Oracle
Oracle is an object-relational database management system that is widely used in enterprise applications.
Prerequisites
Ensure that you have the following details before configuring Oracle as a source:
- Hostname or IP address
- Port
- Service Name
- Outbound port (1521 is the default port) open in your AWS or Azure security group
User Impersonation
The Oracle database username provided in the source configuration is the default username that is used for running queries. When queries are run against Oracle in Dremio Cloud, users use the privileges associated with the Oracle database username and run queries under that username.
You can change this default in Dremio Cloud by enabling user impersonation in the Advanced Options, which allows users to run queries under their own usernames and restricts their access. For example, user_1
can run queries as user_1
rather than oracle_svc
. Before enabling user impersonation, some setup is required in Oracle to allow one user to impersonate another user, because the username of the user in Dremio must be the same as their username in Oracle and the user must be able to connect through the Oracle database username.
To set up user impersonation, follow these steps:
-
Ensure the user's username in Oracle matches their username in Dremio. If the usernames do not match, modify one of the usernames or create a new user account with a matching username.
-
Run a ALTER USER command in Oracle to allow the user to connect through the Oracle database username:
ALTER USER testuser1 GRANT CONNECT THROUGH proxyuser;
In this example, the user can log in as testuser1
in Dremio and in Oracle, and they can connect through the proxyuser
. The proxyuser
is the Oracle database username provided in the source configuration.
-
Log in as an admin to Dremio.
-
Follow the steps for Configuring Oracle as a Source using the Oracle database username and enable User Impersonation in the Advanced Options.
-
Grant source privileges to the user.
Now that you have enabled user impersonation, a user logging in to Dremio with their username can access the Oracle source and its datasets according to their privileges. The user also runs queries against Oracle under their username.
Configuring Oracle as a Source
Perform these steps to configure Oracle:
-
On the Datasets page, you can see a truncated list of Sources at the bottom-left of the page. Click Add Source.
Alternatively, click Databases. The page displays all database sources. Click the Add database button at the top-right of that page.
-
In the Add Data Source dialog, click Oracle.
The following section describes the source configuration tabs.
noteSources containing a large number of files or tables may take longer to be added. During this time, the source name is grayed out and shows a spinner icon, indicating the source is being added. Once complete, the source becomes accessible.
General
The General tab contains the required fields to create an Oracle source.
Perform these steps in the General tab:
- In the General tab, for Name, enter a name. The name cannot include the following special characters:
/
,:
,[
, or]
. - For Host, enter the Oracle host name.
- For Port, enter the Oracle port number. The default port is 1521.
- For Service Name, enter the service name of your Oracle database.
- (Optional) For Enable TLS encryption, enable encrypted connections to Oracle using TLS.
You can only enable TLS encryption or Oracle native encryption for a given source.
-
(Optional) For Oracle Native Encryption, the default encryption is Accepted. The other values are Required, Rejected, and Requested.
To enable Oracle native encryption, you should also modify the SQLNET.Ora file by adding the following lines.
SQLNET.ENCRYPTION_SERVER = required. //Set the value to required or request
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256) //Set the value to the appropriate encryption and the value can be different.
SQLNET.CRYPTO_CHECKSUM_SERVER = requiredThe Oracle native encryption values are described in the following table.
Oracle Native Encryption Values Description Accepted The client or server allows both encrypted and non-encrypted connections. This is the default if the parameter is not set. Rejected The client or server refuses encrypted traffic. Requested The client or server requests encrypted traffic if it is possible, but accepts non-encrypted traffic if encryption is not possible. Required The client or server only accepts encrypted traffic. -
For Authentication, you must choose one of the following authentication options:
- Master Authentication, this is the default option. Provide the username and password of a master database user with permissions to read required objects:
- For Username, enter your Oracle database username.
- For Password, enter your Oracle database password.
- Secret Resource Url:
- For Username, enter your Oracle database username.
- For Secret Resource Url, enter the Secret Resource URL that allows Dremio to fetch the password from AWS Secrets Manager. The Secret Resource URL is the Amazon Resource Name (ARN) for the secret (for example,
arn:aws:secretsmanager:us-west-2:123456789012:secret:my-rds-secret-VNenFy
).
- For Kerebros, choose this option when the source database has Kerebros configured.
- Master Authentication, this is the default option. Provide the username and password of a master database user with permissions to read required objects:
Advanced Options
Click Advanced Options in the sidebar.
All advanced options are optional.
Advanced Option | Description |
---|---|
Use timezone as connection region | If selected, uses timezone to set connection region. |
Include synonyms | If selected, includes synonyms as datasets. |
Map Oracle DATE columns to TIMESTAMP | If checked, Oracle DATE columns are exposed as TIMESTAMP. |
Record fetch size | Number of records to fetch at once. Set to 0 (zero) to have Sonar automatically decide. The default record fetch size is 200. |
Maximum Idle Connections | The total number of connections allowed to be idle at a given time. The default maximum idle connections is 8. |
Connection Idle Time | The amount of time (in seconds) allowed for a connection to remain idle before the connection is terminated. The default connection idle time is 60 seconds. |
Use LDAP Naming Services | To use LDAP in the authentication of the external sources that can be used rather than locally configured users within Oracle. If checked, enter a domain name in the Set DN for LDAP Naming Services text box. |
User Impersonation | Allows users to run queries using their credentials rather than the username provided in the source credentials. Some setup is required in Oracle to allow one user to impersonate another user. See User Impersonation. |
Encryption | Provide the SSL/TLS server certificate distinguished name, otherwise, leave it blank to disable the DN match. |
Connection Properties | Custom key value pairs for the connection relevant to the source. To add a connection property, click Add property and add the property name and value. |
Reflection Refresh
The Reflection Refresh tab in the sidebar allows you to set time intervals for reflections to refresh or expire.
Metadata
You can configure settings to refresh metadata and handle datasets. Click Metadata in the sidebar.
You can configure Dataset Handling and Metadata Refresh parameters.
Dataset Handling
These are the Dataset Handling parameters.
All Dataset Handling parameters are optional.
Parameter | Description |
---|---|
Remove dataset definitions if underlying data is unavailable | By default, Sonar removes dataset definitions if underlying data is unavailable. Useful when files are temporarily deleted and added back in the same location with new sets of files. |
Metadata Refresh
These are the Metadata Refresh parameters:
-
Dataset Discovery: The refresh interval for fetching top-level source object names such as databases and tables. Set the time interval using this parameter.
Parameter Description (Optional) Fetch every You can choose to set the frequency to fetch object names in minutes, hours, days, or weeks. The default frequency to fetch object names is 1 hour. -
Dataset Details: The metadata that Sonar needs for query planning such as information required for fields, types, shards, statistics, and locality. These are the parameters to fetch the dataset information.
noteAll Dataset Details parameters are optional.
Parameter Description Fetch mode You can choose to fetch only from queried datasets that are set by default. Sonar updates details for previously queried objects in a source. Fetching from all datasets is deprecated. Fetch every You can choose to set the frequency to fetch dataset details in minutes, hours, days, or weeks. The default frequency to fetch dataset details is 1 hour. Expire after You can choose to set the expiry time of dataset details in minutes, hours, days, or weeks. The default expiry time of dataset details is 3 hours.
Privileges
You can grant privileges to specific users or roles.
- (Optional) For Privileges, enter the user name or role name that you want to grant access to and click the Add to Privileges button. The added user or role is displayed in the Users table.
- (Optional) For the users or roles in the Users table, toggle the green checkmark for each privilege you want to grant to the Oracle source that is being created.
Click Save after setting the configuration.
Editing an Oracle Source
To edit an Oracle source:
-
On the Datasets page, click Databases. A list of databases is displayed.
-
Hover over the database and click the Settings
-
In the Source Settings dialog, you cannot edit the name. Editing other parameters is optional.
-
Click Save.
Removing an Oracle Source
To remove an Oracle source, perform these steps:
-
On the Datasets page, click Databases. A list of sources is displayed.
-
Hover over the source and click the More (...) icon that appears next to the source.
-
From the list of actions, click Remove Source. Confirm that you want to remove the source.
Removing a source causes all downstream views dependent on objects in this source to break.
Sources containing a large number of files or tables may take longer to be removed. During this time, the source name is grayed out and shows a spinner icon, indicating the source is being removed. Once complete, the source disappears.
Predicate Pushdowns
Dremio offloads these operations to Oracle.
*
, +
, -
, /
, %
<
, <=
, <>
, =
, >
, >=
, !=
AND
, NOT
, OR
, ||
ABS
ACOS
ADD_MONTHS
ASIN
ATAN
ATAN2
AVG
CAST
CEIL
CEILING
CHAR_LENGTH
CHARACTER_LENGTH
CONCAT
COS
COSH
COT
COVAR_POP
COVAR_SAMP
DATE_ADD
DATE_SUB
DATE_TRUNC_DAY
DATE_TRUNC_HOUR
DATE_TRUNC_MINUTE
DATE_TRUNC_MONTH
DATE_TRUNC_QUARTER
DATE_TRUNC_WEEK
DATE_TRUNC_YEAR
DEGREES
E
EXP
EXTRACT_CENTURY
EXTRACT_DAY
EXTRACT_DOW
EXTRACT_DOY
EXTRACT_HOUR
EXTRACT_MINUTE
EXTRACT_MONTH
EXTRACT_QUARTER
EXTRACT_SECOND
EXTRACT_WEEK
EXTRACT_YEAR
FLOOR
IS DISTINCT FROM
IS NOT DISTINCT FROM
IS NOT NULL
IS NULL
LAST_DAY
LCASE
LEFT
LENGTH
LIKE
LN
LOCATE
LOG
LOG10
LOWER
LPAD
LTRIM
MAX
MEDIAN
MIN
MOD
PERCENT_CONT
PERCENT_DISC
PI
POSITION
POW
POWER
RADIANS
REGEXP_LIKE
REPLACE
REVERSE
RIGHT
ROUND
RPAD
RTRIM
SIGN
SIN
SINH
SQRT
STDDEV
STDDEV_POP
STDDEV_SAMP
SUBSTR
SUBSTRING
SUM
TAN
TANH
TO_CHAR
TO_DATE
TRIM
TRUNC
TRUNCATE
UCASE
UPPER
VAR_POP
VAR_SAMP