大家可能已经知道,在Oracle的DATAGUARD(这里指的是PHYSICAL STANDBY)环境中,Primary端会把生成的REDO传到Standby端,然后由Standby端的MRP进程应用该Redo,以达到同期效果。
首先,REDO_TRANSPORT_USER参数的意义如下:
http://docs.oracle.com/database/122/REFRN/REDO_TRANSPORT_USER.htm#REFRN10269
REDO_TRANSPORT_USER specifies the name of the user whose password verifier is used when a remote login password file is used for redo transport authentication.
This user must have the SYSDBA or SYSOPER privilege。。。
翻译过来就是,Standby端使用密码认证来保证REDO传输认证的话,利用指定的REDO_TRANSPORT_USER来进行认证。
手册上写着,REDO_TRANSPORT_USER用户需要有SYSDBA 或者 SYSOPER权限。
但是通过实际测试来看,只有SYSDBA是不行的,必须有SYSOPEN权限才行。
测试的时候使用的是12.2的DATAGUARD环境。
关于REDO_TRANSPORT_USER这个参数,也可以看看这个Mos 文档
Troubleshooting ORA-16191 and ORA-1017/ORA-1031 in Data Guard Log Transport Services or Data Guard Broker (Doc ID 1368170.1)
=============
6. If you have setup the 'REDO_TRANSPORT_USER'-Initialization Parameter to a certain User,
this User must be granted the 'SYSOPER'-Role and the Setting for this Parameter must be the same on the Primary and all Standby Databases.
=============
简单的测试如下:
Test Case
------------------
▼Primary:ORCL
--create password file(12.2)
cd $ORACLE_HOME/dbs
orapwd file=orapworcl format=12.2 password=ora_1234 force=y
--create user
create user ORASYS identified by ora_1234;
create user ORAOPER identified by ora_1234;
grant CONNECT,SYSDBA to ORASYS;
grant CONNECT,SYSOPER to ORAOPER;
--check if the user created can connect to database.
sqlplus SYS/"ora_1234@orcl as SYSDBA"
sqlplus ORASYS/"ora_1234@orcl as SYSDBA"
sqlplus ORAOPER/"ora_1234@orcl as SYSOPER"
--check V$PWFILE_USERS
col USERNAME format a7
select USERNAME,SYSDBA,SYSOPER from V$PWFILE_USERS where USERNAME like 'ORA%';
USERNAM SYSDB SYSOP
------- ----- -----
ORASYS TRUE FALSE <<<<<ORASYS user does not have SYSOPER Role
ORAOPER FALSE TRUE <<<<<ORAOPER user have SYSOPER Role
■create dataguard
▼Standby:ORCLST
--check V$PWFILE_USERS
col USERNAME format a7
select USERNAME,SYSDBA,SYSOPER from V$PWFILE_USERS where USERNAME like 'ORA%';
USERNAM SYSDB SYSOP
------- ----- -----
ORASYS TRUE FALSE
ORAOPER FALSE TRUE
--check if the user created can connect to database
sqlplus SYS/"ora_1234@orclst as SYSDBA"
sqlplus ORASYS/"ora_1234@orclst as SYSDBA"
sqlplus ORAOPER/"ora_1234@orclst as SYSOPER"
--SYS(default) REDO transportation
▼Primary:ORCL
create table scott.test(id number);
insert into scott.test values(1);
commit;
alter system archive log current;
▼Standby:ORCLST
select count(*) from scott.test;
=> REDO transportation was fine.
--SYSDBA[ORASYS] REDO transportation
▼Primary:ORCL
alter system set REDO_TRANSPORT_USER=ORASYS scope=spfile;
shutdown immediate
▼Standby:ORCLST
alter system set REDO_TRANSPORT_USER=ORASYS;
▼Primary:ORCL
startup
insert into scott.test values(1);
commit;
alter system archive log current;
▼Standby:ORCLST
select count(*) from scott.test;
-- REDO transportation failed on ORA-16191
-- You can see ORA-16191 from alert log of Primary.
--SYSOPER[ORAOPER] REDO transportation
▼Primary:ORCL
alter system set REDO_TRANSPORT_USER=ORAOPER scope=spfile;
shutdown immediate
▼Standby:ORCLST
alter system set REDO_TRANSPORT_USER=ORAOPER;
▼Primary:ORCL
startup
▼Standby:ORCLST
select count(*) from scott.test;
=> REDO transportation was fine.
▼Primary:ORCL
insert into scott.test values(1);
commit;
alter system archive log current;
▼Standby:ORCLST
select count(*) from scott.test;
=> REDO transportation was fine.