Merge remote-tracking branch 'upstream/main'

ahf/ahf-Insights/ahf-commands/diagcollect.md

@@ -161,7 +161,7 @@ You will be prompted to choose:-
 
 
 ## Task 5:  Generate a manual collection using problem chooser
-1.  Simply run the `tfactl diagcollect` command and let the problem chhoser guide you.
+1.  Simply run the `tfactl diagcollect` command and let the problem chooser guide you.
 ```
 <copy>
 tfactl diagcollect
@@ -187,7 +187,8 @@ You can at this point choose one of the detected events to generate a collection
 You will select **ORA-00600** which will do a manual collection for the ORA-00600 
 > Note: This is equivalent to running the ORA-00600 SRDC collection directly.
 
-> Note: It can take a few minutes to complete the collection so now might be a good time to read on and then come back to this at thend if you have time. 
+> Note: It can take a few minutes to complete the collection so now might be a good time to read on and then come back to this at the end if you have time. 
+
 
 Example Command Output:
 

db-23ai-fundamentals/new-ai-vector-search/new-ai-vector-search.md

@@ -257,7 +257,7 @@ In this lab, you will explore the new vector data type introduced in Oracle Data
     ```
     ![insert data](images/vec9.png =50%x*)
 
-8. Now imagine we add a point at (1,0), like the image below. Let's find the closest vectors to that given vector. Remember, we're not interested in the distances. We care about the ids of the rows that're closest to our point.
+8. Now imagine we add a point at (2,0), like the image below. Let's find the closest vectors to that given vector. Remember, we're not interested in the distances. We care about the ids of the rows that're closest to our point.
 
     ![show table](images/image2.png " ")
 

db-23ai-fundamentals/new-developer-role/developer-role-ocw24.md

@@ -10,6 +10,8 @@ Watch the video below for a walkthrough of the lab.
 [Lab walkthrough video](videohub:1_78gqg1b2)
 
 ### Objective:
+As Oracle MovieStreams scales, it needs to streamline its development process. In this lab, you’ll configure a dedicated developer role that aligns with Oracle MovieStreams’ growing needs. 
+
 The objective of this lab is to familiarize you with the Developer Role in Oracle Database 23ai and show you how to enable it. By the end of this lab, you will understand how to use the Developer Role effectively for granting privileges to application users.
 
 ### Prerequisites:
@@ -19,103 +21,44 @@ The objective of this lab is to familiarize you with the Developer Role in Oracl
 
 ## Task 1: Lab setup and understanding the developer role
 
-1. The Developer Role gives us a full set of system privileges, object privileges, predefined roles, PL/SQL package privileges, and tracing privileges required by application developers. It simplifies privilege management and helps keep the database as secure as possible for the development environment. As always, please review the privileges granted and compare with your organizations security protocol.
+**Scenario** Oracle MovieStreams is expanding its development team to include a new developer working on different aspects of the database. To ensure that each developer has the appropriate level of access and to streamline the management of permissions, we will create a new user and grant them the **NEW** Developer role in Oracle Database 23ai. This role will allow developers to perform their tasks without compromising the security or stability of the database.
 
-2. Benefits of Developer Role:
-   - **Least-Privilege Principle**: Granting the Developer Role follows the least-privilege principle. This means that application developers (and all other database users) only have access to the necessary privileges. 
-   - **Enhanced Security**: Using the Developer Role improves database security by reducing the risk of granting unneeded privileges to application users, which ties into the least-privilege principle from above.
-   - **Simplified Management**: Granting the Developer Role simplifies the management of role grants and revokes for application users.
+1. To make this workshop as realistic as possible, let us introduce the business scenario you will use during this workshop - Oracle MovieStream.
 
-## Task 2: Generating a list of granted privileges and roles
+  ![Logo graphic of Oracle MovieStream](images/moviestream-logo.jpeg)
 
-1. From the Autonomous Database home page, **click** Database action and then **click** SQL.
-    ![click SQL](images/im1.png =50%x*)
+  Oracle MovieStream is a fictitious online movie streaming company. As Oracle MovieStream continues to grow, it faces new technological challenges around data storage, performance, and security. To meet these challenges, Oracle MovieStreams is leveraging the new features of Oracle Database 23ai.
+
+  The company has decided to adopt Oracle Database 23ai for its advanced features, including AI-driven search capabilities, JSON duality views, property graphs, SQL Firewall and more.
 
-2. To check all of the system privileges, object privileges, and roles granted by the Developer Role, run the following PL/SQL script:
+  Many of the scenarios in this workshop will be based on challenges companies are seeing in their own businesses, and we hope the following labs and accompanying workshops will give you some insight into how Oracle can help you solve these common everyday business and technical challenges.
+
+2. The Developer Role gives us a full set of system privileges, object privileges, predefined roles, PL/SQL package privileges, and tracing privileges required by application developers. It simplifies privilege management and helps keep the database as secure as possible for the development environment. As always, please review the privileges granted and compare with your organizations security protocol.
 
     ```
     <copy>
-    set serveroutput on format wrapped;
-    DECLARE
-        procedure printRolePrivileges(
-          p_role             in varchar2,
-          p_spaces_to_indent in number) IS
-          v_child_roles   DBMS_SQL.VARCHAR2_TABLE;
-          v_system_privs  DBMS_SQL.VARCHAR2_TABLE;
-          v_table_privs   DBMS_SQL.VARCHAR2_TABLE;
-          v_indent_spaces varchar2(2048);
-        BEGIN
-          -- Indentation for nested privileges via granted roles.
-          for space in 1..p_spaces_to_indent LOOP
-            v_indent_spaces := v_indent_spaces || ' ';
-          end LOOP;
-          -- Get the system privileges granted to p_role
-          select PRIVILEGE bulk collect into v_system_privs
-          from DBA_SYS_PRIVS
-          where GRANTEE = p_role
-          order by PRIVILEGE;
-
-          -- Print the system privileges granted to p_role
-          for privind in 1..v_system_privs.COUNT LOOP
-            DBMS_OUTPUT.PUT_LINE(
-              v_indent_spaces || 'System priv: ' || v_system_privs(privind));
-          END LOOP;
-
-          -- Get the object privileges granted to p_role
-          select PRIVILEGE || ' ' || OWNER || '.' || TABLE_NAME
-            bulk collect into v_table_privs
-          from DBA_TAB_PRIVS
-          where GRANTEE = p_role
-          order by TABLE_NAME asc;
-
-          -- Print the object privileges granted to p_role
-          for tabprivind in 1..v_table_privs.COUNT LOOP
-            DBMS_OUTPUT.PUT_LINE(
-              v_indent_spaces || 'Object priv: ' || v_table_privs(tabprivind));
-          END LOOP;
-
-          -- get all roles granted to p_role
-          select GRANTED_ROLE bulk collect into v_child_roles
-          from DBA_ROLE_PRIVS
-          where GRANTEE = p_role
-          order by GRANTED_ROLE asc;
-
-          -- Print all roles granted to p_role and handle child roles recursively.
-          for roleind in 1..v_child_roles.COUNT LOOP
-            -- Print child role
-            DBMS_OUTPUT.PUT_LINE(
-             v_indent_spaces || 'Role priv: ' || v_child_roles(roleind));
-
-            -- Print privileges for the child role recursively. Pass 2 additional
-            -- spaces to illustrate these privileges belong to a child role.
-            printRolePrivileges(v_child_roles(roleind), p_spaces_to_indent + 2);
-          END LOOP;
-
-          EXCEPTION
-            when OTHERS then
-              DBMS_OUTPUT.PUT_LINE('Got exception: ' || SQLERRM );
-
-        END printRolePrivileges;
-
-    BEGIN
-        printRolePrivileges('DB_DEVELOPER_ROLE', 0);
-    END;
-    /
+    SELECT ROLE FROM DBA_ROLES WHERE ROLE = 'DB_DEVELOPER_ROLE';
     </copy>
     ```
-    ![run the PL/SQL](images/im2.png =50%x*)
 
-3. Here we can go ahead and create our user for this workshop. We'll call our user `DB23AI` and grant the user the new developer role.
+3. Benefits of Developer Role:
+   - **Least-Privilege Principle**: Granting the Developer Role follows the least-privilege principle. This means that application developers (and all other database users) only have access to the necessary privileges. 
+   - **Enhanced Security**: Using the Developer Role improves database security by reducing the risk of granting unneeded privileges to application users, which ties into the least-privilege principle from above.
+   - **Simplified Management**: Granting the Developer Role simplifies the management of role grants and revokes for application users.
+
+## Task 2: Creating a user and assigning the new developer role
+
+1. Here we can go ahead and create our user for this workshop. We'll call our user `DB23AI` and grant the user the new developer role.
 
     ```
     <copy>
   -- USER SQL
   CREATE USER DB23AI IDENTIFIED BY Oracledb_4U#;
 
   -- ADD ROLES
-  GRANT CONNECT TO DB23AI;
+  --  GRANT CONNECT TO DB23AI;
   GRANT DB_DEVELOPER_ROLE TO DB23AI;
-  GRANT RESOURCE TO DB23AI;
+  --  GRANT RESOURCE TO DB23AI;
 
   -- REST ENABLE
   BEGIN
@@ -141,46 +84,59 @@ The objective of this lab is to familiarize you with the Developer Role in Oracl
     </copy>
     ```
 
-## Task 3: Performing grants and revokes
-
-1. Just like with other roles in the database, we can revoke and grant privileges. Since we granted the role above, we'll check the user and remove the role. Run the following as a script and take a look at the output 
+2. Just like with other roles in the database, we can revoke and grant them. The synxax for revoking looks like 
 
     ```
-    <copy>
-    SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE='DB23AI';
-    REVOKE DB_DEVELOPER_ROLE FROM DB23AI;
-    SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE='DB23AI';
-    </copy>
+    REVOKE <ROLE> FROM <USER>;
     ```
-    We can see that the user `DB23AI` we created above doesn't have the Developer Role anymore.
-    
-    ![grant roles](images/ocw-user.png =50%x*)
 
-2. Now we can re-grant the role to `DB23AI`. Again, run this as a script.
-   
+3. To check the privileges of the developer role, we can look at some of the views available to us. For example, we can list the system privileges granted to us by the developer role.
     ```
     <copy>
-    GRANT DB_DEVELOPER_ROLE TO DB23AI;
-    SELECT GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTEE='DB23AI';
+    SELECT privilege FROM role_sys_privs WHERE role='DB_DEVELOPER_ROLE';
     </copy>
     ```
-    ![grant our new user roles](images/ocw-dbrole.png =50%x*)
 
-3. Let's sign in as our new user. Click on the admin profile in the top right hand of Database Actions and sign out.
+
+## Task 3: Signing in and testing the role
+
+1. Let's sign in as our new user. Click on the admin profile in the top right hand of Database Actions and sign out.
 
   ![log out of our admin user](images/im12.png " ")
 
-4. Sign in with the username **DB23AI** and password **Oracledb_4U#**
+2. Sign in with the username **DB23AI** and password **Oracledb_4U#**
 
   ![sign in with db23ai](images/im11.png =50%x*)
 
-5. Click SQL to open the SQL editor.
+3. Click SQL to open the SQL editor.
 
   ![Open SQL with db23ai](images/im9.png " ")
 
+4. Oracle has introduced NEW functionality that eliminates the need for the `FROM DUAL' clause, making queries more intuitive and more compatible with other database offerings. You can still use from dual without any impact.
+
+  We can check our user has the developer role without having to specify FROM DUAL.
+
+    ```
+    <copy>
+    -- Syntax prior to 23ai
+    SELECT SYS_CONTEXT('SYS_SESSION_ROLES', 'DB_DEVELOPER_ROLE') FROM DUAL;
+
+    -- Syntax in 23ai
+    SELECT SYS_CONTEXT('SYS_SESSION_ROLES', 'DB_DEVELOPER_ROLE');  
+    </copy>
+    ```
+5. We can also validate role restriction and attempt to perform an action outside of the developer role permissions.
+
+    ```
+    <copy>
+    GRANT DBA TO DB_DEVELOPER_ROLE;
+    </copy>
+    ```
 
 3. In this lab, we explored the Developer Role in Oracle Database 23ai for application development. By granting the Developer Role, it can help simplify privilege management and improve your database security during the development process of applications.
 
+  As always, please review the privileges granted and compare with your organizations security protocol.
+
 You may now **proceed to the next lab** 
 
 

db-23ai-fundamentals/new-domains/new-domains.md

@@ -26,10 +26,11 @@ The objective of this lab is to provide comprehensive hands-on experience with D
    - Single Column Domain: Applies constraints to a single column.
    - Multi-Column Domain: Applies constraints to multiple columns.
    - Flexible Domain: Allows dynamic selection of Data Usecase Domains based on specific conditions.
+   - Enumeration Use Case Domain: ontains a set of names, and optionally, a value corresponding to a name.
 
 ## Task 2: Creating and Implementing Data Usecase Domains
 
-1. Single Column Domain Example: From the explanation above, let's see what each of the three types of Data Usecase Domains looks like. We'll start by creating a single column domain for storing product prices. We will enforce a constraint to ensure that prices are positive numbers.
+1. Single Column Domain Example: From the explanation above, let's see what three of the four types of Data Usecase Domains looks like (Enumeration Use Case Domain will be added to the workshop soon). We'll start by creating a single column domain for storing product prices. We will enforce a constraint to ensure that prices are positive numbers.
 
     ```
     <copy>