Oracle E-Business Suite (EBS) System Schema Migration
With AD and TXK Delta 13, EBS has implemented a set of structural changes that modernize the EBS database architecture. These changes introduce a new schema named EBS_SYSTEM, which is defined with a least privileges model that utilizes public database APIs. In addition, connections from the application tier to the database have been updated to utilize database service names.
Oracle E-Business Suite (EBS) Release 12.2 to use the new EBS System Schema (EBS_SYSTEM
).
Section 1: Overview of the EBS System Schema
The Release 12.2 database architecture has been modernized by adoption of the Oracle E-Business Suite System Schema, EBS_SYSTEM
.
Prior to the introduction of the EBS_SYSTEM
schema, Oracle E-Business Suite installed application objects in the Oracle Database SYS
and SYSTEM
schemas.
Migration to the EBS System Schema obviates the need for any EBS-owned objects to reside in the SYS
or SYSTEM
schemas.
Key characteristics of the EBS System Schema include:
- Creation of the
EBS_SYSTEM
schema and associated grant management is performed as follows:
- Creation of the
EBS_SYSTEM
schema and is performed bySYS
running theadgrants.sql
script (supplying theAPPS
account as the parameter) before applying the AD-TXK Delta 13 RUPs. - Grants required by the
APPS
account are given by theapps_adgrants.sql
script being run automatically by the AD-TXK Delta 13 RUP installation process. This script does not need to be run manually as part of normal patching operations.
- Creation of the
- All EBS database objects that currently reside in the
SYS
orSYSTEM
schemas are migrated to appropriate Oracle E-Business Suite schemas. Depending upon the EBS object type and function, the object is migrated toEBS_SYSTEM
,APPS
, orAPPS_NE
.
- All Oracle E-Business Suite administration actions (such as running adop, adadmin and other utilities) are now performed by
EBS_SYSTEM
.
- Access to the Oracle database
SYS
andSYSTEM
and the Oracle database server operating system is no longer required for Oracle E-Business Suite system administrative functions.
- If any grants need to be fixed after the AD-TXK Delta 13 RUP is applied,
Key benefits of migrating to the EBS System Schema include the provision of support for the following:
- Public Oracle Database APIs
- Least Privileges Model for database object access
- Separation of Duties for administrators
- Database service names for application tier database connections
- Oracle Database Unified Auditing
- Easier interoperability across Oracle Database releases
Diagram 1 - The modernized Oracle E-Business Suite database and its key features
1.1 Public Oracle Database APIs
As part of the Oracle E-Business Suite System Schema Migration, all Oracle E-Business Suite code is updated to map to public Oracle database dictionary objects and APIs. Utilizing public Oracle database APIs provides further capability to lock down EBS runtime accounts.
1.2 Least Privileges Model for Database Object Access
With the migration to the EBS_SYSTEM
schema and usage of
public Oracle Database APIs, runtime accounts may be constrained even
further. As part of this feature, unnecessary privileges are revoked
from Oracle E-Business Suite application accounts.
1.3 Separation of Duties for Administrators
Migration to the EBS_SYSTEM
schema makes it possible to
separate the role of the Oracle E-Business Suite system administrators
from database administrators. All Oracle E-Business Suite
administration actions (such as running adop, adadmin, and other
utilities) will now prompt for the EBS_SYSTEM
password instead of the SYSTEM
password. Highly privileged operations that were previously run by the SYS
or SYSTEM
accounts are now run by EBS_SYSTEM
.
Access to the Oracle database SYS
and SYSTEM
and the Oracle database server operating system is no longer required
for Oracle E-Business Suite system administration functions. Database
patching may be performed by the Oracle database administrator, and
Oracle E-Business Suite patching may be performed by the Oracle
E-Business Suite system administrator or applications database
administrator (DBA).
The passwords for EBS_SYSTEM
and SYSTEM
must match until after the Completion Patch is successfully applied.
Once the Completion Patch has been successfully applied, the password
for EBS_SYSTEM
should be changed to be different from the SYSTEM
schema password.
1.4 Database Service Names for Application Tier Database Connections
As part of modernizing the Oracle E-Business Suite, connections from the Oracle E-Business Suite application tier to the Oracle E-Business Suite database are now performed using database service names.
1.5 Support for Oracle Database Unified Auditing
Once all requirements are met, Oracle E-Business Suite customers are
now able to utilize Unified Auditing, the latest method for auditing an
Oracle Database. With Unified Auditing, audit data is combined into a
single audit trail. A new schema, AUDSYS
, is used for
storing the Unified Audit Trail. Separation of duties is achieved with
multiple database roles to audit configuration and view the audit data.
1.6 Streamline Database Directory Objects
Following migration to EBS System Schema (EBS_SYSTEM
), the APPS
schema will no longer have the ability to create database directory
objects. Database directory objects are now created by the EBS_SYSTEM
user.
The following four standard new database directory objects are created with the privileges shown:
Object Name | Privileges |
---|---|
EBS_LOG | Read/Write |
EBS_TEMP | Read/Write |
EBS_INBOUND | Read |
EBS_OUTBOUND | Write |
By default, the database directory objects are mapped to a temporary directory in the $ORACLE_HOME on the database tier file system. If a large number of files are written to this directory, your $ORACLE_HOME database tier file system may reach capacity: it is therefore recommended that you instead map the database directory objects to a secure location in a separate mount point from your $ORACLE_HOME database tier file system. For more information, refer to the Oracle Database documentation for your specific database release.
1.7 Interoperabilty Across Oracle Database Releases
Oracle E-Business Suite uptake of database releases will be made easier by EBS only referencing public database views and APIs.
References : Doc ID 2755875.1
No comments:
Post a Comment