Oracle Connector: Install and Configure

Applies from release 2021.3

Prerequisites

Firewall Configuration

  • Open outbound TCP port 1521 to the Oracle server

  • DNS Record (if using Kerberos authentication)

    • Kerberos authentication requires the Alation server hostname to be resolvable. Add a DNS record for the Alation server or edit the /etc/hosts file on the Alation server.

Create Service Account

Sample SQL to create an account:

CREATE USER alation IDENTIFIED BY [password];
GRANT CREATE SESSION TO alation;

Permissions

Metadata Extraction

GRANT SELECT ON DBA_OBJECTS TO alation;
GRANT SELECT ON DBA_TAB_COLUMNS TO alation;
GRANT SELECT ON DBA_CONS_COLUMNS TO alation;
GRANT SELECT ON DBA_CONSTRAINTS TO alation;
GRANT SELECT ON DBA_VIEWS TO alation;
GRANT SELECT ON DBA_MVIEWS TO alation;
GRANT SELECT ON DBA_IND_COLUMNS TO alation;
GRANT SELECT ON DBA_INDEXES TO alation;
GRANT SELECT ON DBA_SYNONYMS TO alation;
GRANT SELECT ON DBA_COL_COMMENTS TO alation;
GRANT SELECT ON DBA_MVIEW_COMMENTS TO alation;
GRANT SELECT ON DBA_TAB_COMMENTS TO alation;
GRANT SELECT ON DBA_SEGMENTS TO alation;
GRANT SELECT ON DBA_LOBS TO alation;
GRANT SELECT ON DBA_ARGUMENTS to alation;

Permission

Purpose

GRANT SELECT ON DBA_OBJECTS TO alation;

Required for table extraction.

GRANT SELECT ON DBA_TAB_COLUMNS TO alation;

Required for table and column extraction.

GRANT SELECT ON DBA_CONS_COLUMNS TO alation;

Required for column extraction.

GRANT SELECT ON DBA_CONSTRAINTS TO alation;

Required for primary key and foreign key extraction.

GRANT SELECT ON DBA_VIEWS TO alation;

Required for view extraction.

GRANT SELECT ON DBA_MVIEWS TO alation;

Required for view extraction.

GRANT SELECT ON DBA_IND_COLUMNS TO alation;

Required for index extraction.

GRANT SELECT ON DBA_INDEXES TO alation;

Required for index extraction.

GRANT SELECT ON DBA_SYNONYMS TO alation;

Required for synonym extraction.

GRANT SELECT ON DBA_COL_COMMENTS TO alation;

Required for source comments extraction.

GRANT SELECT ON DBA_MVIEW_COMMENTS TO alation;

Required for view comments extraction.

GRANT SELECT ON DBA_TAB_COMMENTS TO alation;

Required for table comments extraction.

GRANT SELECT ON DBA_SEGMENTS TO alation;

Required for table iteration.

GRANT SELECT ON DBA_LOBS TO alation;

Required for table extraction.

GRANT SELECT ON DBA_ARGUMENTS TO alation;

Required for function and function definition extraction.

Table Profiles

GRANT SELECT on [SCHEMA or TABLE]

Configuration in Alation

STEP 1: Install the Connector

Alation On-Prem

Important

Installation of OCF connectors requires Alation Connector Manager to be installed as a prerequisite.

To install an OCF connector:

  1. If this has not been done on your instance, install the Alation Connector Manager: Install Alation Connector Manager.

  2. Ensure that the OCF connector Zip file that you received from Alation is available on your local machine.

  3. Install the connector on the Connectors Dashboard page using the steps in Manage Connectors.

Alation Cloud Service

Connecting to Cloud Databases

Note

On Alation Cloud Service instances, Alation Connector Manager is available by default.

To install an OCF connector:

  1. Ensure that the OCF connector Zip file that you received from Alation is available on your local machine.

  2. Install the connector on the Connectors Dashboard page using the steps in Manage Connectors.

Connecting to On-Prem Databases

Important

To connect to an on-prem database from an Alation Cloud Service instance, you may need to use Alation Agent.

  1. Ensure that the Alation Agent functionality is enabled on your Alation instance. Create a Support ticket with Alation for an Alation representative to enable the Alation Agent feature on your instance and to receive the Alation Agent installer.

  2. Install Alation Agent using the information in Alation Agent.

  3. Install the OCF connector on Alation Agent.

STEP 2: Create and Configure a New Data Source

In Alation, add a new data source:

  1. Log in to Alation as a Server Admin.

  2. Expand the Apps menu on the right of the main toolbar and select Sources.

  3. On the Sources page, click +Add on the top right of the page and in the list that opens, click Data Source. This will open the Add a Data Source wizard.

  4. On the first screen of the wizard, specify a name for your data source, assign additional Data Source Admins, if necessary, and click the Continue Setup button on the bottom. The Add a Data Source screen will open.

  5. On the Add a Data Source screen, the only field you should populate is Database Type. From the Database Type dropdown, select the connector name. After that you will be navigated to the Settings page of your new data source.

The connector name for Oracle is Oracle OCF Connector.

../../../_images/OracleOCF_01.png

General Settings

JDBC URI

When building the URI, include the following information:

  • Hostname or IP of the instance

  • Port number

  • Service name

  • Service account username

  • Password

URI Format

oracle:thin:@//<Hostname_or_IP>:<Port_Number>/<Service_Name>

Example

oracle:thin:@//ifac-orcl.ceeyrlqdpprr.us-west-2.rds.amazonaws.com:1521/orcl

Authentication

Depending on the authentication method, you may need to include more parameters into the URI.

../../../_images/OracleOCF_02.png

Metadata Extraction

You can configure metadata extraction (MDE) for an OCF data source on the Metadata Extraction tab of the Settings page. Refer to Configure Metadata Extraction for OCF Data Sources for information about the available configuration options.

../../../_images/OracleOCF_03.png

Query-Based Extraction

Provide SQL custom queries to extract metadata. Custom queries in Query Based Extraction will return below result set:

SCHEMA

Make sure that your query has a column labelled as SCHEMA in the SELECT list.

TABLE

Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, TABLE_TYPE, REMARKS in the SELECT list.

VIEW

Make sure that your query has columns labelled as SCHEMA, VIEW_NAME, VIEW_CREATE_STATEMENT, 'VIEW' AS VIEW_TYPE, REMARKS in the SELECT list.

COLUMN

Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, TYPE_NAME, DATA_TYPE, COLUMN_NAME, ORDINAL_POSITION, IS_NULLABLE, REMARKS, COLUMN_DEFAULT in the SELECT list.

PK

Make sure that your query has columns labelled as TABLE_NAME, COLUMN_NAME, OWNER in the SELECT list.

FK

Make sure that your query has columns labelled as PK_CATALOG, PK_SCHEMA, PK_TABLE, PK_COLUMN, FK_CATALOG, FK_SCHEMA, FK_TABLE, FK_COLUMN in the SELECT list.

INDEX

Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, COLUMN_NAME, REMARKS in the SELECT list.

FUNCTION

Make sure that your query has columns labelled as SCHEMA, FUNCTION_NAME, REMARKS in the SELECT list.

FUNCTION_DEF

Make sure that your query has columns labelled as SCHEMA, FUNCTION_NAME, ARG_NAME, TYPE_NAME, ARG_TYPE, ARG_DEF in the SELECT list.

SYNONYM

Make sure that your query has columns labelled as SYNONYM_CATALOG, SYNONYM_SCHEMA, SYNONYM_NAME, TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME, REMARKS in the SELECT list.

Sampling and Profiling

Sampling and profiling is supported. For details, see Configure Sampling and Profiling for OCF Data Sources.

Query Log Ingestion

For Oracle data sources added using the Oracle OCF connector, Alation supports two QLI configuration options: table-based QLI or custom query-based QLI. Depending on the option you choose, you will either need to create a QLI view in your database or write a query using the template expected by Alation.

Before you can configure QLI in Alation, perform the required configuration in your Oracle database.

If your Oracle data source is deployed on AWS RDS, refer to Oracle Connector: Configure QLI for Oracle on AWS RDS for information on configuring QLI.

For Oracle on AWS EC2 or on-premise, you can either use audit trail or Active Session History to configure QLI. You can also reuse the QLI view created using recommendations for Oracle data sources on the native (built-in) connector if you already have this view.

Note

The capability to reuse the native QLI view is available from connector version 1.4.0 and Alation version 2023.1.

Using Audit Trail

This configuration assumes your Oracle database has the database audit trail enabled. We recommend including these statements into auditing:

  • CREATE TABLE

  • CREATE VIEW

  • SELECT TABLE

  • UPDATE TABLE

  • INSERT TABLE

  • DELETE TABLE

  • ALTER TABLE

Configuration for Table-Based QLI

To enable QLI in Alation, in a schema of your choice, create a view on top of the SYS.AUD$ table using the template below. Grant the service account you are using in Alation the SELECT permissions for this QLI view.

In the example below, we’re creating a view ALATION_QLI_VIEW. The <SCHEMA> placeholder represents a schema where the view is created.

CREATE OR REPLACE VIEW <SCHEMA>.ALATION_QLI_VIEW AS
SELECT
    q.userid AS userName,
    q.NTIMESTAMP# AS startTime,
    q.sqltext AS queryString,
    q.sessionid AS sessionId,
    q.NTIMESTAMP# AS sessionStartTime,
    0 AS milliseconds,
    'N' AS cancelled,
    (SELECT * FROM Global_name) AS defaultDatabases
FROM sys.aud$ q
WHERE q.sqltext IS NOT NULL
    AND q.OBJ$CREATOR = q.USERID
ORDER BY
    sessionId,
    startTime;

Configuration for Query-Based QLI

If creating a view is not an option, you can use a query to configure QLI. Every time you run QLI, Alation will query the SYS.AUD$ table to get query history information. If you choose this option, ensure that the service account you are using in Alation is allowed to query the SYS.AUD$ table.

Use this query example:

SELECT q.userid AS userName,
    q.NTIMESTAMP# AS startTime,
    q.sqltext AS queryString,
    q.sessionid AS sessionId,
    q.NTIMESTAMP# AS sessionStartTime,
    0 AS milliseconds,
   'N' AS cancelled,
    (SELECT * FROM Global_name) AS defaultDatabases
FROM sys.aud$ q
WHERE q.sqltext IS NOT NULL
    AND q.OBJ$CREATOR = q.USERID
    AND q.NTIMESTAMP# BETWEEN TO_DATE(STARTTIME,'YY-MM-DD HH24:MI:SS')
    AND TO_DATE(ENDTIME,'YY-MM-DD HH24:MI:SS')
ORDER BY
    sessionId,
    startTime;

Using Active Session History

Active session history (ASH) is recorded by default. ASH only records some of the queries, as it samples them on an interval (one every ten seconds). This means that the auto-generated Lineage feature will not be fully supported when using ASH. Some lineage links may be missing as they were not captured. Popularity will not be as accurate with ASH compared to audit trail, but over many samples it can still be a good approximation. Oracle Enterprise Edition and the Diagnostics and Tuning option are required for Active Session History.

ASH query ingestion requires access to a view on top of the tables:

  • dba_hist_active_sess_history

  • dba_users

  • dba_hist_sqltext

  • dba_hist_snapshot

In a schema of your choice, create the view using the template below. In the example below, we’re creating a view ALATION_QLI_VIEW. The <SCHEMA> placeholder represents a schema where the view is created. Make sure the service account you are using in Alation is allowed to query this view.

CREATE OR REPLACE VIEW <SCHEMA_NAME>.ALATION_QLI_VIEW AS
SELECT
    b.username AS userName,
    b.username ||'/'|| r.session_id ||'/'|| r.session_serial# ||'/'|| r.instance_number AS sessionId,
    s.sql_text AS queryString,
    r.start_time AS startTime,
    r.time_ms AS milliseconds,
    NULL AS sessionStartTime,
    'N' as cancelled,
    (SELECT * FROM Global_name) as defaultDatabases
FROM
    (
      SELECT
        a.DBID, a.user_id, a.session_id, a.session_serial#,
        a.sql_id, a.instance_number,
        MIN(a.sample_time) AS start_time,
        SUM(a.tm_delta_time) AS time_ms
      FROM dba_hist_active_sess_history a
      JOIN dba_hist_snapshot s ON a.dbid = s.dbid
        AND a.snap_id = s.snap_id
        AND a.instance_number = s.instance_number
      GROUP BY
        a.dbid, a.user_id, a.session_id, a.session_serial#,
        a.sql_id, s.begin_interval_time, a.instance_number
        ) r
    JOIN dba_users b ON r.user_id = b.user_id
    JOIN dba_hist_sqltext s ON r.dbid = s.dbid
      AND r.sql_id = s.sql_id
WHERE
  s.command_type NOT IN (6, 7, /* system cmds */ 47, /* declare cmd */ 170, 189)
    AND b.username NOT IN ('SYSTEM', 'SYS', 'OLAPSYS', 'LBACSYS',
        'OWBSYS', 'OWBSYS_AUDIT', 'APPQOSSYS', 'SYSMAN', 'WMSYS',
        'EXFSYS', 'CTXSYS', 'ORDSYS', 'MDSYS');

Reusing QLI View for Native Oracle Data Source

If you already have an Oracle data source that was cataloged using the native (built-in) connector, you can reuse the QLI view that you created for this data source after you migrate it to OCF Oracle connector. This configuration is done in Alation, on the data source settings page. See Reuse Native QLI View below.

Alternatively, you can choose the query-based QLI approach to QLI and create a query that retrieves data from the QLI view created for the native connector.

SELECT user_name AS userName,
    start_time AS startTime,
    sql_text AS queryString,
    session_id AS sessionId,
    session_start_time AS sessionStartTime,
    time_ms AS milliseconds,
    'N' AS cancelled,
    (SELECT * from Global_name) AS defaultDatabases
FROM <SCHEMA>.NATIVE_QUERY_LOG_VIEW
WHERE sql_text is not NULL
    AND start_time BETWEEN TO_DATE(STARTTIME,'YY-MM-DD HH24:MI:SS')
    AND TO_DATE(ENDTIME,'YY-MM-DD HH24:MI:SS')
ORDER BY
    session_id,
    start_time;

Configuration in Alation

In Alation, you can configure QLI on the Query Log Ingestion tab. Before you set up QLI in Alation, perform the configuration on the database as is described in Using Audit Trail or Using Active Session History. If you go with the query-based QLI option, make sure that the Alation service account has access to the system tables that are queried.

Table-Based QLI

To configure table-based QLI:

In the Table Name field, specify the name of the QLI view where the query logs are available. Make sure that the service account has the permissions to access this view. The view name must be provided in the following format: database.schema.view_name.

Reuse Native QLI View

If you migrated your Oracle data source from the native (built-in) connector to the OCF Oracle connector, you can reuse the QLI view created for the native data source when configuring table-based QLI.

Note

The QLI view is the view specified in the Query Log Privileges section on the General Settings page of a data source added using the native (built-in) connector. The QLI view for native Oracle data sources can be created following an example in QLI view.

For information about migrating data sources, see Migration from Native to OCF Connectors.

To reuse the QLI view for the native data source:

  1. On the Query Log Ingestion tab, under Connector Settings > Query Extraction, select the checkbox Use Native QLI Table Name.

  2. In the Table Name field located under this checkbox, specify the name of the native QLI view.

  3. Click Save.

Custom Query-Based QLI

When for some reason you cannot create a table or view for QLI, you can use a custom QLI query instead. Paste the query into the Custom QLI Query field and click Save.

Automated and Manual QLI

You can either perform QLI manually on demand or enable automated QLI:

  1. To perform manual QLI, under the Automated and Manual Query Log Ingestion section of the Query Log Ingestion tab, ensure that the Enable Automated Query Log Ingestion toggle is disabled.

  2. Click Preview to get a sample of the query history data to be ingested.

  3. Click the Import button to perform QLI on demand.

    Note

    Metadata extraction must be completed first before running QLI.

  4. To schedule QLI, enable the Enable Automated Query Log Ingestion toggle.

  5. Set a schedule under Automated Query Log Ingestion Time by specifying values in the week, day and time fields. The next QLI job will run on the schedule you have specified.

    Note

    The hourly schedule for automated QLI is not supported.

Troubleshooting

Log Location

Refer to Troubleshooting.

Oracle Default Schema objects are not extracted into Alation[HR schema]

SDK 3.2.0 does not pull the default schema. However, OCF has query-based MDE capability which can be used to extract these schemas.