Hot backups are done at the tablespace level, with the database up and available for reads and writes. Oracle must be set for Log Archive Mode (see Chapter 23 for implementation options of ARCHIVELOG mode). Hot backups utilize the archive log files to store all writes while the physical tablespace files are being backed up. During recovery, all noncorrupted tablespaces are online and available. Oracle will prompt an operator for the needed archive logs to restore the tablespace.

---

Note:  
Most 24×7 data availability shops use this Hot backup method.

---

A standby database is a duplicate database environment, on duplicate equipment (with some exceptions), identical levels of operating systems, and identical levels of Oracle software. This standby database is in a constant state of recovery; as archive log files are closed on the primary database, they are transferred and applied to this standby database. This method incurs absolutely no overhead on the primary database and the only disadvantage is that the standby database is only as current as the last log file applied. This method is very quick to implement into the primary database so the amount of application downtime is minimal. These archive log files are easy to size and tune. Chapter 24, “Oracle8 Database Tuning,” has details on these and other tuning tips.

---

Tip:  
Size the archive log files appropriately for the amount of acceptable data loss.

---

Recovery Manager is a new Oracle8 tool that greatly aids in the backup and recovery process. It works with the Oracle8 kernel and can be accessed via a utility, Oracle Enterprise Manger V1.4, or with an embedded library call. Recovery Manager has a repository so backup file groups can be viewed. The repository is recommended but is not mandatory. Recovery Manager also stores information in the Control File(s). It utilizes third-party storage devices. Recovery Manager can back up the entire database, individual tablespaces, individual data files, or just the changed data blocks.

---

Note:  
Recovery Manager does not back up externally stored LOBs, SQL*Net configuration files, or INIT.ORA parameter files.

---

Security and Access Concepts

Access to the Oracle environment is handled in one of two ways: direct access from the computer that contains the database or over SQL*Net or Net8. SQL*Net is the level of software that hides the computing network from the application, allowing connectivity from end users and other databases. Net8 is the next release of the SQL*Net environment. SQL*Net on the server-side uses a listener process and a dispatcher service to assist in the management of user connections and the associated background Oracle processes. These dispatchers can load balance connections among multiple dispatchers. Net8 provides Oracle8 networking environments with enhanced distributed application support, connection pooling, better authentication services, and improved names services. Connection Manager is a new Oracle8 application that works with the multithreaded server option. It can act as a firewall, a multiprotocol interchange, and a concentrator (multiplexing data into a common physical transport). Connection Manager works with both SQL*Net and Net8 environments.

Once one has access to the Oracle environment, security is necessary to ensure that those who were given permission to connect have the correct privileges to access the various application data objects. In addition to the currently available object permissions, Oracle8 has some new password features. These include password history, account locking, password expiration and aging, rule-based verification, and additional user profile settings.

Overview of Oracle8 Permissions and Profiles

Oracle8 supports all the same permissions, roles, and profiles as were available with previous versions of Oracle. Users are established via the CREATE USER command. The permission CONNECT (or CREATE SESSION) must be granted for the user to have access to the database. There are still the same GRANT privilege commands, allowing query and DML access to the data objects, and executing permissions to packages and functions. Roles are groups of privileges given a name that, in itself, becomes another privilege. Profiles are a way of limiting resources to a user or group of users. Enhanced in Oracle8, profiles allow for a certain number of attempts of login, password encryption rules, password aging, and password history. The full list of available permissions is available in the Oracle Server SQL Reference Manual.