATA_CACHE
• Transparent Online Conversion Support for Auto-Renaming in Non-Oracle-
Managed Files Mode
• Key Management of Encrypted Oracle-Managed Tablespaces in Transparent Data
Encryption
• Support for Additional Algorithms for Offline Tablespace Encryption
• Support for Host Name-Based Partial DN Matching for Host Certificates
• Privilege Analysis Now Available in Oracle Database Enterprise Edition
• Support for Oracle Native Encryption and SSL Authentication for Different Users
Concurrently
• Ability to Grant or Revoke Administrative Privileges to and from Schema-Only
Accounts
• Automatic Support for Both SASL and Non-SASL Active Directory Connections
• Unified Auditing Top-Level Statements
• Passwords Removed from Oracle Database Accounts
• Signature-Based Security for LOB Locators
• New EVENT_TIMESTAMP_UTC Column in the UNIFIED_AUDIT_TRAIL View
• New PDB_GUID Audit Record Field for SYSLOG and the Windows Event Viewer
• Database Vault Operations Control for Infrastructure Database Administrators
• Database Vault Command Rule Support for Unified Audit Policies
This functionality is useful when the database password file name or location is
changed, and the metadata cache needs to be refreshed with the details of the
updated database password file.
Related Topics
• Oracle® Database Administrator's Guide
1-27
Chapter 1
Security
Internal processes can access a keystore when the keystore is closed, which allows
the internal process to continue and successfully complete by using an intermediate
key that is derived from the TDE master encryption key, while the TDE keystore is
closed or is otherwise unavailable.
Closing the TDE keystore has no effect on queries of an encrypted SYSTEM, SYSAUX,
TEMP, and UNDO tablespace, unlike queries of a user-created tablespace, which
continue to return an ORA-28365 wallet is not open error when the TDE
keystore is closed.
User-initiated operations such as decrypt on any encrypted Oracle-managed
tablespace still require the TDE keystore to be in the OPEN state.
Related Topics
• Oracle® Database Advanced Security Guide
1-28
Chapter 1
Security
Support for Oracle Native Encryption and SSL Authentication for Different
Users Concurrently
In previous releases, Oracle Database prevented the use of Oracle native encryption
(also called Advanced Networking Option or ANO encryption) and Secure Sockets
Layer (SSL) authentication together.
For example, if you set both the SQLNET.ENCRYPTION_CLIENT parameter on the
client and the SQLNET.ENCRYPTION_SERVER parameter on the server to REQUIRED,
and a TCPS listener is used, then you receive the ORA-12696 Double
Encryption Turned On, login disallowed error. Starting with this release, you can
set the new SQLNET.IGNORE_ANO_ENCRYPTION_FOR_TCPS parameter to TRUE.
This setting ignores the SQLNET.ENCRYPTION_CLIENT or
SQLNET.ENCRYPTION_SERVER when a TCPS client is used and either of these two
parameters are set to required.
Related Topics
• Oracle® Database Security Guide
1-29
Chapter 1
Security
Automatic Support for Both SASL and Non-SASL Active Directory Connections
Starting with this release, both Simple Authentication and Security Layer (SASL) and
Transport Layer Security (TLS) binds are supported for Microsoft Active Directory
connections.
For centrally managed users, the Oracle database initially tries to connect to Active
Directory using SASL bind. If the Active Directory server rejects the SASL bind
connection, then the Oracle database automatically attempts the connection again
without SASL bind but still secured with TLS.
The Active Directory administrator is responsible for configuring the connection
parameters for Active Directory server, but does not need to configure the database to
match this new Active Directory connection enhancement. The database automatically
adjusts from using SASL to not using SASL bind.
Related Topics
• Oracle® Database Security Guide
1-30
Chapter 1
Security
This enhancement does not affect the sample schemas. Sample schemas are still
installed with their default passwords.
Administrators can still assign passwords to the default schema-only accounts. Oracle
recommends changing the schemas back to a schema-only account afterward.
The benefit of this feature is that administrators no longer have to periodically rotate
the passwords for these Oracle Database-provided schemas. This feature also
reduces the security risk of attackers using default passwords to hack into these
accounts.
Related Topics
• Oracle® Database Security Guide
Related Topics
• Oracle® Database Security Guide
New PDB_GUID Audit Record Field for SYSLOG and the Windows Event
Viewer
The audit record fields for SYSLOG and the Windows Event Viewer now include a new
field, PDB_GUID, to identify the pluggable database associated with a unified audit trail
record.
In a multitenant database deployment, the pluggable database that generated a
unified audit trail record must be identified in the audit trail. Starting with this release,
the new field captures this information. The data type is VARCHAR2.
1-31
Chapter 1
Security
Related Topics
• Oracle® Database Security Guide
1-32