DBMS_CLOUD_ADMIN Package

This section covers the DBMS_CLOUD_ADMIN subprograms provided with Autonomous Database.

Subprogram	Description
ATTACH_FILE_SYSTEM Procedure	This procedure attaches a file system in a directory on your database.
CREATE_DATABASE_LINK Procedure	This procedure creates a database link to a target database. There are options to create a database link to another Autonomous Database instance, to an Oracle Database that is not an Autonomous Database, or to a non-Oracle Database using Oracle-managed heterogeneous connectivity.
DETACH_FILE_SYSTEM Procedure	This procedure detaches a file system from a directory on your database.
DISABLE_EXTERNAL_AUTHENTICATION Procedure	This procedure disables external authentication for the Autonomous Database instance.
DROP_DATABASE_LINK Procedure	This procedure drops a database link.
ENABLE_EXTERNAL_AUTHENTICATION Procedure	This procedure enables a user to logon to Autonomous Database using the specified external authentication scheme.

Related Topics

ATTACH_FILE_SYSTEM Procedure

This procedure attaches a file system in the database.

The DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM procedure attaches a file system in your database and stores information about the file system in the DBA_CLOUD_FILE_SYSTEMS view.

Syntax

DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM (
    file_system_name         IN VARCHAR2,
    file_system_location     IN VARCHAR2,
    directory_name           IN VARCHAR2,
    description              IN VARCHAR2 DEFAULT NULL,
    params                   IN CLOB DEFAULT NULL
);

Parameters

Parameter	Description
`file_system_name`	Specifies the name of the file system. This parameter is mandatory.
`file_system_location`	Specifies the location of the file system. The value you supply with `file_system_location` consists of a Fully Qualified Domain Name (FQDN) and a file path in the form: FQDN`:`file_path. For example: FQDN: `myhost.sub000445.myvcn.oraclevcn.com` For Oracle Cloud Infrastructure File Storage set the FQDN in Show Advanced Options when you create a file system. See Creating File Systems for more information. File Path: `/results` This parameter is mandatory.
`directory_name`	Specifies the directory name for the attached file system. The directory must exist. This parameter is mandatory.
`description`	(Optional) Provides a description of the task.
`params`	A JSON string that provides an additional parameter for the file system. `nfs_version`: Specifies the NFS version to use when NFS is attached (NFSv3 or NFSv4). Valid values: 3, 4. Default value: 3

Examples:

Attach to an NFSv3 file system:

BEGIN
   DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM (
    file_system_name      => 'FSS',
    file_system_location  => 'myhost.sub000445.myvcn.oraclevcn.com:/results',
    directory_name        => 'FSS_DIR',
    description           => 'Source NFS for sales data'
  );
END;
/

Attach to an NFSv4 file system:

BEGIN
   DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM (
    file_system_name      => 'FSS',
    file_system_location  => 'myhost.sub000445.myvcn.oraclevcn.com:/results',
    directory_name        => 'FSS_DIR',  
    description           => 'Source NFS for sales data',
    params                => JSON_OBJECT('nfs_version' value 4)
);                                                      
END;                                                        
/

Usage Notes

To run this procedure you must be logged in as the ADMIN user or have the EXECUTE privilege on DBMS_CLOUD_ADMIN.
You must have WRITE privilege on the directory object in the database to attach a file system using DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM.
The DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM procedure can only attach a private File Storage Service in databases with Private Endpoints enabled.

See OCI File Storage Service and Configure a Development System to Access the Database for more information.
The DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM procedure looks up the Network File System hostname on the customer's virtual cloud network (VCN). The error "ORA-20000: Mounting NFS fails" is returned if the hostname specified in the location cannot be located.
Oracle Cloud Infrastructure File Storage uses NFSv3 to share
If you attach to non-Oracle Cloud Infrastructure File Storage systems, the procedure supports NFSv3 and NFSv4
If you have an attached NFS server that uses NFSv3 and the NFS version is updated to NFSv4 in the NFS server, you must run DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM and then DBMS_CLOUD_ADMIN.ATTACH_FILE_SYSTEM (using the params parameter with nfs_version set to 4). This attaches NFS with the matching protocol so that Autonomous Database can access the NFSv4 Server. Without detaching and then reattaching, the NFS server will be inaccessible and you may see an error such as: "Protocol not supported".

CREATE_DATABASE_LINK Procedure

This procedure creates a database link to a target database in the schema calling the API.

The overloaded forms support the following:

When you use the gateway_params parameter, this enables you to create a database link with Oracle-managed heterogeneous connectivity where the link is to a supported non-Oracle database.
When you use the rac_hostnames parameter, this enables you to create a database link from an Autonomous Database on a private endpoint to a target Oracle RAC database. In this case, you use the rac_hostnames parameter to specify the host names of one or more individual nodes of the target Oracle RAC database.

Syntax

DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
       db_link_name         IN VARCHAR2,
       hostname             IN VARCHAR2,
       port                 IN NUMBER,
       service_name         IN VARCHAR2,
       ssl_server_cert_dn   IN VARCHAR2 DEFAULT,
       credential_name      IN VARCHAR2 DEFAULT,
       directory_name       IN VARCHAR2 DEFAULT,
       gateway_link         IN BOOLEAN DEFAULT,
       public_link          IN BOOLEAN DEFAULT,
       private_target       IN BOOLEAN DEFAULT
       gateway_params       IN CLOB DEFAULT);

DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
       db_link_name         IN VARCHAR2,
       rac_hostnames        IN CLOB,
       port                 IN NUMBER,
       service_name         IN VARCHAR2,
       ssl_server_cert_dn   IN VARCHAR2 DEFAULT,
       credential_name      IN VARCHAR2 DEFAULT,
       directory_name       IN VARCHAR2 DEFAULT,
       gateway_link         IN BOOLEAN DEFAULT,
       public_link          IN BOOLEAN DEFAULT,
       private_target       IN BOOLEAN DEFAULT);

Parameters

Parameter	Description
`db_link_name`	The name of the database link to create.
`hostname`	The hostname for the target database. Specifying `localhost` for `hostname` as is not allowed. When you specify a connection with Oracle-managed heterogeneous connectivity by supplying the `gateway_params` parameter, note the following: When the `db_type` value is `google_bigquery` the `hostname` is not used and you can provide value such as `example.com`. When the `db_type` value is `snowflake` the `hostname` is the Snowflake account identifier. To find your Snowflake account identifier, see Account Identifier Formats by Cloud Platform and Region. Use this parameter or `rac_hostnames`, do not use both. The `DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK` input should mention the scan name of the target Dedicated Autonomous Database as the 'hostname' parameter.
`rac_hostnames`	Specifies hostnames for the target Oracle RAC database. The value is a JSON array that specifies one or more individual host names for the nodes of the target Oracle RAC database. Multiple host names can be passed in JSON, separated by a "`,`". For example: `'["sales1-svr1.domain", "sales1-svr2.domain", "sales1-svr3.domain"]'` When the target is an Oracle RAC database, use the `rac_hostnames` parameter to specify one or more hostnames with `DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK`. This allows you to take advantage of the high availability capabilities of Oracle RAC. Using an IP address, a SCAN IP, or a SCAN hostname in the `rac_hostnames` value is not supported. When you specify a list of host names in the `rac_hostnames` parameter, `CREATE_DATABASE_LINK` uses all of the specified host names as addresses in the connect string. If one of the specified hosts is not available on the target Oracle RAC database, Autonomous Database automatically attempts to connect using another host name from the list. Use this parameter or `hostname`, do not use both. Specifying `localhost` for a `rac_hostname` value is not allowed.
`port`	Specifies the port for the connections to the target database. When you specify a connection with Oracle-managed heterogeneous connectivity using the `gateway_params` parameter, set the port based on the `db_type` value: `awsredshift`: use port `5439` `azure`: use port `1433` `db2`: use port `2500` for Db2 versions >= 11.5.6 `db2`: use port `5000` for Db2 versions <= 11.5.5 `google_analytics`: use port `443` `google_bigquery`: use port `443` `hive`: use port `433` `mongodb`: use port `27017` `mysql`: use port `3306` `mysql_community`: use port `3306` `postgres`: use port `5432` `salesforce`: use port `19937` `servicenow`: use port `443` `snowflake`: use port `443`
`service_name`	The `service_name` for the database to link to. For a target Autonomous Database, find the service name by one of the following methods: Look in the `tnsnames.ora` file in the `wallet.zip` that you download from an Autonomous Database for your connection. Click Database connection on the Oracle Cloud Infrastructure Console. Each connection string listed in the Connection string column includes a `service_name` entry with the connection string for the corresponding service. See View Connection Strings for an Autonomous Database for more information. Query `V$SERVICES` view. For example: `SELECT name FROM V$SERVICES;` When you specify a connection with Oracle-managed heterogeneous connectivity using the `gateway_params` parameter, the `service_name` is the database name of the non-Oracle database.
`ssl_server_cert_dn`	The DN value found in the server certificate. Oracle-managed heterogeneous connectivity is preconfigured with a wallet that contains most of the common trusted root and intermediate SSL certificates. The `ssl_server_cert_dn` must be `NULL` when you supply the `gateway_params` parameter or do not include the `ssl_server_cert_dn` parameter (the default value is `NULL`). Public Endpoint Link to an Autonomous Database Target without a Wallet: To connect to an Autonomous Database target on a public endpoint without a wallet (TLS): The `directory_name` parameter must be `NULL`. The `ssl_server_cert_dn` parameter must be `NULL` or do not include this parameter (the default value is `NULL`). Private Endpoint Link without a Wallet: To connect to an Oracle Database on a private endpoint without a wallet: The target database must be on a private endpoint. The `directory_name` parameter must be `NULL`. The `ssl_server_cert_dn` parameter must be `NULL` or do not include this parameter (the default is `NULL`). The `private_target` parameter must be `TRUE`.
`credential_name`	The name of a stored credential created with `DBMS_CLOUD.CREATE_CREDENTIAL`. This is the credentials to access the target database.
`directory_name`	The directory for the `cwallet.sso` file. The default value for this parameter is `'data_pump_dir'.` Oracle-managed heterogeneous connectivity is preconfigured with a wallet that contains most of the common trusted root and intermediate SSL certificates. The `directory_name` parameter is not required when you supply the `gateway_params` parameter. Public Endpoint Link to an Autonomous Database Target without a Wallet: To connect to an Autonomous Database on a public endpoint without a wallet (TLS): The `directory_name` parameter must be `NULL`. The `ssl_server_cert_dn` parameter must be `NULL` or do not include this parameter (the default value is `NULL`). In addition, to connect to an Autonomous Database with TCP, the `ssl_server_cert_dn` parameter must be `NULL` or do not include this parameter (the default value is `NULL`). Private Endpoint Link without a Wallet: To connect to a target Oracle Database on a private endpoint without a wallet: The target database must be on a private endpoint. The `directory_name` parameter must be `NULL`. The `ssl_server_cert_dn` parameter must be `NULL` or do not include this parameter (the default value is `NULL`). The `private_target` parameter must be `TRUE`.
`gateway_link`	Indicates if the database link is created to another Oracle Database or to an Oracle Database Gateway. If `gateway_link` is set to `FALSE`, this specifies a database link to another Autonomous Database or to another Oracle Database. If `gateway_link` is set to `TRUE`, this specifies a database link to a non-Oracle system. This creates a connect descriptor in the database link definition that specifies `(HS=OK)`. When `gateway_link` is set to `TRUE` and `gateway_params` is `NULL`, this specifies a database link to a customer-managed Oracle gateway. The default value for this parameter is `FALSE`.
`public_link`	Indicates if the database link is created as a public database link. To run `DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK` with this parameter set to `TRUE`, the user invoking the procedure must have `EXECUTE` privilege on the credential associated with the public database link and must have the `CREATE PUBLIC DATABASE LINK` system privilege. The `EXECUTE` privilege on the credential can be granted either by the `ADMIN` user or by the credential owner. The default value for this parameter is `FALSE`.
`private_target`	When a database link accesses a hostname that needs to be resolved in a VCN DNS server, specify the `private_target` parameter with value `TRUE`. When `private_target` is `TRUE`, the `hostname` parameter must be a single hostname (on a private endpoint, using an IP address, a SCAN IP, or a SCAN hostname is not supported). The default value for this parameter is `FALSE`.
`gateway_params`	`db_type` This parameter specifies the target database type for Oracle-managed heterogeneous connectivity to connect to non-Oracle databases. The `db_type` value is one of: `awsredshift` `azure` `db2` `google_analytics` `google_bigquery` * See Usage Notes for additional supported `gateway_params` when `db_type` is `google_bigquery`. `hive` * See Usage Notes for additional supported `gateway_params` when `db_type` is `hive`. `mongodb` `mysql` `postgres` `salesforce` * See Usage Notes for additional supported `gateway_params` when `db_type` is `salesforce`. `servicenow` * See Usage Notes for additional supported `gateway_params` when `db_type` is `servicenow`. `snowflake` * See Usage Notes for additional supported `gateway_params` when `db_type` is `snowflake`. `NULL` When `gateway_params` is `NULL` and `gateway_link` is set to `TRUE`, this specifies a database link to a customer-managed Oracle gateway. Specify the parameter with the `json_object` form. For example: `gateway_params => json_object('db_type' value 'awsredshift')` When `gateway_params` is `NULL` and `private_target` is `TRUE`, if `directory_name` is `NULL`, a TCP-based database link is created. When `gateway_params` is `NULL` and `private_target` is `TRUE`, if `directory_name` is `NULL`, a TCPS-based database link is created.

Usage Notes

When you specify the gateway_params parameter, for some db_type values, additional gateway_params parameters are supported:

`db_type`	Additional `gateway_params` Values
`google_analytics`	When the `db_type` is `google_analytics`, the credential you specify must be a Google OAuth credential (`gcp_oauth2)` See CREATE_CREDENTIAL Procedure for more information.
`google_bigquery`	When the `db_type` is `google_bigquery`, the credential you specify must be a Google OAuth credential (`gcp_oauth2)` See CREATE_CREDENTIAL Procedure for more information. When `db_type` is `google_bigquery`, the parameter `project` is valid. This parameter specifies the project name for `google_bigquery` and is required. The table name you specify when you use `SELECT` with Google BigQuery must be in quotes. For example: `SELECT * FROM "sales"@GOOGLE_BIGQUERY_LINK`
`hive`	When `db_type` is `hive`, the parameter `http_path` is valid. This parameter specifies the HttpPath value, if required, to connect to the Hive instance.
`salesforce`	When the `db_type` is `salesforce`, the parameter: `security_token` is valid. A security token is a case-sensitive alphanumeric code. Supplying a `security_token` value is required to access Salesforce. For example: `gateway_params => JSON_OBJECT( 'db_type' value 'salesforce', 'security_token' value 'security_token_value' )` See Reset Your Security Token for more information.
`servicenow`	To connect to ServiceNow and get data you must supply the gateway parameters `directory_name` and `file_name`. These parameters specify a model file (REST config file) that maps the JSON response to the relational model. The model file specifies the endpoints, table mapping, and HTTP response code for processing the JSON response. See Model file syntax and Example Model file for more information. When you use `gateway_params` parameter with `db_type` `servicenow`, there are two supported options: Basic Authentication: you must supply the `gateway_params` parameter `db_type` with the value `'servicenow'`, and supply the `directory_name` and `file_name` parameters along with username/password type credentials. OAuth 2.0 Authentication: you must supply the `gateway_params` parameter `db_type` with the value `'servicenow'`, and the `directory_name`, `file_name`, and `token_uri` parameters, along with OAuth type credentials. The `directory_name` parameter specifies the directory with the ServiceNow REST config file. You could create this directory as follows: `create or replace directory servicenow_dir as 'SERVICENOW_DIR';` Obtain and download the ServiceNow REST config file to the specified directory. For example: `exec DBMS_CLOUD.get_object('servicenow_dir_cred', 'https://objectstorage.<...>/servicenow.rest','SERVICENOW_DIR');` Set the `file_name` value to the name of the REST config file you downloaded, "`servicenow.rest`". Then you can use the ServiceNow REST config file with either basic authentication or OAuth2.0.
`snowflake`	When the `db_type` is `SNOWFLAKE`, the optional parameters: `role`, `schema`, and `warehouse` are valid. These values specify a different schema, role, or warehouse value, other than the default. For example: `gateway_params => JSON_OBJECT( 'db_type' value 'snowflake', 'role' value 'ADMIN', 'schema' value 'PUBLIC', 'warehouse' value 'TEST' )`

When you use the private_target parameter, note that database links from an Autonomous Database to a database service that is on a private endpoint are only supported in commercial regions and US Government regions.

This feature is enabled by default in all commercial regions.

This feature is enabled by default in US Government regions for newly provisioned databases.

For existing US Government databases on a private endpoint, if you want to create database links from an Autonomous Database to a target in a US Government region, please file a Service Request at Oracle Cloud Support and request to enable the private endpoint in government regions database linking feature.

US Government regions include the following:
- Oracle Cloud Infrastructure US Government Cloud with FedRAMP Authorization
- Oracle Cloud Infrastructure US Federal Cloud with DISA Impact Level 5 Authorization
When connecting to a non-Oracle database, database linking is only supported if the target database is accessible through a public IP or a public hostname.
To run DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK with a user other than ADMIN, you need to grant EXECUTE and CREATE DATABASE LINK privileges to that user. For example, run the following command as ADMIN to grant privileges to atpc_user:
```
GRANT EXECUTE ON DBMS_CLOUD_ADMIN TO atpc_user;
GRANT CREATE DATABASE LINK TO atpc_user;
```
In addition, when you create a Database Link in a schema other than the ADMIN schema, for example in a schema named atpc_user, the atpc_user schema must own the credential you use with DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK.
Only one wallet file is valid per directory specified with the directory_name parameter. You can only upload one cwallet.sso at a time to the directory you choose for wallet files. This means with a cwallet.sso in a directory, you can only create database links to the databases for which the wallet in that directory is valid. To use multiple cwallet.sso files with database links you need to create additional directories and put each cwallet.sso in a different directory.

See Create Directory in Autonomous Database for information on creating directories.

To create a database link to an Autonomous Database, set GLOBAL_NAMES to FALSE on the source database (non-Autonomous Database).

SQL> ALTER SYSTEM SET GLOBAL_NAMES = FALSE;
 
System altered.

SQL> SHOW PARAMETER GLOBAL_NAMES
NAME                     TYPE        VALUE
----------------------   ----------- -----------
global_names             boolean     FALSE

When the private_target parameter is TRUE, the hostname parameter specifies a private host inside the VCN.

Examples

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
     credential_name => 'DB_LINK_CRED',
     username => 'adb_user',
     password => 'password');
  DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
     db_link_name => 'SALESLINK', 
     hostname => 'adb.eu-frankfurt-1.oraclecloud.com', 
     port => '1522',
     service_name => 'example_medium.atpc.example.oraclecloud.com',
     ssl_server_cert_dn => 'CN=atpc.example.oraclecloud.com,OU=Oracle BMCS FRANKFURT,O=Oracle Corporation,L=Redwood City,ST=California,C=US',
     credential_name => 'DB_LINK_CRED');
END;
/

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'AWS_REDSHIFT_LINK_CRED',
    username => 'NICK',
    password => 'password'
  );
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
          db_link_name => 'AWSREDSHIFT_LINK', 
          hostname => 'example.com', 
          port => '5439',
          service_name => 'example_service_name',
          ssl_server_cert_dn => NULL,
          credential_name => 'AWS_REDSHIFT_LINK_CRED',
          gateway_params => JSON_OBJECT('db_type'  value 'awsredshift'));
END;
/

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'PRIVATE_ENDPOINT_CRED',
    username => 'db_user',
    password => 'password'
  );
DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
          db_link_name => 'PRIVATE_ENDPOINT_DB_LINK', 
          hostname => 'exampleHostname', 
          port => '1521',
          service_name => 'exampleServiceName',
          credential_name => 'PRIVATE_ENDPOINT_CRED',
          ssl_server_cert_dn => NULL,
          directory_name => NULL,
          private_target => TRUE);
END;
/

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
    credential_name => 'GOOGLE_BIGQUERY_CRED',
    params => JSON_OBJECT( 'gcp_oauth2' value JSON_OBJECT(
          'client_id' value 'client_id',
          'client_secret' value 'client_secret', 
          'refresh_token' value 'refresh_token' )));

DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
          db_link_name => 'GOOGLE_BIGQUERY_LINK', 
          hostname => 'example.com', 
          port => '443',
          service_name => 'example_service_name',
          credential_name => 'GOOGLE_BIGQUERY_CRED',
          gateway_params => JSON_OBJECT(
                     'db_type' value 'google_bigquery',
                     'project' value 'project_name1' ));
END;
/

The table name you specify when you use SELECT with Google BigQuery or Google Analytics must be in quotes. For example:

SELECT * FROM "sales"@GOOGLE_BIGQUERY_LINK

Use the rac_hostnames parameter with a target Oracle RAC database on a private endpoint.

BEGIN
  DBMS_CLOUD.CREATE_CREDENTIAL(
     credential_name => 'DB_LINK_CRED1',
     username => 'adb_user',
     password => 'password');
      DBMS_CLOUD_ADMIN.CREATE_DATABASE_LINK(
     db_link_name => 'SALESLINK', 
     rac_hostnames => '["sales1-svr1.example.adb.us-ashburn-1.oraclecloud.com",
                        "sales1-svr2.example.adb.us-ashburn-1.oraclecloud.com",
                        "sales1-svr3.example.adb.us-ashburn-1.oraclecloud.com"]',
     port => '1522',
     service_name => 'example_high.adb.oraclecloud.com',
     ssl_server_cert_dn => 'CN=adb.example.oraclecloud.com,OU=Oracle BMCS FRANKFURT,O=Oracle Corporation,L=Redwood City,ST=California,C=US',
     credential_name => 'DB_LINK_CRED1',
     directory_name => 'EXAMPLE_WALLET_DIR',
     private_target => TRUE);
END;
/

DETACH_FILE_SYSTEM Procedure

This procedure detaches a file system from the database.

The DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM procedure detaches a file system from your database. In addition to that, the DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM procedure also removes the information about the file system from the DBA_CLOUD_FILE_SYSTEMS view.

Syntax

DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM(
    file_system_name         IN VARCHAR2
);

Parameters

Parameter Description

file_system_name

Specifies the name of the file system.

This parameter is mandatory.

Example:

BEGIN
   DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM (
    file_system_name      => 'FSS'                                       
  );                                                                          
END;                                                                          
/

Usage Notes

To run this procedure, you must be logged in as the ADMIN user or have the EXECUTE privilege on DBMS_CLOUD_ADMIN.
You must have the WRITE privilege on the directory object in the database, to detach a file system from a directory using the DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM procedure.
The DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM procedure can only detach a private File Storage Service in databases with Private Endpoints enabled.

See OCI File Storage Service and Configure a Development System to Access the Database for more information.
The DBMS_CLOUD_ADMIN.DETACH_FILE_SYSTEM procedure looks up the Network File System hostname on the customer's virtual cloud network (VCN). The error "ORA-20000: Mounting NFS fails" is returned if the hostname specified in the location cannot be located.

DISABLE_EXTERNAL_AUTHENTICATION Procedure

Disables user authentication with external authentication schemes for the database.

Syntax

DBMS_CLOUD_ADMIN.DISABLE_EXTERNAL_AUTHENTICATION;

Exceptions

Exception	Error	Description
`invalid_ext_auth`	`ORA-20004`	See the accompanying message for a detailed explanation.

Example

BEGIN 
   DBMS_CLOUD_ADMIN.DISABLE_EXTERNAL_AUTHENTICATION;
END;
/

PL/SQL procedure successfully completed.

DROP_DATABASE_LINK Procedure

This procedure drops a database link.

Syntax

DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK(
        db_link_name      IN VARCHAR2,
        public_link       IN BOOLEAN DEFAULT);

Parameters

Parameter Description

Parameter	Description
`db_link_name`	The name of the database link to drop.
`public_link`	To run `DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK` with `public_link` set to `TRUE`, you must have the `DROP PUBLIC DATABASE LINK` system privilege. The default value for this parameter is `FALSE`.

db_link_name

The name of the database link to drop.

public_link

To run DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK with public_link set to TRUE, you must have the DROP PUBLIC DATABASE LINK system privilege.

The default value for this parameter is FALSE.

Example

BEGIN
    DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK(
        db_link_name => 'SALESLINK' );
END;
/

Usage Notes

After you are done using a database link and you run DBMS_CLOUD_ADMIN.DROP_DATABASE_LINK, to ensure security of your Oracle database remove any stored wallet files. For example:

Remove the wallet file in Object Store.
Use DBMS_CLOUD.DELETE_FILE to remove the wallet file from the data_pump_dir directory or from the user defined directory where the wallet file was uploaded.

ENABLE_EXTERNAL_AUTHENTICATION Procedure

Enable users to login to the database with external authentication schemes.

Syntax

DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
   type         IN VARCHAR2,
   force        IN BOOLEAN DEFAULT FALSE,
   params       IN CLOB DEFAULT NULL
);

Parameter

Parameter Description

Parameter	Description
`type`	Specifies the external authentication type. Valid values: or . `'OCI_IAM'` `'AZURE_AD'` `'CMU'` `'KERBEROS'`
`force`	(Optional) Override a currently enabled external authentication scheme. Valid values are `TRUE` or `FALSE`. The default value is `FALSE`.
`params`	A JSON string that provides additional parameters for the external authentication. `CMU` parameters: `location_uri`: specifies the cloud storage URI for the bucket where files required for CMU are stored. If you specify `location_uri` there is a fixed name directory object `CMU_WALLET_DIR` created in the database at the path `'cmu_wallet'` to save the CMU configuration files. In this case, you do not need to supply the `directory_name` parameter. `credential_name`: specifies the credentials that are used to download the CMU configuration files from the Object Store to the directory object. Default value is `NULL` which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder. `directory_name`: specifies the directory name where configuration files required for CMU are stored. If `directory_name` is supplied, you are expected to copy the CMU configuration files `dsi.ora` and `cwallet.sso` to this directory object. `KERBEROS` parameters: `location_uri`: specifies the cloud storage URI for the the bucket where files required for Kerberos are stored. If you specify `location_uri` there is a fixed name directory object `KERBEROS_DIR` created in the database to save the Kerberos configuration files. In this case, you do not need to supply the `directory_name` parameter. `credential_name`: specifies the credential that are used to download Kerberos configuration files from the Object Store location to the directory object. Default value is `NULL` which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder. `directory_name`: specifies the directory name where files required for Kerberos are stored. If `directory_name` is supplied, you are expected to copy the Kerberos configuration files to this directory object. `AZURE_AD` parameters: `tenant_id`: Tenant ID of the Azure Account. Tenant Id specifies the Autonomous Database instance's Azure AD application registration. `application_id`: Azure Application ID created in Azure AD to assign roles/schema mappings for external authentication in the Autonomous Database instance. `application_id_uri`: Unique URI assigned to the Azure Application. This it the identifier for the Autonomous Database instance. The name must be domain qualified (this supports cross tenancy resource access). The maximum length for this parameter is 256 characters.

type

Specifies the external authentication type. Valid values: or .

'OCI_IAM'
'AZURE_AD'
'CMU'
'KERBEROS'

force

(Optional) Override a currently enabled external authentication scheme. Valid values are TRUE or FALSE.

The default value is FALSE.

params

A JSON string that provides additional parameters for the external authentication.

CMU parameters:

location_uri: specifies the cloud storage URI for the bucket where files required for CMU are stored.
If you specify location_uri there is a fixed name directory object CMU_WALLET_DIR created in the database at the path 'cmu_wallet' to save the CMU configuration files. In this case, you do not need to supply the directory_name parameter.
credential_name: specifies the credentials that are used to download the CMU configuration files from the Object Store to the directory object.
Default value is NULL which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder.
directory_name: specifies the directory name where configuration files required for CMU are stored. If directory_name is supplied, you are expected to copy the CMU configuration files dsi.ora and cwallet.sso to this directory object.

KERBEROS parameters:

location_uri: specifies the cloud storage URI for the the bucket where files required for Kerberos are stored.
If you specify location_uri there is a fixed name directory object KERBEROS_DIR created in the database to save the Kerberos configuration files. In this case, you do not need to supply the directory_name parameter.
credential_name: specifies the credential that are used to download Kerberos configuration files from the Object Store location to the directory object.
Default value is NULL which allows you to provide a Public, Preauthenticated, or pre-signed URL for Object Store bucket or subfolder.
directory_name: specifies the directory name where files required for Kerberos are stored. If directory_name is supplied, you are expected to copy the Kerberos configuration files to this directory object.

AZURE_AD parameters:

tenant_id: Tenant ID of the Azure Account. Tenant Id specifies the Autonomous Database instance's Azure AD application registration.
application_id: Azure Application ID created in Azure AD to assign roles/schema mappings for external authentication in the Autonomous Database instance.
application_id_uri: Unique URI assigned to the Azure Application.
This it the identifier for the Autonomous Database instance. The name must be domain qualified (this supports cross tenancy resource access).

The maximum length for this parameter is 256 characters.

Exceptions

Exception	Error	Description
`invalid_ext_auth`	`ORA-20004`	See the accompanying message for a detailed explanation.

Usage Notes

With type OCI_IAM, if the resource principal is not enabled on the Autonomous Database instance, this routine enables resource principal with DBMS_CLOUD_ADMIN.ENABLE_RESOURCE_PRINCIPAL.
This procedure sets the system parameters IDENTITY_PROVIDER_TYPE and IDENTITY_PROVIDER_CONFIG to required users to access the instance with Oracle Cloud Infrastructure Identity and Access Management authentication and authorization.

Examples

Enable OCI_IAM Authentication

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'OCI_IAM',
     force=> TRUE );
END;
/

PL/SQL procedure successfully completed.

Enable CMU Authentication for Microsoft Active Directory

You pass in a directory name that contains the CMU configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'CMU',
     force => TRUE,
     params => JSON_OBJECT('directory_name' value 'CMU_DIR'); // CMU_DIR directory object already exists
END;
/

PL/SQL procedure successfully completed.

You pass in a location URI pointing to an Object Storage location that contains CMU configuration files through params JSON argument.

BEGIN
   DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
       type     => 'CMU',
       params   => JSON_OBJECT('location_uri' value 'https://objectstorage.us-phoenix-1.oraclecloud.com/n/namespace-string/b/bucketname/o',
                               'credential_name' value 'my_credential_name')
   );
END;
/

PL/SQL procedure successfully completed.

Enable Azure AD Authentication

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'AZURE_AD',
     force => TRUE,
     params   => JSON_OBJECT( 'tenant_id' VALUE '....',
                              'application_id' VALUE '...',
                              'application_id_uri' VALUE '.....' ));
END;
/

PL/SQL procedure successfully completed.

Enable Kerberos Authentication

You pass in a directory name that contains Kerberos configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'KERBEROS',
     force => TRUE,
     params => JSON_OBJECT('directory_name' value 'KERBEROS_DIR'); // KERBEROS_DIR directory object already exists
END;
/

PL/SQL procedure successfully completed.

You pass in a location URI pointing to an Object Storage location that contains Kerberos configuration files through params JSON argument.

BEGIN DBMS_CLOUD_ADMIN.ENABLE_EXTERNAL_AUTHENTICATION(
     type => 'KERBEROS',
     force => TRUE,
     params => JSON_OBJECT('location_uri' value 'https://objectstorage.us-phoenix-1.oraclecloud.com/n/namespace-string/b/bucketname/o',
                           'credential_name' value 'my_credential_name');
END;
/

PL/SQL procedure successfully completed.

DBMS_CLOUD_ADMIN Exceptions

The following table describes exceptions for DBMS_CLOUD_ADMIN.

Exception	Code	Description
`invalid_service`	20001	An invalid service was specified.
`service_not_exist`	20002	A service specified does not exist.
`default_service`	20003	A service specified cannot be modified.
`invalid_char_set`	20029	Missing precondition or invalid (national) character set.
`invalid_enc_key_attr`	20030	Missing or invalid argument for key management.
`Already Using Oracle Managed Key`	000000	The Database is already using an Oracle managed key. You are trying to call the procedure while already using an Oracle managed key.
`Argument Provided for the procedure`	ORA-0000	An argument is provided for the procedure. Expected error message:No arguments required for this procedure.

Title and Copyright Information

Oracle and/or its affiliates.