Installing DB Vault to an Oracle 12c non-Container Database
At this note I will show you how you can install DB Vault to Oracle 12c non-container database. For Oracle 12c container databases I will write another post.
First Let me introduce the environment;
Host : Oracle 7 Linux virtual machine on Oracle VM Virtual Box
DB : Oracle 12c 12.1.0.2.0 non-container database.
At Oracle 12c Oracle Label Security and DB vault options are already linked with Oracle binary. But sometimes DBAs do not install these options during DB creation. At this time you should install this options and then you can register DB vault.
0. Check Oracle Label Security and DB Vault Options are installed
To check Oracle Label security And DB Vault use below SQL;
SQL> select comp_id,status from dba_registry where comp_id in (‘OLS’,’DV’);
no rows selected
IF “no rows selected” returns from the SQL ; It means you should install Oracle Label Security and Oracle DB Vault.
IF ORACLE LABEL SECURITY and DB VAULT IS NOT INSTALLED Please follow below notes to complete DB vault installation
Otherwise ; Just register Oracle DB Vault . Follow this note ; and finish the installation.
1.Check DB vault if already registered
SQL> column parameter format a25
SQL> column value format a10
SQL> SELECT parameter,value FROM gv$OPTION WHERE PARAMETER in
( ‘Oracle Database Vault’,’Oracle Label Security’);
PARAMETER VALUE
————————- ———-
Oracle Label Security FALSE
Oracle Database Vault FALSE
SQL>
As you see DB vault has not been registered yet. After registering DB vault the value column will be TRUE
2. Take backup of some tables and views.
Before DB vault registration; Some privileges from DBA role, IMP_FULL_DATABASE role and SCHEDULER_ADMIN role are revoked. At the same time some critical privileges are revoked as well. Therefore We should take a copy of some tables about privileges . I advice you should backup these with CREATE TABLE command.
I took the copy of the tables at SYSTEM user.
SQL> connect system
Enter password:
Connected.
SQL> create table a_dba_network_acls as select * FROM cdb_network_acls;
Table created.
SQL> create table a_dba_network_acl_privileges as select * from cdb_network_acl_privileges;
Table created.
SQL> create table a_gv$parameter as select * from gv$parameter ;
Table created.
SQL> create table a_dba_tab_privs as Select * from dba_tab_privs;
Table created.
SQL> create table a_dba_sys_privs as Select * from dba_sys_privs;
Table created.
SQL> create table a_dba_role_privs as Select * from dba_role_privs;
Table created.
SQL> create table a_dba_objects as select owner,object_name,object_type from dba_objects where status=’INVALID’ and object_type <> ‘SYNONYM’ ;
Table created.
SQL> create table a_dba_registry as select * from dba_registry;
Table created.
SQL>
3. Create DB Vault owner and User Administrator users
At DB Vault registration you should create one user to administer DB vault and one user to manage Oracle users at the database. These two users are required for the separation of duties.
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> CREATE USER dvowner IDENTIFIED BY oracle
2 DEFAULT TABLESPACE USERS
3 QUOTA UNLIMITED ON USERS;
User created.
SQL> GRANT CREATE SESSION TO dvowner;
Grant succeeded.
SQL> CREATE USER dvacctmngr IDENTIFIED BY oracle
2 DEFAULT TABLESPACE USERS
3 QUOTA UNLIMITED ON USERS;
User created.
SQL> GRANT CREATE SESSION TO dvowner;
Grant succeeded.
SQL>
4. Configure DB Vault
Now we can start to register DB Vault by configuring it. Afterwards we will compile all invalid objects at the database
connect sys as sysdba
Enter password:
Connected.
SQL> BEGIN
2 DVSYS.CONFIGURE_DV (
3 dvowner_uname => ‘dvowner’,
4 dvacctmgr_uname => ‘dvacctmngr’);
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> @?/rdbms/admin/utlrp.sql
.
.
…Database user “SYS”, database schema “APEX_040200”, user# “98” 21:39:56
…Compiled 0 out of 3014 objects considered, 0 failed compilation 21:39:56
…271 packages
…263 package bodies
…452 tables
…11 functions
…16 procedures
…3 sequences
…457 triggers
…1320 indexes
…211 views
…0 libraries
…6 types
…0 type bodies
…0 operators
…0 index types
…Begin key object existence check 21:39:56
…Completed key object existence check 21:39:57
…Setting DBMS Registry 21:39:57
…Setting DBMS Registry Complete 21:39:57
…Exiting validate 21:39:57
PL/SQL procedure successfully completed.
5. Enable DB Vault
SQL> CONNECT dvowner
Enter password:
Connected.
SQL> EXEC DBMS_MACADM.ENABLE_DV;
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.
6. Startup the Database and the installation is finished
SQL> connect sys as sysdba
Enter password:
Connected.
SQL> startup force
ORACLE instance started.
Total System Global Area 977272832 bytes
Fixed Size 2931520 bytes
Variable Size 666895552 bytes
Database Buffers 301989888 bytes
Redo Buffers 5455872 bytes
Database mounted.
Database opened.
SQL> column parameter format a25
SQL> column value format a10
SQL> SELECT parameter,value FROM gv$OPTION WHERE PARAMETER in
2 ( ‘Oracle Database Vault’,’Oracle Label Security’);
PARAMETER VALUE
————————- ———-
Oracle Label Security TRUE
Oracle Database Vault TRUE
As you see DB Vault Vault is ready for use. At the next note I will show you what you can do after installation of DB Vault.
Reply