Oracle EBS R12.2 — Applying CPU April 2026

Oracle EBS R12.2 — Applying the CPU April 2026 Application Patch

Your Complete Step-by-Step DBA Guide

📅 Released: 21 April 2026 | ✍ punitoracledba.blogspot.com | ⏱ 12 min read

⚠ CVSS 9.8 — Apply Now
The April 2026 CPU includes important Oracle EBS security patches. Some vulnerabilities are remotely exploitable, so this CPU should be treated as urgent and applied as soon as possible.

Introduction

Oracle released the Critical Patch Update CPU for April 2026 on 21 April 2026. As an Oracle EBS R12.2 DBA, applying this CPU is an important security and compliance activity. This guide explains the complete end-to-end process including patch identification, checker tools, ADOP patching cycle, and post-patch verification.

This guide is for Oracle EBS R12.2 only. Application tier patches on R12.2 are applied using ADOP Online Patching. The old adpatch utility is not used for R12.2 application patches.

Step 0 — MOS Starting Point

MOSFS Article ID	What It Contains
KA923	Always points to the latest EBS CPU availability document.
KA1539	April 2026 specific patch list, prerequisites, and known issues for EBS R12.2.
KA1033	EBS Security FAQ and security background reading.

Pro Habit: Always start with KA923 because it points to the current CPU document every quarter.

Step 1 — Run Oracle Checker Tools First

Oracle provides checker utilities for EBS R12.2. Run these tools before downloading or applying patches. They help identify missing patches specific to your environment.

Tool	Patch	Purpose
ECPUC	Patch 35583866	EBS Critical Patch Update Checker. Generates ECPUC.lst.
EJCPUC	Patch 37171025	EBS Java CPU Checker for app tier and DB tier nodes.

How to Run ECPUC

# Source the run edition environment
source /u01/oracle/R122/EBSapps.env run

# Unzip ECPUC patch
unzip p35583866_R12_GENERIC.zip -d /stage/ecpuc

# Connect as APPS and run checker
sqlplus apps/<apps_password>

SQL> @/stage/ecpuc/ECPUC.sql

# Review generated report
cat ECPUC.lst

Review Section 3 of ECPUC.lst carefully. This section lists the required EBS CPU patches for your environment.

How to Run EJCPUC

# Unzip EJCPUC patch
unzip p37171025_R12_GENERIC.zip -d /stage/ejcpuc

# Run on application tier
source /u01/oracle/R122/EBSapps.env run
cd /stage/ejcpuc
./ejcpuc.sh

# Run separately on database tier
cd /stage/ejcpuc
./ejcpuc.sh

Always download the latest version of ECPUC and EJCPUC for the current CPU cycle.

Step 2 — Pre-Patch Health Checks

-- Check stale ADOP sessions
SELECT STATUS, ABANDON_FLAG, START_DATE
FROM   AD_ADOP_SESSIONS
WHERE  STATUS NOT IN ('completed', 'abandoned')
ORDER BY START_DATE DESC;

-- Check failed workers
SELECT WORKER_ID, STATUS, START_DATE
FROM   AD_WORKERS
WHERE  STATUS = 'Failed';

-- Check DB editions
SELECT EDITION_NAME, STATUS
FROM   DBA_EDITIONS
ORDER BY CREATED;

-- Check invalid objects
SELECT COUNT(*)
FROM   DBA_OBJECTS
WHERE  STATUS = 'INVALID';

# Check disk space
df -h $APPL_TOP $COMMON_TOP $NE_BASE

# Check ADOP status
adop phase=status

Backup is mandatory: Take RMAN database backup and application tier backup or snapshot before starting patching.

Step 3 — Apply Patches Using ADOP

In EBS R12.2, CPU application patches are applied using the ADOP cycle. Only the cutover phase requires user downtime.

Phase	Downtime
Prepare	No downtime
Apply	No downtime
Finalize	No downtime
Cutover	Brief outage
Cleanup	No downtime

Phase 1 — Prepare

source /u01/oracle/R122/EBSapps.env run

adop phase=prepare

Phase 2 — Apply

# Dry run first
adop phase=apply patches=PATCH1,PATCH2,PATCH3 apply_mode=dryrun

# Real apply
adop phase=apply patches=PATCH1,PATCH2,PATCH3 apply_mode=online workers=8

# Monitor
adop phase=status

Phase 3 — Finalize

adop phase=finalize

SELECT COUNT(*)
FROM   DBA_OBJECTS
WHERE  STATUS = 'INVALID';

Phase 4 — Cutover

adop phase=cutover

SELECT EDITION_NAME, STATUS
FROM   DBA_EDITIONS
ORDER BY CREATED DESC;

Phase 5 — Cleanup

# Dry run cleanup
adop phase=cleanup mode=dryrun

# Full cleanup
adop phase=cleanup

Step 4 — Post-Patch Verification

-- Confirm patches are registered
SELECT BUG_NUMBER, LAST_UPDATE_DATE
FROM   AD_BUGS
WHERE  BUG_NUMBER IN ('PATCH1', 'PATCH2', 'PATCH3');

-- Confirm active edition
SELECT EDITION_NAME, STATUS
FROM   DBA_EDITIONS
ORDER BY CREATED DESC;

-- Check invalid objects
SELECT COUNT(*)
FROM   DBA_OBJECTS
WHERE  STATUS = 'INVALID';

# Verify services
$ADMIN_SCRIPTS_HOME/adstatus.sh

Run ECPUC again after cutover. If ECPUC.lst shows zero remaining patches, save it as audit evidence.

Complete Checklist

• Open MOSFS KA923 and navigate to the current CPU document.
• Download and run ECPUC.
• Download and run EJCPUC on app tier and DB tier.
• Download all patches listed in ECPUC.lst.
• Confirm no stale ADOP cycle.
• Confirm no failed workers.
• Confirm enough disk space.
• Take full RMAN and application backup.
• Run ADOP prepare, apply, finalize, cutover, and cleanup.
• Run ECPUC again after patching.
• Complete smoke testing.
• Document results and close the change ticket.
• Patch order should be DEV → UAT → PROD.

Key References

Reference	Description
MOSFS KA923	Latest EBS CPU document
MOSFS KA1539	April 2026 EBS CPU Availability Document
Patch 35583866	ECPUC Checker
Patch 37171025	EJCPUC Checker
Patch 17537119	ETCC Technology Codelevel Checker

Written by Punit Kumar | Oracle EBS DBA Notes | punitoracledba.blogspot.com

Oracle EBS R12: Create User & Assign Responsibility — Step-by-Step DBA Guide with SQL Verification

This guide explains how to create a user in Oracle E-Business Suite R12, assign a responsibility, and verify the setup using SQL queries.

---

1. Business Requirement

As an Oracle Apps DBA, you may receive a request to create a new EBS application user and assign required responsibilities.

Example Requirement:

Create EBS user       : MAHILANIA
Assign Responsibility : System Administrator
Application          : System Administration

---

2. Important Tables Used

Table Name	Purpose
FND_USER	Stores EBS application user details
FND_RESPONSIBILITY	Stores responsibility details
FND_RESPONSIBILITY_TL	Stores translated responsibility names
FND_APPLICATION	Stores application details
FND_USER_RESP_GROUPS_DIRECT	Stores direct user responsibility assignments

---

3. Source the EBS Environment

Login to the application tier as the application OS user and source the environment file.

cd $INST_TOP/ora/10.1.2
. <CONTEXT_NAME>.env

Or source the main EBS environment file:

. /u01/oracle/EBSapps.env run

---

4. Connect to SQL*Plus as APPS

sqlplus apps/<apps_password>

---

5. Create EBS User Using FND_USER_PKG

Use the standard Oracle seeded API FND_USER_PKG.CREATEUSER to create an application user.

BEGIN
  FND_USER_PKG.CREATEUSER(
    x_user_name              => 'MAHILANIA',
    x_owner                  => 'CUST',
    x_unencrypted_password   => 'Welcome123',
    x_start_date             => SYSDATE,
    x_end_date               => NULL,
    x_password_date          => SYSDATE,
    x_email_address          => 'mahilania@example.com'
  );

  COMMIT;
END;
/

Note: Replace the password and email address as per your organization policy.

---

6. Verify User Creation

SELECT user_id,
       user_name,
       start_date,
       end_date,
       email_address,
       creation_date
FROM   fnd_user
WHERE  user_name = 'MAHILANIA';

---

7. Find Responsibility Details

Before assigning a responsibility, find the correct responsibility name, responsibility ID, application ID, and security group ID.

SELECT fr.responsibility_id,
       fr.application_id,
       frt.responsibility_name,
       fa.application_short_name
FROM   fnd_responsibility fr,
       fnd_responsibility_tl frt,
       fnd_application fa
WHERE  fr.responsibility_id = frt.responsibility_id
AND    fr.application_id = frt.application_id
AND    fr.application_id = fa.application_id
AND    frt.language = USERENV('LANG')
AND    frt.responsibility_name LIKE 'System Administrator';

---

8. Assign Responsibility to User

Use FND_USER_PKG.ADDRESP to assign responsibility to the EBS user.

BEGIN
  FND_USER_PKG.ADDRESP(
    username       => 'MAHILANIA',
    resp_app       => 'SYSADMIN',
    resp_key       => 'SYSTEM_ADMINISTRATOR',
    security_group => 'STANDARD',
    description    => 'System Administrator responsibility assigned by Apps DBA',
    start_date     => SYSDATE,
    end_date       => NULL
  );

  COMMIT;
END;
/

---

9. Verify Responsibility Assignment

SELECT fu.user_name,
       frt.responsibility_name,
       fa.application_short_name,
       furg.start_date,
       furg.end_date
FROM   fnd_user fu,
       fnd_user_resp_groups_direct furg,
       fnd_responsibility_tl frt,
       fnd_responsibility fr,
       fnd_application fa
WHERE  fu.user_id = furg.user_id
AND    furg.responsibility_id = fr.responsibility_id
AND    furg.responsibility_application_id = fr.application_id
AND    fr.responsibility_id = frt.responsibility_id
AND    fr.application_id = frt.application_id
AND    fr.application_id = fa.application_id
AND    frt.language = USERENV('LANG')
AND    fu.user_name = 'MAHILANIA';

---

10. Check User Login Status

SELECT user_name,
       start_date,
       end_date,
       password_date,
       password_lifespan_days,
       password_accesses_left
FROM   fnd_user
WHERE  user_name = 'MAHILANIA';

---

11. End Date a Responsibility

If you need to remove access, do not delete records directly. End-date the responsibility using Oracle API.

BEGIN
  FND_USER_PKG.DELRESP(
    username       => 'MAHILANIA',
    resp_app       => 'SYSADMIN',
    resp_key       => 'SYSTEM_ADMINISTRATOR',
    security_group => 'STANDARD'
  );

  COMMIT;
END;
/

---

12. End Date an EBS User

UPDATE fnd_user
SET    end_date = SYSDATE
WHERE  user_name = 'MAHILANIA';

COMMIT;

---

13. Common Issues

Issue	Possible Cause	Action
User not visible in EBS	User not committed or wrong username	Verify in FND_USER
Responsibility not visible after login	Incorrect responsibility key or application short name	Verify responsibility details using SQL
Password issue	Password policy restriction	Reset password from System Administrator responsibility
Responsibility expired	End date is already set	Check FND_USER_RESP_GROUPS_DIRECT

---

14. Best Practices for Apps DBA

• Always use Oracle seeded APIs where possible.
• Do not directly insert records into FND tables.
• Take approval before granting powerful responsibilities.
• Use strong password policies.
• Validate user and responsibility assignment using SQL.
• End-date users when access is no longer required.
• Keep audit details for production access changes.

---

15. Quick Validation Script

SET LINES 200
COL user_name FORMAT A20
COL responsibility_name FORMAT A40
COL application_short_name FORMAT A20

SELECT fu.user_name,
       frt.responsibility_name,
       fa.application_short_name,
       furg.start_date,
       furg.end_date
FROM   fnd_user fu,
       fnd_user_resp_groups_direct furg,
       fnd_responsibility_tl frt,
       fnd_responsibility fr,
       fnd_application fa
WHERE  fu.user_id = furg.user_id
AND    furg.responsibility_id = fr.responsibility_id
AND    furg.responsibility_application_id = fr.application_id
AND    fr.responsibility_id = frt.responsibility_id
AND    fr.application_id = frt.application_id
AND    fr.application_id = fa.application_id
AND    frt.language = USERENV('LANG')
AND    fu.user_name = UPPER('&USER_NAME');

---

Conclusion

Creating an Oracle EBS R12 user and assigning responsibility is a common Apps DBA activity. The safest approach is to use Oracle seeded APIs such as FND_USER_PKG.CREATEUSER and FND_USER_PKG.ADDRESP. Always verify the user and responsibility assignment from backend tables before confirming access to the business team.

Author: Punit Kumar
Role: Oracle Apps DBA / Oracle DBA Specialist

How to Enable HTTPS on Oracle EBS R12.2

punitoracledba.blogspot.com  ·  EBS R12.2 + Okta SSO Series  · 

SSL / HTTPS  ·  Phase 1 Prerequisite

How to Enable HTTPS on Oracle EBS R12.2 — Step by Step

Before Okta SSO can work, your EBS environment needs HTTPS. This guide covers Oracle Wallet creation, OHS configuration, and going live on port 443 — with exact commands for your environment.

punitoracledba   ·   EBS R12.2.13  ·  RHEL 8  ·  OHS 12.2.x   ·   ~10 min read

EBS R12.2.13 + Okta SSO Implementation

Why HTTPS First?

Okta is a cloud-based Identity Provider (IdP) that communicates over SAML 2.0. Every SAML assertion it sends contains sensitive authentication tokens. Without HTTPS, those tokens travel in plain text — and Okta simply refuses to integrate with HTTP endpoints. No SSL = no SSO. Full stop.

In this post, we configure HTTPS on Oracle HTTP Server (OHS) for EBS R12.2.13 running on RHEL 8, using an Oracle Wallet with a self-signed certificate on port 443.

Note: For production environments, replace the self-signed certificate with one from your internal CA or a trusted CA (DigiCert, Sectigo, etc.). All other steps remain identical.

Environment Reference

Component	Value
Application server	pc.app.com
Database server	pc.db.com : 1533
Current EBS URL	http://pc.app.com:8012
Target HTTPS URL	https://pc.app.com:443
OS	RHEL 8
OHS version	OHS 12.2.x (EBS R12.2.13)
Certificate type	Self-signed (lab/dev)

Step 1

Locate Your OHS Instance & Wallet Directory

Log in to pc.app.com as your EBS OS user (typically applmgr) and run:

bash — find OHS paths

echo $INST_TOP

find $INST_TOP -name "cwallet.sso" 2>/dev/null
find $INST_TOP -name "wallet" -type d 2>/dev/null

Typical wallet location:

$INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default/

Step 2

Verify orapki Is Available

EBS R12.2 OHS uses the Oracle Wallet — not openssl. The tool is orapki.

bash — verify orapki

export PATH=$ORACLE_HOME/bin:$PATH
which orapki
orapki version

Tip: If orapki is not found, source your EBS env file:
source $INST_TOP/ora/10.1.3/Apache/Apache/bin/envvar.sh

Step 3

Create the Oracle Wallet

bash — create wallet directory

mkdir -p $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default
cd $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default

bash — create wallet with auto-login

orapki wallet create \
  -wallet $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default \
  -pwd WalletPasswd123 \
  -auto_login

The -auto_login flag creates cwallet.sso — allows OHS to start without a password prompt on server restarts.

Step 4

Generate the Self-Signed Certificate

bash — add self-signed certificate (10-year validity)

orapki wallet add \
  -wallet $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default \
  -pwd WalletPasswd123 \
  -dn "CN=pc.app.com,OU=IT,O=YourOrg,L=City,ST=State,C=US" \
  -keysize 2048 \
  -self_signed \
  -validity 3650

Verify the certificate was added:

bash — display wallet contents

orapki wallet display \
  -wallet $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default \
  -pwd WalletPasswd123

expected output

User Certificates:
Subject: CN=pc.app.com,OU=IT,O=YourOrg,L=City,ST=State,C=US

Step 5

Configure ssl.conf for Port 443

bash — backup and edit ssl.conf

cp $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.conf \
   $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.conf.bkp_$(date +%Y%m%d)

vi $INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.conf

Set these key directives inside ssl.conf:

ssl.conf — key settings

Listen 443
SSLEngine on

<VirtualHost pc.app.com:443>
  ServerName pc.app.com:443
  SSLWallet "$INST_TOP/ora/10.1.3/Apache/Apache/conf/ssl.wlt/default"
  SSLProtocol TLSv1.2
  SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>

Always back up config files before editing. The $(date +%Y%m%d) suffix keeps backups organised by date.

Step 6

Update httpd.conf

httpd.conf — verify these lines exist

Listen 80
Listen 443
Include conf/ssl.conf

Step 7

Update EBS Context File & Run AutoConfig

This is the step most DBAs miss. The context file drives all generated EBS configuration. Skip this and your EBS URLs will still point to HTTP even after OHS is serving HTTPS.

context file — update these parameters

<s_webentryhost>pc.app.com</s_webentryhost>
<s_webentryurlport>443</s_webentryurlport>
<s_login_page>https://pc.app.com:443/OA_HTML/AppsLocalLogin.jsp</s_login_page>
<s_external_url>https://pc.app.com:443</s_external_url>

bash — run AutoConfig

cd $ADMIN_SCRIPTS_HOME
./adautocfg.sh

Step 8

Open Port 443 on RHEL 8 Firewall

bash — firewalld + SELinux

sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload

# If SELinux is Enforcing
getenforce
sudo semanage port -a -t http_port_t -p tcp 443

Step 9

Bounce OHS & Test HTTPS

bash — restart and verify

$ADMIN_SCRIPTS_HOME/adapcctl.sh stop
$ADMIN_SCRIPTS_HOME/adapcctl.sh start
$ADMIN_SCRIPTS_HOME/adapcctl.sh status

# Test HTTPS (-k bypasses self-signed cert warning)
curl -k -I https://pc.app.com/OA_HTML/AppsLocalLogin.jsp

Expected result: HTTP/1.1 200 OK — HTTPS is live!

Final Verification Checklist

Check	Command	Expected
Wallet created	ls ssl.wlt/default/	✓ cwallet.sso + ewallet.p12
Certificate added	orapki wallet display	✓ CN=pc.app.com
OHS running	adapcctl.sh status	✓ Running
Port 443 open	curl -k https://pc.app.com	✓ HTTP 200 OK
AutoConfig done	adautocfg.sh	✓ Completed
Context file updated	grep 443 $CONTEXT_FILE	✓ Shows port 443

What's Next?

With HTTPS confirmed on https://pc.app.com, your environment is ready to receive Okta SAML assertions securely. In Part 2 of this series, we deploy the Oracle EBS Asserter on WebLogic — the middleware that translates Okta's SAML token into an EBS session.

Hit any issues? Drop a comment with the error message and I'll help troubleshoot.

Oracle EBS R12.2 HTTPS OHS Oracle Wallet orapki SSL Okta SSO RHEL 8

Written by

punitoracledba

Oracle DBA Specialist Lead | Oracle EBS DBA | AWS & AI Learner. Turning real-world database experience into practical knowledge. Follow the full EBS R12.2 + Okta SSO series at punitoracledba.blogspot.com

Oracle Skills GitHub Repository – The Future of AI-Assisted Oracle DBA Operations

ORACLE / SKILLS · GITHUB

Oracle Skills GitHub Repository

The Future of AI-Assisted Oracle DBA Operations

Oracle Skills is a practical GitHub repository designed to help DBAs, developers, and AI agents use structured, source-backed Oracle knowledge for real-world database operations.

Visit Official GitHub Repository

What is Oracle Skills?

Oracle Skills is a curated collection of practical, installable skills for Oracle technologies. It provides reusable guidance for database administration, SQL development, performance tuning, security, monitoring, migrations, DevOps, Oracle Cloud, APEX, Fusion, and GraalVM.

Official Repository:
https://github.com/oracle/skills

Why This Matters for Oracle DBAs

Traditionally, DBAs depend on MOS notes, internal SOPs, SQL scripts, documentation, and personal experience. Oracle Skills introduces a structured model where AI assistants and automation tools can use predefined, version-aware Oracle guidance.

This helps DBAs troubleshoot faster, reduce repeated manual effort, and create more consistent operational workflows.

Key Skill Domains

Domain	Purpose
Admin	Startup, backup, RMAN, patching, tablespaces, maintenance
Performance	AWR, ASH, SQL tuning, wait events, execution plans
Security	Auditing, privileges, encryption, hardening
Monitoring	Database health checks, alerts, diagnostics
Migrations	Upgrade planning, migration approach, cross-version guidance
DevOps	CI/CD, automation, database lifecycle workflows
OCI	Oracle Cloud Infrastructure related operations
APEX / ORDS	Application development and REST services guidance

Simple Example

Instead of manually searching documentation or creating SQL from scratch, a DBA can ask an AI assistant:

Find top SQL statements consuming CPU in the database.

The AI assistant can then use the relevant Oracle skill to provide more accurate and structured guidance.

Installation Example

# Install Oracle Database skills
npx skills add oracle/skills/db

# Install GraalVM skills
npx skills add oracle/skills/graal

How This Helps Oracle EBS DBAs

For Oracle E-Business Suite DBAs, the same concept can become very useful for structured troubleshooting and operational runbooks.

• ADOP troubleshooting
• Concurrent Manager checks
• Workflow Mailer validation
• Invalid object analysis
• Tablespace growth monitoring
• Database performance diagnostics
• Patch readiness validation
• Data Guard and DR checks

Important Point:

AI will not replace strong Oracle fundamentals. But DBAs who combine Oracle knowledge, automation, cloud, and AI-assisted workflows will become more productive and valuable.

Future DBA Skillset

• Oracle Database fundamentals
• Performance tuning and troubleshooting
• Backup, recovery, and DR knowledge
• Cloud and automation skills
• AI-assisted database operations
• Reusable SOP and runbook creation

My Final Thoughts

Oracle Skills is not just another GitHub repository. It represents the direction in which Oracle database operations are moving — structured, source-backed, reusable, and AI-assisted.

For Oracle DBAs, Apps DBAs, Cloud DBAs, and developers, this is the right time to explore how AI-assisted skills can improve daily database operations.

Official Reference

Oracle Skills GitHub Repository

---

Written by Punit Kumar | Oracle DBA | Oracle EBS DBA | Cloud & AI Learning Journey
punitoracledba.blogspot.com

MariaDB DBA Playbook: Architecture, Performance Tuning & Automation Scripts

Architecture Oracle vs MariaDB Commands Performance Security Scripts

📘 DBA Reference Guide · May 2026

MariaDB for DBAs: Architecture, Performance Tuning & Real-World Scripts

A field-tested MariaDB playbook for Oracle, MySQL, and cloud DBAs covering architecture internals, essential commands, performance tuning, security hardening, backup strategy, and automation scripts.

Written by Punit Kumar — Oracle EBS DBA · Cloud DBA · AWS · AI Learner

⏱ 22 min read • MariaDB 10.11 / 11.x • DBA MariaDB Performance Security

🎯

Why This Guide?

This guide is created from a real DBA point of view. It is not only a command list — it is a practical field reference for understanding MariaDB architecture, operating production databases, tuning performance, securing access, and automating daily DBA tasks.

💡 DBA Perspective If you are coming from an Oracle DBA, MySQL DBA, or cloud database background, MariaDB becomes easier when you understand three areas clearly: storage engines, InnoDB behavior, and replication/backup strategy.

⚖️

Oracle DBA View: Oracle vs MariaDB

For Oracle DBAs, MariaDB may look simple at first, but it has its own architecture, memory model, optimizer behavior, replication style, and storage engine flexibility. The table below helps map familiar Oracle concepts to MariaDB concepts.

Area	Oracle	MariaDB	DBA Note
Primary storage	Tablespaces / datafiles	InnoDB tablespaces / .ibd files	MariaDB often uses file-per-table with InnoDB.
Redo	Online redo logs	InnoDB redo log	Critical for crash recovery and write performance.
Undo / MVCC	Undo tablespace	Undo logs in InnoDB	Needed for consistent reads and rollback.
Optimizer	CBO with stats	Cost-based optimizer with table/index stats	EXPLAIN, ANALYZE, and index design are key.
Flashback style	Flashback Query / FDA	System-versioned tables	Useful for audit/history use cases.
HA / replication	Data Guard / GoldenGate / RAC	Binary log replication / GTID / Galera	Design depends on RPO/RTO and workload.
Backup	RMAN	mariabackup / mysqldump	Always test restore, not only backup success.

⚠️ Real DBA Insight Do not treat MariaDB as “just MySQL commands.” Production stability depends on the right engine, right indexing strategy, tested backup, secure grants, and well-designed replication.

🏛

MariaDB Architecture

MariaDB is a community-driven fork of MySQL offering a fully pluggable storage engine architecture, enhanced replication (Galera, GTID), and features like temporal tables, virtual columns, and JSON functions — all production-ready for OLTP and analytical workloads.

Storage Engine Comparison

InnoDB

Default engine. ACID-compliant, MVCC row-level locking, foreign keys, crash recovery. Best for OLTP.

Aria

Crash-safe replacement for MyISAM. Used internally for temp tables. Good for read-heavy workloads.

MyRocks

RocksDB-based LSM tree. Excellent write amplification reduction. Ideal for high-write workloads.

ColumnStore

Columnar storage for OLAP. Parallel query execution on billions of rows. Great for data warehousing.

MEMORY

All data in RAM. No persistence. Ideal for lookup tables and temporary caches.

Spider

Built-in sharding and horizontal partitioning. Federated access across multiple MariaDB nodes.

⚡

Essential DBA Commands

Connection & Server Info

Connection & StatusSQL

-- Connect from command line
mariadb -u root -p -h 127.0.0.1 -P 3306

-- Server version and status
SELECT VERSION();
SHOW STATUS;
SHOW GLOBAL STATUS;
SHOW GLOBAL VARIABLES;
SHOW VARIABLES LIKE '%innodb%';
SHOW VARIABLES LIKE 'max_connections';

-- Current connections
SHOW FULL PROCESSLIST;
SELECT * FROM information_schema.PROCESSLIST
WHERE COMMAND != 'Sleep'
ORDER BY TIME DESC;

-- Kill a specific connection
KILL 12345;
KILL QUERY 12345;  -- kill only the query, keep connection

Database & Schema Management

DDL OperationsSQL

-- Database operations
CREATE DATABASE myapp CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
SHOW DATABASES;
USE myapp;
DROP DATABASE IF EXISTS myapp;

-- Table operations
SHOW TABLES;
SHOW TABLE STATUS;
DESCRIBE employees;
SHOW CREATE TABLE employees\G
SHOW FULL COLUMNS FROM employees;

-- Table size info
SELECT
  table_name,
  ROUND((data_length + index_length) / 1024 / 1024, 2) AS size_mb,
  table_rows,
  engine
FROM information_schema.TABLES
WHERE table_schema = 'myapp'
ORDER BY (data_length + index_length) DESC;

-- Online DDL (MariaDB 10.3+)
ALTER TABLE employees
  ADD COLUMN dept_id INT,
  ADD INDEX idx_dept (dept_id),
  ALGORITHM=INPLACE, LOCK=NONE;

User & Privilege Management

Security & GrantsSQL

-- Create users
CREATE USER 'appuser'@'192.168.1.%' IDENTIFIED BY 'StrongP@ss2024!';
CREATE USER 'readonly'@'%' IDENTIFIED BY 'ReadOnly@123';

-- Grant privileges
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp.* TO 'appuser'@'192.168.1.%';
GRANT SELECT ON myapp.* TO 'readonly'@'%';
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.0.0.%' IDENTIFIED BY 'ReplPass!';
FLUSH PRIVILEGES;

-- Show users and grants
SELECT user, host, password_expired, account_locked
FROM mysql.user ORDER BY user;
SHOW GRANTS FOR 'appuser'@'192.168.1.%';

-- Revoke and drop
REVOKE ALL PRIVILEGES ON myapp.* FROM 'appuser'@'192.168.1.%';
DROP USER 'appuser'@'192.168.1.%';

-- Password policy (MariaDB 10.4+)
SET GLOBAL strict_password_validation = 1;
ALTER USER 'appuser'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;

Replication Commands

Replication ManagementSQL

-- Check replication status (replica side)
SHOW REPLICA STATUS\G        -- MariaDB 10.5+
SHOW SLAVE STATUS\G          -- older syntax

-- Setup replica
CHANGE MASTER TO
  MASTER_HOST = '10.0.0.1',
  MASTER_USER = 'repl',
  MASTER_PASSWORD = 'ReplPass!',
  MASTER_USE_GTID = slave_pos;
START REPLICA;

-- Primary side binlog info
SHOW MASTER STATUS\G
SHOW BINARY LOGS;
SHOW BINLOG EVENTS IN 'mariadb-bin.000010' LIMIT 20;

-- GTID-based operations
SELECT @@gtid_current_pos;
SELECT @@gtid_binlog_pos;

-- Skip one errant transaction
STOP REPLICA;
SET GLOBAL sql_slave_skip_counter = 1;
START REPLICA;

🔥

Performance Tuning

EXPLAIN & Query Analysis

Query AnalysisSQL

-- Basic EXPLAIN
EXPLAIN SELECT * FROM orders WHERE customer_id = 1001;

-- Extended EXPLAIN (shows filtered %)
EXPLAIN EXTENDED SELECT * FROM orders WHERE customer_id = 1001;

-- JSON format (detailed optimizer info)
EXPLAIN FORMAT=JSON
SELECT o.id, c.name, SUM(oi.amount)
FROM orders o
JOIN customers c ON o.customer_id = c.id
JOIN order_items oi ON oi.order_id = o.id
WHERE o.created_at > '2025-01-01'
GROUP BY o.id;

-- Analyze (executes + returns real row counts)
ANALYZE SELECT * FROM orders WHERE status = 'pending';

-- Slow query log check
SHOW VARIABLES LIKE 'slow_query%';
SET GLOBAL slow_query_log = 'ON';
SET GLOBAL long_query_time = 1;  -- seconds

-- Performance schema: top slow queries
SELECT
  DIGEST_TEXT,
  COUNT_STAR,
  ROUND(AVG_TIMER_WAIT/1000000000000, 3) AS avg_sec,
  ROUND(SUM_TIMER_WAIT/1000000000000, 3) AS total_sec
FROM performance_schema.events_statements_summary_by_digest
ORDER BY SUM_TIMER_WAIT DESC
LIMIT 10;

Index Management

Index OperationsSQL

-- Show indexes
SHOW INDEX FROM orders;
SELECT * FROM information_schema.STATISTICS
WHERE TABLE_SCHEMA = 'myapp' AND TABLE_NAME = 'orders';

-- Create indexes
CREATE INDEX idx_orders_status_date ON orders (status, created_at);
CREATE UNIQUE INDEX idx_email ON customers (email);
CREATE FULLTEXT INDEX idx_ft_desc ON products (description);

-- Invisible indexes (test impact without dropping)
ALTER TABLE orders ALTER INDEX idx_status INVISIBLE;
ALTER TABLE orders ALTER INDEX idx_status VISIBLE;

-- Find unused indexes (no seeks/scans)
SELECT object_schema, object_name, index_name
FROM performance_schema.table_io_waits_summary_by_index_usage
WHERE index_name IS NOT NULL
  AND count_star = 0
  AND object_schema NOT IN ('mysql', 'information_schema')
ORDER BY object_schema, object_name;

-- Update table statistics
ANALYZE TABLE orders;
OPTIMIZE TABLE orders;        -- reclaims space, rebuilds indexes
mysqlcheck -u root -p --all-databases --analyze

InnoDB Buffer Pool & Memory

InnoDB TuningSQL

-- Buffer pool hit ratio (should be > 99%)
SELECT
  ROUND(
    (1 - (
      (SELECT variable_value FROM information_schema.GLOBAL_STATUS WHERE variable_name = 'Innodb_buffer_pool_reads') /
      (SELECT variable_value FROM information_schema.GLOBAL_STATUS WHERE variable_name = 'Innodb_buffer_pool_read_requests')
    )) * 100, 2
  ) AS buffer_pool_hit_ratio;

-- InnoDB status
SHOW ENGINE INNODB STATUS\G

-- Check buffer pool usage
SELECT
  pool_id,
  pool_size,
  free_buffers,
  database_pages,
  ROUND(database_pages / pool_size * 100, 1) AS pct_used
FROM information_schema.INNODB_BUFFER_POOL_STATS;

-- Memory usage overview
SELECT * FROM sys.memory_global_total;
SELECT event_name, current_alloc, high_alloc
FROM sys.memory_global_by_current_bytes
LIMIT 10;

Key Configuration Parameters

Parameter	Recommended Value	Description
innodb_buffer_pool_size	70–80% of RAM	Most critical setting. Caches data and index pages.
innodb_buffer_pool_instances	8–16	Reduce contention on multi-core systems.
innodb_log_file_size	1–4 GB	Redo log size. Larger = fewer checkpoints, faster writes.
innodb_flush_log_at_trx_commit	1 (ACID) / 2 (perf)	1 = full durability. 2 = 1s data loss risk, faster.
innodb_io_capacity	200–2000 (SSD: 2000+)	InnoDB background I/O operations per second.
max_connections	150–500	Max simultaneous connections. Use connection pooling.
query_cache_type	0 (OFF)	Query cache is deprecated; use ProxySQL/application cache.
tmp_table_size	64M–256M	In-memory temp table size before disk spill.
thread_pool_size	CPU cores	MariaDB thread pool for high-concurrency workloads.
binlog_format	ROW	Most reliable for replication. MIXED for storage savings.

my.cnf — Production TemplateCONFIG

# /etc/mysql/mariadb.conf.d/99-custom.cnf
[mysqld]
# ── Engine ──────────────────────────────────────────
default_storage_engine     = InnoDB
innodb_buffer_pool_size    = 12G      # 75% of 16G RAM
innodb_buffer_pool_instances = 8
innodb_log_file_size       = 2G
innodb_flush_log_at_trx_commit = 1
innodb_flush_method        = O_DIRECT
innodb_io_capacity         = 2000     # NVMe SSD
innodb_io_capacity_max     = 4000
innodb_read_io_threads     = 8
innodb_write_io_threads    = 8

# ── Connections ────────────────────────────────────
max_connections            = 300
thread_pool_size           = 16
thread_cache_size          = 64
wait_timeout               = 300
interactive_timeout        = 300

# ── Memory ─────────────────────────────────────────
tmp_table_size             = 128M
max_heap_table_size        = 128M
sort_buffer_size           = 4M
join_buffer_size           = 4M
read_buffer_size           = 2M
read_rnd_buffer_size       = 4M

# ── Logging ────────────────────────────────────────
slow_query_log             = 1
slow_query_log_file        = /var/log/mysql/slow.log
long_query_time            = 1
log_queries_not_using_indexes = 1
general_log                = 0       # enable only for debugging

# ── Replication ────────────────────────────────────
server_id                  = 1
log_bin                    = /var/log/mysql/mariadb-bin
binlog_format              = ROW
expire_logs_days           = 7
gtid_strict_mode           = 1
sync_binlog                = 1

# ── Character Set ──────────────────────────────────
character_set_server       = utf8mb4
collation_server           = utf8mb4_unicode_ci

💾

Backup & Recovery

mariabackup (Physical Backup)

mariabackup — Full & IncrementalBASH

# Full backup
mariabackup --backup \
  --user=root \
  --password='yourpassword' \
  --target-dir=/backup/full/$(date +%Y%m%d)

# Prepare (apply redo logs)
mariabackup --prepare \
  --target-dir=/backup/full/20260509

# Incremental backup (after full)
mariabackup --backup \
  --user=root --password='yourpassword' \
  --target-dir=/backup/incr/$(date +%Y%m%d_%H) \
  --incremental-basedir=/backup/full/20260509

# Prepare incremental
mariabackup --prepare \
  --target-dir=/backup/full/20260509 \
  --incremental-dir=/backup/incr/20260509_02

# Restore
systemctl stop mariadb
rm -rf /var/lib/mysql/*
mariabackup --copy-back --target-dir=/backup/full/20260509
chown -R mysql:mysql /var/lib/mysql
systemctl start mariadb

mysqldump (Logical Backup)

Logical BackupBASH

# Full dump with GTID info
mysqldump -u root -p \
  --all-databases \
  --single-transaction \
  --flush-logs \
  --master-data=2 \
  --routines \
  --triggers \
  --events \
  --hex-blob \
  | gzip > /backup/full_$(date +%Y%m%d).sql.gz

# Single database
mysqldump -u root -p --single-transaction myapp \
  | gzip > /backup/myapp_$(date +%Y%m%d).sql.gz

# Restore
zcat /backup/myapp_20260509.sql.gz | mysql -u root -p myapp

# Dump only structure
mysqldump -u root -p --no-data myapp > myapp_schema.sql

# Dump only data (no create statements)
mysqldump -u root -p --no-create-info myapp > myapp_data.sql

💡 DBA Tip Always use --single-transaction with InnoDB for a consistent snapshot without locking. Never use --lock-all-tables in production — it blocks all writes.

⚠️ Critical — Test Your Restores A backup you've never restored is not a backup. Schedule monthly restore drills to a separate environment and verify row counts and application functionality.

🔐

Security Hardening

Security Audit Queries

Security ChecksSQL

-- Users with no password
SELECT user, host FROM mysql.user
WHERE (authentication_string = '' OR authentication_string IS NULL)
  AND plugin NOT IN ('unix_socket', 'gssapi');

-- Users with global privileges (risky)
SELECT user, host, Super_priv, Grant_priv, File_priv, Process_priv
FROM mysql.user
WHERE Super_priv = 'Y' OR Grant_priv = 'Y';

-- Anonymous users
SELECT user, host FROM mysql.user WHERE user = '';
DELETE FROM mysql.user WHERE user = '';
FLUSH PRIVILEGES;

-- Wildcard host access
SELECT user, host FROM mysql.user WHERE host = '%';

-- Audit plugin status
SHOW PLUGINS;
SELECT * FROM information_schema.PLUGINS
WHERE PLUGIN_NAME LIKE '%audit%';

-- Enable MariaDB Audit Plugin
INSTALL SONAME 'server_audit';
SET GLOBAL server_audit_logging = 'ON';
SET GLOBAL server_audit_events = 'QUERY,CONNECT';
SET GLOBAL server_audit_file_path = '/var/log/mysql/audit.log';

SSL Configuration

SSL/TLS SetupBASH

# Generate self-signed CA (production: use real CA)
openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem

# Server certificate
openssl req -newkey rsa:2048 -days 3650 \
  -nodes -keyout server-key.pem > server-req.pem
openssl x509 -req -in server-req.pem -days 3650 \
  -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial > server-cert.pem

# Add to my.cnf [mysqld]
# ssl-ca   = /etc/mysql/ssl/ca-cert.pem
# ssl-cert = /etc/mysql/ssl/server-cert.pem
# ssl-key  = /etc/mysql/ssl/server-key.pem
# require_secure_transport = ON

🛠

DBA Automation Scripts

Health Check Script

mariadb_health_check.shBASH

#!/bin/bash
# MariaDB Health Check Script
# Usage: ./mariadb_health_check.sh

DB_USER="root"
DB_PASS="yourpassword"
DB_HOST="127.0.0.1"
LOG_FILE="/var/log/mariadb_health_$(date +%Y%m%d).log"
ALERT_EMAIL="dba@yourcompany.com"

MYSQL="mysql -u${DB_USER} -p${DB_PASS} -h${DB_HOST} -e"
ISSUES=0

log() { echo "[$(date '+%F %T')] $1" | tee -a $LOG_FILE; }

log "=== MariaDB Health Check Start ==="

# 1. Uptime
UPTIME=$($MYSQL "SHOW GLOBAL STATUS LIKE 'Uptime';" | awk 'NR==2{print $2}')
log "Uptime: ${UPTIME}s ($(( UPTIME / 86400 )) days)"

# 2. Connections (warn if > 80%)
MAX_CONN=$($MYSQL "SHOW VARIABLES LIKE 'max_connections';" | awk 'NR==2{print $2}')
CURR_CONN=$($MYSQL "SHOW GLOBAL STATUS LIKE 'Threads_connected';" | awk 'NR==2{print $2}')
PCT=$(( CURR_CONN * 100 / MAX_CONN ))
if [ $PCT -gt 80 ]; then
  log "WARN: Connections at ${PCT}% (${CURR_CONN}/${MAX_CONN})"
  ISSUES=$(( ISSUES + 1 ))
else
  log "OK: Connections ${CURR_CONN}/${MAX_CONN} (${PCT}%)"
fi

# 3. Buffer pool hit ratio
READS=$($MYSQL "SHOW GLOBAL STATUS LIKE 'Innodb_buffer_pool_reads';" | awk 'NR==2{print $2}')
REQS=$($MYSQL "SHOW GLOBAL STATUS LIKE 'Innodb_buffer_pool_read_requests';" | awk 'NR==2{print $2}')
HIT_RATIO=$(echo "scale=2; (1 - $READS / $REQS) * 100" | bc)
log "Buffer pool hit ratio: ${HIT_RATIO}%"

# 4. Replication lag
LAG=$($MYSQL "SHOW REPLICA STATUS\G" 2>/dev/null | grep "Seconds_Behind_Master:" | awk '{print $2}')
if [[ "$LAG" != "NULL" ]] && [[ $LAG -gt 30 ]]; then
  log "WARN: Replication lag = ${LAG}s"
  ISSUES=$(( ISSUES + 1 ))
else
  log "OK: Replication lag = ${LAG:-N/A}s"
fi

# 5. Long running queries (> 60s)
LONG_QUERIES=$($MYSQL "SELECT COUNT(*) FROM information_schema.PROCESSLIST WHERE TIME > 60 AND COMMAND != 'Sleep';" | awk 'NR==2{print $1}')
if [ $LONG_QUERIES -gt 0 ]; then
  log "WARN: ${LONG_QUERIES} long-running queries detected"
  ISSUES=$(( ISSUES + 1 ))
fi

# 6. Summary
if [ $ISSUES -gt 0 ]; then
  log "ALERT: ${ISSUES} issue(s) found. Sending email..."
  mail -s "MariaDB Health Alert - $(hostname)" $ALERT_EMAIL < $LOG_FILE
else
  log "All checks passed."
fi
log "=== Health Check End ==="

Automated Backup Script

mariadb_backup.shBASH

#!/bin/bash
# MariaDB Full + Incremental Backup with Retention

BACKUP_ROOT="/backup/mariadb"
FULL_DIR="${BACKUP_ROOT}/full"
INCR_DIR="${BACKUP_ROOT}/incr"
LOG="/var/log/mariadb_backup.log"
RETENTION_DAYS=7
DB_USER="root"
DB_PASS="yourpassword"
TODAY=$(date +%Y%m%d)
DOW=$(date +%u)  # 1=Mon, 7=Sun

mkdir -p $FULL_DIR $INCR_DIR

log() { echo "[$(date '+%F %T')] $*" | tee -a $LOG; }

if [ "$DOW" -eq 7 ]; then
  # Sunday: Full backup
  log "Starting FULL backup..."
  mariabackup --backup \
    --user=$DB_USER --password="${DB_PASS}" \
    --target-dir=${FULL_DIR}/$TODAY 2>>$LOG
  mariabackup --prepare --target-dir=${FULL_DIR}/$TODAY 2>>$LOG
  # Store the latest full dir path
  echo ${FULL_DIR}/$TODAY > /tmp/last_full_backup.txt
  log "Full backup complete."
else
  # Other days: incremental
  LAST_FULL=$(cat /tmp/last_full_backup.txt)
  log "Starting INCREMENTAL backup based on ${LAST_FULL}..."
  mariabackup --backup \
    --user=$DB_USER --password="${DB_PASS}" \
    --target-dir=${INCR_DIR}/$TODAY \
    --incremental-basedir=$LAST_FULL 2>>$LOG
  log "Incremental backup complete."
fi

# Cleanup old backups
log "Cleaning up backups older than ${RETENTION_DAYS} days..."
find $FULL_DIR -maxdepth 1 -type d -mtime +$RETENTION_DAYS -exec rm -rf {} \;
find $INCR_DIR -maxdepth 1 -type d -mtime +$RETENTION_DAYS -exec rm -rf {} \;

log "Backup job finished. Size: $(du -sh ${BACKUP_ROOT} | cut -f1)"

Top Tables & Bloat Finder

Table Bloat & StatisticsSQL

-- Top 20 largest tables across all databases
SELECT
  table_schema AS 'Database',
  table_name   AS 'Table',
  engine,
  FORMAT(table_rows, 0)                                   AS rows,
  ROUND(data_length  / 1024 / 1024, 2)                    AS data_mb,
  ROUND(index_length / 1024 / 1024, 2)                    AS index_mb,
  ROUND((data_length + index_length) / 1024 / 1024, 2)    AS total_mb,
  ROUND(data_free   / 1024 / 1024, 2)                    AS free_mb,
  ROUND(data_free / (data_length + 1) * 100, 1)           AS bloat_pct
FROM information_schema.TABLES
WHERE table_schema NOT IN ('information_schema', 'mysql',
                            'performance_schema', 'sys')
  AND table_type = 'BASE TABLE'
ORDER BY (data_length + index_length) DESC
LIMIT 20;

-- Tables needing OPTIMIZE (>20% bloat)
SELECT
  CONCAT(table_schema, '.', table_name) AS full_name,
  ROUND(data_free / 1024 / 1024, 1) AS wasted_mb
FROM information_schema.TABLES
WHERE data_free / (data_length + 1) > 0.2
  AND data_free > 100 * 1024 * 1024
  AND engine = 'InnoDB'
ORDER BY data_free DESC;

Galera Cluster Status

Galera / Cluster MonitoringSQL

-- Cluster membership and sync state
SHOW STATUS LIKE 'wsrep_%';

-- Quick health summary
SELECT
  variable_name,
  variable_value
FROM information_schema.GLOBAL_STATUS
WHERE variable_name IN (
  'wsrep_cluster_size',
  'wsrep_cluster_status',
  'wsrep_connected',
  'wsrep_local_state_comment',
  'wsrep_ready',
  'wsrep_flow_control_paused'
);

-- Flow control check (pause > 0.1 = bottleneck)
SHOW STATUS LIKE 'wsrep_flow_control_paused';

⚡ Performance Reminder wsrep_flow_control_paused consistently above 0.1 indicates a lagging node is slowing the entire cluster. Check for long-running transactions, high write volume, or undersized nodes.

Useful Monitoring Queries (Daily DBA)

Daily Monitoring DashboardSQL

-- Active transactions with lock waits
SELECT
  r.trx_id waiting_id,
  r.trx_mysql_thread_id waiting_thread,
  r.trx_query waiting_query,
  b.trx_id blocking_id,
  b.trx_mysql_thread_id blocking_thread,
  b.trx_query blocking_query
FROM information_schema.INNODB_LOCK_WAITS w
JOIN information_schema.INNODB_TRX b ON b.trx_id = w.blocking_trx_id
JOIN information_schema.INNODB_TRX r ON r.trx_id = w.requesting_trx_id;

-- Open transactions (running > 60s)
SELECT
  trx_id, trx_started,
  TIMESTAMPDIFF(SECOND, trx_started, NOW()) AS age_sec,
  trx_query, trx_rows_modified
FROM information_schema.INNODB_TRX
WHERE TIMESTAMPDIFF(SECOND, trx_started, NOW()) > 60
ORDER BY trx_started;

-- Deadlock info
SHOW ENGINE INNODB STATUS\G

-- Per-database size summary
SELECT
  table_schema,
  COUNT(*) AS tables,
  ROUND(SUM(data_length + index_length) / 1024 / 1024 / 1024, 3) AS total_gb
FROM information_schema.TABLES
WHERE table_schema NOT IN ('information_schema', 'mysql',
                            'performance_schema', 'sys')
GROUP BY table_schema
ORDER BY total_gb DESC;

-- sys schema: top wait events
SELECT * FROM sys.waits_global_by_latency LIMIT 10;

-- sys schema: queries causing full table scans
SELECT query, exec_count, total_latency, no_index_used_count
FROM sys.statements_with_full_table_scans
ORDER BY total_latency DESC
LIMIT 10;

⏱

MariaDB-Specific Features

System Versioned (Temporal) Tables

Temporal TablesSQL

-- Create a versioned table (audit history built-in)
CREATE TABLE employee_salary (
  id       INT PRIMARY KEY,
  emp_id   INT,
  salary   DECIMAL(10,2),
  dept     VARCHAR(50)
) WITH SYSTEM VERSIONING;

-- Query historical data (as of a point in time)
SELECT * FROM employee_salary
FOR SYSTEM_TIME AS OF '2025-01-01 00:00:00'
WHERE emp_id = 42;

-- Query a time range
SELECT * FROM employee_salary
FOR SYSTEM_TIME BETWEEN '2024-01-01' AND '2025-01-01'
WHERE emp_id = 42;

-- Full history
SELECT * FROM employee_salary FOR SYSTEM_TIME ALL
WHERE emp_id = 42
ORDER BY row_start;

-- Dynamic columns (JSON-like, MariaDB native)
CREATE TABLE inventory (
  id   INT PRIMARY KEY,
  name VARCHAR(100),
  attrs BLOB
);
INSERT INTO inventory VALUES (1, 'Widget',
  COLUMN_CREATE('color', 'blue', 'weight_kg', 1.5));
SELECT COLUMN_GET(attrs, 'color' AS CHAR) FROM inventory;

💡 Oracle DBA Note System versioned tables are MariaDB's equivalent of Oracle Flashback Data Archive (FDA/Total Recall). Unlike Oracle, no extra licensing is required — it's built into every MariaDB installation.

🏁

Final Thoughts

MariaDB is not only a MySQL alternative. It is a serious database platform for OLTP, analytics, cloud workloads, and enterprise applications when it is configured and operated correctly.

As a DBA, always focus on four pillars:

Performance

Use the right indexes, review execution plans, size InnoDB memory correctly, and monitor slow queries.

Stability

Control connections, manage logs, tune I/O, and avoid risky production changes without testing.

Security

Use least privilege, remove anonymous users, avoid wildcard access, enforce SSL/TLS, and enable auditing.

Automation

Automate health checks, backups, replication checks, and daily monitoring to reduce manual errors.

💬 Connect With Me If you found this guide useful, connect with me and follow my DBA learning journey for more Oracle, MariaDB, AWS, AI, and real-world database engineering content.

📋 Contents

Why This Guide Oracle vs MariaDB Architecture Overview Storage Engines Essential Commands Connection & Info DDL & Users Replication Performance Tuning EXPLAIN & Indexes InnoDB Config my.cnf Template Backup & Recovery Security Hardening DBA Scripts Health Check Auto Backup Daily Monitoring MariaDB Features Final Thoughts

⚙️ Quick Reference

📖 Official Docs ↗ ⏱ Temporal Tables ↗ 🔄 Galera Cluster ↗ 💾 mariabackup ↗

🔖 Versions

11.4 LTS (Current) 10.11 LTS 10.6 LTS

⚠️ DBA Reminders

Always test backups monthly. Use --single-transaction. Set expire_logs_days. Never use root for apps. Enable the audit plugin.