RDS for Oracle limitations - Amazon Relational Database Service

RDS for Oracle limitations

Following are important limitations of using Amazon RDS for Oracle.

Note

This list is not exhaustive.

Oracle file size limits in Amazon RDS

The maximum file size on Amazon RDS Oracle DB instances is 16 TiB (tebibytes). If you try to resize a data file in a bigfile tablespace to a value over the limit, you receive an error such as the following.

ORA-01237: cannot extend datafile 6 ORA-01110: data file 6: '/rdsdbdata/db/mydir/datafile/myfile.dbf' ORA-27059: could not reduce file size Linux-x86_64 Error: 27: File too large Additional information: 2

Public synonyms for Oracle-supplied schemas

Don't create or modify public synonyms for Oracle-supplied schemas, including SYS, SYSTEM, and RDSADMIN. Such actions might result in invalidation of core database components and affect the availability of your DB instance.

You can create public synonyms referencing objects in your own schemas.

Schemas for unsupported features

In general, Amazon RDS doesn't prevent you from creating schemas for unsupported features. However, if you create schemas for Oracle features and components that require SYS privileges, you can damage the data dictionary and affect your instance availability. Use only supported features and schemas that are available in Adding options to Oracle DB instances.

Limitations for Oracle DBA privileges

In the database, a role is a collection of privileges that you can grant to or revoke from a user. An Oracle database uses roles to provide security.

The predefined role DBA normally allows all administrative privileges on an Oracle database. When you create a DB instance, your master user account gets DBA privileges (with some limitations). To deliver a managed experience, an RDS for Oracle database doesn't provide the following privileges for the DBA role:

  • ALTER DATABASE

  • ALTER SYSTEM

  • CREATE ANY DIRECTORY

  • DROP ANY DIRECTORY

  • GRANT ANY PRIVILEGE

  • GRANT ANY ROLE

Use the master user account for administrative tasks such as creating additional user accounts in the database. You can't use SYS, SYSTEM, and other Oracle-supplied administrative accounts.

Limitations of a single-tenant CDB

The following options aren't supported for the single-tenant architecture:

  • Oracle Data Guard

  • Oracle Enterprise Manager

  • Oracle Enterprise Manager Agent

  • Oracle Label Security

The following operations work in a single-tenant CDB, but no customer-visible mechanism can detect the current status of the operations:

Note

Auditing information isn't available from within the PDB.

Deprecation of TLS 1.0 and 1.1 Transport Layer Security

Transport Layer Security protocol versions 1.0 and 1.1 (TLS 1.0 and TLS 1.1) are deprecated. In accordance with security best practices, Oracle has deprecated the use of TLS 1.0 and TLS 1.1. To meet your security requirements, RDS for Oracle strongly recommends that you use TLS 1.2 instead.