What is Kubernetes and how to use it

Hello everyone,

  Today I would like to talk more about one tool that I am working since 2016 and it's now on top of our projects. So, here it comes Kubernetes.

Benefits of Kubernetes

Kubernetes is designed in a way that provides availability, scalability, security, and portability. Reliability is another main benefit of Kubernetes and can be used to prevent failure from impacting the availability or performance of the application. Moreover, Kubernetes enables the users to respond efficiently to customers demand by scaling or rolling out new innovative features. It is systematized in such a way that it offers freedom of choice when choosing operating systems, container runtimes, processor architectures, cloud platforms and PaaS. It also improves the cost of infrastructure by efficiently dividing the workload across available resources. This shows that while other technologies are doing a commendable job at handling the cluster aspect, Kubernetes is providing a better management system.

Pre-requisites

For beginners, before you delve into the what, why and how of Kubernetes, you need to have prior knowledge of what containers are and how do they work? What are Dockers and managed VMs and how do they work? Since the basic aim of this article is to explain Kubernetes in detail, the main terminologies will be briefly explained before we jump onto the Kubernetes and its components. If you’re interested to learn more about Dockers, Virtual Machines, containers then you can check out terrific articles here, here, and here. Now for the shorter basic versions:

What are containers?

A container is a standardized unit of software. It is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows-based apps, the containerized software will always run the same, regardless of the environment.
Source of definition taken from docker.com

What is Dockers?

Docker container is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable to any system running the Linux operating system (OS).
Now back to what is Kubernetes. Since you now know of some of the basic terminologies, let’s go back to the definition of the Kubernetes. It is basically a cluster management tool for Docker container. Kubernetes aids in scheduling and deploying a large number of containers replicas onto a node cluster. Since it’s an open source model, Kubernetes can run almost anywhere, and all the major players in public cloud providers offer easy ways to utilize this technology. Private clouds based on OpenStack or Mesos can also run on Kubernetes, and bare metal servers can be leveraged as worker nodes for it.

The Kubernetes Architecture


and



Image: Kubernetes architecture diagram (Image Source: Wikipedia)


As with most distributed computing platforms, a Kubernetes cluster consists of at least one master and multiple compute nodes.

Master component

The master node is the one that is responsible for the management of Kubernetes cluster. This is the main entry point of all administrative tasks. The master node, also known as the control plane, is the one that is managing the worker nodes, where the actual services are running.

A master node is made of following components:

• etcd storage

The etcd is a simple, lightweight, distributed key-value store that can be distributed across multiple nodes. The etcd storage was developed by the CoreOS team to be mainly used for shared configuration and service discovery.  Kubernetes uses etcd to store configuration data that can be used by each of the nodes in the cluster

• API Server

API Server is the main management point of the entire cluster, as it allows a user to configure many of Kubernetes’ workloads and organizational units. The API server is also the entry points for all the REST commands used to control the cluster. That means several different tools and libraries can easily communicate with it.

• Controller-manager

The controller manager service is a general service that is responsible for controllers that regulate the state of the cluster and perform routine tasks. The example of such a controller is the replication controller. As it ensures that the number of replicas defined for a service matches the number currently deployed on the cluster. The details of these operations are written to etcd, where the controller manager watches for changes to the API server.

• Scheduler

The scheduler component configures pods and services onto the nodes. Moreover, the scheduler is also responsible for tracking resource utilization on each host to make sure that workloads are not scheduled in excess of the available resources.

Nodes

Nodes are the servers that perform work in Kubernetes. It was previously known as minion. A node can be a virtual machine or a physical machine, depending on the cluster. Every single node has the services necessary to run pods and is managed by the master components. The services on a node include:

• kubelet

kubelet gets the configuration of a pod from the API server and ensures that the described containers are up and running. This is the worker service that’s responsible for communicating with the master node. It is responsible for relaying information to and from the control plane services, as well as interacting with the etcd store to read configuration details or write new values.

• Docker

Docker is responsible for downloading the images and starting the containers. It runs on the encapsulated application containers in a lightweight operating environment. Each unit of work is implemented as series containers that must be deployed.

• kube-proxy

Kube-proxy runs on each node to deal with individual host sub-netting and ensure that the services are available to external parties. It serves as a network proxy and a load balancer for a service on a single worker node and manages the network routing for TCP and UDP packets.

Kubernetes terminologies

Must know terminologies of Kubernetes are:

• Pods– Pods are a collection of one or more containers. It acts as a Kubernetes’ core unit of management. Pods set the logical boundary for containers sharing the same context and resources.

• Labels– Labels are arbitrary tags that can be placed on the above work units to mark them as a part of a group. These can then be selected for management purposes and action targeting.

• Services– Services is a unit that acts as a basic load balancer and ambassador for other containers. Service groups together logical collections of pods that perform the same function to give an impression of the single entity.

• Replication Controller– A more complex version of pod is known as a replicated pod. These are handled a type of work unit known as a replication controller. Replication controllers make sure that a specific number of pod replicas are running at any one time.

In November-2017, Please be ready for new chronicle K8S - Managing Snapshots through kubectl

I hope you liked this article and happy coding,
Thiago Leoncio

How to configure Oracle ORDS as a mod_plsql replacement in a Non-APEX environment

Hello friends,

This is a configuration of ORDS as a mod_plsql replacement for PL/SQL web toolkit based applications. Before that I've installed the database side, primarily as segregation of tasks that need to be performed by a DBA versus middle tier administrator.

Middle Tier Installation and Configuration

The middle tier part is the most important setup for ORDS. Here I would describe the configuration that I had done on ‘standalone’ (jetty server that comes with ords.war) mode but deploying the .war file on any of the middle tier server (Glassfish ,Weblogic, Tomcat, or IBM Websphere) should be straightforward.

Following few things that I had done on my local instance:

ORDS install on the standalone server with multiple database connection pools setup as optional
Setup a self-signed certificate (optional)
Configure ORDS plugins as a workaround for file uploads
Sample code to test
PL/SQL code to do GET
Secure cookie
Plugin test with demo-plugin.jar
Pre-Requisite:
The ORDS product installation uses java to perform the installation. Make sure that java development kit (JRE/JDK version 1.7 and above) is installed on the local machine from here this setup would be run.

ORDS install on Standalone Server

Mainly there are four simple steps to complete the configuration and make a simple test work. Two directory locations are essential. One is the location where the “ords.war” is the location which would be referred to as installation directory. The second one is the configuration directory where the configuration files are saved.

STEP 1:
Go to the location where the ords.war was downloaded [Here’s the link if needed to download the file]. My folder is under /u01/downthenet/orasw/thiagoleoncio, and my os/Unix username is Oracle.

Step1.1 – Unzip ords software:
Unzip the ords.3.0.9.348.07.16.zip file to this directory.

$ pwd
/u01/downthenet/orasw/thiagoleoncio
$ unzip ../ords.3.0.9.348.07.16.zip
Edit the parameters file to enter as many details as needed to avoid having to type at the command prompt for each value during the installation. My database schema where the application code is compiled is thiagoappuser01.

Run an ORDS command to establish a directory on your file system where ORDS will store all its configuration information. To keep it simple and not work around the permission of different directories, please create the conf/ords under “oracle” user’s home as follows:

Step1.2 – Configuration directory:
Create a configuration directory where the ORDS config files would be saved.

[oracle@tgui thiagoleoncio]$ mkdir –p /u01/app/ords
This directory should exist before running the configdir command, which is as follows:

[oracle@tgui thiagoleoncio]$ java –jar ords.war configdir /u01/app/ords

INFO: Set config.dir to /u01/app/ords/conf in: /u02/downthenet/orasw/thiagoleoncio/ords.war

[oracle@tgui thiagoleoncio]$
Step1.3 – Core Installation:
If specific tablespace, port number, etc. need to be changed/updated then open params/ords_params.properties file. Since the installation doesn’t require APEX product to be installed, we should open the parameters file and changed the db.username from APEX_PUBLIC_USER to thiagoappuser01 (or any application schema/user where the PL/SQL web application is installed).

$ [oracle@tgui thiagoleoncio]$ vi params/ords_params.properties
 db.hostname=localhost
 db.port=1521
 db.servicename=ORCL
 db.sid=
 db.username=thiagoappuser01
 migrate.apex.rest=false
 rest.services.apex.add=
 rest.services.ords.add=true
 schema.tablespace.default=SYSAUX
 schema.tablespace.temp=TEMP
 standalone.https.port=8443
 standalone.mode=true
 standalone.static.images=/u01/app/ords/static_images
 user.tablespace.default=USERS
 user.tablespace.temp=TEMP
/u01/downthenet/orasw/thiagoleoncio
$ [oracle@tgui thiagoleoncio]$


The next step is to run the install command. Since most of the basic information was updated in the properties file, the installation prompts are mainly to enter passwords. See below for the values that had been entered. Remember, password for all schemas is “oracle” (without the quotes)

[oracle@tgui thiagoleoncio]$ java –jar ords.war install
Enter the database password for ORDS_PUBLIC_USER:
 Confirm password:
 Please login with SYSDBA privileges to verify Oracle REST Data Services schema.
 Enter the username with SYSDBA privileges to verify the installation [SYS]:
 Enter the database password for SYS:
 Confirm password:
 Enter 1 if you want to use PL/SQL Gateway or 2 to skip this step.
 If using Oracle Application Express or migrating from mod_plsql then you must enter 1 [1]:1
 Enter the database password for thiagoappuser01:
 Confirm password:
 Enter 1 to specify passwords for Application Express RESTful Services database users (APEX_LISTENER, APEX_REST_PUBLIC_USER) or 2 to skip this step [1]:2

Jan 17, 2017 2:31:40 PM
 INFO: Updated configurations: defaults, apex, apex_pu
 Installing Oracle REST Data Services schema to version 3.0.9.348.07.16

... Log file is written to /u02/downthenet/orasw/thiagoleoncio/logs/ords_install_2018-01-13_143140_00752.log

Completed install for Oracle REST Data Services version 3.0.9.348.07.16.  Elapsed time: 00:00:21.188

Enter one if you wish to start in standalone mode or 2 to exit [1]:2

[oracle@vbgeneric thiagoleoncio]$
I’ve not started the “jetty” standalone server just yet. We would need to complete a couple more steps.

Step1.4 – Enable ORDS for the custom application schema:

Connect to the custom database schema/user using SQL. This is an important step to be done. I’m using the “sqlcl” tool. If you haven’t tried, then you should give it a try, its sqlplus on steroids. The tool can be downloaded here from OTN.

[oracle@tgui thiagoleoncio]$ sql thiagoappuser01@ORCL
 SQLcl: Release 4.2.0.16.153.2014 RC on Fri Jan 17 12:52:53 2017
 Copyright (c) 1982, 2017, Oracle.  All rights reserved.
 Password? (**********?) ******
 Connected to:
 Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
 With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL>exec ords.enable_schema;
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.
SQL>
Step1.5 – database connection pool:
Setup database (connection pool) for the custom PL/SQL application. If there are multiple applications or DADs defined in the same database, then you could set up multiple database connection pools.

Here, we will create one connection pool for “thiagoappuser01”.

[oracle@tgui thiagoleoncio]$ java -jar ords.war setup –database thiagoappuser01

Enter the name of the database server [localhost]: localhost
 Enter the database listen port [1521]: 1521
 Enter 1 to specify the database service name, or 2 to determine the database SID [1]: 1
 Enter the database service name [ORCL]: ORCL
 Enter one if you want to verify/install Oracle REST Data Services schema or 2 to skip this step [1]:2
 Enter one if you're going to use PL/SQL Gateway or 2 to skip this step.
 If using Oracle Application Express or migrating from mod_plsql then you must enter 1 [1]:1
 Enter the PL/SQL Gateway database username [thiagoappuser01]: thiagoappuser01
 Enter the database password for thiagoappuser01:
 Confirm password:
 Enter 1 to specify passwords for Application Express RESTful Services database users (APEX_LISTENER, APEX_REST_PUBLIC_USER) or 2 to skip this step [1]:2

Jan 17, 2018 3:08:59 PM

INFO: Updated configurations: thiagoappuser01

[oracle@tgui thiagoleoncio]$
In response to the scripted prompts, you give (or accept as defaults) the same machine name, listener port number, service name, etc. This time enter [2] when prompted to skip verifying/installing ORDS again. Then when prompted enter [1] to use the PL/SQL Gateway. Here is where you can enter the username (thiagoappuser01) as the gateway username, and also enter the password. Enter [2] to skip RESTful services again.

If you go to the config directory (/u01/app/ords/conf) you should see an XML file for this pool in the conf sub-directory, e.g.conf/thiagoappuser01.xml, and thiagoappuser01_pu.xml

Step1.6 – Multiple database pool connections (optional step):
When applications are running under different schemas (for different DAD), then we need to create multiple database pool connections. The simplest way is to repeat the previous step with the second database user (e.g., thiagoappuser01).

[oracle@tgui thiagoleoncio]$ java -jar ords.war setup –database appuser02
To get the ORDS_PUBLIC_USER for this database user, copy the previously created xml file (thiagoappuser01_pu.xml) and rename them to the new schema. i.e., appuser02_pu.xml. The username and password remain the same (ORDS_PUBLIC_USER and hashed value password).

I have three database pool connections in my configuration and works just fine. In essence, I have three dbpooluser .xml files and three dbpooluser_pu.xml files.

$ls -l /u01/app/ords/conf
-rw-r--r--. 1 oracle 344 Jan 17 08:57 appuser03_pu.xml
-rw-r--r--. 1 oracle 344 Jan 17 08:57 appuser03.xml
-rw-r--r--. 1 oracle 349 Jan 17 08:55 appuser02.xml
-rw-r--r--. 1 oracle 341 Jan 17 08:55 appuser02_pu.xml
-rw-r--r--. 1 oracle 344 Jan 17 08:50 thiagoappuser01_pu.xml
-rw-r--r--. 1 oracle 344 Jan 17 08:50 thiagoappuser01.xml
oracle-/u01/app/ords/conf
Step1.7 – Create URL mapping for custom application:
This is part two of the two-part setup for the equivalent of a modplsql DAD. Here’s what I did:

[oracle@tgui thiagoleoncio]$ java -jar ords.war map-url –type base-path /tmmapp1 thiagoappuser01
 Jan 17, 2017 3:17:16 PM
 INFO: Creating new mapping from: [uri-pattern,–type] to map to: [base-path,,]
 [oracle@tgui thiagoleoncio]$
What this does is create a URL mapping, which should now show up in the configuration directory in file /u01/app/ords/url-mapping.xml. The trailing string “thiagoappuser01” is the schema name of the database to which this path (/tmmapp1) is bound. There is another file (/u01/app/ords/default.xml) created with core parameter values.

Step1.8 – ORDS debugging parameter (to be used in non-production environment):
In the configuration directory, edit defaults.xml file to enable debugging. Change the following two lines from false to true:

<entry key="debug.debugger">true</entry>
<entry key="debug.printDebugToScreen">true</entry>
STEP 2

Install self-signed certificate (optional):
It's quite simple to create a self-signed certificate using the java keytool. Here’s the simple write-up from SSL Shopper. https://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
Copy the .jks and .key files under “standalone” directory. Since we’ll run ORDS in standalone mode, the jetty should be able to recognize the certificate.

$ ls -l /u01/app/ords/standlone
-rw-r--r--. 1 oracle 344 Jan 17 12:57 autoder.key
-rw-r--r--. 1 oracle 344 Jan 17 12:57 autokeystore.jks
-rw-r--r--. 1 oracle 349 Jan 17 12:58 standaline.properties
oracle-/u01/app/ords/conf
Now, we should be able to access the URL via https (8443) as they had been configured in the standalone server parameters.

STEP 3
There is a limitation with current ORDS 3.0.9 version in which there is no native support to upload files something similar in mod_plsql dad configuration value PlsqlDocumentProcedure. The only other option that I could find was to be able to use ORDS plugins to write your Java code. The documentation to load/test a simple ORDS plugin worked but it wasn’t simple initially. I had to experiment with a couple of settings to make this work.

A couple of important things to make sure for the plugin to work.

ORDS_PUBLIC_USER should be set up correctly with correct database pool .xml file in the configuration directory. (e.g., thiagoappuser01_pu.xml)
The underlying / core database schema user should be enabled to use ORDS. This step is mentioned in the documents, but I’ll explain how it works based on the value set in USER_ORDS_SCHEMAS (user view). Read Colm Divilly’s (part of ORDS product development team) blog about what precisely enabling schema means here.
Please check the Oracle documentation for ORDS plugin here especially from prepare environment. The sample that is given returns the schema/database username. I’m not going to repeat how to build the .jar file as the instructions are quite clear on the documentation.

Once the .jar is created (plugin-demo.jar), add that to the “ords.war” file then start the ORDS in standalone mode.

$ ls -l /u02/downthenet/orasw/thiagoleoncio
total 48328
drwxr-xr-x. 3 oracle 20 Dec 13 07:16 docs/
drwxr-xr-x. 6 oracle 81 Dec 13 07:21 examples/
drwxr-xr-x. 2 oracle 53 Feb 17 14:14 logs/
-rw-r--r--. 1 oracle 49442151 Feb 17 14:13 ords.war
drwxr-xr-x. 2 oracle 35 Feb 21 14:02 params/
-rw-r--r--. 1 oracle 43605 Dec 13 07:21 readme.html
oracle-/u02/downthenet/orasw/
$
$ java -jar /u02/downthenet/orasw/thiagoleoncio/ords.war standalone
The most difficulty I faced was to test this plugin from the browser. When I tried to test as mentioned in the document, was getting 404 error,

The request could not be mapped to any database. Check the request URL is correct, and that URL to database mappings have been correctly configured.

However, I was sure that I had enabled the schema for ORDS, and the value was set correctly in the user view by logging into thiagoappuser01 schema and ran the following query,

SQL> select parsing_schema, type, pattern, status from user_ords_schemas;

PARSING_SC TYPE       PATTERN   STATUS       
--------- ---------- ---------- ----------
thiagoappuser01  BASE_PATH  app01_plugin ENABLED
While experimenting with few setup options, what I did was to create a new URL mapping to define my URL pattern using the following command.

$ java -jar ords.war map-url --type uri-template /app01_plugin thiagoappuser01
What it does is, it creates a new/additional URL mapping to serve ORDS plugin with the pattern “appo1_plugin” but use thiagoappuser01 database pool connection. Now when I checked the the url-mapping.xml file (under ORDS configuration directory), I see two lines. One for base-path for the PL/SQL applications and one for the Java/ORDS plugin.

$vi /u01/app/ords/url-mapping.xml
<?xml version="1.0" encoding="UTF-8"?>
<pool-config xmlns="http://xmlns.oracle.com/apex/pool-config">
 <pool name="thiagoappuser01" base-path="/thiagoappuser01" updated="2017-01-18T16:17:27.523Z"/>
 <pool name="thiagoappuser01" uri-pattern="/app01_plugin" updated="2017-01-18T16:17:27.523Z"/>
 <pool name="appuser02" base-path="/appuser02" updated="2017-01-18T16:17:27.523Z"/>
 <pool name="appuser03" base-path="/appuser03" updated="2017-01-18T16:17:27.523Z"/>
</pool-config>
Once the setting is complete, need to stop and restart ORDS standalone server. Tested to see if the plugin would return the value using the following URL,

https://localhost:8443/ords/app01_plugin/demos/plugin?who=Test-Plugin

STEP 4:

The final step would be to create a simple PL/SQL code to test if the setup works for non-APEX PL/SQL application.

Login to thiagoappuser01 database schema and compile a sample “ords_test” package.

       


CREATE OR REPLACE PACKAGE ORDS_TEST
IS
  PROCEDURE flexible_param1 
  (
    name_array in owa_util.vc_arr,
    value_array in owa_util.vc_arr
  );   
  PROCEDURE fixed_param1
  (
    pName in varchar2,
    pId   in number default 0
  );
  PROCEDURE get_cookie;
  PROCEDURE set_cookie;
END ORDS_TEST1;
/
show error

CREATE OR REPLACE PACKAGE BODY ORDS_TEST
IS
  PROCEDURE flexible_param1
  (
    name_array in owa_util.vc_arr,
    value_array in owa_util.vc_arr
  )
  IS
  BEGIN
      for vCnt in 1..name_array.count loop
        htp.p('name - '|| name_array(vCnt) ||'  value - '||value_array(vCnt)||'
');
      end loop;
  END flexible_param1;
   
  PROCEDURE fixed_param1
  (
    pName in varchar2,
    pId in number default 0
  )
  IS
  BEGIN
    htp.p('name: '||pName||' id: '||to_char(pId));
  END fixed_param1;

  PROCEDURE set_cookie
  IS
    vSessionId VARCHAR2(4000) := substr(replace(replace(utl_raw.cast_to_varchar2(utl_encode.base64_encode( dbms_crypto.randombytes(120))),CHR(13),NULL),CHR(10),NULL),1,150 );
  BEGIN
    owa_util.mime_header( 'text/html', FALSE );
    -- Added Secure and HttpOnly to only allow cookie over HTTPS and to prevent Javascript retrieval of Session Cookie
    htp.print('Set-CookieSSION_ID='||vSessionId||'; path=/; HttpOnly; Secure'||CHR(10));
    owa_util.http_header_close; 
  END set_cookie;
 
  PROCEDURE get_cookie 
  IS
    vCookie owa_cookie.cookie;
  BEGIN
    vCookie := owa_cookie.get('SESSION_ID    IF vCookie.num_vals > 0 then
      htp.prn('SESSION_ID|| vCookie.vals(1));
    ELSE
      htp.prn('SESSION_IDot Set');
    END IF;
  END get_cookie;    
END ORDS_TEST;
/
show error






       
 

After the above sample package/snippet is compiled successfully, try the following URL to test based on the setup and configuration we had done so far.

To test the adjustable parameter, try the following URL:
https://locahost:8443/ords/thiagoappuser01/!ords_test.flexible_param1?pName=TMM&pNum=1234

Note the ‘ ! ‘ for testing the flexible parameter procedure

2. To test fixed parameter, try the following URL:

https://locahost:8443/ords/thiagoappuser01/ords_test.fixed_param1?pName=TMMfixed&pId=1234

3. To test secure cookies work, try the following 2 URLS. First set the cookie value and then get the value,

https://locahost:8443/ords/thiagoappuser01/ords_test.set_cookie
https://locahost:8443/ords/thiagoappuser01/ords_test.set_cookie

Happy coding! Hope this helps someone who is looking to use ORDS as a replacement for mod_plsql in a non-APEX environment.

OIM tables in OIM 11gR2 PS3

Below are details of tables in OIM 11gR2 PS3

Table Name	Description
AAD	List To Define The Administrators For Each Organization And Their Delegated Admin Privileges.
AAP	Table for storing Resource – Organization level parameter Values.
ACP	Acp – Link Table That Holds Reference To Act And Pkg Tables,
ACT	Defines information about all organizations created in OIM through Xellerate.
ADF_LOOKUP_TYPES	View to search in look up tables for the appropriate look up type.
ADF_LOOKUPS	View to search in look up tables.
ADL	Contains the all of the necessary parameters for an adapter task of type IF, ELSE IF, FOR, WHILE, SET, and VARIABLE tasks. These type of tasks are known as LOGIC TASKS.
ADM	Data mapping between parameters input/output parameters and source/sink.
ADMIN_ROLE	OOTB Admin Roles.
ADMIN_ROLE_CAPABILITY	It stores the mapping between the Admin_Role to Capability tables
ADMIN_ROLE_MEMBERSHIP	Admin-role to user membership in an organization scope.
ADMIN_ROLE_MEMBERSHIP_VW	View to give additional organization specific details (like parent org-id) for published admin role membership.
ADMIN_ROLE_RULE_SCOPES	Stores the scope ids over which dynamic admin role membership will be granted when the rule for an admin role will get evaluated.  It also stores with/without hierarchy flag for each scope.
ADP	Defines an adapter created through the Adapter Factory.
ADS	Database, schema and procedure name selections which define a stored procedure adapter task.
ADT	Defines a task attached to an adapter.
ADU	Contains the web service and method chosen for a task of the Adapter Factory.
ADV	Adapter variable table contains variables that have been created for specific adapters.
APA	To store Attestation process administrators.
APD	To store Attestation process definition.
APP_INST_PUBLICATION_VW	View to give additional App-instance specific details (like app-instance name etc) for published App-Instance.
APP_INSTANCE	Application Instance definition information.
APT	To store the Attestation tasks.
ARCH_REQUEST	Archival table for storing archived data from REQUEST table during Request Archival/Purge.
ARCH_REQUEST_APPROVALS	Archival table for storing archived data from REQUEST_APPROVALS table during Request Archival/Purge.
ARCH_REQUEST_BE	Archival table for storing archived data from REQUEST_BE table during Request Archival/Purge.
ARCH_REQUEST_BED	Archival table for storing archived data from REQUEST_BED table during Request Archival/Purge.
ARCH_REQUEST_BENEFICIARY	Archival table for storing archived data from REQUEST_BENEFICIARY table during Request Archival/Purge.
ARCH_REQUEST_COMMENTS	Archival table for storing archived data from REQUEST_COMMENTS table during Request Archival/Purge.
ARCH_REQUEST_ENTITIES	Archival table for storing archived data from REQUEST_ENTITIES table during Request Archival/Purge.
ARCH_REQUEST_ENTITY_DATA	Archival table for storing archived data from REQUEST_ENTITY_DATA table during Request Archival/Purge.
ARCH_REQUEST_HISTORY	Archival table for storing archived data from REQUEST_HISTORY table during Request Archival/Purge.
ARCH_REQUEST_TA	Archival table for storing archived data from REQUEST_TA table during Request Archival/Purge.
ARCH_ROLESOD_CONFLICTS	Archival table for storing archived data from ROLESOD_CONFLICTS table during Request Archival/Purge.
ARCH_WF_INSTANCE	Archival table for storing archived data from WF_INSTANCE table during Request Archival/Purge.
ARM_AUD
ARS	Contains custom response codes for ‘Process Task’ Adapters only.
ATD	To store Entitlement details for each Attestation task .
ATP	Defines input and output parameters for the constructor and method of an adapter task of type JAVA, UTILITY, TAME, REMOTE, and XLAPI.
ATR	To store Attestation requests.
ATS	Stores which services or can be ordered by which organizations and which rates apply.
AUD	Define the Auditors.
AUD_JMS	Transactional table storing intermediate audit information.
AUDIT_EVENT	Stores Audit Events.
AUDIT_EVENT_ENT_TYPE_ACTN	Stores metadata for entity type and its corresponding audit action.
AUDIT_EVENT_GROUP	Stores metadata for Audit Event Groups.
AUDIT_EVENT_GRP_ENT_TYPE_ACTN	Stores the relationship between Audit Event Groups and Entity Type Audit actions.
BULKLOAD_BATCH	Bulkload Post Processing.
BULKLOAD_USR	Bulkload Post Processing.
CALLBACK_DESTINATIONS	Stores the list of failed callback destinations to retry .
CALLBACK_INVOCATION_RESULT	Table to store results of callbacks invoked by OIM. Used to aggregate status for both synchronous and asyncrhronous invocation.
CALLBACK_PAYLOAD	Stores the Callback notification data to be re-sent.
CAPABILITY	It stores the capabilities for every action governed by the authorization policies
CATALOG	Unified collection of catalog items.It will store the items of all the entities that will like to make themselves as Catalogable. At present we have Role, Entitlement and Application Instance as the catalogable entities.
CATALOG_HIERARCHICAL_ATTR	Stores hierarchical attributes or technical glossary for catalog items.
CATALOG_METADATA_DEFINITION	Collection of additional metadata defined on Catalog items.
CERT_ACTION_HISTORY	Event details for certification action history.
CERT_ACTION_HISTORY_SCOPE	Link table defining scope for certification action history events.
CERT_CERTS	Certification Instances table.
CERT_CONFIG	Certification configuration table.
CERT_DEFN	Certification definition table.
CERT_EVT_LSNR	Certification event listener definition table.
CERT_EVT_TRIG	List of users requiring certification due to triggering of event
CERT_LAST_DECISION	Last certification decision for an item.
CERT_TASK_ACTION	Decision table for certification items in a SOA task.
CERT_TASK_INFO	Link for a certification instance to a SOA task.
CERTD_ACCT_ENT_ASGN	Link table for certification and accounts entitlements .
CERTD_APP_INST	Decision table for application instances.
CERTD_ENT_DEFN	Decision table for entitlement definitions.
CERTD_POL_ENT_DEFN	Decision table for entitlement definitions in policies.
CERTD_ROLE	Decision table for roles.
CERTD_ROLE_POLICY	Decision table for Role Policies associations.
CERTD_STATS	Stores completion statistics for certifications.
CERTD_USER	Decision table for users.
CERTD_USER_ACCT	Decision table for user accounts.
CERTDS_ENT_ASGN	Decision and snapshot table for entitlement assignments in
CERTDS_USER_ROLE_ASGN	Decision and snapshot table for role memberships.
CERTS_ACCOUNT	Snapshot table for user accounts.
CERTS_ACCT_ENT_ASGN	Snapshot table for entitlement assignments.
CERTS_APP_INST	Snapshot table for application instances.
CERTS_CATALOG_UDF	Snapshot table for catalog UDF data.
CERTS_ENT_DEFN	Snapshot table for entitlement definitions.
CERTS_POL_ENT_DEFN	Snapshot table for entitlement definitions in policies.
CERTS_POLICY	Snapshot table for policies.
CERTS_ROLE	Snapshot table for roles.
CERTS_USER	Snapshot table for users.
CERTS_USR_UDF	Snapshot table for user UDF data.
CIH	Holds connector specific installation history information. It also stores Connector Name, Connector Version, Connector XML, etc.
COUN_LOG_TAB	Used by the Connector Uninstall utility for storing temporary data.
CPA_CATALOG	Audit table for catalog item.
CPA_CATALOG_FIELDS	Audit table for catalog item, this will contains attribute changes.
DAV	Stores the runtime data mappings for ‘Entity’ & ‘Rule Generator’ adapters. The data source being an Xellerate form or child table, or a user defined process form.
DEP	Dependencies Among Tasks Within A Workflow Process.
DOB	Data Resource definition consisting of the fully qualified class name of the data object.
DVT	Defines the one to many relationship between Data Resources and Event Handlers (this includes adapters).
DYN_EVAL_CHANGELOG	Contains the changelog data for dynamic evaluation since last job run.
EIF	Export Import Files. Each row contains one single file used in export/import operation. For export there is only one file.
EIH	Export Import History. Each row represents one Data Deployment Management session.
EIL	DB Based lock for export operation. Used to make sure only one user can import at a time. This is currently not managed through dataobjects.
EIO	Export Import Objects. Each row represents one object exported/imported.
EIS	Substitutions used during import process.
EMD	Core — Email Definition Information Table That Holds The Email Template Definitions.
ENT_ASSIGN	Stores Entitlement Assignments.
ENT_ASSIGN_DELTA	Intermediate table to store changes to Entitlement Assignments.
ENT_ASSIGN_HIST	Stores Historical Entitlement Assignment information.
ENT_LIST	Provisioning level Entitlement catalog.
ENTITLEMENT_PUBLICATION_VW	View to give additional Entitlements specific details (like entitlement name etc) for published Entitlements.
ENTITY_PUBLICATION	Entity publication to organization.
ESD	Encrypted columns not within the bounds of the SDK.
EVT	Defines event handlers by providing a the process and class name. In addition the scheduling time of when the event handler can execute is set to  pre (insert, update, delete)  or post (insert, update, delete).
FAILED_CALLBACKS	Stores association information between callback destinations.
FAILED_TASKS	Stores information related to failed JMS messages.
FUG	List to define the administrators for each user defined object in the ‘Structure Utility’ form or for each user defined field in the ‘User Defined Field Definition’ form.
GCD	GCD (Generic Connector Definition) is used by GTC for storing the information about the connectors that are created using GTC.
GPA	Stores Group Profile audit snapshots and deltas.
GPG	List to define the (nested)group members of User Group in the ‘User Group’ form.
IDA_POLICY_VIOLATION	Instances of a Policy Violation.
IDA_POLICY_VIOLATION_CAUSE	Instances of a Policy Violation Cause.
IDA_REMEDIATOR	Instances of a Policy Violation
IDA_SCAN_DEFN	Table for storing IDA SCAN definitions.
IDA_SCAN_RUN	Instances of running a scan definition.
IDA_SCAN_RUN_POLICIES	Table for storing relationship
IDA_SCAN_RUN_POLICY_VIOLATION	Table for storing relationship information between IDA_SCAN_RUN and IDA_POLICY_VIOLATION.
IDA_SCAN_RUN_USER	Table for storing relationship
IDA_TASK_POLICY_VIOLATION	Table for storing external relationship information between SOA TSK and POLICY VIOLATION.
JOB_HISTORY	Historical Data for each Job Run.
LATEST_PLUGINS	Stores latest version information for plugins.
LKU	Lookup definition entries.
LKV	Lookup values.
LOCALTEMPLATE	Table for Locale specific details for Notification Templates.
MAP	XML MAP SCHEMA INFORMATION.
MAV	Stores the runtime data mappings for ‘Process Task’ adapters. The data source being a process form, Location, User, Organization, Process, IT Resource, or Literal data.
MEV	E-mail notification events.
MIL	Holds information about tasks of a process.
MLS_LOCALE	List of languages used for MLS [Multi Lingual Support] (for role) and MR [Multi Representation] (for user) representation of display names.
MLS_UGP	Stores entries of MLS display names of roles.
MLS_USR	Stores entries of MR display names of users.
MSG	Defines the user groups that have permission to set the status of a process task.
MST	Task Status And Object Status Information. Holds All The Task Status To Object Status Mappings.
MV_USER_COLS	This table stores the data from USER_TAB_COLUMNS to reduce the data dict. recursive calls for improved performance.
NOTIFICATIONLOG	Logging specific to Notifications.
NOTIFICATIONTEMPLATE	Table for Notification Templates.
OBA	OBJECT AUTHORIZER INFORMATION.
OBD	OBJECT DEPENDENCIES.
OBI	OBJECT INSTANCE INFORMATION.
OBJ	Resource Object definition information.
ODF	HOLDS OBJECT TO PROCESS FORM DATA FLOW MAPPINGS.
ODV	OBJECT EVENTS/ADAPTERS INFORMATION.
OFFLINE_USER_ATTRIBUTES
OIM_DATAPRG_FAILED_KEYS	Logging table to store the entity keys for each module/entity which were failed during scheduled purge run.
OIM_DATAPRG_TASKS_LOGDTLS	Logging table to store the details of the OIM Scheduled Task controlled purge runs for the module/entity feature level details.
OIM_DATAPURGE_TASK_LOG	Logging table to store the details of the OIM Scheduled Task controlled purge runs,for the deletion of Entity data.
OIM_RECON_CHANGES_BY_RES_MV	Materialized View used in the BI Report-
OIM_TMP_MLS_TABLE	Oracle Global Temporary Table for intermediate processing of User entries of MLS data.
OIM_TMP_RECON_MLS_TABLE	Oracle Global Temporary Table used in  intermediate processing of CHANGELOG event entries of MLS data for Recon Horizontal Tables.
OIM_TMP_TASK_ARCH_TAB	Temporary table used by Provisioning Task Archival utility to stage data during the run.
OIMHOME_JARS	Stores the jars that are uploaded using upload or update jar utility. These jars are primarily used by adapters.
OIO	OBJECT INSTANCE REQUEST TARGET ORGANIZATION INFORMATION.
OIU	OBJECT INSTANCE REQUEST TARGET USER INFORMATION.
OOD	OBJECT INSTANCE REQUEST TARGET ORGANIZATION DEPENDENCY INFORMATION.
OPS
ORC	This Entity Holds The Detail On Each Order. This Could Be Considered The Items Section Of An Invoice.
ORCH_BENEFICIARIES_TMP	Available only in an an envoronment upgraded to R2PS3 (not OOTB)
ORCHEVENTS_TMP	Available only in an an envoronment upgraded to R2PS3 (not OOTB)
ORCHFAILEDEVENTS_TMP	Available only in an an envoronment upgraded to R2PS3 (not OOTB)
ORCHPROCESS	Stores the process instances that are being executed.
ORD	Holds information that is necessary to complete an order regardless of a process being ordered.
ORF	Resource Reconciliation Fields.
ORF	Resource Reconciliation Fields.
ORG_HIERARCHY	Holds information about the complete organization Hierarchy.
ORG_USER_MEMBERSHIPS	Stores the User-Org membership details.
ORR	OBJECT RECONCILIATION ACTION RULES.
ORR	OBJECT RECONCILIATION ACTION RULES.
OSH	Task Instance Assignment History.
OSI	Holds information about tasks that are created for an order.
OST	OBJECT STATUS INFORMATION.
OTI	Holds specific information such as status or scheduled dates about an instance of a task which are in Pending(Provisioning/Approval tasks ) and Rejected (Provisioning tasks) status buckets.
OUD	Object Instance Request Target User Dependency Information.
OUG	List to define the administrators for each Resource Resource.
PCQ	Holds the challenging questions and answers for a user.
PDF	PACKAGE DATA FLOW TABLE HOLDS THE DATA FLOW RELATIONSHIPS BETWEEN PACKAGES.
PKD	PACKAGE DEPENDENCY TABLE HOLDS THE DEPENDENCY RELATIONSHIPS BETWEEN CHILD PACKAGES OF A PARENT PACKAGE.
PKG	Consists of names and system keys of service processs, which consist of a group of services from the TOS table.
PKH	Package Hierarchy Table Holds The Parent-child Relationships Between Processes.
PLUGIN_METADATA	Stores Metadata associated with  plugins.
PLUGIN_ZIP	Stores plugin in zips as serialized blobs.
PLUGINS	Stores plugins that are uploaded using register plugin utility.
POC	Stores values for the child tables of the Object/Process form of a resource being provisioned by an access policy.
POF	POLICY FIELD TABLE HOLDS THE FIELD VALUE PAIRS THAT CONSTITUTE THE DEFINITION OF A POLICY.
POG	Join table between Policy and User Groups, Specifies the groups to whom an access policy will apply.
POL	Policy Table Holds A Policy, Defines An Access Policy In The System.
POLICY	The table holds the definitions for the policy engine policies.
POLICY_RULE_ASSIGNMENT	The table holds the relations between policies and rules.
POLICY_TYPE	The table holds the definitions for the policy engine policy types.
POP	Policy Package Join Table Holds The Packages That A Particular Policy Orders For User,
PRF	Process Reconciliation Field Mappings.
PRF	Process Reconciliation Field Mappings.
PTY	Client Properties Table.
PUG	List To Define The Administrators And Their Delegated Admin Rights  For Each Process.
PWH	These 2 tables are not IDAMDIN specific( PWR/PWH) . Same tables are used for password policy info when they are linked to the resource objects.
PWR	These 2 tables are not IDAMDIN specific( PWR/PWH) . Same tables are used for password policy info when they are linked to the resource objects.
PXD	Table that holds the list of all Proxies Defined.
QRTZ92_BLOB_TRIGGERS	Quartz table to store Blob Triggers.
QRTZ92_CALENDARS	Quartz table to store Calendars.
QRTZ92_CRON_TRIGGERS	Quartz table to store Cron Triggers.
QRTZ92_FIRED_TRIGGERS	Quartz table to store Fired Triggers.
QRTZ92_JOB_DETAILS	Quartz table to store Job Details.
QRTZ92_JOB_LISTENERS	Quartz table to store Job Listeners.
QRTZ92_LOCKS	Quartz table to store Locks.
QRTZ92_PAUSED_TRIGGER_GRPS	Quartz table to store Paused Trigger Groups.
QRTZ92_SCHEDULER_STATE	Quartz table to store Scheduler State.
QRTZ92_SIMPLE_TRIGGERS	Quartz table to store Simple Triggers.
QRTZ92_TRIGGER_LISTENERS	Quartz table to store Triggers Listeners.
QRTZ92_TRIGGERS	Quartz table to store Triggers.
QUE	ADMINISTRATIVE QUEUES DEFINITION
QUG	ADMINISTRATIVE GROUP MEMBERS.
QUM	ADMINISTRATIVE QUEUE MEMBERS.
RA_LDAPROLE	To store ldap role reconciliation data.
RA_LDAPROLEHIERARCHY	To store ldap hierarchy reconciliation data .
RA_LDAPROLEMEMBERSHIP	To store ldap role membership reconciliation data.
RA_LDAPUSER	To store ldap user reconciliation data.
RA_MLS_LDAPROLE	To store MLS ldap role reconciliation data.
RA_MLS_LDAPUSER	To store MLS ldap user reconciliation data.
RA_XELLERATE_ORG	Recon Staging table for resource object Xellerate Organization.
RAO	Resource audit objectives information.
RAV	Stores the runtime data mappings for ‘Pre-populater’ adapters. The data source being an Xellerate form or child table, or a user defined form.
RECON_ACCOUNT_MATCH	Reconciliation Event Processes Matched.
RECON_ACCOUNT_OLDSTATE	Intemediate Table for storing account specific audit data.
RECON_BATCHES	Reconciliation Batches.
RECON_CHILD_MATCH	Reconciliation Event Processes Child Table Matches.
RECON_EVENT_ASSIGNMENT	Reconciliation Event Assignments.
RECON_EVENTS	Reconciliation Events.
RECON_EXCEPTIONS	Exceptions found in Target data during Reconciliation.
RECON_HISTORY	Reconciliation Event Action History.
RECON_JOBS	Reconciliation Jobs.
RECON_ORG_MATCH	Reconciliation Event Organizations Matched.
RECON_ROLE_HIERARCHY_MATCH	Reconciliation Event Role Hierarchy Matched.
RECON_ROLE_MATCH	Reconciliation Event Role Matched.
RECON_ROLE_MEMBER_MATCH	Reconciliation Event Role Member Matched.
RECON_TABLES	Reconciliation Table Names.
RECON_UGP_OLDSTATE	Intemediate Table for storing role specific audit data.
RECON_USER_MATCH	Reconciliation Event Users Matched.
RECON_USER_OLDSTATE	Intemediate Table for storing User specific audit data.
REQ	THIS TABLE HOLDS REQUEST INFORMATION.
REQUEST	To Store Request summary information.
REQUEST_APPROVAL_POLICIES	Stores approval policy details like policy name, associated approval process, rules etc . Each approval policy is uniquely identified by APPROVAL_POLICY_KEY value, and is generated by sequence object APPROVAL_POLICY_SEQ.
REQUEST_APPROVALS	To store Request Approval instances in a request and their status.
REQUEST_BENEFICIARY	Stores the ids of benificiaries for agiven request
REQUEST_BENEFICIARY_ENTITIES	Stores the entities that are part of a beneficiary in a Request.
REQUEST_BENEFICIARY_ENTITYDATA	Stores the entity data for the entities pertaining to a Beneficiary.
REQUEST_COMMENTS	This table is deprecated and is no longer used.
REQUEST_ENTITIES	Stores the entities that are requested in a Request.
REQUEST_ENTITY_ATTR_VALUES	This table stores values of multi-valued Request entity attributes. Binary values are stored in column REAV_VALUE_BLOB.
REQUEST_ENTITY_DATA	Stores the entity data for the entities that are requested.
REQUEST_HISTORY	To store Request History information.
REQUEST_PROFILE_ENTITIES	To store entities associated with a Request Profile.
REQUEST_PROFILE_ENTITY_DATA	To Store data associated with Request Profile entities.
REQUEST_PROFILES	To store Request Profile summary information.
REQUEST_STAGES	To store possible stages in a Request.
REQUEST_TEMPLATE	This table is deprecated and is no longer used.
REQUEST_TEMPLATE_ATTRIBUTES	Stores additional attributes associated with Request.
RES	This table is used to stored adapter resources entered by the user.
RESOURCES	Stores custom resource bundle information that are uploaded using upload or update resource bundle utilities.
RETURN_VALUES	The child table holds return value definitions for the policy engine rules.
RGM	Table for Response Code Generated Milestones.
RGP	Rules To Apply To A User Group,
RGS	Defines all known registries. These are used by Web Service tasks in an Adapter to communicate with a web service.
RIO	Request Organizations Resolved Object Instances.
RLO	This table contains directory URLs which are referenced by Adapter Factory jar/class files.
RML	Rules To Apply To Task, Defines The Task Assignment Rules Attached To A Process Task.
ROLE_CATEGORY	The table is used to store role categories. A category is similar to a folder that can be used to organize roles displayed in the console. Role categories simplify the administrators browse experience,
ROLE_PUBLICATION_VW	View to give additional Role specific details (like role-name etc) for published Role.
ROLESOD_CONFLICTS	To store Role SOD Conflicts.
ROP	Rules To Apply To An Object-process Pair, Defines The Process Determination Rules Attached To A Resource Object.
RPW	Rules To Apply To A Password Policy, Defines The Policy Determination Rules Attached To A Password Policy.
RPW	Rules To Apply To A Password Policy, Defines The Policy Determination Rules Attached To A Password Policy.
RQA	REQUEST TARGET ORGANIZATION INFORMATION.
RQC	REQUEST COMMMENT INFORMATION.
RQD	Contains self-registration request data for web admin.
RQE	REQUEST ADMINISTRATIVE QUEUES.
RQH	REQUEST STATUS HISTORY.
RQO	REQUEST OBJECT INFORMATION.
RQU	REQUEST OBJECT TARGET USER INFORMATION.
RQY	Request Organizations Requiring Resolution.
RQZ	Request Users Requiring Resolution.
RSC	Defines The All The Possible Response Code For A Process Task.
RUE	Defines The Elements In A Rule Definition.
RUG	List to define the administrators for each Request.
RUL	RULE DEFINITIONS.
RULE	The table holds the definitions for the policy engine rules.
RVM	Holds Recovery Milestones.
SCH	Holds specific information about an instance of a ask such as its status or scheduled dates.
SDC	Column metadata.
SDH	Meta-Table Hierarchy.
SDK	User define data object meta data definition.
SDL	SDK VERSION LABELS.
SDP	User defined column properties.
SEL	Data Object Permissions For Groups On A Specified Dataobject.
SIL_ASYNCH_INFO	Table contains Entry for each Asynchronous SODCheck.
SIL_PARAMETERS	IT Resource Instance names for each SIL System.
SIL_SCO_STY_JOIN	Service component implementation for every System Type.
SIL_SERVICE_COMP	Lists the various Service Components for completing and SoDCheck.
SIL_SYSTEM	Stores the SIL systems supported and required connection parameters.
SIL_SYSTEM_TYPE	Stores all the entries of SIL Systems.
SIL_TYPE_CATEGORY	Categories of SIL Types available.
SIL_TYPES	Types of all SIL category available.
SPD	IT Resource parameter definition
SRE	Defines Which Pre-populate Rule Generator Will Run For A Field Of User Defined Data Object.
SRS	IT Resource – IT Resource join.
STA	Status Codes
SVD	IT Resource type definition.
SVP	IT Resource property definition.
SVR	It Resource Instance Definition.
TOS	Holds information about a process.
TSA	STORES INITIALIZATION PARAMS (NAME/VALUE PAIRS) FOR SCHEDULER TASKS.
TSH	Recording History of Task Execution in Scheduler.
TSK	SCHEDULER TASK DEFINITION INFORMATION.
UGP	Defines a group of users.
UHD	User Policy Profile History  Details table.
UNM	“”UnDo Milestone”” Feature.
UPA	Stores User Profile audit snapshots and deltas.
UPA_FIELDS	Stores changes only for user profile audit history in denomalized format.
UPA_GRP_MEMBERSHIP	Stores groups membership history in denomalized format.
UPA_RESOURCE	Stores user profile resource history in denomalized format.
UPA_UD_FORMFIELDS	This table would hold the history of changes to the process form data.
UPA_UD_FORMS	This table would hold the summary of changes to the process form data.
UPA_USR	Stores user profile history in denomalized format.
UPD	User Policy Profile Details table.
UPGRADE_FEATURE_LIST
UPGRADE_FEATURE_STATE
UPGRADE_MDS_MERGE	Table to store upgrade LCM data for Authorization.
UPH	User Policy Profile History table.
UPP	User Policy Profile table.
USER_ARM_ROLES_VW
USER_PROVISIONING_ATTRS	Transactional table that stores Access Policy related provisioning information for Users.
USG	This table stores which users are in which groups.
USR	Stores all information regarding a user.
USR_ATTRIBUTE_RESERVATIONS	To store User Attributes with their reserved values.
USR_CONFIG_HISTORY	This table stores the audit data for all the modifications done to User.xml are audited here.
UWP	Window sequence, nesting in CarrierBase explorer for each user group.
UWP	Window sequence, nesting in CarrierBase explorer for each user group.
WF_DEFINITION	To Store SOA composite registration information.
WF_INSTANCE	To store the SOA composite instances.
WIN	Windows table: Windows keys, descriptions, and class names.
WS_SODCHECK	Stores details of Webservice messages sent for SoD Check like Message ID, Callback URL, Request ID from BPEL workflow.
XSD	This table holds Xellerate System Data.

Happy Coding,

Thiago