SQL Profiler described in Section 3.3 locates and diagnoses poorly running SQL queries in applications.pgsnmpd described in Section 3.4 is an SNMP agent that returns hierarchical monitoring information regarding the current state of Advanced Server.
Virtual Private Database described in Section 4.2 provides fine-grained, row level access.Data redaction described in Section 4.4 provides protection against sensitive data exposure.
1.1 What’s New
In the following descriptions a term refers to any word or group of words that may be language keywords, user-supplied values, literals, etc. A term’s exact meaning depends upon the context in which it is used.
The examples use the sample tables, dept, emp, and jobhist, created and loaded when Advanced Server is installed.where xx is the Advanced Server version number.
Advanced Server includes extended functionality that provides compatibility for syntax supported by Oracle applications. Detailed information about all of the compatibility features supported by Advanced Server is provided in the Database Compatibility for Oracle Developers Guides; the information is broken into four guides:
For information about using the Stored Procedural Language, see the Database Compatibility for Oracle Developers Guide, available at:
2.3 Optimizer HintsWhen you invoke a DELETE, INSERT, SELECT, or UPDATE command, the server generates a set of execution plans; after analyzing those execution plans, the server selects a plan that will (generally) return the result set in the least amount of time. The server's choice of plan is dependent upon several factors:
Advanced Server includes a set of views that provide information about database objects in a manner compatible with the Oracle data dictionary views. For detailed information about the views available with Advanced Server, please see the Database Compatibility for Oracle Developers Reference Guide, available at:
2.5 dblink_oradblink_ora provides an OCI-based database link that allows you to SELECT, INSERT, UPDATE or DELETE data stored on an Oracle system from within Advanced Server. For detailed information about using dblink_ora, and the supported functions and procedures, see the Database Compatibility for Oracle Developers Guide, available at:
Advanced Server supports compatible SQL syntax for profile management. Profile management commands allow a database superuser to create and manage named profiles. Each profile defines rules for password management that augment password and md5 authentication. The rules in a profile can:For information about using profile management commands, see the Database Compatibility for Oracle Developers Guide, available at:
The Open Client Library provides application interoperability with the Oracle Call Interface – an application that was formerly “locked in” can now work with either an Advanced Server or an Oracle database with minimal to no changes to the application code. The EnterpriseDB implementation of the Open Client Library is written in C.The following diagram compares the Open Client Library and Oracle Call Interface application stacks.
2.9 UtilitiesFor detailed information about the compatible syntax supported by the utilities listed below, see the Database Compatibility for Oracle Developers Tools and Utilities Guide, available at:For detailed information about EDB*Plus, please see the EDB*Plus User's Guide.The Dynamic Runtime Instrumentation Tools Architecture (DRITA) allows a DBA to query catalog views to determine the wait events that affect the performance of individual sessions or the system as a whole. DRITA records the number of times each event occurs as well as the time spent waiting; you can use this information to diagnose performance problems. DRITA offers this functionality, while consuming minimal system resources.DRITA compares snapshots to evaluate the performance of a system. A snapshot is a saved set of system performance data at a given point in time. Each snapshot is identified by a unique ID number; you can use snapshot ID numbers with DRITA reporting functions to return system performance statistics.
2.10 ECPGPlus
2.11 Table Partitioning
The following is an example of some configuration parameter settings in the postgresql.conf file:
3.1.3.1.1 shared_buffersParameter Type: IntegerDefault Value: 32MBRange: 128kB to system dependentMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountSets the amount of memory the database server uses for shared memory buffers. The default is typically 32 megabytes (32MB), but might be less if your kernel settings will not support it (as determined during initdb). This setting must be at least 128 kilobytes. (Non-default values of BLCKSZ change the minimum.) However, settings significantly higher than the minimum are usually needed for good performance.If you have a dedicated database server with 1GB or more of RAM, a reasonable starting value for shared_buffers is 25% of the memory in your system. There are some workloads where even large settings for shared_buffers are effective, but because Advanced Server also relies on the operating system cache, it is unlikely that an allocation of more than 40% of RAM to shared_buffers will work better than a smaller amount.On systems with less than 1GB of RAM, a smaller percentage of RAM is appropriate, so as to leave adequate space for the operating system (15% of memory is more typical in these situations). Also, on Windows, large values for shared_buffers aren't as effective. You may find better results keeping the setting relatively low and using the operating system cache more instead. The useful range for shared_buffers on Windows systems is generally from 64MB to 512MB.Increasing this parameter might cause Advanced Server to request more System V shared memory than your operating system's default configuration allows. See Section 17.4.1, “Shared Memory and Semaphores” in the PostgreSQL Core Documentation for information on how to adjust those parameters, if necessary.3.1.3.1.2 work_memParameter Type: IntegerDefault Value: 1MBRange: 64kB to 2097151kBMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSpecifies the amount of memory to be used by internal sort operations and hash tables before writing to temporary disk files. The value defaults to one megabyte (1MB). Note that for a complex query, several sort or hash operations might be running in parallel; each operation will be allowed to use as much memory as this value specifies before it starts to write data into temporary files. Also, several running sessions could be doing such operations concurrently. Therefore, the total memory used could be many times the value of work_mem; it is necessary to keep this fact in mind when choosing the value. Sort operations are used for ORDER BY, DISTINCT, and merge joins. Hash tables are used in hash joins, hash-based aggregation, and hash-based processing of IN subqueries.Reasonable values are typically between 4MB and 64MB, depending on the size of your machine, how many concurrent connections you expect (determined by max_connections), and the complexity of your queries.3.1.3.1.3 maintenance_work_memParameter Type: IntegerDefault Value: 16MBRange: 1024kB to 2097151kBMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSpecifies the maximum amount of memory to be used by maintenance operations, such as VACUUM, CREATE INDEX, and ALTER TABLE ADD FOREIGN KEY. It defaults to 16 megabytes (16MB). Since only one of these operations can be executed at a time by a database session, and an installation normally doesn't have many of them running concurrently, it's safe to set this value significantly larger than work_mem. Larger settings might improve performance for vacuuming and for restoring database dumps.Note that when autovacuum runs, up to autovacuum_max_workers times this memory may be allocated, so be careful not to set the default value too high.3.1.3.1.4 wal_buffersParameter Type: IntegerDefault Value: 64kBRange: 32kB to system dependentMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountThe amount of memory used in shared memory for WAL data. The default is 64 kilobytes (64kB). The setting need only be large enough to hold the amount of WAL data generated by one typical transaction, since the data is written out to disk at every transaction commit.Increasing this parameter might cause Advanced Server to request more System V shared memory than your operating system's default configuration allows. See Section 17.4.1, “Shared Memory and Semaphores” in the PostgreSQL Core Documentation for information on how to adjust those parameters, if necessary.Although even this very small setting does not always cause a problem, there are situations where it can result in extra fsync calls, and degrade overall system throughput. Increasing this value to 1MB or so can alleviate this problem. On very busy systems, an even higher value may be needed, up to a maximum of about 16MB. Like shared_buffers, this parameter increases Advanced Server’s initial shared memory allocation, so if increasing it causes an Advanced Server start failure, you will need to increase the operating system limit.3.1.3.1.5 checkpoint_segments3.1.3.1.6 checkpoint_completion_targetParameter Type: Floating pointDefault Value: 0.5Range: 0 to 1Minimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service account3.1.3.1.7 checkpoint_timeoutParameter Type: IntegerDefault Value: 5minRange: 30s to 3600sMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountMaximum time between automatic WAL checkpoints, in seconds. The default is five minutes (5min). Increasing this parameter can increase the amount of time needed for crash recovery.Increasing checkpoint_timeout to a larger value, such as 15 minutes, can reduce the I/O load on your system, especially when using large values for shared_buffers.The downside of making the aforementioned adjustments to the checkpoint parameters is that your system will use a modest amount of additional disk space, and will take longer to recover in the event of a crash. However, for most users, this is a small price to pay for a significant performance improvement.3.1.3.1.8 max_wal_sizeParameter Type: IntegerDefault Value: 1 GBRange: 2 to 2147483647Minimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountmax_wal_size specifies the maximum size that the WAL will reach between automatic WAL checkpoints. This is a soft limit; WAL size can exceed max_wal_size under special circumstances (when under a heavy load, a failing archive_command, or a high wal_keep_segments setting).Increasing this parameter can increase the amount of time needed for crash recovery. This parameter can only be set in the postgresql.conf file or on the server command line.3.1.3.1.9 min_wal_sizeParameter Type: IntegerDefault Value: 80 MBRange: 2 to 2147483647Minimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountIf WAL disk usage stays below the value specified by min_wal_size, old WAL files are recycled for future use at a checkpoint, rather than removed. This ensures that enough WAL space is reserved to handle spikes in WAL usage (like when running large batch jobs). This parameter can only be set in the postgresql.conf file or on the server command line.3.1.3.1.10 bgwriter_delayParameter Type: IntegerDefault Value: 200msRange: 10ms to 10000msMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountSpecifies the delay between activity rounds for the background writer. In each round the writer issues writes for some number of dirty buffers (controllable by the bgwriter_lru_maxpages and bgwriter_lru_multiplier parameters). It then sleeps for bgwriter_delay milliseconds, and repeats.The default value is 200 milliseconds (200ms). Note that on many systems, the effective resolution of sleep delays is 10 milliseconds; setting bgwriter_delay to a value that is not a multiple of 10 might have the same results as setting it to the next higher multiple of 10.Typically, when tuning bgwriter_delay, it should be reduced from its default value. This parameter is rarely increased, except perhaps to save on power consumption on a system with very low utilization.3.1.3.1.11 seq_page_costParameter Type: Floating pointRange: 0 to 1.79769e+308Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSets the planner's estimate of the cost of a disk page fetch that is part of a series of sequential fetches. The default is 1.0. This value can be overridden for a particular tablespace by setting the tablespace parameter of the same name. (Refer to the ALTER TABLESPACE command in the PostgreSQL Core Documentation.)3.1.3.1.12 random_page_costParameter Type: Floating pointRange: 0 to 1.79769e+308Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSets the planner's estimate of the cost of a non-sequentially-fetched disk page. The default is 4.0. This value can be overridden for a particular tablespace by setting the tablespace parameter of the same name. (Refer to the ALTER TABLESPACE command in the PostgreSQL Core Documentation.)Reducing this value relative to seq_page_cost will cause the system to prefer index scans; raising it will make index scans look relatively more expensive. You can raise or lower both values together to change the importance of disk I/O costs relative to CPU costs, which are described by the cpu_tuple_cost and cpu_index_tuple_cost parameters.Although the system will let you do so, never set random_page_cost less than seq_page_cost. However, setting them equal (or very close to equal) makes sense if the database fits mostly or entirely within memory, since in that case there is no penalty for touching pages out of sequence. Also, in a heavily-cached database you should lower both values relative to the CPU parameters, since the cost of fetching a page already in RAM is much smaller than it would normally be.3.1.3.1.13 effective_cache_sizeParameter Type: IntegerDefault Value: 128MBRange: 8kB to 17179869176kBMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userIf this parameter is set too low, the planner may decide not to use an index even when it would be beneficial to do so. Setting effective_cache_size to 50% of physical memory is a normal, conservative setting. A more aggressive setting would be approximately 75% of physical memory.3.1.3.1.14 synchronous_commitParameter Type: BooleanDefault Value: trueRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userUnlike fsync, setting this parameter to off does not create any risk of database inconsistency: an operating system or database crash might result in some recent allegedly-committed transactions being lost, but the database state will be just the same as if those transactions had been aborted cleanly.So, turning synchronous_commit off can be a useful alternative when performance is more important than exact certainty about the durability of a transaction. See Section 29.3, Asynchronous Commit in the PostgreSQL Core Documentation for information.This parameter can be changed at any time; the behavior for any one transaction is determined by the setting in effect when it commits. It is therefore possible, and useful, to have some transactions commit synchronously and others asynchronously. For example, to make a single multistatement transaction commit asynchronously when the default is the opposite, issue SET LOCAL synchronous_commit TO OFF within the transaction.3.1.3.1.15 edb_max_spins_per_delayParameter Type: IntegerDefault Value: 1000Range: 10 to 1000Minimum Scope of Effect: Per clusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountUse edb_max_spins_per_delay to specify the maximum number of times that a session will 'spin' while waiting for a spin-lock. If a lock is not acquired, the session will sleep. If you do not specify an alternative value for edb_max_spins_per_delay, the server will enforce the default value of 1000.3.1.3.1.16 pg_prewarm.autoprewarmParameter Type: BooleanDefault Value: trueMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountThis parameter controls whether or not the database server should run autoprewarm, which is a background worker process that automatically dumps shared buffers to disk before a shutdown. It then prewarms the shared buffers the next time the server is started, meaning it loads blocks from the disk back into the buffer pool.If pg_prewarm.autoprewarm is set to on, the autoprewarm worker is enabled. If the parameter is set to off, autoprewarm is disabled. The parameter is on by default.Before autoprewarm can be used, you must add $libdir/pg_prewarm to the libraries listed in the shared_preload_libraries configuration parameter of the postgresql.conf file as shown by the following example:After modifying the shared_preload_libraries parameter, restart the database server after which the autoprewarm background worker is launched immediately after the server has reached a consistent state.The autoprewarm process will start loading blocks that were previously recorded in $PGDATA/autoprewarm.blocks until there is no free buffer space left in the buffer pool. In this manner, any new blocks that were loaded either by the recovery process or by the querying clients, are not replaced.Once the autoprewarm process has finished loading buffers from disk, it will periodically dump shared buffers to disk at the interval specified by the pg_prewarm.autoprewarm_interval parameter (see Section 3.1.3.1.17). Upon the next server restart, the autoprewarm process will prewarm shared buffers with the blocks that were last dumped to disk.3.1.3.1.17 pg_prewarm.autoprewarm_intervalParameter Type: IntegerDefault Value: 300sRange: 0s to 2147483sMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountThis is the minimum number of seconds after which the autoprewarm background worker dumps shared buffers to disk. The default is 300 seconds. If set to 0, shared buffers are not dumped at regular intervals, but only when the server is shut down.
3.1.3.2 Resource Usage / Memory3.1.3.2.1 edb_dynatuneParameter Type: IntegerRange: 0 to 100Minimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountWhen Advanced Server is initially installed, the edb_dynatune parameter is set in accordance with the selected usage of the host machine on which it was installed (i.e., development machine, mixed use machine, or dedicated server). For most purposes, there is no need for the database administrator to adjust the various configuration parameters in the postgresql.conf file in order to improve performance.The edb_dynatune parameter can be set to any integer value between 0 and 100, inclusive. A value of 0, turns off the dynamic tuning feature thereby leaving the database server resource usage totally under the control of the other configuration parameters in the postgresql.conf file.Once a value of edb_dynatune is selected, database server performance can be further fine-tuned by adjusting the other configuration parameters in the postgresql.conf file. Any adjusted setting overrides the corresponding value chosen by edb_dynatune. You can change the value of a parameter by un-commenting the configuration parameter, specifying the desired value, and restarting the database server.3.1.3.2.2 edb_dynatune_profileParameter Type: EnumDefault Value: oltpMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service account
3.1.3.3.1 edb_max_resource_groupsParameter Type: IntegerRange: 0 to 65536Minimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountThis parameter controls the maximum number of resource groups that can be used simultaneously by EDB Resource Manager. More resource groups can be created than the value specified by edb_max_resource_groups, however, the number of resource groups in active use by processes in these groups cannot exceed this value.Parameter edb_max_resource_groups should be set comfortably larger than the number of groups you expect to maintain so as not to run out.3.1.3.3.2 edb_resource_groupParameter Type: StringDefault Value: noneRange: n/aMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSet the edb_resource_group parameter to the name of the resource group to which the current session is to be controlled by EDB Resource Manager according to the group’s resource type settings.
3.1.3.4 Query Tuning3.1.3.4.1 enable_hintsParameter Type: BooleanDefault Value: trueRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userOptimizer hints embedded in SQL commands are utilized when enable_hints is on. Optimizer hints are ignored when this parameter is off.3.1.3.5.1 edb_custom_plan_triesParameter Type: IntegerRange: -1 to 100Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session UserWhen a client application repeatedly executes a prepared statement, the server may decide to evaluate several execution plans before deciding to choose a custom plan or a generic plan.In certain workloads, this extra planning can have a negative impact on performance. You can adjust the edb_custom_plan_tries configuration parameter to decrease the number of custom plans considered before evaluating a generic plan.The $1 token in this query is a parameter marker - the client application must provide a value for each parameter marker each time the statement executes.If an index has been defined on customer.salesman, the optimizer may choose to execute this query using a sequential scan, or using an index scan. In some cases, an index is faster than a sequential scan; in other cases, the sequential scan will win. The optimal plan will depend on the distribution of salesman values in the table and on the search value (the value provided for the $1 parameter).When the client application repeatedly executes the custQuery prepared statement, the optimizer will generate some number of parameter-value-specific execution plans (custom plans), followed by a generic plan (a plan that ignores the parameter values), and then decide whether to stick with the generic plan or to continue to generate custom plans for each execution. The decision process takes into account not only the cost of executing the plans, but the cost of generating custom plans as well.3.1.3.5.2 edb_enable_pruningParameter Type: BooleanDefault Value: trueRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userWhen set to TRUE, edb_enable_pruning allows the query planner to early-prune partitioned tables. Early-pruning means that the query planner can “prune” (i.e., ignore) partitions that would not be searched in a query before generating query plans. This helps improve performance time as it eliminates the generation of query plans of partitions that would not be searched.Conversely, late-pruning means that the query planner prunes partitions after generating query plans for each partition. (The constraint_exclusion configuration parameter controls late-pruning.)The ability to early-prune depends upon the nature of the query in the WHERE clause. Early-pruning can be utilized in only simple queries with constraints of the type WHERE column = literal (e.g., WHERE deptno = 10).Early-pruning is not used for more complex queries such as WHERE column = expression (e.g., WHERE deptno = 10 + 5).
3.1.3.6.1 trace_hintsParameter Type: BooleanDefault Value: falseRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userUse with the optimizer hints feature to provide more detailed information regarding whether or not a hint was used by the planner. Set the client_min_messages and trace_hints configuration parameters as follows:The SELECT command with the NO_INDEX hint shown below illustrates the additional information produced when the aforementioned configuration parameters are set.3.1.3.6.2 edb_log_every_bulk_valueParameter Type: BooleanDefault Value: falseRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: SuperuserBulk processing logs the resulting statements into both the Advanced Server log file and the EDB Audit log file. However, logging each and every statement in bulk processing is costly. This can be controlled by the edb_log_every_bulk_value configuration parameter. When set to true, each and every statement in bulk processing is logged. When set to false, a log message is recorded once per bulk processing. In addition, the duration is emitted once per bulk processing. Default is set to false.
3.1.3.7 Auditing Settings3.1.3.7.1 edb_auditParameter Type: EnumDefault Value: noneMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountEnables or disables database auditing. The values xml or csv will enable database auditing. These values represent the file format in which auditing information will be captured. none will disable database auditing and is also the default.3.1.3.7.2 edb_audit_directoryParameter Type: StringDefault Value: edb_auditRange: n/aMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountSpecifies the directory where the audit log files will be created. The path of the directory can be absolute or relative to the Advanced Server data directory.3.1.3.7.3 edb_audit_filenameParameter Type: StringDefault Value: audit-%Y%m%d_%H%M%SRange: n/aMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountSpecifies the file name of the audit file where the auditing information will be stored. The default file name will be audit-%Y%m%d_%H%M%S. The escape sequences, %Y, %m etc., will be replaced by the appropriate current values according to the system date and time.3.1.3.7.4 edb_audit_rotation_dayParameter Type: StringDefault Value: everyMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountSpecifies the day of the week on which to rotate the audit files. Valid values are sun, mon, tue, wed, thu, fri, sat, every, and none. To disable rotation, set the value to none. To rotate the file every day, set the edb_audit_rotation_day value to every. To rotate the file on a specific day of the week, set the value to the desired day of the week.3.1.3.7.5 edb_audit_rotation_sizeParameter Type: IntegerDefault Value: 0MBRange: 0MB to 5000MBMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service account3.1.3.7.6 edb_audit_rotation_secondsParameter Type: IntegerRange: 0s to 2147483647sMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service account3.1.3.7.7 edb_audit_connectParameter Type: EnumDefault Value: failedMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountEnables auditing of database connection attempts by users. To disable auditing of all connection attempts, set edb_audit_connect to none. To audit all failed connection attempts, set the value to failed. To audit all connection attempts, set the value to all.3.1.3.7.8 edb_audit_disconnectParameter Type: EnumDefault Value: noneMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountEnables auditing of database disconnections by connected users. To enable auditing of disconnections, set the value to all. To disable, set the value to none.3.1.3.7.9 edb_audit_statementParameter Type: StringDefault Value: ddl, errorRange: {none | ddl | dml | insert | update | delete | truncate | select | error | create | drop | alter | grant | revoke | rollback | all} ...Minimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountThis configuration parameter is used to specify auditing of different categories of SQL statements as well as those statements related to specific SQL commands. To log errors, set the parameter value to error. To audit all DDL statements such as CREATE TABLE, ALTER TABLE, etc., set the parameter value to ddl. To audit specific types of DDL statements, the parameter values can include those specific SQL commands (create, drop, or alter). In addition, the object type may be specified following the command such as create table, create view, drop role, etc. All modification statements such as INSERT, UPDATE, DELETE or TRUNCATE can be audited by setting edb_audit_statement to dml. To audit specific types of DML statements, the parameter values can include the specific SQL commands, insert, update, delete, or truncate. Include parameter values select, grant, revoke, or rollback to audit statements regarding those SQL commands. Setting the value to all will audit every statement while none disables this feature.3.1.3.7.10 edb_audit_tagParameter Type: StringDefault Value: noneMinimum Scope of Effect: SessionWhen Value Changes Take Effect: ImmediateUse edb_audit_tag to specify a string value that will be included in the audit log when the edb_audit parameter is set to csv or xml.3.1.3.7.11 edb_audit_destinationParameter Type: EnumDefault Value: fileMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountSpecifies whether the audit log information is to be recorded in the directory as given by the edb_audit_directory parameter or to the directory and file managed by the syslog process. Set to file to use the directory specified by edb_audit_directory (the default setting). Set to syslog to use the syslog process and its location as configured in the /etc/syslog.conf file. Note: In recent Linux versions, syslog has been replaced by rsyslog and the configuration file is in /etc/rsyslog.conf.3.1.3.7.12 edb_log_every_bulk_value
3.1.3.8.1 icu_short_formParameter Type: StringDefault Value: noneRange: n/aMinimum Scope of Effect: DatabaseThe configuration parameter icu_short_form is a parameter containing the default ICU short form name assigned to a database or to the Advanced Server instance. See Section 3.6 for general information about the ICU short form and the Unicode Collation Algorithm.This configuration parameter is set either when the CREATE DATABASE command is used with the ICU_SHORT_FORM parameter (see Section 3.6.3.2) in which case the specified short form name is set and appears in the icu_short_form configuration parameter when connected to this database, or when an Advanced Server instance is created with the initdb command used with the --icu_short_form option (see Section 3.6.3.3) in which case the specified short form name is set and appears in the icu_short_form configuration parameter when connected to a database in that Advanced Server instance, and the database does not override it with its own ICU_SHORT_FORM parameter with a different short form.Once established in the manner described, the icu_short_form configuration parameter cannot be changed.3.1.3.9.1 default_heap_fillfactorParameter Type: IntegerDefault Value: 100Range: 10 to 100Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userSets the fillfactor for a table when the FILLFACTOR storage parameter is omitted from a CREATE TABLE command.The fillfactor for a table is a percentage between 10 and 100. 100 (complete packing) is the default. When a smaller fillfactor is specified, INSERT operations pack table pages only to the indicated percentage; the remaining space on each page is reserved for updating rows on that page. This gives UPDATE a chance to place the updated copy of a row on the same page as the original, which is more efficient than placing it on a different page. For a table whose entries are never updated, complete packing is the best choice, but in heavily updated tables smaller fillfactors are appropriate.3.1.3.9.2 edb_data_redactionParameter Type: BooleanDefault Value: trueRange: {true | false}Minimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userThe default setting is TRUE so the data redaction is applied to all users except for superusers and the table owner:If the parameter is disabled by setting it to FALSE, then the following occurs:
3.1.3.10.1 oracle_homeParameter Type: StringDefault Value: noneRange: n/aMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountBefore creating an Oracle Call Interface (OCI) database link to an Oracle server, you must direct Advanced Server to the correct Oracle home directory. Set the LD_LIBRARY_PATH environment variable on Linux (or PATH on Windows) to the lib directory of the Oracle client installation directory.For Windows only, you can instead set the value of the oracle_home configuration parameter in the postgresql.conf file. The value specified in the oracle_home configuration parameter will override the Windows PATH environment variable.The LD_LIBRARY_PATH environment variable on Linux (PATH environment variable or oracle_home configuration parameter on Windows) must be set properly each time you start Advanced Server.For Windows only: To set the oracle_home configuration parameter in the postgresql.conf file, edit the file, adding the following line:oracle_home = 'lib_directory'After setting the oracle_home configuration parameter, you must restart the server for the changes to take effect. Restart the server from the Windows Services console.3.1.3.10.2 odbc_lib_pathParameter Type: StringDefault Value: noneRange: n/aMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountIf you will be using an ODBC driver manager, and if it is installed in a non-standard location, you specify the location by setting the odbc_lib_path configuration parameter in the postgresql.conf file:odbc_lib_path = 'complete_path_to_libodbc.so'
3.1.3.11 Compatibility Options3.1.3.11.1 edb_redwood_dateParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userWhen DATE appears as the data type of a column in the commands, it is translated to TIMESTAMP at the time the table definition is stored in the database if the configuration parameter edb_redwood_date is set to TRUE. Thus, a time component will also be stored in the column along with the date.If edb_redwood_date is set to FALSE the column’s data type in a CREATE TABLE or ALTER TABLE command remains as a native PostgreSQL DATE data type and is stored as such in the database. The PostgreSQL DATE data type stores only the date without a time component in the column.Regardless of the setting of edb_redwood_date, when DATE appears as a data type in any other context such as the data type of a variable in an SPL declaration section, or the data type of a formal parameter in an SPL procedure or SPL function, or the return type of an SPL function, it is always internally translated to a TIMESTAMP and thus, can handle a time component if present.3.1.3.11.2 edb_redwood_greatest_leastParameter Type: BooleanDefault Value: trueMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userThe GREATEST function returns the parameter with the greatest value from its list of parameters. The LEAST function returns the parameter with the least value from its list of parameters.When edb_redwood_greatest_least is set to TRUE, the GREATEST and LEAST functions return null when at least one of the parameters is null.When edb_redwood_greatest_least is set to FALSE, null parameters are ignored except when all parameters are null in which case null is returned by the functions.3.1.3.11.3 edb_redwood_raw_namesParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userWhen edb_redwood_raw_names is set to its default value of FALSE, database object names such as table names, column names, trigger names, program names, user names, etc. appear in uppercase letters when viewed from Redwood catalogs (that is, system catalogs prefixed by ALL_, DBA_, or USER_). In addition, quotation marks enclose names that were created with enclosing quotation marks.When edb_redwood_raw_names is set to TRUE, the database object names are displayed exactly as they are stored in the PostgreSQL system catalogs when viewed from the Redwood catalogs. Thus, names created without enclosing quotation marks appear in lowercase as expected in PostgreSQL. Names created with enclosing quotation marks appear exactly as they were created, but without the quotation marks.When connected to the database as reduser, the following tables are created.When viewed from the Redwood catalog, USER_TABLES, with edb_redwood_raw_names set to the default value FALSE, the names appear in uppercase except for the Mixed_Case name, which appears as created and also with enclosing quotation marks.When viewed with edb_redwood_raw_names set to TRUE, the names appear in lowercase except for the Mixed_Case name, which appears as created, but now without the enclosing quotation marks.These names now match the case when viewed from the PostgreSQL pg_tables catalog.3.1.3.11.4 edb_redwood_stringsParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userIf the edb_redwood_strings parameter is set to TRUE, when a string is concatenated with a null variable or null column, the result is the original string. If edb_redwood_strings is set to FALSE, the native PostgreSQL behavior is maintained, which is the concatenation of a string with a null variable or null column gives a null result.The sample application contains a table of employees. This table has a column named comm that is null for most employees. The following query is run with edb_redwood_string set to FALSE. The concatenation of a null column with non-empty strings produces a final result of null, so only employees that have a commission appear in the query result. The output line for all other employees is null.The following is the same query executed when edb_redwood_strings is set to TRUE. Here, the value of a null column is treated as an empty string. The concatenation of an empty string with a non-empty string produces the non-empty string.3.1.3.11.5 edb_stmt_level_txParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userThe term statement level transaction isolation describes the behavior whereby when a runtime error occurs in a SQL command, all the updates on the database caused by that single command are rolled back. For example, if a single UPDATE command successfully updates five rows, but an attempt to update a sixth row results in an exception, the updates to all six rows made by this UPDATE command are rolled back. The effects of prior SQL commands that have not yet been committed or rolled back are pending until a COMMIT or ROLLBACK command is executed.In Advanced Server, if an exception occurs while executing a SQL command, all the updates on the database since the start of the transaction are rolled back. In addition, the transaction is left in an aborted state and either a COMMIT or ROLLBACK command must be issued before another transaction can be started.If edb_stmt_level_tx is set to TRUE, then an exception will not automatically roll back prior uncommitted database updates. If edb_stmt_level_tx is set to FALSE, then an exception will roll back uncommitted database updates.Note: Use edb_stmt_level_tx set to TRUE only when absolutely necessary, as this may cause a negative performance impact.The following example run in PSQL shows that when edb_stmt_level_tx is FALSE, the abort of the second INSERT command also rolls back the first INSERT command. Note that in PSQL, the command \set AUTOCOMMIT off must be issued, otherwise every statement commits automatically defeating the purpose of this demonstration of the effect of edb_stmt_level_tx.In the following example, with edb_stmt_level_tx set to TRUE, the first INSERT command has not been rolled back after the error on the second INSERT command. At this point, the first INSERT command can either be committed or rolled back.A ROLLBACK command could have been issued instead of the COMMIT command in which case the insert of employee number 9001 would have been rolled back as well.3.1.3.11.6 db_dialectParameter Type: EnumDefault Value: postgresMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userIn addition to the native PostgreSQL system catalog, pg_catalog, Advanced Server contains an extended catalog view. This is the sys catalog for the expanded catalog view. The db_dialect parameter controls the order in which these catalogs are searched for name resolution.When set to postgres, the namespace precedence is pg_catalog then sys, giving the PostgreSQL catalog the highest precedence. When set to redwood, the namespace precedence is sys then pg_catalog, giving the expanded catalog views the highest precedence.3.1.3.11.7 default_with_rowidsParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userWhen set to on, CREATE TABLE includes a ROWID column in newly created tables, which can then be referenced in SQL commands.3.1.3.11.8 optimizer_modeParameter Type: EnumDefault Value: chooseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session user
3.1.3.12 Customized OptionsIn previous releases of Advanced Server, the custom_variable_classes was required by those parameters not normally known to be added by add-on modules (such as procedural languages).3.1.3.12.1 custom_variable_classesThe custom_variable_classes parameter is deprecated in Advanced Server 9.2; parameters that previously depended on this parameter no longer require its support.3.1.3.12.2 dbms_alert.max_alertsParameter Type: IntegerDefault Value: 100Range: 0 to 500Minimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service accountSpecifies the maximum number of concurrent alerts allowed on a system using the DBMS_ALERTS package.3.1.3.12.3 dbms_pipe.total_message_bufferParameter Type: IntegerDefault Value: 30 KbRange: 30 Kb to 256 KbMinimum Scope of Effect: ClusterWhen Value Changes Take Effect: RestartRequired Authorization to Activate: EPAS service account3.1.3.12.4 index_advisor.enabledParameter Type: BooleanDefault Value: trueMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userProvides the capability to temporarily suspend Index Advisor in an EDB-PSQL or PSQL session. The Index Advisor plugin, index_advisor, must be loaded in the EDB-PSQL or PSQL session in order to use the index_advisor.enabled configuration parameter.Use the SET command to change the parameter setting to control whether or not Index Advisor generates an alternative query plan as shown by the following example:3.1.3.12.5 edb_sql_protect.enabledParameter Type: BooleanDefault Value: falseMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountControls whether or not SQL/Protect is actively monitoring protected roles by analyzing SQL statements issued by those roles and reacting according to the setting of edb_sql_protect.level. When you are ready to begin monitoring with SQL/Protect set this parameter to on.3.1.3.12.6 edb_sql_protect.levelParameter Type: EnumDefault Value: passiveMinimum Scope of Effect: ClusterRequired Authorization to Activate: EPAS service accountThe edb_sql_protect.level configuration parameter can be set to one of the following values to use either learn mode, passive mode, or active mode:
3.1.3.13 Ungrouped3.1.3.13.1 nls_length_semanticsParameter Type: EnumDefault Value: byteMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: SuperuserFor example, the form of the ALTER SESSION command is accepted in Advanced Server without throwing a syntax error, but does not alter the session environment:Note: Since the setting of this parameter has no effect on the server environment, it does not appear in the system view pg_settings.3.1.3.13.2 query_rewrite_enabledParameter Type: EnumDefault Value: falseMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userFor example, the following form of the ALTER SESSION command is accepted in Advanced Server without throwing a syntax error, but does not alter the session environment:Note: Since the setting of this parameter has no effect on the server environment, it does not appear in the system view pg_settings.3.1.3.13.3 query_rewrite_integrityParameter Type: EnumDefault Value: enforcedMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: SuperuserFor example, the following form of the ALTER SESSION command is accepted in Advanced Server without throwing a syntax error, but does not alter the session environment:Note: Since the setting of this parameter has no effect on the server environment, it does not appear in the system view pg_settings.3.1.3.13.4 timed_statisticsParameter Type: BooleanDefault Value: trueMinimum Scope of Effect: Per sessionWhen Value Changes Take Effect: ImmediateRequired Authorization to Activate: Session userNote: When Advanced Server is installed, the postgresql.conf file contains an explicit entry setting timed_statistics to off. If this entry is commented out letting timed_statistics to default, and the configuration file is reloaded, timed statistics collection would be turned on.
3.2 Index AdvisorIndex Advisor works with Advanced Server's query planner by creating hypothetical indexes that the query planner uses to calculate execution costs as if such indexes were available. Index Advisor identifies the indexes by analyzing SQL queries supplied in the workload.
3.2.3 Using Index AdvisorWhen you invoke Index Advisor, you must supply a workload; the workload is either a query (specified at the command line), or a file that contains a set of queries (executed by the pg_advise_index() function). After analyzing the workload, Index Advisor will either store the result set in a temporary table, or in a permanent table. You can review the indexing recommendations generated by Index Advisor and use the CREATE INDEX statements generated by Index Advisor to create the recommended indexes.The following examples assume that superuser enterprisedb is the Index Advisor user, and the Index Advisor database objects have been created in a schema in the search_path of superuser enterprisedb.CREATE TABLE t( a INT, b INT );
INSERT INTO t SELECT s, 99999 - s FROM generate_series(0,99999) AS s;When invoking the pg_advise_index utility, you must include the name of a file that contains the queries that will be executed by pg_advise_index; the queries may be on the same line, or on separate lines, but each query must be terminated by a semicolon. Queries within the file should not begin with the EXPLAIN keyword.The following example shows the contents of a sample workload.sql file:Run the pg_advise_index program as shown in the code sample below:-s is an optional parameter that limits the maximum size of the indexes recommended by Index Advisor. If Index Advisor does not return a result set, -s may be set too low.The information displayed by the pg_advise_index program is logged in the index_advisor_log table. In response to the command shown in the example, Index Advisor writes the following CREATE INDEX statements to the advisory.sql output fileYou can create the recommended indexes at the psql command line with the CREATE INDEX statements in the file, or create the indexes by executing the advisory.sql script.
3.3 SQL ProfilerSQL Profiler helps you locate and optimize poorly running SQL code.
3.4 pgsnmpdpgsnmpd is an SNMP agent that can return hierarchical information about the current state of Advanced Server on a Linux system. pgsnmpd is distributed and installed using the edb-asxx-pgsnmpd RPM package where xx is the Advanced Server version number. The pgsnmpd agent can operate as a stand-alone SNMP agent, as a pass-through sub-agent, or as an AgentX sub-agent.After installing Advanced Server, you will need to update the LD_LIBRARY_PATH variable. Use the command:This command does not persistently alter the value of LD_LIBRARY_PATH. Consult the documentation for your distribution of Linux for information about persistently setting the value of LD_LIBRARY_PATH.The examples that follow demonstrate the simplest usage of pgsnmpd, implementing read only access. pgsnmpd is based on the net-snmp library; for more information about net-snmp, visit:3.4.1 Configuring pgsnmpdThe pgsnmpd configuration file is named snmpd.conf. For information about the directives that you can specify in the configuration file, please review the snmpd.conf man page (man snmpd.conf).You can create the configuration file by hand, or you can use the snmpconf perl script to create the configuration file. The perl script is distributed with net-snmp package.When the configuration file wizard opens, it may prompt you to read in an existing configuration file. Enter none to generate a new configuration file (not based on a previously existing configuration file).snmpconf is a menu-driven wizard. Select menu item 1: snmpd.conf to start the configuration wizard. As you select each top-level menu option displayed by snmpconf, the wizard walks through a series of questions, prompting you for information required to build the configuration file. When you have provided information in each of the category relevant to your system, enter Finished to generate a configuration file named snmpd.conf. Copy the file to:By default, pgsnmpd listens on port 161. If the listener port is already being used by another service, you may receive the following error:agentaddress $host_address:2000The example instructs pgsnmpd to listen on UDP port 2000, where $host_address is the IP address of the server (e.g., 127.0.0.1).3.4.3 Invoking pgsnmpdEnsure that an instance of Advanced Server is up and running (pgsnmpd will connect to this server). Open a command line and assume superuser privileges, before invoking pgsnmpd with a command that takes the following form:POSTGRES_INSTALL_HOME/bin/pgsnmpd -b-c POSTGRES_INSTALL_HOME/share/snmpd.confWhere POSTGRES_INSTALL_HOME specifies the Advanced Server installation directory.Include connection information for your installation of Advanced Server (in the form of a libpq connection string) after the -C option.3.4.4 Viewing pgsnmpd HelpInclude the --help option when invoking the pgsnmpd utility to view other pgsnmpd command line options:-v 2c option instructs the snmpgetnext client to send the request in SNMP version 2c format.-c public specifies the community name.localhost indicates the host machine running the pgsnmpd server..1.3.6.1.4.1.5432.1.4.2.1.1.0 is the identity of the requested object. To see a list of all databases, increment the last digit by one (e.g. .1.1, .1.2, .1.3 etc.).
Advanced Server allows database and security administrators, auditors, and operators to track and analyze database activities using the EDB Audit Logging functionality. EDB Audit Logging generates audit log files, which contains all of the relevant information. The audit logs can be configured to record information such as:The parameters specified in the configuration files, postgresql.conf or postgresql.auto.conf, control the information included in the audit logs.Use the following configuration parameters to control database auditing. See Section 3.1.2 to determine if a change to the configuration parameter takes effect immediately, or if the configuration needs to be reloaded, or if the database server needs to be restarted.Enables or disables database auditing. The values xml or csv will enable database auditing. These values represent the file format in which auditing information will be captured. none will disable database auditing and is also the default.Specifies the directory where the log files will be created. The path of the directory can be relative or absolute to the data folder. The default is the PGDATA/edb_audit directory.Specifies the file name of the audit file where the auditing information will be stored. The default file name will be audit-%Y%m%d_%H%M%S. The escape sequences, %Y, %m etc., will be replaced by the appropriate current values according to the system date and time.Specifies the day of the week on which to rotate the audit files. Valid values are sun, mon, tue, wed, thu, fri, sat, every, and none. To disable rotation, set the value to none. To rotate the file every day, set the edb_audit_rotation_day value to every. To rotate the file on a specific day of the week, set the value to the desired day of the week. every is the default value.Enables auditing of database connection attempts by users. To disable auditing of all connection attempts, set edb_audit_connect to none. To audit all failed connection attempts, set the value to failed, which is the default. To audit all connection attempts, set the value to all.Enables auditing of database disconnections by connected users. To enable auditing of disconnections, set the value to all. To disable, set the value to none, which is the default.This configuration parameter is used to specify auditing of different categories of SQL statements. Various combinations of the following values may be specified: none, dml, insert, update, delete, truncate, select, error, rollback, ddl, create, drop, alter, grant, revoke, and all. The default is ddl and error. See Section 3.5.2 for information regarding the setting of this parameter.Bulk processing logs the resulting statements into both the Advanced Server log file and the EDB Audit log file. However, logging each and every statement in bulk processing is costly. This can be controlled by the edb_log_every_bulk_value configuration parameter. When set to true, each and every statement in bulk processing is logged. When set to false, a log message is recorded once per bulk processing. In addition, the duration is emitted once per bulk processing. Default is false.Specifies whether the audit log information is to be recorded in the directory as given by the edb_audit_directory parameter or to the directory and file managed by the syslog process. Set to file to use the directory specified by edb_audit_directory, which is the default setting. Set to syslog to use the syslog process and its location as configured in the /etc/syslog.conf file. Note: In recent Linux versions, syslog has been replaced by rsyslog and the configuration file is in /etc/rsyslog.conf.The following section describes selection of specific SQL statements for auditing using the edb_audit_statement parameter.The edb_audit_statement permits inclusion of one or more, comma-separated values to control which SQL statements are to be audited. The following is the general format:
The Unicode Collation Algorithm (UCA) is a specification (Unicode Technical Report #10) that defines a customizable method of collating and comparing Unicode data. Collation means how data is sorted as with a SELECT … ORDER BY clause. Comparison is relevant for searches that use ranges with less than, greater than, or equal to operators.Note: In addition, another advantage for using ICU collations (the implementation of the Unicode Collation Algorithm) is for performance. Sorting tasks, including B-tree index creation, can complete in less than half the time it takes with a non-ICU collation. The exact performance gain depends on your operating system version, the language of your text data, and other factors.
The official information for the Unicode Collation Algorithm is specified in Unicode Technical Report #10, which can be found on The Unicode Consortium website at:
The Unicode Collation Algorithm is implemented by open source software provided by the International Components for Unicode (ICU). The software is a set of C/C++ and Java libraries.3.6.2.1 Locale CollationsAn ICU short form is a method of specifying collation attributes, which are the properties of a collation. Section 3.6.2.2 provides additional information on collation attributes.The system catalog pg_catalog.pg_icu_collate_names contains a list of the names of the ICU short forms for locales. The ICU short form name is listed in column icu_short_form.3.6.2.2 Collation AttributesWhen creating an ICU collation, the desired characteristics of the collation must be specified. As discussed in Section 3.6.2.1, this can typically be done with an ICU short form for the desired locale. However, if more specific information is required, the specification of the collation properties can be done by using collation attributes.Each collation attribute is represented by an uppercase letter, which are listed in the following bullet points. The possible valid values for each attribute are given by codes shown within the parentheses. Some codes have general meanings for all attributes. X means to set the attribute off. O means to set the attribute on. D means to set the attribute to its default value.
3.6.4 Using a CollationA newly defined ICU collation can be used anywhere the COLLATION "collation_name" clause can be used in a SQL command such as in the column specifications of the CREATE TABLE command or appended to an expression in the ORDER BY clause of a SELECT command.Collation icu_collate_lowercase forces the lowercase form of a letter to sort before its uppercase counterpart (CL).Collation icu_collate_uppercase forces the uppercase form of a letter to sort before its lowercase counterpart (CU).Collation icu_collate_ignore_punct causes variable characters (white space and punctuation marks) to be ignored during sorting (AS).Collation icu_collate_ignore_white_sp causes white space and other non-visible variable characters to be ignored during sorting, but visible variable characters (punctuation marks) are not ignored (AS, T0020).Note: When creating collations, ICU may generate notice and warning messages when attributes are given to modify the LROOT collation.The following psql command lists the collations.The following query sorts on column c2 using the default collation. Note that variable characters (white space and punctuation marks) with id column values of 9, 10, and 11 are ignored and sort with the letter B.The following query sorts on column c2 using collation icu_collate_lowercase, which forces the lowercase form of a letter to sort before the uppercase form of the same base letter. Also note that the AN attribute forces variable characters to be included in the sort order at the same level when comparing base characters so rows with id values of 9, 10, and 11 appear at the beginning of the sort list before all letters and numbers.The following query sorts on column c2 using collation icu_collate_uppercase, which forces the uppercase form of a letter to sort before the lowercase form of the same base letter.The following query sorts on column c2 using collation icu_collate_ignore_punct, which causes variable characters to be ignored so rows with id values of 9, 10, and 11 sort with the letter B as that is the character immediately following the ignored variable character.The following query sorts on column c2 using collation icu_collate_ignore_white_sp. The AS and T0020 attributes of the collation cause variable characters with code points less than or equal to hexadecimal 0020 to be ignored while variable characters with code points greater than hexadecimal 0020 are included in the sort.The row with id value of 11, which starts with a space character (hexadecimal 0020) sorts with the letter B. The rows with id values of 9 and 10, which start with visible punctuation marks greater than hexadecimal 0020, appear at the beginning of the sort list as these particular variable characters are included in the sort order at the same level when comparing base characters.
When a database cluster is created with the initdb utility program, the default size of each WAL segment file is 16 MB.The Advanced Server initdb utility provides an additional --wal-segsize option to specify the size of WAL segment files when creating a new data base cluster.size is the WAL segment file size in megabytes, which must be a power of 2 (for example, 1, 2, 4, 8, 16, 32, etc.). The minimum permitted value of size is 1 and the maximum permitted value is 1024. The database cluster is to be created in directory.For more information on the initdb utility and its other options, see the PostgreSQL core documentation available at:After the database server is started, the display of the wal_segment_size parameter also confirms the file size:
4 Security
Advanced Server provides protection against SQL injection attacks. A SQL injection attack is an attempt to compromise a database by running SQL statements whose results provide clues to the attacker as to the content, structure, or security of that database.SQL/Protect is a module that allows a database administrator to protect a database from SQL injection attacks. SQL/Protect provides a layer of security in addition to the normal database security policies by examining incoming queries for common SQL injection profiles.
4.1.1 SQL/Protect Overview4.1.1.1 Types of SQL Injection AttacksThere are a number of different techniques used to perpetrate SQL injection attacks. Each technique is characterized by a certain signature. SQL/Protect examines queries for the following signatures:While Advanced Server allows administrators to restrict access to relations (tables, views, etc.), many administrators do not perform this tedious task. SQL/Protect provides a learn mode that tracks the relations a user accesses.When SQL/Protect is switched to either passive or active mode, the incoming queries are checked against the list of learned relations.The most frequent technique used in SQL injection attacks is issuing a tautological WHERE clause condition (that is, using a condition that is always true).A dangerous action taken during SQL injection attacks is the running of unbounded DML statements. These are UPDATE and DELETE statements with no WHERE clause. For example, an attacker may update all users’ passwords to a known value or initiate a denial of service attack by deleting all of the data in a key table.4.1.1.2 Monitoring SQL Injection Attacks4.1.1.2.1 Protected RolesMonitoring for SQL injection attacks involves analyzing SQL statements originating in database sessions where the current user of the session is a protected role. A protected role is an Advanced Server user or group that the database administrator has chosen to monitor using SQL/Protect. (In Advanced Server, users and groups are collectively referred to as roles.)Note: A role with the superuser privilege cannot be made a protected role. If a protected non-superuser role is subsequently altered to become a superuser, certain behaviors are exhibited whenever an attempt is made by that superuser to issue any command:
4.1.2 Configuring SQL/ProtectThe library file (sqlprotect.so on Linux, sqlprotect.dll on Windows) necessary to run SQL/Protect should be installed in the lib subdirectory of your Advanced Server home directory. For Windows, this should be done by the Advanced Server installer. For Linux, install the edb-asxx-server-sqlprotect RPM package where xx is the Advanced Server version number.You will also need the SQL script file sqlprotect.sql located in the share/contrib subdirectory of your Advanced Server home directory.
You must be connected as a superuser to perform these operations and have included schema sqlprotect in your search path.Note: The variation of the function using the OID is useful if you remove the role using the DROP ROLE or DROP USER SQL statement before removing the role from the protected roles list. If a query on a SQL/Protect relation returns a value such as unknown (OID=16458) for the user name, use the unprotect_role(roleoid) form of the function to remove the entry for the deleted role from the protected roles list.The statistics for a role that has been removed are not deleted until you use the drop_stats function as described in Section 4.1.3.5.The offending queries for a role that has been removed are not deleted until you use the drop_queries function as described in Section 4.1.3.6.The following is an example of the unprotect_role function:Change the Boolean value for the column in edb_sql_protect corresponding to the type of SQL injection attack for which protection of a role is to be disabled or enabled.Be sure to qualify the following columns in your WHERE clause of the statement that updates edb_sql_protect:
Note: This section is applicable if your backup and restore procedures result in the re-creation of database objects in the new database with new OIDs such as is the case when using the pg_dump backup program.SQL/Protect uses two tables, edb_sql_protect and edb_sql_protect_rel, to store information on database objects such as databases, roles, and relations. References to these database objects in these tables are done using the objects’ OIDs, and not the objects’ text names. The OID is a numeric data type used by Advanced Server to uniquely identify each database object.When a database object is created, Advanced Server assigns an OID to the object, which is then used whenever a reference is needed to the object in the database catalogs. If you create the same database object in two databases, such as a table with the same CREATE TABLE statement, each table is assigned a different OID in each database.In a backup and restore operation that results in the re-creation of the backed up database objects, the restored objects end up with different OIDs in the new database than what they were assigned in the original database. As a result, the OIDs referencing databases, roles, and relations stored in the edb_sql_protect and edb_sql_protect_rel tables are no longer valid when these tables are simply dumped to a backup file and then restored to a new database.The following sections describe two functions, export_sqlprotect and import_sqlprotect, that are used specifically for backing up and restoring SQL/Protect tables in order to ensure the OIDs in the SQL/Protect tables reference the correct database objects after the SQL/Protect tables are restored.4.1.4.2 Backing Up the DatabaseStep 1: Create a backup file using pg_dump.The following example shows a plain-text backup file named /tmp/edb.dmp created from database edb using the pg_dump utility program:Step 2: Connect to the database as a superuser and export the SQL/Protect data using the export_sqlprotect('sqlprotect_file') function where sqlprotect_file is the fully qualified path to a file where the SQL/Protect data is to be saved.The enterprisedb operating system account (postgres if you installed Advanced Server in PostgreSQL compatibility mode) must have read and write access to the directory specified in sqlprotect_file.4.1.4.3 Restoring From the Backup FilesStep 1: Restore the backup file to the new database.The following example uses the psql utility program to restore the plain-text backup file /tmp/edb.dmp to a newly created database named newdb:Step 2: Connect to the new database as a superuser and delete all rows from the edb_sql_protect_rel table.This step removes any existing rows in the edb_sql_protect_rel table that were backed up from the original database. These rows do not contain the correct OIDs relative to the database where the backup file has been restored.Step 3: Delete all rows from the edb_sql_protect table.This step removes any existing rows in the edb_sql_protect table that were backed up from the original database. These rows do not contain the correct OIDs relative to the database where the backup file has been restored.Step 4: Delete any statistics that may exist for the database.For each row that appears in the preceding query, use the drop_stats function specifying the role name of the entry.For example, if a row appeared with appuser in the username column, issue the following command to remove it:Step 5: Delete any offending queries that may exist for the database.For each row that appears in the preceding query, use the drop_queries function specifying the role name of the entry.For example, if a row appeared with appuser in the username column, issue the following command to remove it:Step 6: Make sure the role names that were protected by SQL/Protect in the original database exist in the database server where the new database resides.Step 7: Run the function import_sqlprotect('sqlprotect_file') where sqlprotect_file is the fully qualified path to the file you created in Step 2 of Section 4.1.4.2.Tables edb_sql_protect and edb_sql_protect_rel are now populated with entries containing the OIDs of the database objects as assigned in the new database. The statistics view edb_sql_protect_stats also now displays the statistics imported from the original database.
Virtual Private Database is a type of fine-grained access control using security policies. Fine-grained access control in Virtual Private Database means that access to data can be controlled down to specific rows as defined by the security policy.The rules that encode a security policy are defined in a policy function, which is an SPL function with certain input parameters and return value. The security policy is the named association of the policy function to a particular database object, typically a table.Note: In Advanced Server, the policy function can be written in any language supported by Advanced Server such as SQL and PL/pgSQL in addition to SPL.Note: The database objects currently supported by Advanced Server Virtual Private Database are tables. Policies cannot be applied to views or synonyms.
4.3 sslutilssslutils is a Postgres extension that provides SSL certificate generation functions to Advanced Server for use by the EDB Postgres Enterprise Manager server. sslutils is installed by using the edb-asxx-server-sslutils RPM package where xx is the Advanced Server version number.The sslutils package provides the functions shown in the following sections.In these sections, each parameter in the function’s parameter list is described by parameter n under the Parameters subsection where n refers to the nth ordinal position (for example, first, second, third, etc.) within the function’s parameter list.4.3.1 openssl_rsa_generate_keyThe openssl_rsa_generate_key function generates an RSA private key. The function signature is:4.3.2 openssl_rsa_key_to_csrThe openssl_rsa_key_to_csr function generates a certificate signing request (CSR). The signature is:The common name (e.g., agentN) of the agent that will use the signing request.4.3.3 openssl_csr_to_crtThe openssl_csr_to_crt function generates a self-signed certificate or a certificate authority certificate. The signature is:The path to the certificate authority certificate, or NULL if generating a certificate authority certificate.The path to the certificate authority’s private key or (if argument 2 is NULL) the path to a private key.4.3.4 openssl_rsa_generate_crlThe openssl_rsa_generate_crl function generates a default certificate revocation list. The signature is:
4.4 Data RedactionData redaction is a technique that limits sensitive data exposure by dynamically changing data as it is displayed for certain users.For example, a social security number (SSN) is stored as 021-23-9567. Privileged users can see the full SSN, while other users only see the last four digits xxx-xx-9567.So for example, for the SSN field, the redaction function would return xxx-xx-9567 for an input SSN of 021-23-9567.For a salary field, a redaction function would always return $0.00 regardless of the input salary value.These functions are then incorporated into a redaction policy by using the CREATE REDACTION POLICY command. This command specifies the table on which the policy applies, the table columns to be affected by the specified redaction functions, expressions to determine which session users are to be affected, and other options.The edb_data_redaction parameter in the postgresql.conf file then determines whether or not data redaction is to be applied.If the parameter is disabled by having it set to FALSE during the session, then the following occurs:A redaction policy can be changed by using the ALTER REDACTION POLICY command, or it can be eliminated using the DELETE REDACTION POLICY command.
4.4.1 CREATE REDACTION POLICYCREATE REDACTION POLICY defines a new data redaction policy for a table.[ FOR ( expression ) ]where redaction_option is:The CREATE REDACTION POLICY command defines a new column-level security policy for a table by redacting column data using redaction function. A newly created data redaction policy will be enabled by default. The policy can be disabled using ALTER REDACTION POLICY ... DISABLE.This optional form adds a column of the table to the data redaction policy. The USING specifies a redaction function expression. Multiple ADD [ COLUMN ] form can be used, if you want to add multiple columns of the table to the data redaction policy being created. The optional WITH OPTIONS ( ... ) clause specifies a scope and/or an exception to the data redaction policy to be applied. If the scope and/or exception are not specified, the default values for scope and exception will be query and none respectively.The scope identified the query part where redaction to be applied for the column. Scope value could be query, top_tlist or top_tlist_or_error. If the scope is query then, the redaction applied on the column irrespective of where it appears in the query. If the scope is top_tlist then, the redaction applied on the column only when it appears in the query’s top target list. If the scope is top_tlist_or_error the behavior will be same as the top_tlist, but throws an errors when the column appears anywhere else in the query.The exception identified the query part where redaction to be exempted. Exception value could be none, equal or leakproof. If exception is none then there is no exemption. If exception is equal, then the column is not redacted when used in an equality test. If exception is leakproof, the column will is not redacted when a leakproof function is applied to it.Below is an example of how this feature can be used in production environments. Create the components for a data redaction policy on employees table:Now create a data redaction policy on employees to redact column ssn which should be accessible in equality condition and salary with default scope and exception. The redaction policy will be exempt for the hr user.The visible data for the hr user will be:The visible data for the normal user alice will be:
4.4.2 ALTER REDACTION POLICYALTER REDACTION POLICY changes the definition of data redaction policy for a table.[ WITH OPTIONS ( [ redaction_option ][, redaction_option ] )MODIFY [ COLUMN ] column_name[ USING funcname_clause ][ WITH OPTIONS ( [ redaction_option ][, redaction_option ] )DROP [ COLUMN ] column_namewhere redaction_option is:ALTER REDACTION POLICY changes the definition of an existing data redaction policy.To use ALTER REDACTION POLICY, you must own the table that the data redaction policy applies to.This form adds a column of the table to the existing redaction policy. See CREATE REDACTION POLICY for the details.This form modifies the data redaction policy on the column of the table. You can update the redaction function clause and/or the redaction options for the column. The USING clause specifies the redaction function expression to be updated and the WITH OPTIONS ( ... ) clause specifies the scope and/or the exception. For more details on the redaction function clause, the redaction scope and the redaction exception, see CREATE REDACTION POLICY.The scope identified the query part where redaction to be applied for the column. See CREATE REDACTION POLICY for the details.The exception identified the query part where redaction to be exempted. See CREATE REDACTION POLICY for the details.And to update data redaction function for the column ssn in the same policy:ALTER REDACTION POLICY is an EnterpriseDB extension.
4.4.3 DROP REDACTION POLICYDROP REDACTION POLICY removes a data redaction policy from a table.DROP REDACTION POLICY removes the specified data redaction policy from the table.To use DROP REDACTION POLICY, you must own the table that the redaction policy applies to.DROP REDACTION POLICY is an EnterpriseDB extension.
4.4.4 System Catalogs4.4.4.1 edb_redaction_columnThe catalog edb_redaction_column stores information of data redaction policy attached to the columns of the table.
EDB Resource Manager is an Advanced Server feature that provides the capability to control the usage of operating system resources used by Advanced Server processes.
5.1.1 CREATE RESOURCE GROUPUse the CREATE RESOURCE GROUP command to create a new resource group.The CREATE RESOURCE GROUP command creates a resource group with the specified name. Resource limits can then be defined on the group with the ALTER RESOURCE GROUP command. The resource group is accessible from all databases in the Advanced Server instance.To use the CREATE RESOURCE GROUP command you must have superuser privileges.The following example results in the creation of three resource groups named resgrp_a, resgrp_b, and resgrp_c.The following query shows the entries for the resource groups in the edb_resource_group catalog.5.1.2 ALTER RESOURCE GROUPUse the ALTER RESOURCE GROUP command to change the attributes of an existing resource group. The command syntax comes in three forms.The first form with the RENAME TO clause assigns a new name to an existing resource group.The second form with the SET resource_type TO clause either assigns the specified literal value to a resource type, or resets the resource type when DEFAULT is specified. Resetting or setting a resource type to DEFAULT means that the resource group has no defined limit on that resource type.The third form with the RESET resource_type clause resets the resource type for the group as described previously.To use the ALTER RESOURCE GROUP command you must have superuser privileges.value | DEFAULTWhen value is specified, the literal value to be assigned to resource_type. When DEFAULT is specified, the assignment of resource_type is reset for the resource group.The following are examples of the ALTER RESOURCE GROUP command.The following query shows the results of the ALTER RESOURCE GROUP commands to the entries in the edb_resource_group catalog.5.1.3 DROP RESOURCE GROUPUse the DROP RESOURCE GROUP command to remove a resource group.The DROP RESOURCE GROUP command removes a resource group with the specified name.To use the DROP RESOURCE GROUP command you must have superuser privileges.Use the SET edb_resource_group TO group_name command to assign the current process to a specified resource group as shown by the following.A default resource group can be assigned to a role using the ALTER ROLE ... SET command. For more information about the ALTER ROLE command, please refer to the PostgreSQL core documentation available at:A default resource group can be assigned to a database by the ALTER DATABASE ... SET command. For more information about the ALTER DATABASE command, please refer to the PostgreSQL core documentation available at:The entire database server instance can be assigned a default resource group by setting the edb_resource_group configuration parameter in the postgresql.conf file as shown by the following.A change to edb_resource_group in the postgresql.conf file requires a configuration file reload before it takes effect on the database server instance.Set edb_resource_group to DEFAULT or use RESET edb_resource_group to remove the current process from a resource group as shown by the following.For removing a default resource group from a role, use the ALTER ROLE ... RESET form of the ALTER ROLE command.For removing a default resource group from a database, use the ALTER DATABASE ... RESET form of the ALTER DATABASE command.For removing a default resource group from the database server instance, set the edb_resource_group configuration parameter to an empty string in the postgresql.conf file and reload the configuration file.After resource groups have been created, the number of processes actively using these resource groups can be obtained from the view edb_all_resource_groups.The columns in edb_all_resource_groups are the following:
CPU usage of a resource group is controlled by setting the cpu_rate_limit resource type parameter.Set the cpu_rate_limit parameter to the fraction of CPU time over wall-clock time to which the combined, simultaneous CPU usage of all processes in the group should not exceed. Thus, the value assigned to cpu_rate_limit should typically be less than or equal to 1.The valid range of the cpu_rate_limit parameter is 0 to 1.67772e+07. A setting of 0 means no CPU rate limit has been set for the resource group.When multiplied by 100, the cpu_rate_limit can also be interpreted as the CPU usage percentage for a resource group.EDB Resource Manager utilizes CPU throttling to keep the aggregate CPU usage of all processes in the group within the limit specified by the cpu_rate_limit parameter. A process in the group may be interrupted and put into sleep mode for a short interval of time to maintain the defined limit. When and how such interruptions occur is defined by a proprietary algorithm used by EDB Resource Manager.The ALTER RESOURCE GROUP command with the SET cpu_rate_limit clause is used to set the CPU rate limit for a resource group.In the following example the CPU usage limit is set to 50% for resgrp_a, 40% for resgrp_b and 30% for resgrp_c. This means that the combined CPU usage of all processes assigned to resgrp_a is maintained at approximately 50%. Similarly, for all processes in resgrp_b, the combined CPU usage is kept to approximately 40%, etc.The following query shows the settings of cpu_rate_limit in the catalog.Changing the cpu_rate_limit of a resource group not only affects new processes that are assigned to the group, but any currently running processes that are members of the group are immediately affected by the change. That is, if the cpu_rate_limit is changed from .5 to .3, currently running processes in the group would be throttled downward so that the aggregate group CPU usage would be near 30% instead of 50%.To illustrate the effect of setting the CPU rate limit for resource groups, the following examples use a CPU-intensive calculation of 20000 factorial (multiplication of 20000 * 19999 * 19998, etc.) performed by the query SELECT 20000!; run in the psql command line utility.The following shows that the current process is set to use resource group resgrp_b. The factorial calculation is then started.In a second session, the Linux top command is used to display the CPU usage as shown under the %CPU column. The following is a snapshot at an arbitrary point in time as the top command output periodically changes.The psql session performing the factorial calculation is shown by the row where edb-postgres appears under the COMMAND column. The CPU usage of the session shown under the %CPU column shows 39.9, which is close to the 40% CPU limit set for resource group resgrp_b.By contrast, if the psql session is removed from the resource group and the factorial calculation is performed again, the CPU usage is much higher.Under the %CPU column for edb-postgres, the CPU usage is now 93.6, which is significantly higher than the 39.9 when the process was part of the resource group.The factorial calculation is performed simultaneously in two separate psql sessions, each of which has been added to resource group resgrp_b that has cpu_rate_limit set to .4 (CPU usage of 40%).There are now two processes named edb-postgres with %CPU values of 19.9 and 19.6, whose sum is close to the 40% CPU usage set for resource group resgrp_b.The following command sequence displays the sum of all edb-postgres processes sampled over half second time intervals. This shows how the total CPU usage of the processes in the resource group changes over time as EDB Resource Manager throttles the processes to keep the total resource group CPU usage near 40%.In this example, two additional psql sessions are used along with the previous two sessions. The third and fourth sessions perform the same factorial calculation within resource group resgrp_c with a cpu_rate_limit of .3 (30% CPU usage).The top command displays the following output.The two resource groups in use have CPU usage limits of 40% and 30%. The sum of the %CPU column for the first two edb-postgres processes is 39.5 (approximately 40%, which is the limit for resgrp_b) and the sum of the %CPU column for the third and fourth edb-postgres processes is 31.6 (approximately 30%, which is the limit for resgrp_c).By contrast, if three sessions are processing where two sessions remain in resgrp_b, but the third session does not belong to any resource group, the top command shows the following output.The second and third edb-postgres processes belonging to the resource group where the CPU usage is limited to 40%, have a total CPU usage of 37.8. However, the first edb-postgres process has a 58.6% CPU usage as it is not within a resource group, and basically utilizes the remaining, available CPU resources on the system.
Writing to shared buffers is controlled by setting the dirty_rate_limit resource type parameter.Set the dirty_rate_limit parameter to the number of kilobytes per second for the combined rate at which all the processes in the group should write to or “dirty” the shared buffers. An example setting would be 3072 kilobytes per seconds.The valid range of the dirty_rate_limit parameter is 0 to 1.67772e+07. A setting of 0 means no dirty rate limit has been set for the resource group.EDB Resource Manager utilizes dirty buffer throttling to keep the aggregate, shared buffer writing rate of all processes in the group near the limit specified by the dirty_rate_limit parameter. A process in the group may be interrupted and put into sleep mode for a short interval of time to maintain the defined limit. When and how such interruptions occur is defined by a proprietary algorithm used by EDB Resource Manager.The ALTER RESOURCE GROUP command with the SET dirty_rate_limit clause is used to set the dirty rate limit for a resource group.In the following example the dirty rate limit is set to 12288 kilobytes per second for resgrp_a, 6144 kilobytes per second for resgrp_b and 3072 kilobytes per second for resgrp_c. This means that the combined writing rate to the shared buffer of all processes assigned to resgrp_a is maintained at approximately 12288 kilobytes per second. Similarly, for all processes in resgrp_b, the combined writing rate to the shared buffer is kept to approximately 6144 kilobytes per second, etc.The following query shows the settings of dirty_rate_limit in the catalog.Changing the dirty_rate_limit of a resource group not only affects new processes that are assigned to the group, but any currently running processes that are members of the group are immediately affected by the change. That is, if the dirty_rate_limit is changed from 12288 to 3072, currently running processes in the group would be throttled downward so that the aggregate group dirty rate would be near 3072 kilobytes per second instead of 12288 kilobytes per second.The FILLFACTOR = 10 clause results in INSERT commands packing rows up to only 10% per page. This results in a larger sampling of dirty shared blocks for the purpose of these examples.The pg_stat_statements module is used to display the number of shared buffer blocks that are dirtied by a SQL command and the amount of time the command took to execute. This provides the information to calculate the actual kilobytes per second writing rate for the SQL command, and thus compare it to the dirty rate limit set for a resource group.In order to use the pg_stat_statements module, perform the following steps.Step 1: In the postgresql.conf file, add $libdir/pg_stat_statements to the shared_preload_libraries configuration parameter as shown by the following.Step 2: Restart the database server.The pg_stat_statements_reset() function is used to clear out the pg_stat_statements view for clarity of each example.The following sequence of commands shows the creation of table t1. The current process is set to use resource group resgrp_b. The pg_stat_statements view is cleared out by running the pg_stat_statements_reset() function.Finally, the INSERT command generates a series of integers from 1 to 10,000 to populate the table, and dirty approximately 10,000 blocks.The following shows the results from the INSERT command.
5.4 System Catalogs5.4.1 edb_all_resource_groupsThe following table lists the information available in the edb_all_resource_groups catalog:
Client programs that use libpq must include the header file libpq-fe.h and must link with the libpq library.
In earlier releases, Advanced Server provided support for REFCURSORs through the following libpq functions; these functions should now be considered deprecated:You may now use PQexec() and PQgetvalue() to retrieve a REFCURSOR returned by an SPL (or PL/pgSQL) function. A REFCURSOR is returned in the form of a null-terminated string indicating the name of the cursor. Once you have the name of the cursor, you can execute one or more FETCH statements to retrieve the values exposed through the cursor.CREATE OR REPLACE FUNCTION getEmployees(p_deptno NUMERIC) RETURN REFCURSOR AS
result REFCURSOR;
BEGIN
OPEN result FOR SELECT * FROM emp WHERE deptno = p_deptno;
RETURN result;
END;This function expects a single parameter, p_deptno, and returns a REFCURSOR that holds the result set for the SELECT query shown in the OPEN statement. The OPEN statement executes the query and stores the result set in a cursor. The server constructs a name for that cursor and stores the name in a variable (named result). The function then returns the name of the cursor to the caller.char *commandText = malloc(commandLength);
PGresult *result;
int row;
sprintf(commandText, "FETCH ALL FROM \"%s\"", cursorName);
result = PQexec(conn, commandText);
if (PQresultStatus(result) != PGRES_TUPLES_OK)
fail(conn, PQerrorMessage(conn));
printf("-- %s --\n", description);
for (row = 0; row < PQntuples(result); row++)
{
const char *delimiter = "\t";
int col;
for (col = 0; col < PQnfields(result); col++)
{
printf("%s%s", delimiter, PQgetvalue(result, row, col));
delimiter = ",";
}
printf("\n");
}
PQclear(result);
free(commandText);
}
static void
fail(PGconn *conn, const char *msg)
{
fprintf(stderr, "%s\n", msg);
if (conn != NULL)
PQfinish(conn);
exit(-1);
}The code sample contains a line of code that calls the getEmployees() function, and returns a result set that contains all of the employees in department 10:The PQexec() function returns a result set handle to the C program. The result set will contain exactly one value; that value is the name of the cursor as returned by getEmployees().Once you have the name of the cursor, you can use the SQL FETCH statement to retrieve the rows in that cursor. The function fetchAllRows() builds a FETCH ALL statement, executes that statement, and then prints the result set of the FETCH ALL statement.
6.3 Array BindingDetails of PQprepare() can be found in the prepared statement section.
7 DebuggerThe Debugger is integrated with and invoked from pgAdmin 4. On Linux, the edb-asxx-server-pldebugger RPM package where xx is the Advanced Server version number, must be installed as well. Information on pgAdmin 4 is available at:
Before using the Debugger, edit the postgresql.conf file (located in the data subdirectory of your Advanced Server home directory), adding $libdir/plugin_debugger to the libraries listed in the shared_preload_libraries configuration parameter:
Use pgAdmin 4 to access the Debugger for standalone debugging. To open the Debugger, highlight the name of the stored procedure or function you wish to debug in the pgAdmin 4 Browser panel. Then, navigate through the Object menu to the Debugging menu and select Debug from the submenu.You can also right-click on the name of the stored procedure or function in the pgAdmin 4 Browser, and select Debugging, and the Debug from the context menu.Note that triggers cannot be debugged using standalone debugging. Triggers must be debugged using in-context debugging. See Section 7.5.3 for information on setting a global breakpoint for in-context debugging.
You can use the Debugger window to pass parameter values when you are standalone-debugging a program that expects parameters. When you start the debugger, the Debugger window opens automatically to display any IN or IN OUT parameters expected by the program. If the program declares no IN or IN OUT parameters, the Debugger window does not open.Use the fields on the Debugger window to provide a value for each parameter:
8.1 DynatuneAdvanced Server supports dynamic tuning of the database server to make the optimal usage of the system resources available on the host machine on which it is installed. The two parameters that control this functionality are located in the postgresql.conf file. These parameters are:8.1.1 edb_dynatuneedb_dynatune determines how much of the host system's resources are to be used by the database server based upon the host machine's total available resources and the intended usage of the host machine.When Advanced Server is initially installed, the edb_dynatune parameter is set in accordance with the selected usage of the host machine on which it was installed - i.e., development machine, mixed use machine, or dedicated server. For most purposes, there is no need for the database administrator to adjust the various configuration parameters in the postgresql.conf file in order to improve performance.You can change the value of the edb_dynatune parameter after the initial installation of Advanced Server by editing the postgresql.conf file. The postmaster must be restarted in order for the new configuration to take effect.The edb_dynatune parameter can be set to any integer value between 0 and 100, inclusive. A value of 0, turns off the dynamic tuning feature thereby leaving the database server resource usage totally under the control of the other configuration parameters in the postgresql.conf file.Once a value of edb_dynatune is selected, database server performance can be further fine-tuned by adjusting the other configuration parameters in the postgresql.conf file. Any adjusted setting overrides the corresponding value chosen by edb_dynatune. You can change the value of a parameter by un-commenting the configuration parameter, specifying the desired value, and restarting the database server.8.1.2 edb_dynatune_profileThe edb_dynatune_profile parameter is used to control tuning aspects based upon the expected workload profile on the database server. This parameter takes effect upon startup of the database server.The possible values for edb_dynatune_profile are:
8.2 EDB Wait StatesThe EDB wait states contribution module contains two main components.This information is saved in a set of files in a user-configurable path and directory folder given by the edb_wait_states.directory parameter to be added to the postgresql.conf file. The specified path must be a full, absolute path and not a relative path.EDB wait states is installed with the edb-asxx-server-edb-modules RPM package where xx is the Advanced Server version number.To launch the worker, it must be registered in the postgresql.conf file using the shared_preload_libraries parameter, for example:To terminate the EDB wait states worker, remove $libdir/edb_wait_states from the shared_preload_libraries parameter and restart the database server.
EDB Clone Schema is an extension module for Advanced Server that allows you to copy a schema and its database objects from a local or remote database (the source database) to a receiving database (the target database).
9.1 Setup ProcessIn addition, some configuration parameters in the postgresql.conf file of the database servers may benefit from some modification.Step 1: The following extensions must be installed on the database:
The EDB Clone Schema functions are created in the edb_util schema when the parallel_clone and edb_cloneschema extensions are installed.
10 PL/JavaThe PL/Java package provides access to Java stored procedures, triggers, and functions via the JDBC interface. Unless otherwise noted, the commands and paths noted in the following section assume that you have performed an installation with the edb-asxx-pljava RPM package where xx is the Advanced Server version number.
Step 1: Edit the postgresql.conf file located under the data directory of your Advanced Server installation and add (or modify) the following settings:pljava.classpath = 'path_to_pljava.jar'pljava.libjvm_location = 'path_to_libjvm.so'Where path_to_pljava.jar specifies the location of the pljava.jar file and path_to_libjvm.so specifies the location of the libjvm.so file.Step 2: Restart the database server.Step 3: You can use the CREATE EXTENSION command to install PL/Java. To install the PL/Java extension, login to the database in which you want to install PL/Java with the psql or pgAdmin client, and invoke the following command:Step 4: To confirm that PL/Java is installed, invoke the following command:The edb-psql client displays two rows indicating that java and javau (Java Untrusted) have been installed in the database.
Step 1: Edit the postgresql.conf file and add (or modify) the following settings:pljava.classpath = 'POSTGRES_INSTALL_HOME\lib\pljava.jar'pljava.libjvm_location = 'path_to_libjvm.so'Where POSTGRES_INSTALL_HOME specifies the location of the Advanced Server installation. For example, the following is the configuration setting for a default installation:Step 2: Restart the database server.Step 3: Modify the PATH setting used by the server, adding the following two entries:Where JRE_HOME specifies the installation directory of your Java runtime environment. If you have a Java development kit, substitute the location of $JDK_HOME/jre for JRE_HOME.Step 4: Use the Postgres CREATE EXTENSION command to install PL/Java. To run the installation script, use the psql or pgAdmin client to connect to the database in which you wish to install PL/Java and invoke the following command:Step 5: To confirm that PL/Java is installed, invoke the following command:
10.3 Using PL/JavaTo create a PL/Java program, you must first create a Java class that contains at least one static method, and then you must compile that class into a .class or .jar file. Next, you declare the Java function within SQL using the CREATE FUNCTION command. The CREATE FUNCTION command gives a SQL name to the function and associates the compiled class (and method name) with that function name.When invoked, getsysprop will execute the getProperty (static) method defined within the java.lang.System class.The example that follows demonstrates the procedures used to create and install a simple HelloWorld program:Step 1: Save the following code sample to a file named HelloWorld.java:Step 2: Compile the file.Step 3: Create an archive file (a JAR file) named helloworld.jar:Step 4: Open the edb-psql client, and install the jar file with the following command:SELECT sqlj.install_jar('file:///file_path/helloworld.jar', 'helloworld', true);Where file_path is the directory containing the helloworld.jar file. For example, if the /tmp directory is the file_path:To confirm that the jar file has been loaded correctly, perform a SELECT statement on the sqlj.jar_entry and sqlj.jar_repository tables.Step 5: Set the classpath as:Step 6: Create a function that uses Java to call the static function declared in the jar file:Step 7: Execute the function:
Advanced Server includes enhanced SQL functionality and various other features that provide additional flexibility and convenience. This chapter discusses some of these additions.
11.1 COMMENTIn addition to commenting on objects supported by the PostgreSQL COMMENT command, Advanced Server supports comments on additional object types. The complete supported syntax is:COMMENT ON
{
AGGREGATE aggregate_name ( aggregate_signature ) |
CAST (source_type AS target_type) |
COLLATION object_name |
COLUMN relation_name.column_name |
CONSTRAINT constraint_name ON table_name |
CONSTRAINT constraint_name ON DOMAIN domain_name |
CONVERSION object_name |
DATABASE object_name |
DOMAIN object_name |
EXTENSION object_name |
EVENT TRIGGER object_name |
FOREIGN DATA WRAPPER object_name |
FOREIGN TABLE object_name |
FUNCTION func_name ([[argmode] [argname] argtype [, ...]])|
INDEX object_name |
LARGE OBJECT large_object_oid |
MATERIALIZED VIEW object_name |
OPERATOR operator_name (left_type, right_type) |
OPERATOR CLASS object_name USING index_method |
OPERATOR FAMILY object_name USING index_method |
PACKAGE object_name
POLICY policy_name ON table_name |
[ PROCEDURAL ] LANGUAGE object_name |
PROCEDURE proc_name [([[argmode] [argname] argtype [, ...]])]
PUBLIC SYNONYM object_name
ROLE object_name |
RULE rule_name ON table_name |
SCHEMA object_name |
SEQUENCE object_name |
SERVER object_name |
TABLE object_name |
TABLESPACE object_name |
TEXT SEARCH CONFIGURATION object_name |
TEXT SEARCH DICTIONARY object_name |
TEXT SEARCH PARSER object_name |
TEXT SEARCH TEMPLATE object_name |
TRANSFORM FOR type_name LANGUAGE lang_name |
TRIGGER trigger_name ON table_name |
TYPE object_name |
VIEW object_name
} IS 'text'* |
[ argmode ] [ argname ] argtype [ , ... ] |
[ [ argmode ] [ argname ] argtype [ , ... ] ]
ORDER BY [ argmode ] [ argname ] argtype [ , ... ]Include the AGGREGATE clause to create a comment about an aggregate. aggregate_name specifies the name of an aggregate, and aggregate_signature specifies the associated signature in one of the following forms:* |
[ argmode ] [ argname ] argtype [ , ... ] |
[ [ argmode ] [ argname ] argtype [ , ... ] ]
ORDER BY [ argmode ] [ argname ] argtype [ , ... ]Where argmode is the mode of a function, procedure, or aggregate argument; argmode may be IN, OUT, INOUT, or VARIADIC. If omitted, the default is IN.argname is the name of an aggregate argument.argtype is the data type of an aggregate argument.Include the CAST clause to create a comment about a cast. When creating a comment about a cast, source_type specifies the source data type of the cast, and target_type specifies the target data type of the cast.Include the COLUMN clause to create a comment about a column. column_name specifies name of the column to which the comment applies. relation_name is the table, view, composite type, or foreign table in which a column resides.Include the CONSTRAINT clause to add a comment about a constraint. When creating a comment about a constraint, constraint_name specifies the name of the constraint; table_name or domain_name specifies the name of the table or domain on which the constraint is defined.Include the FUNCTION clause to add a comment about a function. func_name specifies the name of the function. argmode specifies the mode of the function; argmode may be IN, OUT, INOUT, or VARIADIC. If omitted, the default is IN. argname specifies the name of a function, procedure, or aggregate argument. argtype specifies the data type of a function, procedure, or aggregate argument.large_object_oid is the system-assigned OID of the large object about which you are commenting.Include the OPERATOR clause to add a comment about an operator. operator_name specifies the (optionally schema-qualified) name of an operator on which you are commenting. left_type and right_type are the (optionally schema-qualified) data type(s) of the operator's arguments.Include the OPERATOR CLASS clause to add a comment about an operator class. object_name specifies the (optionally schema-qualified) name of an operator on which you are commenting. index_method specifies the associated index method of the operator class.Include the OPERATOR FAMILY clause to add a comment about an operator family. object_name specifies the (optionally schema-qualified) name of an operator family on which you are commenting. index_method specifies the associated index method of the operator family.Include the POLICY clause to add a comment about a policy. policy_name specifies the name of the policy, and table_name specifies the table that the policy is associated with.Include the PROCEDURE clause to add a comment about a procedure. proc_name specifies the name of the procedure. argmode specifies the mode of the procedure; argmode may be IN, OUT, INOUT, or VARIADIC. If omitted, the default is IN. argname specifies the name of a function, procedure, or aggregate argument. argtype specifies the data type of a function, procedure, or aggregate argument.Include the RULE clause to specify a COMMENT on a rule. rule_name specifies the name of the rule, and table_name specifies the name of the table on which the rule is defined.Include the TRANSFORM FOR clause to specify a COMMENT on a TRANSFORM. type_name specifies the name of the data type of the transform and lang_name specifies the name of the language of the transform.Include the TRIGGER clause to specify a COMMENT on a trigger. trigger_name specifies the name of the trigger, and table_name specifies the name of the table on which the trigger is defined.For more information about using the COMMENT command, please see the PostgreSQL core documentation at:
The text string output of the version() function displays the name of the product, its version, and the host system on which it has been installed.For Advanced Server, the version() output is in a format similar to the PostgreSQL community version in that the first text word is PostgreSQL instead of EnterpriseDB as in Advanced Server version 10 and earlier.
Prior to Advanced Server 11, a system catalog named dbo was available. The dbo system catalog contained views of database objects for similarity with Microsoft® SQL Server®.Now, for Advanced Server neither the dbo system catalog nor a schema named dbo exist in any database.If it is desired to have such a schema with its SQL Server compatible views, use the CREATE EXTENSION edb_dbo command to create the dbo schema and its content.The following example shows the creation of the dbo schema and its views:
12.1 edb_dirThe edb_dir table contains one row for each alias that points to a directory created with the CREATE DIRECTORY command. A directory is an alias for a pathname that allows a user limited access to the host file system.You can use a directory to fence a user into a specific directory tree within the file system. For example, the UTL_FILE package offers functions that permit a user to read and write files and directories in the host file system, but only allows access to paths that the database administrator has granted access to via a CREATE DIRECTORY command.
The edb_all_resource_groups table contains one row for each resource group created with the CREATE RESOURCE GROUP command and displays the number of active processes in each resource group.
12.3 edb_password_historyThe edb_password_history table contains one row for each password change. The table is shared across all databases within a cluster.
12.4 edb_policy
12.5 edb_profileThe edb_profile table stores information about the available profiles. edb_profiles is shared across all databases within a cluster.
12.6 edb_redaction_columnThe catalog edb_redaction_column stores information of data redaction policy attached to the columns of the table.
12.7 edb_redaction_policyThe catalog edb_redaction_policy stores information of the redaction policies for tables.
12.8 edb_resource_groupThe edb_resource_group table contains one row for each resource group created with the CREATE RESOURCE GROUP command.
12.9 edb_variableThe edb_variable table contains one row for each package level variable (each variable declared within a package).
12.10 pg_synonymThe pg_synonym table contains one row for each synonym created with the CREATE SYNONYM command or CREATE PUBLIC SYNONYM command.
The product_component_version table contains information about feature compatibility; an application can query this table at installation or run time to verify that features used by the application are available with this deployment.
A keyword is a word that is recognized by the Advanced Server parser as having a special meaning or association. You can use the pg_get_keywords() function to retrieve an up-to-date list of the Advanced Server keywords:pg_get_keywords returns a table containing the keywords recognized by Advanced Server:
