> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prequel.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Oracle

> Configuring your Oracle destination.

## Prerequisites

* If your Oracle database is protected by security groups or other firewall settings, you will need to have our static IP available to complete Step 1.

<Steps>
  <Step title="Allow access">
    Create a rule in a security group or firewall settings to whitelist:

    * incoming connections to your host and port (usually `1521`) from the static IP.
    * outgoing connections from ports `1024` to `65535` to the static IP.

    <Note>
      **Optional: SSH tunneling**

      If your database is not accessible from the public internet, SSH tunneling through a bastion host is supported. Allow inbound SSH (port `22`) from the static egress IP on the bastion host, create an SSH user with the service's public key in `~/.ssh/authorized_keys` (contact support for the key), and grant the bastion host's IP access to the database port in place of the static egress IP. Provide the bastion host address, port, and username in the destination configuration.
    </Note>
  </Step>

  <Step title="Create writer user">
    Create a database user to perform the writing of the source data.

    1. Open a connection to your Oracle database.
    2. Create a user for the data transfer by executing the following SQL command.

    ```sql title="Create user" icon="database" theme={null}
    CREATE USER <username> IDENTIFIED BY '<some-password>';
    GRANT CREATE SESSION TO <username>;
    ```

    3. Grant user required privileges on the database.

    ```sql title="Grant privileges" icon="database" expandable theme={null}
    GRANT CREATE SESSION TO <username>;
    GRANT ALTER USER TO <username>;
    GRANT CREATE ANY TABLE TO <username>;
    GRANT CREATE ANY INDEX TO <username>;
    GRANT SELECT ANY TABLE TO <username>;
    GRANT INSERT ANY TABLE TO <username>;
    GRANT UPDATE ANY TABLE TO <username>;
    GRANT DELETE ANY TABLE TO <username>;
    GRANT DROP ANY TABLE TO <username>;
    GRANT COMMENT ANY TABLE TO <username>;
    ```

    <Warning>
      **If the `schema`/`database` already exists**

      By default, the service creates a new schema (*in Oracle, `schema` is synonomous with `user`*). If you prefer to create the schema yourself before connecting the destination, you must ensure that the writer user has the proper permissions on the schema.\`
    </Warning>
  </Step>

  <Step title="Add your destination">
    Use the following details to complete the connection setup: **host name**, **database name**, **port**, your chosen **schema name**, **username**, and **password**.
  </Step>
</Steps>

## Permissions checklist

* User has `CREATE SESSION`.
* User has `CREATE ANY TABLE, CREATE ANY INDEX, SELECT ANY TABLE, INSERT ANY TABLE, UPDATE ANY TABLE, DELETE ANY TABLE, DROP ANY TABLE, COMMENT ANY TABLE`.
* Firewall or security group allows the service's egress IP on port 1521. If using SSH tunneling, allow the egress IP on port 22 on the bastion host instead.

## FAQ

<AccordionGroup>
  <Accordion title="How is the Oracle connection secured?">
    We connect using the credentials you provide (host, port, username, password) over TCP. If your database is not publicly accessible, SSH tunneling through a bastion host is supported. The service uses public key authentication for bastion access.
  </Accordion>

  <Accordion title="Do I need to pre-create the schema?">
    No. The schema provided in the destination configuration is created automatically on first sync. If you pre-create it, ensure the writer user has the proper permissions on the existing schema.
  </Accordion>
</AccordionGroup>
