DBMS_CLOUD_LINK Package
The DBMS_CLOUD_LINK
package allows a user to
register a table or a view as a data set for read only access with Cloud Links.
- DBMS_CLOUD_LINK Overview
Describes the use of theDBMS_CLOUD_LINK
package. - Summary of DBMS_CLOUD_LINK Subprograms
Shows a table with a summary of the subprograms included in theDBMS_CLOUD_LINK
package.
Parent topic: Autonomous Database Supplied Package Reference
DBMS_CLOUD_LINK Overview
Describes the use of the DBMS_CLOUD_LINK
package.
The DBMS_CLOUD_LINK
package
provides the REGISTER
procedure that allows you to register a table
or a view as a data set for use with Cloud Links. Before you can register a data
set, the ADMIN user must grant a user permission to register a data set using the
DBMS_CLOUD_LINK_ADMIN.GRANT_REGISTER
procedure. After
the ADMIN runs GRANT_REGISTER
, a user can register a table or a
view they own as a registered data set (or register an object in another schema if
the user has READ WITH GRANT OPTION
privilege on the object).
Registered data sets provide remote access to the registered object with Cloud
Links, subject to the scope specified with the REGISTER
procedure.
To run DBMS_CLOUD_LINK.REGISTER
you have to have execute privilege on DBMS_CLOUD_LINK.REGISTER
, in addition to having
previously run DBMS_CLOUD_LINK_ADMIN.GRANT_REGISTER
. Only the ADMIN
user and schemas with PDB_DBA
role have execute privilege on DBMS_CLOUD_LINK.REGISTER
by
default.
Parent topic: DBMS_CLOUD_LINK Package
Summary of DBMS_CLOUD_LINK Subprograms
Shows a
table with a summary of the subprograms included in the DBMS_CLOUD_LINK
package.
Subprogram | Description |
---|---|
This function retrieves the description for a data set. The
description is provided when a data set is registered with |
|
Retrieves the namespace, name, and description for data sets that match the search string. Matching data sets are only shown if they are accessible to the user, based on access restrictions. |
|
Returns a unique identifier for the Autonomous Database instance. Repeated
calls to |
|
Grants authorization to a specified database to access the specified data set. |
|
Registers a table or view as data set. |
|
Revokes authorization for a specified database to access the specified data set. |
|
Removes a registered data set. |
- DESCRIBE Function
This function retrieves the description for a data set. The description is provided when a data set is registered withDBMS_CLOUD_LINK.REGISTER
. - FIND Procedure
This procedure retrieves the namespace, name, and description for data sets that match the search string. Matching data sets are only shown if they are accessible to the user, based on access restrictions. - GET_DATABASE_ID Function
The function returns a unique identifier for the Autonomous Database instance. Repeated calls toDBMS_CLOUD_LINK.GET_DATABASE_ID
on the same instance always return the same value. - GRANT_AUTHORIZATION Procedure
This procedure grants authorization to a specified database to access the specified data set. - REGISTER Procedure
The procedure registers a table or a view as a data set to allow remote read only access, subject to restrictions imposed by thescope
parameter. - REVOKE_AUTHORIZATION Procedure
This procedure revokes authorization for a specified database to access the specified data set. - UNREGISTER Procedure
The procedure allows a user who previously registered a table or a view with theREGISTER
procedure to unregister the table or view so that it no longer is available for remote access.
Parent topic: DBMS_CLOUD_LINK Package
DESCRIBE Function
DBMS_CLOUD_LINK.REGISTER
.
Syntax
DBMS_CLOUD_LINK.DESCRIBE
(
namespace IN VARCHAR2,
name IN VARCHAR2
) return CLOB;
Parameters
Parameter | Description |
---|---|
|
Specifies the namespace of registered data set. |
|
Specifies the name of a registered data set. |
Usage Note
You can use this function subject to the access restrictions imposed at registration
time with DBMS_CLOUD_LINK.REGISTER
. If a data set is not accessible
to a database, then its description will not be retrieved.
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
FIND Procedure
Syntax
DBMS_CLOUD_LINK.FIND
(
search_string IN VARCHAR2,
search_result OUT CLOB
);
Parameters
Parameter | Description |
---|---|
|
Specifies the search string. The search string is not case sensitive. |
|
A JSON document that includes the namespace, name, and description values for the data set. |
Usage Note
The search string is not case sensitive and the package leverages free text search using Oracle Text.
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
GET_DATABASE_ID Function
DBMS_CLOUD_LINK.GET_DATABASE_ID
on the same instance
always return the same value.
You can call this function on a database that is accessing a registered data set remotely to obtain the database ID. This allows you to provide the database iD so that a data set owner can leverage a more fine-grained data access control, for example with VPD, based on a specified database IDs from remote sites.
A database ID identifies each remote database that accesses a registered data set, to track and audit access in the V$CLOUD_LINK_ACCESS_STATS and GV$CLOUD_LINK_ACCESS_STATS Views on the database that owns a registered data set.
Syntax
DBMS_CLOUD_LINK.GET_DATABASE_ID
()
RETURN VARCHAR2;
Usage Notes
Cloud links use the unique identifier that DBMS_CLOUD_LINK.GET_DATABASE_ID
returns to identify
individual databases that are accessing a data set remotely. The database owning the
registered data set tracks and audits the database ID as a record of the origin for
data set access in the V$CLOUD_LINK_ACCESS_STATS and GV$CLOUD_LINK_ACCESS_STATS Views.
The DBMS_CLOUD_LINK.GET_DATABASE_ID
identifier is available
as a SYS_CONTEXT
value so that you can programmatically obtain this
information about a connecting remote session using SYS_CONTEXT
, to
further restrict and control what specific data can be accessed remotely by
individual Autonomous Database instances
with Virtual Private Databases (VPD)s.
Return Values
A unique identifier for the Autonomous Database instance of VARCHAR2
.
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
GRANT_AUTHORIZATION Procedure
Syntax
DBMS_CLOUD_LINK.GRANT_AUTHORIZATION
(
database_id IN VARCHAR2,
namespace IN VARCHAR2 DEFAULT,
name IN VARCHAR2
);
Parameters
Parameter | Description |
---|---|
|
Specifies the database ID for an Autonomous Database
instance. Use |
|
Specifies the data set namespace to grant access
authorization for the specified
|
|
Specifies the data set name to grant access
authorization for the specified
|
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
REGISTER Procedure
scope
parameter.
Syntax
DBMS_CLOUD_LINK.REGISTER
(
schema_name IN VARCHAR2,
schema_object IN VARCHAR2,
namespace IN VARCHAR2,
name IN VARCHAR2,
description IN CLOB,
scope IN CLOB,
auth_required IN BOOLEAN DEFAULT,
data_set_owner IN VARCHAR2 DEFAULT,
offload_targets IN CLOB DEFAULT
);
Parameters
Parameter | Description |
---|---|
|
Specifies the owner of the table or view specified
with the |
schema_object |
Specifies the name of a table or a view. Valid objects are:
Other objects such as analytic views or synonyms are not supported. |
namespace |
Specifies the namespace for the data set. A |
name |
Specifies the name for the data set. |
description |
Specifies text to describe the data. |
scope |
Describes who is allowed to access the data set. The value is a comma separated list consisting of one or more of the following:
The scope values, |
|
Specifies that an additional authorization is required for databases to read from the data set. The following cases are possible:
|
|
Specifies the data set owner. This is indicates who
the data set belongs to or who is responsible for updating and
maintaining the data set. For example, you can set the
|
|
Specifies one or more Autonomous Database OCIDs of refreshable clones where access to data sets is offloaded, from the Autonomous Database where the data set is registered. The
For example, the following shows a JSON sample with
three
When a data set consumer requests access to a data
set that you register with For example, the following shows a JSON sample with
one explicit
See Use Refreshable Clones with Autonomous Database for information on using refreshable clones. |
Usage Notes
-
You can register an object in another schema if you have
READ WITH GRANT OPTION
privilege on the object. -
After you register an object, users may need to wait up to ten (10) minutes to access the object with Cloud Links.
-
To change the scope for an existing data set, you must first unregister the data set with
DBMS_CLOUD_LINK.UNREGISTER
. Then you need to register the data set with the new scope withDBMS_CLOUD_LINK.REGISTER
. The total wait time for these two operations can be up to 20 minutes, including 10 minutes for the unregister and another 10 minutes for the register to be propagated and accessible through Cloud Links.This delay can also impact the visibility of the data set in the both the
DBA_CLOUD_LINK_REGISTRATIONS
andDBA_CLOUD_LINK_ACCESS
views. -
You can register a table or view that resides in another user's schema when the you have
READ
WITH
GRANT
OPTION
privileges for the table or view. -
The scope you set when you register a data set is only honored when it matches or is more restrictive than the value set with
DBMS_CLOUD_LINK_ADMIN.GRANT_REGISTER
. For example, assume the ADMIN granted the scope'MY$TENANCY'
withGRANT_REGISTER
, and the user specifies'MY$REGION'
when they register a data set withDBMS_CLOUD_LINK.REGISTER
. In this case they would see an error such as the following:ORA-20001: Share privileges are not enabled for current user or it is enabled but not for scope MY$REGION
-
Certain hierarchical validity checks for registration cannot happen at registration time. Invalid registrations will not be visible, discoverable, or even accessible to anyone.
-
To use
DBMS_CLOUD_LINK.REGISTER
, you must have execute privilege on theDBMS_CLOUD_LINK
package, in addition to the register privilege assigned withDBMS_CLOUD_LINK_ADMIN.GRANT_REGISTER
. Only the ADMIN user and schemas withPDB_DBA
have this privilege by default. -
When you register a data set on a refreshable clone in a remote region, the invocation of
DBMS_CLOUD_LINK.REGISTER
on the remote region clone must use the same parameters with the same values as on the source database, with the exception of theoffload_targets
parameter.For example, when you run
DBMS_CLOUD_LINK.REGISTER
with scope set toMY$COMPARTMENT
on the source Autonomous Database instance, run the procedure again on the cross-region refreshable clone with the same scope parameter value (MY$COMPARTMENT
). -
If you specify the
offload_targets
parameter withDBMS_CLOUD_LINK.REGISTER
on source, you should omit this parameter when you register the data set on a cross-region refreshable clone.
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
REVOKE_AUTHORIZATION Procedure
Syntax
DBMS_CLOUD_LINK.REVOKE_AUTHORIZATION
(
database_id IN VARCHAR2,
namespace IN VARCHAR2 DEFAULT,
name IN VARCHAR2
);
Parameters
Parameter | Description |
---|---|
|
Specifies the database ID for an Autonomous Database
instance. Use |
|
Specifies the data set namespace to revoke access
authorization for the specified
|
|
Specifies the data set name to revoke access
authorization for the specified
|
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms
UNREGISTER Procedure
REGISTER
procedure to unregister the table or view so that it no
longer is available for remote access.
Syntax
DBMS_CLOUD_LINK.UNREGISTER
(
namespace IN VARCHAR2,
name IN VARCHAR2
);
Parameters
Parameter | Description |
---|---|
|
Specifies a username. |
name |
Specifies the name for the data set. |
Usage Note
DBMS_CLOUD_LINK.UNREGISTER
may also take up to ten (10) minutes to fully propagate, after which the data can
longer be accessed remotely.
Parent topic: Summary of DBMS_CLOUD_LINK Subprograms