Sunday, July 1, 2018

OUD Interview Questions & Answers

OUD Interview Questions & Answers



Q: What are the architectural differences between Oracle Unified Directory and Oracle Internet Directory?

Oracle Internet Directory stores identity and policy store data in back end database. You have to configure ODS schema for OID to use it. Oracle Unified Directory on the other hand stores the data in its own database known as Berkeley Database which is a Java based database. OID provides monolithic scalability and supports Exadata for large deployments while OUD provides horizontal scalability that allows you to add multiple
instances with options of data partitioning.

Q: Can you integrate Oracle Unified Directory with third party directories such as Active Directory?
Yes. Oracle Unified Directory can be integrated with third party directories using Directory Integration Protocol (DIP).

Q: Can you configure replication between Oracle Unified Directory and Oracle Internet Directory?
No. As of release 11.1.2.3.0, replication can be configured between two or more Oracle Unified Directory instances only. No other LDAP provider can be used in conjunction with OUD for the purpose of replication.

Q: Along with the directory server capabilities, what are the other functions that Oracle Unified Directory can perform?

Oracle Unified Directory is a next generation LDAP v3 compliant all-in-one solution for all directory requirements such as storage, proxy, virtualisation and synchronisation.

Q: Is it possible to configure LDAP Sync in OIM to synchronize users and groups in Oracle Unified Directory?

Yes. You can configure LDAP Sync operation between Oracle Identity Manager and Oracle Unified Directory to synchronise users and roles to and for.

Q: What are the things to be considered when migrating data from Oracle Internet Directory to Oracle Unified Directory?

If Oracle Internet Directory is used as an enterprise directory store, the user and group information can be exported and imported in to Oracle Unified Directory using simple ldif export and import. The data from OID instances that hold application data such as EBS and Ossocan not be migrated to OUD.

Q: Can OUD be used to store application policy data that can be used by Oracle Entitlements Server?

Yes. Oracle Unified Directory can be used as an identity store as well as policy store.

Q: What is the web based LDAP Browser supported by Oracle?

Oracle Unified Directory comes with optional Oracle Directory Services Manager. ODSM is the Oracle recommended LDAP explorer to browse through the contents of Oracle Unified Directory. Along with user and group management, it provides the capabilities to modify schema, root users, logging, password policy management etc.

Q: Can you use the same Oracle Directory Services Manager (ODSM) instance to manage Oracle Internet Directory and Oracle Unified Directory?

No. Oracle provides separate Oracle Directory Services Managers to manage Oracle Unified Directory and Oracle Internet Directory.

Q: Explain how does Oracle Unified Directory support horizontal scalability?

For large deployments, Oracle Unified Directory allows you to add multiple instances with option for data distribution. With its unique proxy, synchronisation and virtualisation capabilities, Oracle Unified Directory provides various deployment options that you select to achieve the best suitable architecture for your deployment.

Q: What are the various ways in which you can monitor Oracle Unified Directory?

Oracle Unified Directory comes with an optional component Oracle Directory Services Manager with which you can monitor basic performance attributes such as operations completed per second, latency etc. It can also be monitored with Oracle Enterprise Manager Cloud Control with Oracle Unified Directory Agent. The latter option provides you the detailed monitoring.

Q: Where does Oracle Unified Directory store all the data?
Oracle Unified Directory uses Berkeley database Java Edition in its backend which provides one global Java based approach to OUD. (It allows you to manage more data on disk and in memory for a given hardware configuration. It improves OUD performance by its indexes, caching and file system.)

Q: Oracle WebLogic Server does not provide a straight-forward authentication provider to configure Oracle Unified Directory as an identity store. Which authentication provider can you use instead?

To configure Oracle Unified Directory as an identity store in WebLogic server, we can use IPlanetAuthenticator from the drop down list of authentication providers.

Q: By default, Oracle Unified Directory is configured to use at least two ports. What are these default port numbers and why do you need them?

By default, Oracle Unified Directory is configured to allow access via ports 4444 and 1389. Port 4444 is used by Administration connector while 1389 is used by LDAP Connection handler. Oracle Unified Directory provides two different ports to clearly distinguish the administration traffic from the rest of the traffic.

Q: What is a root user in Oracle Unified Directory? What is the default root user? Can you create your own root users?

Root users are special users that have the ability to bypass access controls and other restrictions. This concept is very similar to root users in unix. Root users are for administrative and management tasks. Oracle Unified Directory comes with a default root user which is cn=Directory manager. You can create multiple root users as per your needs.

Q: What are virtual attributes in Oracle Unified Directory? Give an example of a virtual attribute.

Virtual attributes do not persist any values in the database. Instead the values are generated dynamically at run time. Virtual attribute provider contains the logic used to evaluate the value at run time. Following virtual attributes are supported by OracleUnified Directory:
 entryDN
 entryUUID
 hasSubordinates
 isMemberOf
 member
 numSubordinates
 subschemaSubentry
 User-defined

Q: How can you identify if Oracle Unified Directory server instance is not performing up to the required standards?

Oracle Unified Directory logs every access request in access logs with corresponding etime values. Etime values indicate elapsed time in milliseconds to process a request. Higher etime values show that the server takes longer time to process incoming requests.

Q: Can you restrict a directory user to view only a set of attributes and not all?

Yes. It is possible to restrict users to retrieve only a few attributes using the feature called Access Control Lists.

Q : Does Oracle Unified Directory support Operational Attributes? If yes, how can you retrieve them?

Yes. Oracle Unified Directory supports Operational attributes. According to LDAP standards, we can retrieve all of them corresponding to an entry by appending “+” at the end of the ldapsearch request.

Q: Can we detect conflicts in the Oracle unified directory? If yes, then How?

Yes, we can detect conflicts in Oracle unified directory. In order to detect conflicts we need to run the following command:-
ldapsearch -h host -p <port no> -D "cn=directory manager" --useSSL --trustAll -b "dc=example,dc=com" -w<password for Directory Manager> ds-sync-conflict=* dssync- conflict

Q : How to check the replication status between different Oracle unified Directory servers?

To check the replication status we run the following command dsreplication status {The command needs some manual inputs like admin UUID password hostname etc.}
The output will return below mentioned attributes-
Server: Lists the LDAP servers in the topology and the port on which they are listening for LDAP connections.
Entries: Indicates the number of entries on each server for the specified base DN. If the information in this column is different across all the servers, the replication topology is not synchronized.
M.C: Indicates the number of updates already pushed by the other LDAP servers in the topology, but not yet replayed on the specified LDAP server. If this number is high on a particular server, investigate the latency of that server.
A.O.M.C: Specifies the approximate date of the oldest update pushed by the other directory servers in the topology, but not yet processed on the specified LDAP server.
Port: Indicates the port of the replication server (if any) that is configured in the instance.
Usually the LDAP servers in the instance are connected to it.
Status: The status will return one of the value (Normal, Late, Full Update, Bad Data Set, Not Connected, Unknown, Invalid)

Oracle OAM Interview Questions & Answers

Oracle OAM Interview Questions & Answers



Q: Describe the Architecture of OAM 11g?

The Oracle Access Manager resides on the Oracle WebLogic Administration Server (known as AdminServer). WebLogic Managed Servers hosting OAM runtime instances are known as OAM Servers. OAM 11g is a J2EE application.
Following Components are involved in OAM
1. Webgate
2. OAM Server
3. OAM Console
Oracle Access Manager (OAM) provides centralized, policy-driven services for authentication, single sign-on (SSO), and identity assertion.

Q: What is WebGate Agent?

OAM agent, also known as WebGate is a pre-packaged web server plugin which communicates with OAM server. There are two versions of OAM Agents, namely 11g WebGates and 10g WebGates.

Q: What is SSO?

SSO (Single Sign On), provides the ability to login to one application once, and login to same/other applications linked to same OAM without prompting for password.

Q: What is the difference between authentication and authorization in OAM?

Authentication is to check if users identity by obtaining some credentials and it will always followed by Authorization process. Authorization is to allow/disallow authenticated user to access application/pages they have access to.

Q: What is authorization module in OAM?

An authorization policy/module is to specify the conditions under which a subject or identity has access to a particular resource.

Q: How many types of resources are available in OAM and what is the use of Resources?

1. Protected Resource -- URL's protected by OAM
2. Public Resource -- URL's not protected by OAM (Public)

Q: What is the use of anonymous scheme in OAM?

Unprotected resources must be included in an authentication policy that uses an authentication scheme with a protection level of 0. Most often this will be the anonymous authentication scheme.

Q: What is the major difference between OAM 10g and OAM 11g?

1. Architecture Components
11g: Agents: Webgate, Access Client, mod_osso, and IAMSuiteAgent, OAM Server, Oracle Access Manager Console (installed on WebLogic Administration Server)
10g: Resource Webgate (RWG), Authentication Webgate (AWG),AccessGate, Access Server, Policy Manager
2. OAM 11g uses, Host-based authentication cookie where as 10g users Domain- based Cookie.
3. Cryptographic keys is one per agent in OAM 11g, One global shared secret key for all Webgates in OAM 10g

Q: What is the use of Host Identifier?

Policies protect resources on computer hosts. Within Oracle Access Manager, the computer host is specified independently using a host identifier.

Q: What is persistent session management is OAM?

The session is created in the distributed in-memory cache. A copy is available in the local in-memory cache on the computer hosting the resource. If session persistence to database is enabled, the session is also written to the database.

Q: Explain the process of protecting web application using OAM and SSO login flow?
1. Register the Webgate Agent
2. Copy Generated Files and Artifacts to the Webgate Instance Location

Q: What are Header Variables and how it is useful?

Depending on the actions (responses in Access Manager) specified for authentication success and authentication failure, the user may be redirected to a specific URL, or user information might be passed on to other applications through a header variable or a cookie value.

Q: What is the difference between Access Gate and Web Gate?
1. A WebGate is a web-server plug-in for Oracle Access Manager (OAM) that intercepts HTTP requests and forwards them to the Access Server for authentication and authorization.
2. AccessGate is custom access client developed using AccessSDK to protect non web-based applications protected by OAM 11g

Q: What is authentication Policy in OAM?

authentication policies are used to protect specific resources. The authentication policy provides the sole authentication method for resources governed by the policy.Each authentication policy defines the type of verification that must be performed to provide a sufficient level of trust for Access Manager to grant access to the user making the request.

Q: Explain the high level steps for Integrating E-Biz R12.2 with OAM 11gR2?

1. Install Database for OAM/OID
2. Run RCU
3. Install Weblogic, IDAM, OID and OHS
4. Create Domain for OAM and OID
5. Upgrade OPSS
6. Create DIP to integrate AD to OID
7. Apply EBS 12.2 patches for OAM
6. Install and Configure Access Gate on 12.2
7. Integrate EBS to OID

Q: What is the difference between SSO and ESSO?
SSO is to enable Single Sign On on Oracle Products and ESSO is to enable Single Sign On on both oracle and non-oracle products including Desktop, Windows password reset etc.,

Q: What are different types of Identity Store?
1. System Identity Store -- Used to authenticate System users like weblogic
2. Default Identity Store -- Used as default authentication for other users/applictions

Q: What is the use of Reverse Proxy?

A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. Typically a reverse proxy is used to hide application server from end-users and/or for URL masking.

Q: Name some new features of OAM11gR2?

Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.
Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.
Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.
Delegated Administration -- The ability to select users who can administer their own application domains.
Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.
Session Management -- Ability to set idle session timeout's at the application domain level

Oracle IDM Questions & Answers

Oracle IDM Questions & Answers



Q: What is an Identity?

An identity is the virtual representation of an enterprise resource user including employees, customers, partners and vendors. Identity Management shows the rights and relationships the user has when interacting with a company’s network.

Q: What are the benefits of Identity Management?

Centralized auditing and reporting – Know who did what and report on system usage.
Reduce IT operating costs – Immediate return on investment is realized by eliminating the use of paper forms, phone calls and wait time for new account generation and enabling user self service and password management.
Minimize Security Risk – Control access to the network and instantaneously update accounts in a complex enterprise environment including: layoffs, acquisitions, partner changes, temporary and contract workers.
Improved quality of IT services
Legal compliance – Many government mandates require secure control of access.

Q: How does Identity Management (IDM) work?

The process involves creating user accounts that are able to be modified, disabled or deleted. Delegated workflows, rules and policies are applied to the users account. A user profile will tell the company: who they are, what they are entitled to do, when they are allowed to perform specific functions, where they are allowed to perform functions from and why they have been granted permissions.

Q4: How are Identity Management Solutions Implemented?

Step 1: Inventory and assess current investments and processes. Clean and consolidate identity data stores. Create virtual identities for enterprise users.
Step 2: Design and deploy identity infrastructure components. Create identity provisioning and deploy password management, user self-service, and regulatory compliance.
Step 3: Deliver applications and services. Access management deployed to a clean environment. Leverage federated identity for improving supply chain and employee efficiencies.

Q: Explain the Architecture of Oracle identity Manager?

The Oracle Identity Manager architecture consists of three tiers
Tier 1: Client: The Oracle Identity Manager application GUI component reside in this tier. Users log in by using the Oracle Identity Manager client.The Oracle Identity Manager client interacts with the Oracle Identity Manager server, providing it with the user's login credentials.
Tier 2: Application Server: The second tier implements the business logic, which resides in the Java Data Objects that are managed by the supported J2EE application server (JBoss application server, BEA WebLogic, and IBM WebSphere). The Java Data Objects implement the business logic of the Oracle Identity Manager application, however, they are not exposed to any methods from the outside world. Therefore, to access the business functionality of Oracle Identity Manager, you can use the API layer within the J2EE infrastructure, which provides the lookup and communication mechanism.
Tier 3: Database: The third tier consists of the database. This is the layer that is responsible for managing the storage of data within Oracle Identity Manager.

Q: What is purpose of Reconciliation Manager?

You can look here for recon data once reconciliation is complete. You can determine whether event received and linked for not.

Q: What is Application Server and Web server?

A Web server exclusively handles HTTP requests, whereas an application server serves business logic to application programs through any number of protocols. Webserver mainly handles the Http requests but app server can be used to handle the http, rmi, TCP/IP and many more protocols. Webserver just handles the requests of the webpage – means suppose, a html page(presentation layer) requests a data - here script is written containing the business logic , then it just give the response with the required data from the database. Then the html page with script is used to show the retrieved information. In case of application server, it does the same thing, of getting and gives the response but it can process the requests. i.e. in this case, instead of script know how to fetch the data, the script is simply used to call the applications server's lookup service to retrieve and process the data. i.e here, application server is used for processing/applying logic. The web server can be considered as the subset of app server
The basic difference between a web server and an application server is
WebServer can execute only web applications i.e. servlets and JSPs and has only a single container known as Web container which is used to interpret/execute web applications
Application server can execute Enterprise application, i,e (servlets, jsps, and EJBs) it is having two containers
1. WebContainer (for interpreting/executing servlets and jsps)
2. EJB container (for executing EJBs). It can perform operations like load balancing, transaction demarcation etc.

Q: What is the purpose of rule designer?

Use this form to create rules that can be applied to password policy selection, automatic group membership, provisioning process selection, task assignment, and prepopulating adapters.

Q: What is Adapter? What Adapters available in OIM?

An adapter is a Java class that is created by an Oracle Identity Manager user through the Adapter Factory.
Process Tasks adapters - automate completion of a process task and are attached to a Process Definition Form ( AD user, OID User, etc)
Entity Adapter - automatically populates a field on the OIM User form or custom User Form on pre-update, pre-delete, pre-insert, post-insert, post- update, or post-delete
Pre-Populate Adapter - specific type of rule generator attached to a user- created form field that can automatically generate data to the form but
does not save that data to the OIM database but does send that information to appropriate directory user object. The data can come from manual entry on a form or from automated entry from the OIM defined forms.
Rule Generator - can populate fields automatically on an OIM form or a user-created form and save to the OIM database based on business rules
Task Assignment Adapter - automates the assignment of a process task to a user or group

Q: What is the difference between OIM 11g and 10g from the high level architecture perspective?

At high level below are the brief differences
a) 10g Request Management has been replaced by SOA composite which has a customized schema accommodating BPEL and Human Task.
b) Reconciliation engine has been re-written in 11g to enhance the performance by introducing the cache mechanism.
c) OES libraries are used as an authorization engine unlike 10g had its own object vs view based authorization.
d) Plugin services platform is introduced in 11g to have easy customization in place which can be somewhat mapped to entity adapter functionality in 10g.
e) Groups in 10g are now called as Roles in 11g with some modifications which makes it like ldap roles.
Some more differences related with notifications, schedulers and etc can be discussed if time permits.

Q: What are the steps to integrate Active Directory with Oracle Identity Manager?

1. Install Active directory connector by
a. Placing the extracted installable at
OIM_HOME/server/ConnectorDefaultDirectory b. Install Connector from sysadmin console
2. Install and Configure the Connector server in AD or in same domain a. Paste the extracted Connector Server installable in AD
b. Install Connector Server using the .msi file
c. Set handshake key using
$CONN_SERVER_HOME/ConnectorServer.exe /setkey d. Stop Connector server service
e. Paste the extracted Connector installable from Step1a to
$CONN_SERVER_HOME/
f. Update the Port in
$CONN_SERVER_HOME/ConnectorServer.exe.Config g. Enable logging if needed
h. Start the service
3. Configure the IT resource for AD connector
4. Configure the IT resource for AD connector server ,update key (2c)
and Port (2f)
5. Run the OU and Group lookup reconciliations
6. Create the Active directory application Instance using Sandbox
7. Run the Entitlement List(from Lookup tables to entitlement table)
and Catalog Sync Jobs
8. Test by provisioning user

Q: What are the possible ways to integrate Approval Workflow for various operations?

In OIM 11g R2 PS3,we can configure OIM to run with or without Approval WFs. This is set by a system property- “Workflows Enabled”. The default configuration being with Approval WFs.
Approval WF rules can be configured for a list of operations on core identity objects like Create User/Modify User/Disable or Enable User/Modify Role/Provision Account etc.
These admin/system defined rules will define which SOA Composite is to be invoked the predefined entity operations. The admin can configure rules with Workflow marked as “NO_WORKFLOW”, if the request is to be directly granted without approvals.
We can leverage a list of SOA composites that are already available with the fresh deployment.
Lifecycle of an operation level request (e.g. – Assign one Role for a single beneficiary)
1. Once the request is submitted/generated the request moves to
“Request Created” stage
2. When the approval workflow is invoked based on the WF rule ,the operation level request moves to “Request Waiting for Approval” stage
3. Approval completion will move the request status to “Request Approved” and Step-4 will follow, if request is rejected by the approver configured, then the request moves to “Request Rejected” state and request ends with no Step - 4
4. Then the requested operation is initiated
In the case of Bulk request that is request containing more than 1 entity, the request will first go for a request level approval (if configured) followed by individual operation level approval as described above.
Prior to this release, Approval policies were used for defining approval process for an operation. But this has now been deprecated.
If OIM has been upgraded from older versions that use Approval policies, it will continue to work.

Q: How Escalation and Reminders notification work in Oracle Identity Manager 11g ?

To enable identity governance functionality it is necessary to have approval process defined for various identity related operations. OIM leverages SOA features along with BPEL(Business Process Execution Language) for accomplishing the business process. Since manual (Approver/IT provisioner) intervention is required for the workflow completion, the business process must have the ability to assign task/request to users or groups, escalate, remind on timely basis, reassign etc. The BPEL process invokes a Human Task whenever a manual intervention is needed in the business process. The Human task contains the logic to escalate, notify, expire the approval task to users/groups. The Human task can send notifications to the configured assignee in the task.

Q: How will you add additional fields on Self Register Form (OIM 10g and OIM 11g) ?

Steps –
1. Login to admin console
2. Create and activate Sandboc
3. Browse to System Entities User
4. Add attribute
5. Export and Publish Sandbox
6. Logout
7. Login to identity console as admin
8. Create a Sandbox
9. Click on Self Service home
10. Click ‘Customize’ option
11. WebComposer is opened in customization page, choose
‘Structure’
12. Select structure close to My Access
13. Select the last gridRow and edit it and enable Show Component
14. List of all unauthenticated pages appear
15. Choose the screen to which we need to add this additional attribute
16. Open Data component – User Registration ->UserVO1
17. Search for the new attribute and add it in the form you wish to display
18. Export and Publish Sandbox

Q: How Approval Policies are different from Access Policies ?

Approval Policies are defined for ensuring the business process for identity governance is in place. Approval policy is a configurable entity of the request management, it maps the request type with a corresponding approval process/workflows. The approval policy can be defined at request level or operational level. Please note that this is been replaced by Approval Workflows in OIM 11g R2 PS3. Access Policies are rules that are assigned to roles, that determine which target system should the user be provisioned/de-provisioned to. It is an effective way to automate provisioning process.

Q: What is the significance of "Create Reconciliation Profile" Button in Oracle Identity Manager 11g ?

Clicking the “Create Reconciliation Profile” will result in copying the
Resource Object (modifications) to MDS

Q: What are Object Reconciliation Rule ?

Recon rules are configurable linking rules that can be defined in OIM for each target system. These are invoked during trusted recon as well as target based recon. Based on the link match, changes fetched from recon event are brought into OIM
Invoked when OIM tries to determine which user/org record is associated with an update during trusted/target recon. These rules are specific to the RO.

Q: Explain the Architecture of OIM ?

OIM is a J2EE web app deployed on Oracle WebLogic Server.Has 4 Tiers
User Interface Tier – 3 consoles (2 browser baser and 1 java thick client for development)
Application Tier – Consists of Identity Self Service and Admin web applications, SPML XSD and REST WS and Java classes that provide the core functionality like identity administration, authorization, provisioning and reconciliation etc
Database Tier -Repository to store identity, requests and other meta data
like access policies’
Connector Tier – Consists of applications and target systems to which you provision/de-provision user accounts, it also includes connector server etc.

Q: How will be remove Validation for duplicate email address ?

System Property – OIM.EmailUniqueCheck is available in OIM 11g
R2 which if set to FALSE , then uniqueness check is not done

Q: Difference between OIM 11g R1 and OIM 11g R2 ?

OIM 11g R2 PS3 has the below features that were not present in R1
1. New Look and feel for Identity console
2. Access Request catalog
3. Approval policies replaced by Approval workflow policies
4. Service capabilities
5. Admin roles for authorization control along with fine grained authz
6. Chained entity LCM introduced
7. Sunrise and Sunset scenarios for provisioned entities
8. Access Policy harvesting introduced
9. Home Organization Policy introduced
10. Lightweight auditing introduced
11. Enhanced self service password capabilities
12. System Property introduced to Enabled/Disable WF
13. Self
14. REST APIs replaces the old SPML interfaces

Q: Difference between OIM 10g and OIM 11g R2 ?

1. SOA replaced the 10g request management
2. Notification providers added like SOA UMS notification
3. ICF based connectors incorporated that helps in easier/flexible development for custom and decoupling for predefined OOTB connectors
4. Plugin services platform is introduced in 11g to have easy customization in place which can be somewhat mapped to entity adapter functionality in 10g.
5. Including the differences b/w 11gR1 & R2 mentioned in earlier question

Q: What is Request Catalog?

It provides a simple, easy to use, web based user interface that allows non-technical business/enterprise users to request access to entities like application instance, entitlements or account permissions, roles. These entities will be configured to be visible (based on business needs) by Catalog administrators (similar to sys admin and sys configurator role).The catalog approach of requesting entities is very similar to the “Shopping cart” experience that all users are well familiar with and hence extremely friendly even for a non technical end user.

Q: What is Request Profile?
Admin can create profiles using the access request catalog, this will enable to group or cluster all relevant entities that are required for a specific (commonly used) task. The end user can directly request for this grouped entities using the request profile and this will save time and avoid confusions.
The submitted request will then go in for a request level approval followed by individual child/operation approvals.

Q: Difference between Application Instance and Resource Object?

Application Instance is a provision-able entity and a new abstraction used in 11g Release 2 (11.1.2.3.0). It is a combination of IT resource instance (target connectivity and connector configuration) and resource object (provisioning mechanism).App Instance will be published or made visible to organizations. They can be requested from the request catalog. Resource object is the virtual representation of the Target system containing all the attributes it holds for an account.

Q: What are Admin Roles?

The security model in OIM works on the basis of the admin role assignment to users. The authorization engine in OIM allows granular delegated administration by allowing administrators to define admin roles and associate them with specific functional capabilities. The custom admin roles can be configured to have definite attribute level permissions and control attribute level visibility. The admin roles are firsts class entity and is not same as enterprise roles.

Q: What are Archival utilities?

The application capabilities in OIM generate huge amount of data and they are managed by either purging or/and archival solutions provided by the product. The utility controls the growth of audit data by purging the data in a logical and consistent manner. Archival solutions are provided by OIM for its entities like Reconciliation, Provisioning tasks, Request, Orchestration, Lightweight audit, Legacy audit.

Q: How do you hide Admin Links for End users from Identity console?

Authorizations in OIM is controlled by Admin roles. Only when end Users are added to the admin roles for which privileges for administration are defined, will the end user get any Admin links.

Oracle Goldengate Interview Questions & Answers

Oracle Goldengate Interview Questions & Answers



Q. What database does GoldenGate support for replication?

-Oracle Database
-TimesTen
-MySQL
-IBM DB2
-Microsoft SQL Server
-Informix
-Teradata
-Sybase
-Enscribe
-SQL/MX
-NOSQL
-INFORMIX

Q. What transaction types does GoldenGate support for Replication?

GoldenGate supports both DML and DDL Replication from the source to target. DDL and DML could be enabled separately without enabling the other transaction types.

Q. What are the GoldenGate setup pre-requisites?

Source:
The following supplemental logging is required. -
Database supplemental logging
Object level supplemental logging (ADD TRANDATA)
Database level GoldenGate user with GoldenGate level privileges for extraction of data from
source database.
Target:
Database level GoldenGate user with GoldenGate level privileges for replication of data to target
database.

Q. Why is Supplemental logging required for Replication?

When a transaction is committed on the source database, only new data is written to the Redo
log. However for Oracle to apply these transactions on the destination database, the before image
key values are required to identify the effected rows. This data is also placed in the trail file and
used to identify the rows on the destination, using the key value the transactions are executed
against them. So to say in few words, to uniquely identify the row Supplemental logging is required.

Q. Why are the Parameter files in GoldenGate?

Parameter files are heartbeat of GoldenGate. GoldenGate process works based on Parameters defined in Parameter files. Every Process in GoldenGate has its own Parameter file.

Q. What is the location of Report files?

The report file for each process is written inside dirrpt. GoldenGate stored 10 latest report file for each process in dirrpt.

Q. Which Parameter id used to housekeep the trail Files of GoldenGate?

PURGEOLDEXTRACTS is used in manager parameter file to housekeep the trail files.

Q. I want to view description regarding a particular Parameter. Is there any parameter in GoldenGate?

From 12.2 onwards u can use parameter INFO PARAM <PARAMETER NAME> in GGSCI.
GGSCI> info param<PARAMETER NAME>

Q. What is data pump process in GoldenGate?

The Data Pump (not to be confused with the Oracle Export Import Data Pump) is an optional secondary Extract group that is created on the source system. When Data Pump is not used, the Extract process writes to a remote trail that is located on the target system using TCP/IP. When Data Pump is configured, the Extract process writes to a local trail and from here Data Pump will read the trail and write the data over the network to the remote trail located on the target system. The advantages of this be it protects against a network failure as in the absence of a storage device on the local system, the Extract process writes data into memory before the same is sent over the network. Any failures in the network could then cause the Extract process to abort (abend). Also, if we are doing any complex data transformation or filtering, the same can be performed by the Data Pump. It will also be useful when we are consolidating data from several sources into one central target where data pump on each individual source system can write to one common trail file on the target.

Q. Where can filtering of data for a column be configured?

Filtering of the columns of a table can be set at the Extract, Pump or Replicat level.

Q. Is it a requirement to configure a PUMP extract process in OGG replication?

PUMP extract is an option, but it is highly recommended to use this to safe guard against network failures. Normally it is configured when you are setting up OGG replication across the network.

Q. List the minimum parameters that can be used to create the extract process?

The following are the minimum required parameters which must be defined in the extract
parameter file.
EXTRACT NAME
USERID
EXTTRAIL
TABLE

Q. What is the command line utility in GoldenGate (or) what is ggsci?

GoldenGate Command Line Interface essential commands – GGSCI
GGSCI — (Oracle) GoldenGate Software Command Interpreter

Q. What type of Encryption is supported in GoldenGate?

Oracle GoldenGate provides 3 types of Encryption.

-Data Encryption using Blow fish.
-Password Encryption in dircrd
-Network Encryption.

Q. What are the different password encryption options available with OGG?
You can encrypt a password in OGG using Blowfish algorithm and Advance Encryption Standard (AES) algorithm

Q. Is there a way to check the syntax of the commands in the parameter file without running the GoldenGate process?

Yes, you can place the SHOWSYNTAX parameter in the parameter file and try starting. If there is any error, you will see it.

Q. What information can you expect when there us data in the discard file?

When data is discarded, the discard file can contain:
Discard row details
Database Errors
Trail file number

Q. What command can be used to switch writing the trail data to a new trail file?

You can use the following command to write the trail data to a new trail file.
SEND EXTRACT ext_name, ROLLOVER

Q. How can you determine if the parameters for a process was recently changed?
Whenever a process is started, the parameters in the.prm file for the process is written to the process REPORT. You can look at the older process reports to view the parameters which were used to start up the process. By comparing the older and the current reports you can identify the changes in the parameters.