In This Document
- Section 1: Overview of the EBS System Schema
- Section 2: Requirements for Using the EBS System Schema
- Section 3: Migrating to the EBS System Schema
- Section 4: References
Section 1: Overview of the EBS System Schema
The Release 12.2 database architecture has been modernized by adoption of the Oracle E-Business Suite System Schema, EBS_SYSTEM
. Prior to the introduction of the EBS_SYSTEM
schema, Oracle E-Business Suite installed application objects in the Oracle Database SYS
and SYSTEM
schemas. Migration to the EBS System Schema obviates the need for any EBS-owned objects to reside in the SYS
or SYSTEM
schemas.
Key characteristics of the EBS System Schema include:
- Creation of the
EBS_SYSTEM
schema and associated grant management is performed as follows:- Creation of the
EBS_SYSTEM
schema and is performed bySYS
running theadgrants.sql
script (supplying theAPPS
account as the parameter) before applying the AD-TXK Delta 13 (or later) RUPs. - Grants required by the APPS account are run automatically by the AD-TXK Delta 13 (or later) RUP installation process.
- Creation of the
- All EBS database objects that currently reside in the
SYS
orSYSTEM
schemas are migrated to appropriate Oracle E-Business Suite schemas. Depending upon the EBS object type and function, the object is migrated toEBS_SYSTEM
,APPS
, orAPPS_NE
. - All Oracle E-Business Suite administration actions (such as running adop, adadmin and other utilities) are now performed by
EBS_SYSTEM
. - Access to the Oracle database
SYS
andSYSTEM
and the Oracle database server operating system is no longer required for Oracle E-Business Suite system administrative functions. - If any grants need to be fixed after the AD-TXK Delta 13 (or later) RUPs are applied, refer to My Oracle Support Knowledge Document 2758993.1, Managing Database Privileges in Oracle E-Business Suite Release 12.2 (Running adgrants.sql).
Key benefits of migrating to the EBS System Schema include support for the following features:
- Public Oracle Database APIs
- Least Privileges Model for database object access
- Separation of Duties for administrators
- Database service names for application tier database connections
- Oracle Database Unified Auditing
- Easier interoperability across Oracle Database releases
Diagram 1 - The modernized Oracle E-Business Suite database and its key features.
Each of these will be discussed in the subsections below. Be aware that numbering of the subsections is for ease of reference only, and is not intended to reflect any set order of importance.
1.1 Public Oracle Database APIs
As part of the Oracle E-Business Suite System Schema Migration, all Oracle E-Business Suite code is updated to map to public Oracle database dictionary objects and APIs. Utilizing public Oracle database APIs provides further capability to lock down EBS runtime accounts.
1.2 Least Privileges Model for Database Object Access
With the migration to the EBS_SYSTEM
schema and usage of public Oracle Database APIs, runtime accounts may be constrained even further. As part of this feature, unnecessary privileges are revoked from Oracle E-Business Suite application accounts.
1.3 Separation of Duties for Administrators
Migration to the EBS_SYSTEM
schema makes it possible to separate the role of the Oracle E-Business Suite system administrators from database administrators. All Oracle E-Business Suite administration actions (such as running adop, adadmin, and other utilities) will now prompt for the EBS_SYSTEM
password instead of the SYSTEM
password. Highly privileged operations that were previously run by the SYS
or SYSTEM
accounts are now run by EBS_SYSTEM
.
Access to the Oracle database SYS
and SYSTEM
and the Oracle database server operating system is no longer required for Oracle E-Business Suite system administration functions. Database patching may be performed by the Oracle database administrator, and Oracle E-Business Suite patching may be performed by the Oracle E-Business Suite system administrator or applications database administrator (DBA).
The passwords for EBS_SYSTEM
and SYSTEM
must match until after the Completion Patch is successfully applied. Once the Completion Patch has been successfully applied, the password for EBS_SYSTEM
should be changed to be different from the SYSTEM
schema password.
1.4 Database Service Names for Application Tier Database Connections
As part of modernizing the Oracle E-Business Suite, connections from the Oracle E-Business Suite application tier to the Oracle E-Business Suite database are now performed using database service names.
1.5 Support for Oracle Database Unified Auditing
Once all requirements are met, Oracle E-Business Suite customers are now able to utilize Unified Auditing, the latest method for auditing an Oracle Database. With Unified Auditing, audit data is combined into a single audit trail. A new schema, AUDSYS
, is used for storing the Unified Audit Trail. Separation of duties is achieved with multiple database roles to audit configuration and view the audit data.
For additional information, refer to My Oracle Support Knowledge Document 2777404.1, Enabling Unified Auditing in Oracle E-Business Suite Release 12.2 with Oracle Database 19c or 12c.
1.6 Streamline Database Directory Objects
Following migration to EBS System Schema (EBS_SYSTEM
), the APPS
schema will no longer have the ability to create database directory objects. Database directory objects are now created by the EBS_SYSTEM
user.
The following four standard new database directory objects are created with the privileges shown:
Object Name | Privileges |
---|---|
EBS_LOG | Read/Write |
EBS_TEMP | Read/Write |
EBS_INBOUND | Read |
EBS_OUTBOUND | Write |
By default, the database directory objects are mapped to a temporary directory in the $ORACLE_HOME
on the database tier file system. If a large number of files are written to this directory, your $ORACLE_HOME
database tier file system may reach capacity: it is therefore recommended that you instead map the database directory objects to a secure location in a separate mount point from your $ORACLE_HOME
database tier file system. For more information, refer to the Oracle Database documentation for your specific database release.
1.7 Interoperabilty Across Oracle Database Releases
Oracle E-Business Suite uptake of database releases will be made easier by EBS only referencing public database views and APIs.Section 2: Requirements for Using the EBS System Schema
2.1 Prerequisites
To use the EBS System Schema, you need to be on Oracle E-Business Suite Release 12.2.3 or later.
2.2 Mandatory Patches and Steps
You must have available the following release update packs (RUPs) and other patches, ready to apply below in Section 3, in the order shown here.
- AD and TXK Delta 13 (or later) — Support for EBS System Schema Migration was introduced in the Oracle Applications DBA (AD) and Oracle E-Business Suite Technology Stack (TXK) Delta 13 release update packs. Earlier releases of AD and TXK included database objects owned by AD or TXK that resided in the Oracle Database
SYS
orSYSTEM
schemas, and also included references to private Oracle databaseSYS
orSYSTEM
objects.
With AD and TXK Delta 13 (or later), EBS database objects are migrated fromSYS
andSYSTEM
into theEBS_SYSTEM
,APPS
, orAPPS_NE
schemas. All relevant object references are updated to point to the migrated objects in theAPPS
orAPPS_NE
schemas.
AD and TXK Delta 13 (or later) also update all code that previously referenced private Oracle DatabaseSYS
andSYSTEM
objects, to reference Oracle Database approved public objects or public APIs instead. - EBS Release 12.2.11 (or later), or EBS Releases 12.2.3 to 12.2.10 plus EBS System Schema Migration Consolidated Patch — Oracle E-Business Suite Releases 12.2.3 to 12.2.10 include EBS-owned database objects that reside in the database
SYS
orSYSTEM
schemas, or reference databaseSYS
orSYSTEM
objects. The EBS System Schema Migration Consolidated Patch (also referred to as the Consolidated Patch) migrates these objects to the appropriate EBS schemas. Note that EBS Release 12.2.11 (and later) include the Consolidated Patch.Note: Oracle E-Business Suite Release 12.2.11 (and later) do not install EBS objects in theSYS
orSYSTEM
schemas, and therefore do not require the EBS System Schema Migration Consolidated Patch. - Before proceeding with application of the final patch in Step 4, you must update any customizations that have been identified with mandatory compliance requirements. For guidance, refer to My Oracle Support Knowledge Document 1577661.1, Developing and Deploying Customizations in Oracle E-Business Suite Release 12.2.
- EBS System Schema Migration Completion Patch — Although it is possible to apply AD-TXK Delta 13 and the EBS System Schema Migration Consolidated Patch without applying the EBS System Schema Migration Completion Patch immediately afterwards, the migration is not finished until the Completion Patch has been applied. This patch drops AD, TXK, and EBS product code in the database
SYS
orSYSTEM
schemas, and removes any final restricted references to databaseSYS
orSYSTEM
objects.
Prior to applying the Completion Patch, you must apply the following prerequisite patches:- AD-TXK Delta 13 (or later)
- Either the EBS Release 12.2.11 (or later) RUP or the EBS System Schema Migration Consolidated Patch
Diagram 2 - The four major requirements for EBS System Schema Migration.Note: The principles shown in the diagram also apply to AD and TXK RUPs later than Delta 13.Note: Until the Oracle E-Business Suite System Schema Migration Completion Patch (also referred to as the Completion Patch) has been applied, theEBS_SYSTEM
and Oracle DatabaseSYSTEM
schema passwords must be identical. This requirement is for backward compatibility, until all EBS code has been migrated from theSYS
orSYSTEM
schemas. Diagram 3 depicts when theEBS_SYSTEM
andSYSTEM
passwords must be identical.
Diagram 3 - The need for theEBS_SYSTEM
andSYSTEM
passwords to match.Note: The principles shown in the diagram also apply to AD and TXK RUPs later than Delta 13.Note: After the Completion Patch has been applied, theEBS_SYSTEM
and Oracle Database SYSTEM passwords can be different, and we recommend that they are. Diagram 4 depicts when it is recommended to update theEBS_SYSTEM
andSYSTEM
passwords to unique values.Diagram 4 - The need to update the
EBS_SYSTEM
andSYSTEM
passwords to have unique (different) values.Note: The principles shown in the diagram also apply to AD and TXK RUPs later than Delta 13.
Section 3: Migrating to the EBS System Schema
Migration consists of several stages, as summarized below.
By performing the applicable steps in this section, you will:
- Apply the latest AD-TXK RUP.
- Either:
- Apply the EBS Release 12.2.11 (or later) RUP.
or: - If remaining on any EBS release from 12.2.3 to 12.2.10 inclusive, apply the EBS System Schema Migration Consolidated Patch.
- Apply the EBS Release 12.2.11 (or later) RUP.
- Update any customizations reported with mandatory compliance requirements for the EBS System Schema migration.
- Apply the EBS System Schema Migration Completion Patch.
3.1 Upgrade Oracle E-Business Suite to Release 12.2.3 or Later
If applicable, upgrade your Oracle E-Business Suite environment to at least Release 12.2.3. We highly recommend that you upgrade to the latest available EBS Release RUP. For more information, refer to My Oracle Support Knowledge Document 1320300.1, Oracle E-Business Suite Release Notes, Release 12.2.
Refer to whichever of these books is relevant to you:
- Oracle E-Business Suite Upgrade Guide Release 11i to 12.2
- Oracle E-Business Suite Upgrade Guide Release 12.0 and 12.1 to 12.2
3.2 Apply Latest AD-TXK RUPs
Apply the latest release update packs for AD and TXK for Release 12.2, by following the instructions in My Oracle Support Knowledge Document 1617461.1, Applying the Latest AD and TXK Release Update Packs to Oracle E-Business Suite Release 12.2. AD and TXK introduced support for EBS System Schema Migration starting with R12.AD.C.Delta.13 and R12.TXK.C.Delta.13.
3.3 Apply Either EBS Release 12.2.11 (or later), or Consolidated Patch for Releases 12.2.3 to 12.2.10
If you are are on an Oracle E-Business Suite release from 12.2.3 to 12.2.10 inclusive, we recommend upgrading to Release 12.2.11 by applying the EBS 12.2.11 (or later) RUP. If you are not currently planning to upgrade to Release 12.2.11 (or later), you must apply the EBS System Schema Migration Consolidated Patch, Patch 31817501. For instructions, refer to My Oracle Support Knowledge Document 2774309.1, Applying the Oracle E-Business Suite Consolidated Patch for EBS System Schema Migration.
3.4 Remove Customization Dependencies on Database SYS or SYSTEM Objects
3.4.1 Mandatory Steps
Run the Oracle E-Business Suite System Schema Migration Compliance Checker report, ADSYSCC.sql
, and remove or update any of your customizations that would give errors on running the EBS System Schema Migration Completion Patch. For detailed instructions, refer to My Oracle Support Knowledge Document 1577661.1, Developing and Deploying Customizations in Oracle E-Business Suite Release 12.
3.4.2 Optional Steps
Run the Oracle E-Business Suite System Schema Migration Compliance Checker report, ADSYSCC.sql
, and remove or update any of your customizations that are identified with mandatory compliance requirements and would result in invalid database objects for your customizations.
3.5 Apply EBS System Schema Migration Completion Patch
Before the Oracle E-Business Suite System Schema Migration Completion Patch ("Completion Patch") can be applied, all EBS code must have been migrated from the SYS or SYSTEM schemas to the APPS or APPS_NE schemas. To finish the migration process, the EBS System Schema Migration Completion Patch will drop all EBS code that resides in the SYS or SYSTEM accounts.
Consequently, before you apply the Completion Patch, any custom code that points to EBS-defined objects in Oracle Database system accounts must be updated to point to the appropriate migrated EBS-defined objects in EBS-defined schemas. Failure to do so will result in invalid database objects for your custom code.
Apply the Oracle E-Business Suite System Schema Migration Completion Patch (Patch 32573930) by following the steps below.
- Source the run edition applications environment:
UNIX: - Before proceeding with application of the Completion Patch, perform a full adop cleanup by running the following command:
- Run the EBS System Schema Migration Compliance Checker,
ADSYSCC.sql
. When prompted, enter the APPS schema password.This utility reports all violations of the EBS System Schema Migration Standards. Any EBS violations are fixed by both the EBS Release 12.2.11 (or later) RUP and the EBS System Schema Migration Consolidated Patch. If the report for your environment includes EBS violations after you have applied all mandatory patches (including the Completion Patch), you should log a service request with Oracle Support.$ sqlplus <APPS schema name>@<TWO_TASK> @$AD_TOP/sql/ADSYSCC.sql
You must fix any mandatory compliance violations listed in this report that are part of your custom code. For detailed instructions, refer to My Oracle Support Knowledge Document 1577661.1, Developing and Deploying Customizations in Oracle E-Business Suite Release 12.
- (Conditional) If you have integrated EBS with Oracle Database Vault, disable all existing Oracle Database Vault realms by navigating to the
$FND_TOP/patch/115/sql
directory and running thefnddbvstatus.sql
script as follows:For more information, refer to Appendix A, Management Scripts, in the following My Oracle Support knowledge documents:SQL> @fnddbvstatus.sql DISABLE
- Document 2131435.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Database Vault 12c
- Document 2617770.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Database Vault 19c
- Apply the Completion Patch by running the following adop command, as shown in this UNIX example:
- Run the
adsysmigclnup.sql
cleanup script on the database tier by performing substeps a to d below. This will drop AD objects from theSYS
schema and revoke the associated privileges.- Create
<ORACLE_HOME>/appsutil/admin
on the database server. - Copy
<AD_TOP>/patch/115/sql/adsysmigclnup.sql
to the database tier<ORACLE_HOME>/appsutil/admin
directory using the appropriate command for your system:
UNIX: - Set the environment to point to the
$ORACLE_HOME
on the database server. - Use SQL*Plus to run the cleanup script as follows.
UNIX:Windows:$ sqlplus /nolog
SQL> @$ORACLE_HOME/appsutil/admin/adsysmigclnup.sql <APPS schema name>C:\> sqlplus /nolog
SQL> @%ORACLE_HOME%\appsutil\admin\adsysmigclnup.sql <APPS schema name>Note: If you find new invalid objects after performing the above steps, compile the invalid objects by running$ORACLE_HOME/rdbms/admin/utlrp.sql
as theSYS
user.Note: If you have Oracle Database Vault enabled, you may see an error message like the following in the report produced after the cleanup script runs:revoke READ on SYS.DUAL from "DVSYS" ERROR ORA-01031: insufficient privileges
Such errors can be safely ignored.
Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production - (Conditional) If you are using a multitenant database on UNIX and set
ORACLE_PDB_SID
in step c, you must unset it now:$ unset ORACLE_PDB_SID
Windows:$ cp $AD_TOP/patch/115/sql/adsysmigclnup.sql $ORACLE_HOME/appsutil/admin
C:\> copy %AD_TOP%\patch\115\sql\adsysmigclnup.sql %ORACLE_HOME%\appsutil\admin
Note: If the database is multitenant, source using the following steps as applicable for your environment.
UNIX:Windows:$ source $ORACLE_HOME/<CDB_NAME>_<NODE_NAME>.env
$ export ORACLE_PDB_SID=<EBS_PDB_Name>C:\> %ORACLE_HOME%\<EBS_PDB_Name>_<NODE_NAME>.cmd
- Create
- After you have applied the Completion Patch, you should change the
EBS_SYSTEM
password andSYSTEM
passwords by running substeps a to c below. We recommend that you set the two passwords to unique values (i.e. different from each other).- On the application tier, source the environment using the appropriate command for your system:
UNIX:Windows:$ . <INSTALL_BASE>/EBSapps.env run
Still on the application tier, change theC:\> <INSTALL_BASE>\EBSapps.cmd run
EBS_SYSTEM
schema password to be different from that of theSYSTEM
schema password, and provide the new password only to DBAs who specifically require access to theSYSTEM
account:$ sqlplus EBS_SYSTEM/<EBS_SYSTEM PASSWORD>
SQL> alter user EBS_SYSTEM identified by <NEW PASSWORD>; - On the database tier, set the environment using the appropriate command for your system:
UNIX:Windows:$ . $ORACLE_HOME/<CDB SID>_<HOST>.env
C:\> %ORACLE_HOME%\<CDB_SID>_<HOST>.cmd
- Still on the database tier, change the
SYSTEM
schema password, and provide the new password only to DBAs who specifically require access to theSYSTEM
account.
$ sqlplus SYSTEM/<SYSTEM PASSWORD>
;
SQL> alter user SYSTEM identified by <NEW PASSWORD>Note: If your EBS instance is integrated with Oracle Database Vault, connect as the<DV_ACCTMGR>
user instead of theSYSTEM
user. - On the application tier, source the environment using the appropriate command for your system:
- Validate
adop
by performing substeps (a) and (b) below.- Source the run edition applications environment.
UNIX:Windows:$ . <INSTALL_BASE>/EBSapps.env run
C:\> <INSTALL_BASE>\EBSapps.cmd run
- Run the command:
$ adop -validate
- Source the run edition applications environment.
- (Conditional) Integrate Oracle E-Business Suite with Oracle Database Vault using
EBS_SYSTEM
.
If you have previously integrated EBS with Oracle Database Vault, follow subsection (a) below. If you have not previously performed such an integration but would like to do so now, follow subsection (b).- Existing Integration with Oracle Database Vault
- Enable Oracle Database Vault by navigating to the
$FND_TOP/patch/115/sql
directory and running the following command:SQL> @fnddbvstatus.sql ENABLE
- Download and apply Patch 33267691:R12.AD.C.
- Follow Section 3: Integrate Oracle Database Vault with Oracle E-Business Suite Release 12.2 in My Oracle Support knowledge Document 2727580.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Database Vault using EBS_SYSTEM.
- Enable Oracle Database Vault by navigating to the
- New Integration with Oracle Database Vault
Follow the instructions in My Oracle Support Knowledge Document 2727580.1, Integrating Oracle E-Business Suite Release 12.2 with Oracle Database Vault using EBS_SYSTEM.
- Existing Integration with Oracle Database Vault
$ <INSTALL_BASE>/EBSapps.env run
C:\> <INSTALL_BASE>\EBSapps.cmd run
$ adop phase=cleanup cleanup_mode=full
If after applying the completion patch there are reported violations with EBS code, log a service request with Oracle Support to obtain assistance.
$ adop phase=apply patches=32573930 apply_mode=hotpatch options=forceapply,nocopyportion,nogenerateportion
EBS_SYSTEM
and SYSTEM
schemas.To apply the completion patch successfully, the SYSTEM
and EBS_SYSTEM
passwords must be the same.Oracle E-Business Suite Release 12.2 System Schema Migration (Doc ID 2755875.1)
No comments:
Post a Comment