As a space database solution, ArcSDE is widely used. In this article, we will try to describe the working mechanism of SDE and briefly describe how to use SDE users in the space database.
How ArcSDE works
ArcSDE is a middleware technology that cannot store space data. Its role can be understood as "space expansion" of databases ". In
In the ArcSDE space database of Oracle, ArcSDE stores a series of Oracle Objects for managing spatial information. These objects are collectively referred to as data archives.
(Repository), including the spatial data dictionary and ArcSDE software package. ArcSDE requires the SDE user to manage the space archive, which is similar to
Sys users manage data dictionaries. Oracle data dictionaries are stored in the system tablespace. Correspondingly, when storing the ArcSDE space data archives, specific table spaces are also required.
. Generally, the table space management space data dictionary with the name SDE is used by default for convenience.
In the working mechanism of ArcSDE, the SDE user is responsible for the interaction between ArcSDE and Oracle. By maintaining the spatial data dictionary in SDE mode and
Run the package in its mode to ensure read/write consistency of the spatial database. When the ArcSDE service is started, the SDE user passes the Oracle verification and creates and maintains
Oracle session connection, the Connection Program is giomgr, that is, the ArcSDE server management process, which has been in existence and is responsible for listening to user connection requests, allocating the corresponding gsrvr Management
(See note 1) to maintain the spatial data dictionary.
Security of ArcSDE
The security mechanism of ArcSDE relies entirely on Oracle. Spatial database users (including SDE) need the Oracle user password to access spatial data. ArcSDE itself does not store any authentication information.
In Oracle, SDE requires the following minimum system permission settings:
Create procedure/create table/create sequence/create trigger/create session
It can be seen that SDE is also a common permission user in Oracle databases.
For Oracle, although SDE is a non-DBA user, SDE has a special role in the ArcSDE architecture.
Administrator. Only SDE can complete some specific work, such as starting/stopping the ArcSDE service, terminating some user connections, and compressing multi-version databases. SDE users are not really
Oracle DBA users, but during ArcSDE's work, the software performs some specific object permission operations. Therefore, SDE users should be equivalent to Oracle
DBA users must strictly protect their passwords, just like sys or system.
In ArcSDE, users can be divided into two categories at the permission management level:
1. space database administrator, only and only SDE
2. General users of spatial databases, including oracle users other than SDE who create and browse spatial data, are strongly recommended to follow these two principles:
- The SDE user is not used to load spatial data.
- The table space of the SDE data storage archive is not used to store space data.
Special object permissions of Sde users
As a general Oracle Database User, SDE users can create their own tables or stored procedures. As an ArcSDE space database administrator
ArcSDE automatically grants some object permissions to SDE. SDE users need these object permissions to ensure that ArcSDE
The integrity of Geodatabase. When a spatial database user creates a new Geodatabase object, ArcSDE grants the permissions of the newly created object to the SDE user.
For example, the ACTC user creates a Geodatabase element class named country. In this case, the database also generates a country (Table B, business
Table, that is, the feature table and the spatial index
Table ). At this time, the SDE user will automatically obtain the select permissions for tables country, f, and S. When you register country as a version
In ACTC mode, Table A (Additions table) and Table D (deletions
Table ). In this case, the SDE user obtains the select/insert/update/
Delete permission. When these object permissions are granted, the ACTC user does not obtain any notification information.
In ArcGIS
The object permissions of the SDE user are not reflected in the spatial database connection of desktop. If the SDE user is used to connect to the spatial database, only the preceding example can be observed.
Country table, and other support tables are filtered out. To view the object permissions granted to the SDE user, you can use
Obtain the user_tab_privs_recd view.
What specific work does the SDE user do?
In a spatial database, SDE, as the administrator, can perform operations that are not generally performed by users. The following is an example:
1. start/stop the ArcSDE Service
Only SDE can interact with Oracle to start or stop ArcSDE services. Operation:
Sdemon-o start/Shutdown (start/stop)
In this case, you need to submit the SDE user password.
2. terminate a space user connection
In a spatial database connection, you can use SDE to terminate a connection when the connection process is suspended or illegal. Operation:
First, obtain the connection information from the connection list.
Sdemon-O Info-I users
After obtaining the connection ID to be terminated, run the kill command.
Sdemon-o kill-T <connection ID>
<Connection ID> to complete this operation, you need to submit the SDE user password.
3. Compress multi-versioned Geodatabase)
In ArcSDE
In Geodatabase, as data editing continues, the records of table A and table D in the SDE spatial data file library will gradually increase, which will affect the spatial data
Therefore, database version compression is often required. After you confirm that the database does not have any locks, you can perform the compression operation:
Sdeversion-O compress-u SDE
To complete this operation, you must submit the SDE user password.
As the ArcSDE administrator, SDE also needs to complete other work. For example, when controlling the storage of data segments and index segments of spatial data, SDE users can use the sdedbtune command to improve database efficiency.
Note 1: This is a traditional ArcSDE application server connection (Application-server)
In this way, the ArcSDE server process (giomgr) assigns a process named gsrvr to fully take charge of the metadata communication between the client and the server.
Letter. ArcSDE
After version 8.1, a new connection method (direct connection) will appear. In this connection mode, the gsrvr process function is embedded into the client connection.
In applications, such as arccatalog or other ESRI software products. In this way, the gsrvr function is completed by connecting the client to the application.