Oracle Connector: Install and Configure¶
Applies from release 2021.3
Prerequisites¶
Firewall Configuration¶
Open outbound TCP port 1521 to the Oracle server
DNS Record (if using Kerberos authentication)
Kerberos authentication requires the Alation server hostname to be resolvable. Add a DNS record for the Alation server or edit the /etc/hosts file on the Alation server.
Create Service Account¶
Sample SQL to create an account:
CREATE USER alation IDENTIFIED BY [password];
GRANT CREATE SESSION TO alation;
Permissions¶
Metadata Extraction¶
GRANT SELECT ON DBA_OBJECTS TO alation;
GRANT SELECT ON DBA_TAB_COLUMNS TO alation;
GRANT SELECT ON DBA_CONS_COLUMNS TO alation;
GRANT SELECT ON DBA_CONSTRAINTS TO alation;
GRANT SELECT ON DBA_VIEWS TO alation;
GRANT SELECT ON DBA_MVIEWS TO alation;
GRANT SELECT ON DBA_IND_COLUMNS TO alation;
GRANT SELECT ON DBA_INDEXES TO alation;
GRANT SELECT ON DBA_SYNONYMS TO alation;
GRANT SELECT ON DBA_COL_COMMENTS TO alation;
GRANT SELECT ON DBA_MVIEW_COMMENTS TO alation;
GRANT SELECT ON DBA_TAB_COMMENTS TO alation;
GRANT SELECT ON DBA_SEGMENTS TO alation;
GRANT SELECT ON DBA_LOBS TO alation;
GRANT SELECT ON DBA_ARGUMENTS to alation;
Permission |
Purpose |
|---|---|
GRANT SELECT ON DBA_OBJECTS TO alation; |
Required for table extraction. |
GRANT SELECT ON DBA_TAB_COLUMNS TO alation; |
Required for table and column extraction. |
GRANT SELECT ON DBA_CONS_COLUMNS TO alation; |
Required for column extraction. |
GRANT SELECT ON DBA_CONSTRAINTS TO alation; |
Required for primary key and foreign key extraction. |
GRANT SELECT ON DBA_VIEWS TO alation; |
Required for view extraction. |
GRANT SELECT ON DBA_MVIEWS TO alation; |
Required for view extraction. |
GRANT SELECT ON DBA_IND_COLUMNS TO alation; |
Required for index extraction. |
GRANT SELECT ON DBA_INDEXES TO alation; |
Required for index extraction. |
GRANT SELECT ON DBA_SYNONYMS TO alation; |
Required for synonym extraction. |
GRANT SELECT ON DBA_COL_COMMENTS TO alation; |
Required for source comments extraction. |
GRANT SELECT ON DBA_MVIEW_COMMENTS TO alation; |
Required for view comments extraction. |
GRANT SELECT ON DBA_TAB_COMMENTS TO alation; |
Required for table comments extraction. |
GRANT SELECT ON DBA_SEGMENTS TO alation; |
Required for table iteration. |
GRANT SELECT ON DBA_LOBS TO alation; |
Required for table extraction. |
GRANT SELECT ON DBA_ARGUMENTS TO alation; |
Required for function and function definition extraction. |
Table Profiles¶
GRANT SELECT on [SCHEMA or TABLE]
Configuration in Alation¶
STEP 1: Install the Connector¶
Alation On-Prem¶
Important
Installation of OCF connectors requires Alation Connector Manager to be installed as a prerequisite.
To install an OCF connector:
If this has not been done on your instance, install the Alation Connector Manager: Install Alation Connector Manager.
Ensure that the OCF connector Zip file that you received from Alation is available on your local machine.
Install the connector on the Connectors Dashboard page using the steps in Manage Connectors.
Alation Cloud Service¶
Connecting to Cloud Databases¶
Note
On Alation Cloud Service instances, Alation Connector Manager is available by default.
To install an OCF connector:
Ensure that the OCF connector Zip file that you received from Alation is available on your local machine.
Install the connector on the Connectors Dashboard page using the steps in Manage Connectors.
Connecting to On-Prem Databases¶
Important
To connect to an on-prem database from an Alation Cloud Service instance, you may need to use Alation Agent.
Ensure that the Alation Agent functionality is enabled on your Alation instance. Create a Support ticket with Alation for an Alation representative to enable the Alation Agent feature on your instance and to receive the Alation Agent installer.
Install Alation Agent using the information in Alation Agent.
Install the OCF connector on Alation Agent.
STEP 2: Create and Configure a New Data Source¶
In Alation, add a new data source:
Log in to Alation as a Server Admin.
Expand the Apps menu on the right of the main toolbar and select Sources.
On the Sources page, click +Add on the top right of the page and in the list that opens, click Data Source. This will open the Add a Data Source wizard.
On the first screen of the wizard, specify a name for your data source, assign additional Data Source Admins, if necessary, and click the Continue Setup button on the bottom. The Add a Data Source screen will open.
On the Add a Data Source screen, the only field you should populate is Database Type. From the Database Type dropdown, select the connector name. After that you will be navigated to the Settings page of your new data source.
The connector name for Oracle is Oracle OCF Connector.
General Settings¶
JDBC URI¶
When building the URI, include the following information:
Hostname or IP of the instance
Port number
Service name
Service account username
Password
URI Format¶
oracle:thin:@//<Hostname_or_IP>:<Port_Number>/<Service_Name>
Example¶
oracle:thin:@//ifac-orcl.ceeyrlqdpprr.us-west-2.rds.amazonaws.com:1521/orcl
Authentication¶
Depending on the authentication method, you may need to include more parameters into the URI.
Metadata Extraction¶
You can configure metadata extraction (MDE) for an OCF data source on the Metadata Extraction tab of the Settings page. Refer to Configure Metadata Extraction for OCF Data Sources for information about the available configuration options.
Query-Based Extraction¶
Provide SQL custom queries to extract metadata. Custom queries in Query Based Extraction will return below result set:
SCHEMA¶
Make sure that your query has a column labelled as SCHEMA in the SELECT list.
TABLE¶
Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, TABLE_TYPE, REMARKS in the SELECT list.
VIEW¶
Make sure that your query has columns labelled as SCHEMA, VIEW_NAME, VIEW_CREATE_STATEMENT, 'VIEW' AS VIEW_TYPE, REMARKS in the SELECT list.
COLUMN¶
Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, TYPE_NAME, DATA_TYPE, COLUMN_NAME, ORDINAL_POSITION, IS_NULLABLE, REMARKS, COLUMN_DEFAULT in the SELECT list.
PK¶
Make sure that your query has columns labelled as TABLE_NAME, COLUMN_NAME, OWNER in the SELECT list.
FK¶
Make sure that your query has columns labelled as PK_CATALOG, PK_SCHEMA, PK_TABLE, PK_COLUMN, FK_CATALOG, FK_SCHEMA, FK_TABLE, FK_COLUMN in the SELECT list.
INDEX¶
Make sure that your query has columns labelled as SCHEMA, TABLE_NAME, COLUMN_NAME, REMARKS in the SELECT list.
FUNCTION¶
Make sure that your query has columns labelled as SCHEMA, FUNCTION_NAME, REMARKS in the SELECT list.
FUNCTION_DEF¶
Make sure that your query has columns labelled as SCHEMA, FUNCTION_NAME, ARG_NAME, TYPE_NAME, ARG_TYPE, ARG_DEF in the SELECT list.
SYNONYM¶
Make sure that your query has columns labelled as SYNONYM_CATALOG, SYNONYM_SCHEMA, SYNONYM_NAME, TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME, REMARKS in the SELECT list.
Sampling and Profiling¶
Sampling and profiling is supported. For details, see Configure Sampling and Profiling for OCF Data Sources.
Query Log Ingestion¶
For Oracle data sources added using the Oracle OCF connector, Alation supports two QLI configuration options: table-based QLI or custom query-based QLI. Depending on the option you choose, you will either need to create a QLI view in your database or write a query using the template expected by Alation.
Before you can configure QLI in Alation, perform the required configuration in your Oracle database.
If your Oracle data source is deployed on AWS RDS, refer to Oracle Connector: Configure QLI for Oracle on AWS RDS for information on configuring QLI.
For Oracle on AWS EC2 or on-premise, you can either use audit trail or Active Session History to configure QLI. You can also reuse the QLI view created using recommendations for Oracle data sources on the native (built-in) connector if you already have this view.
Note
The capability to reuse the native QLI view is available from connector version 1.4.0 and Alation version 2023.1.
Using Audit Trail¶
This configuration assumes your Oracle database has the database audit trail enabled. We recommend including these statements into auditing:
CREATE TABLE
CREATE VIEW
SELECT TABLE
UPDATE TABLE
INSERT TABLE
DELETE TABLE
ALTER TABLE
Configuration for Table-Based QLI¶
To enable QLI in Alation, in a schema of your choice, create a view on top of the SYS.AUD$ table using the template below. Grant the service account you are using in Alation the SELECT permissions for this QLI view.
In the example below, we’re creating a view ALATION_QLI_VIEW. The <SCHEMA> placeholder represents a schema where the view is created.
CREATE OR REPLACE VIEW <SCHEMA>.ALATION_QLI_VIEW AS
SELECT
q.userid AS userName,
q.NTIMESTAMP# AS startTime,
q.sqltext AS queryString,
q.sessionid AS sessionId,
q.NTIMESTAMP# AS sessionStartTime,
0 AS milliseconds,
'N' AS cancelled,
(SELECT * FROM Global_name) AS defaultDatabases
FROM sys.aud$ q
WHERE q.sqltext IS NOT NULL
AND q.OBJ$CREATOR = q.USERID
ORDER BY
sessionId,
startTime;
Configuration for Query-Based QLI¶
If creating a view is not an option, you can use a query to configure QLI. Every time you run QLI, Alation will query the SYS.AUD$ table to get query history information. If you choose this option, ensure that the service account you are using in Alation is allowed to query the SYS.AUD$ table.
Use this query example:
SELECT q.userid AS userName,
q.NTIMESTAMP# AS startTime,
q.sqltext AS queryString,
q.sessionid AS sessionId,
q.NTIMESTAMP# AS sessionStartTime,
0 AS milliseconds,
'N' AS cancelled,
(SELECT * FROM Global_name) AS defaultDatabases
FROM sys.aud$ q
WHERE q.sqltext IS NOT NULL
AND q.OBJ$CREATOR = q.USERID
AND q.NTIMESTAMP# BETWEEN TO_DATE(STARTTIME,'YY-MM-DD HH24:MI:SS')
AND TO_DATE(ENDTIME,'YY-MM-DD HH24:MI:SS')
ORDER BY
sessionId,
startTime;
Using Active Session History¶
Active session history (ASH) is recorded by default. ASH only records some of the queries, as it samples them on an interval (one every ten seconds). This means that the auto-generated Lineage feature will not be fully supported when using ASH. Some lineage links may be missing as they were not captured. Popularity will not be as accurate with ASH compared to audit trail, but over many samples it can still be a good approximation. Oracle Enterprise Edition and the Diagnostics and Tuning option are required for Active Session History.
ASH query ingestion requires access to a view on top of the tables:
dba_hist_active_sess_history
dba_users
dba_hist_sqltext
dba_hist_snapshot
In a schema of your choice, create the view using the template below. In the example below, we’re creating a view ALATION_QLI_VIEW. The <SCHEMA> placeholder represents a schema where the view is created. Make sure the service account you are using in Alation is allowed to query this view.
CREATE OR REPLACE VIEW <SCHEMA_NAME>.ALATION_QLI_VIEW AS
SELECT
b.username AS userName,
b.username ||'/'|| r.session_id ||'/'|| r.session_serial# ||'/'|| r.instance_number AS sessionId,
s.sql_text AS queryString,
r.start_time AS startTime,
r.time_ms AS milliseconds,
NULL AS sessionStartTime,
'N' as cancelled,
(SELECT * FROM Global_name) as defaultDatabases
FROM
(
SELECT
a.DBID, a.user_id, a.session_id, a.session_serial#,
a.sql_id, a.instance_number,
MIN(a.sample_time) AS start_time,
SUM(a.tm_delta_time) AS time_ms
FROM dba_hist_active_sess_history a
JOIN dba_hist_snapshot s ON a.dbid = s.dbid
AND a.snap_id = s.snap_id
AND a.instance_number = s.instance_number
GROUP BY
a.dbid, a.user_id, a.session_id, a.session_serial#,
a.sql_id, s.begin_interval_time, a.instance_number
) r
JOIN dba_users b ON r.user_id = b.user_id
JOIN dba_hist_sqltext s ON r.dbid = s.dbid
AND r.sql_id = s.sql_id
WHERE
s.command_type NOT IN (6, 7, /* system cmds */ 47, /* declare cmd */ 170, 189)
AND b.username NOT IN ('SYSTEM', 'SYS', 'OLAPSYS', 'LBACSYS',
'OWBSYS', 'OWBSYS_AUDIT', 'APPQOSSYS', 'SYSMAN', 'WMSYS',
'EXFSYS', 'CTXSYS', 'ORDSYS', 'MDSYS');
Reusing QLI View for Native Oracle Data Source¶
If you already have an Oracle data source that was cataloged using the native (built-in) connector, you can reuse the QLI view that you created for this data source after you migrate it to OCF Oracle connector. This configuration is done in Alation, on the data source settings page. See Reuse Native QLI View below.
Alternatively, you can choose the query-based QLI approach to QLI and create a query that retrieves data from the QLI view created for the native connector.
SELECT user_name AS userName,
start_time AS startTime,
sql_text AS queryString,
session_id AS sessionId,
session_start_time AS sessionStartTime,
time_ms AS milliseconds,
'N' AS cancelled,
(SELECT * from Global_name) AS defaultDatabases
FROM <SCHEMA>.NATIVE_QUERY_LOG_VIEW
WHERE sql_text is not NULL
AND start_time BETWEEN TO_DATE(STARTTIME,'YY-MM-DD HH24:MI:SS')
AND TO_DATE(ENDTIME,'YY-MM-DD HH24:MI:SS')
ORDER BY
session_id,
start_time;
Configuration in Alation¶
In Alation, you can configure QLI on the Query Log Ingestion tab. Before you set up QLI in Alation, perform the configuration on the database as is described in Using Audit Trail or Using Active Session History. If you go with the query-based QLI option, make sure that the Alation service account has access to the system tables that are queried.
Table-Based QLI¶
To configure table-based QLI:
In the Table Name field, specify the name of the QLI view where the query logs are available. Make sure that the service account has the permissions to access this view. The view name must be provided in the following format: database.schema.view_name.
Reuse Native QLI View¶
If you migrated your Oracle data source from the native (built-in) connector to the OCF Oracle connector, you can reuse the QLI view created for the native data source when configuring table-based QLI.
Note
The QLI view is the view specified in the Query Log Privileges section on the General Settings page of a data source added using the native (built-in) connector. The QLI view for native Oracle data sources can be created following an example in QLI view.
For information about migrating data sources, see Migration from Native to OCF Connectors.
To reuse the QLI view for the native data source:
On the Query Log Ingestion tab, under Connector Settings > Query Extraction, select the checkbox Use Native QLI Table Name.
In the Table Name field located under this checkbox, specify the name of the native QLI view.
Click Save.
Custom Query-Based QLI¶
When for some reason you cannot create a table or view for QLI, you can use a custom QLI query instead. Paste the query into the Custom QLI Query field and click Save.
Automated and Manual QLI¶
You can either perform QLI manually on demand or enable automated QLI:
To perform manual QLI, under the Automated and Manual Query Log Ingestion section of the Query Log Ingestion tab, ensure that the Enable Automated Query Log Ingestion toggle is disabled.
Click Preview to get a sample of the query history data to be ingested.
Click the Import button to perform QLI on demand.
Note
Metadata extraction must be completed first before running QLI.
To schedule QLI, enable the Enable Automated Query Log Ingestion toggle.
Set a schedule under Automated Query Log Ingestion Time by specifying values in the week, day and time fields. The next QLI job will run on the schedule you have specified.
Note
The hourly schedule for automated QLI is not supported.
Troubleshooting¶
Log Location¶
Refer to Troubleshooting.
Oracle Default Schema objects are not extracted into Alation[HR schema]¶
SDK 3.2.0 does not pull the default schema. However, OCF has query-based MDE capability which can be used to extract these schemas.