17.1 Setting Up a SecureFiles Store
This section shows how to set up a SecureFiles Store.
17.1.1 About Managing Permissions
You must be a non-SYS database user for all operational access to the Content API and stores.
Do not use SYS
or SYSTEM
users or
SYSDBA
or SYSOPER
system
privileges. For better security and separation of duty, only allow specific
trusted users to access DBFS Content API.
You must grant each user the DBFS_ROLE
role.
Otherwise, the user is not authorized to use the DBFS Content API. A user
with suitable administrative privileges (or SYSDBA) can grant the role to
additional users as needed.
The CREATEFILESYSTEM
procedure auto-commits
before and after its execution (like a DDL). The method
CREATESTORE
is a wrapper around
CREATEFILESYSTEM
.
See Also:
Oracle Database PL/SQL Packages and Types Reference for
DBMS_DBFS_SFS
syntax details
To create a SecureFiles File System Store:
- Create a
Store:
connect sfs_demo/<password> DECLARE BEGIN DBMS_DBFS_SFS.CREATEFILESYSTEM( store_name => 'FS1', tbl_name => 'T1', tbl_tbs => null, use_bf => false ); END; /
where:
-
store_name
is a case-sensitive, user-unique name. -
tbl_name
is a valid table name, created in the current schema. -
tbl_tbs
is a valid assm tablespace name for SecureFile Store used for the store table and its dependent segments, such as indexes, LOBs, or nested tables. The default isNULL
and specifies a tablespace of the current schema. -
use_bf
specifies that BasicFiles LOBs should be used, iftrue
, and iffalse
it should be ASSM tablespace.
Note:
TheCREATEFILESYSTEM
procedure auto-commits before and after its execution (like a DDL). The methodCREATESTORE
is a wrapper aroundCREATEFILESYSTEM
. -
- Register the Store.
CONNECT sfs_demo Enter password:password DECLARE BEGIN DBMS_DBFS_CONTENT.REGISTERSTORE( store_name => 'FS1', provider_name => 'secure_file_store', provider_package => 'dbms_dbfs_sfs' ); COMMIT; END; /
where:
-
store_name
is SecureFiles StoreFS1
, which uses tableSFS_DEMO.T1
. -
provider_name
is ignored. -
provider_package
isDBMS_DBFS_SFS
, for SecureFiles Store reference provider.
This operation associates the SecureFiles Store
FS1
with theDBMS_DBFS_SFS
provider. -
- Mount the
store.
CONNECT sfs_demo Enter password: password DECLARE BEGIN DBMS_DBFS_CONTENT.MOUNTSTORE( store_name => 'FS1', store_mount => 'mnt1' ); COMMIT; END; /
where:
store_name
is the name of the store we want to mount. In this case the SFS store isFS1
, which is already created and uses tableSFS_DEMO.T1
.-
store_mount
is the mount point.
- [Optional] To see the results of the preceding steps, you can
use the following statements.
-
To verify SecureFiles Store tables and file systems:
SELECT * FROM TABLE(DBMS_DBFS_SFS.LISTTABLES); SELECT * FROM TABLE(DBMS_DBFS_SFS.LISTFILESYSTEMS);
-
To verify ContentAPI Stores and mounts:
SELECT * FROM TABLE(DBMS_DBFS_CONTENT.LISTSTORES); SELECT * FROM TABLE(DBMS_DBFS_CONTENT.LISTMOUNTS);
-
To verify SecureFiles Store features:
var fs1f NUMBER; exec :fs1f := DBMS_DBFS_CONTENT.GETFEATURESBYNAME('FS1'); select * from table(DBMS_DBFS_CONTENT.DECODEFEATURES(:fs1f));
-
To verify resource and property views:
SELECT * FROM DBFS_CONTENT; SELECT * FROM DBFS_CONTENT_PROPERTIES;
-
17.1.2 Creating or Setting Permissions
You must grant the DBFS_ROLE
role to any user that needs to use the DBFS content API.
This sets up the DBFS Content API for any database user who has the DBFS_ROLE
role.
17.1.3 Accessing SecureFiles Store
You should never directly access tables that hold data for a SecureFiles Store file systems.
This is the correct way to access the file systems.
-
For procedural operations: Use the DBFS Content API (
DBMS_DBFS_CONTENT
methods). -
For SQL operations: Use the resource and property views (
DBFS_CONTENT
andDBFS_CONTENT_PROPERTIES
).
17.1.4 Reinitializing SecureFiles Store File Systems
You can truncate and re-initialize tables associated with an SecureFiles Store.
-
Use the procedure
INITFS()
.The procedure executes like a DDL, auto-committing before and after its execution.
The following example uses file system FS1
and table SFS_DEMO
.T1
, which is associated with the SecureFiles Store store_name
.
CONNECT sfs_demo; Enter password: password EXEC DBMS_DBFS_SFS.INITFS(store_name => 'FS1');
17.1.5 Comparison of SecureFiles LOBs to BasicFiles LOBs
SecureFiles LOBs are only available in Oracle Database 11g Release 1 and higher. They are not available in earlier releases.
You must use BasicFiles LOB storage for LOB storage in tablespaces that are not managed with Automatic Segment Space Management (ASSM).
Compatibility must be at least 11.1.0.0 to use SecureFiles LOBs.
Additionally, you need to specify the following in DBMS_DBFS_SFS.CREATEFILESYSTEM:
-
To use SecureFiles LOBs (the default), specify
use_bf => false.
-
To use BasicFiles LOBs, specify
use_bf => true
.