10g Release 2 (10.2.0.5) for Oracle Solaris on x86-64 (64-Bit)
These Release Notes describe issues you may encounter with Oracle Database Vault 10g Release 2 (10.2.0.5). The Oracle Database Vault installation is covered in detail in Oracle Database Vault Installation Guide for Solaris Operating System (x86-64).
This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:
This document contains the following sections:
This section describes the known issues pertaining to installation. It also provides the workarounds that you can use.
The Database Vault Administrator (DVA) link does not work after an upgrade from Oracle Database Vault 10.2.0.4 to 10.2.0.5.
You can use the following workaround steps:
PATH environment variables.
Stop the Enterprise Manager Database Control process. Use the following command:
$ORACLE_HOME/bin/emctl stop dbconsole
Edit the file,
/config/server.xml. Enter the following line just before the last line that reads,
<application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
<application name="dva" path="/home/oracle/product/10.2.0/db1/dv/jlib/dva_webapp.ear" auto-start="true" />
Edit the file,
/config/http-web-site.xml. Enter the following line just above the last line that reads,
<web-app application="dva" name="dva_webapp" root="/dva" />
Start the Enterprise Manager Database Control process. Use the following command:
$ORACLE_HOME/bin/emctl start dbconsole
The Database Vault installer fails to install Database Vault in an existing physical standby database.
You can create a new physical standby database by using the following steps:
Install Database Vault on the primary database.
Create a physical standby database using a hot backup of the primary database. This backup should include the Oracle home.
Set up communications between the primary and the physical standby database. Redo logs communicate changes from the primary database to the standby database.
After installing Database Vault on a database, and running the postinstallation steps on the nodes, you get an error when trying to access Enterprise Manager.
Also, when you try to check the status of
dbconsole using the
emctl status dbconsole command, you get a message saying that the EM daemon is not running even though the process is running.
The workaround is to manually restart the
dbconsole process using the following commands:
$ORACLE_HOME/bin/emctl stop dbconsole $ORACLE_HOME/bin/emctl start dbconsole
SYS user is unable to log in to Enterprise Manager after installing Database Vault on an Oracle database. The following error is encountered:
ORA-01031: insufficient privileges
You need to regenerate the password file, using the
orapwd utility, to reenable the
SYS user to connect as
SYSDBA. Use the following syntax to enable
orapwd file=password_filename password=password [entries=users] force=y nosysdba=n
See Also:Oracle Database Vault Installation Guide for Solaris Operating System (x86-64) for more information about using the
After you install Database Vault, the database instances and listeners on the remote nodes do not start automatically. You must start these manually.
This is expected behavior. The
DVCA utility configures the local node, and starts the database instance and listener processes on the local node. You need to start these processes manually on each of the remote nodes.
The following steps are used to create a cloned Database Vault instance:
Install Oracle Database Vault 10g Release 2 (10.2.0.5) in the first Oracle home.
Clone the first instance to create a second Oracle home.
Run Net Configuration Assistant (NetCA) and Database Configuration Assistant (DBCA) to configure a listener and database for the cloned instance.
Run DBCA again to configure Oracle Label Security (OLS) for the cloned instance.
Run Database Vault Configuration Assistant (DVCA) as follows:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_account_password -acctmgr_account DV_account_manager_account_name -acctmgr_passwd DV_account_manager_password -logfile ./dvca.log -nodecrypt
The following SQL statement shows that the cloned Database Vault instance contains invalid objects:
SQL> select count(*) from all_objects where status = 'INVALID'; COUNT(*) ---------- 45
The workaround is to run the
utlrp.sql script. This script recompiles all
PL/SQL modules that might be in an invalid state, including packages, procedures, and types. Use the following commands to run the
cd $ORACLE_HOME/rdbms/admin sqlplus SYS "AS SYSDBA" Enter password: SQL> @utlrp.sql
After you add a second node to a single-node Oracle Real Application Clusters (Oracle RAC) installation, the following error occurs when you try to configure Database Vault security for the second node:
ORA-32001: write SPFILE requested but no SPFILE specified at startup
The following steps reproduce the bug:
Install Oracle Clusterware on a 2-node cluster.
Install Oracle Database Vault on the first node.
Configure the database listener and database instance for the second node.
Run the following
ALTER SYSTEM statements on the second node:
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE; ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=SPFILE; ALTER SYSTEM SET RECYCLEBIN='OFF' SCOPE=SPFILE; ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE='EXCLUSIVE' SCOPE=SPFILE; ALTER SYSTEM SET SQL92_SECURITY=TRUE SCOPE=SPFILE; ALTER SYSTEM SET OS_AUTHENT_PREFIX='' SCOPE=SPFILE;
The workaround is to run the following steps before running the
addnode.sh script in Step 3:
Note:These steps must be run from the first node.
Shut down the database.
$ORACLE_HOME/bin/srvctl stop database -d db_name
Start the database with the
$ORACLE_HOME/bin/srvctl start database -d db_name -o nomount
Connect to the database
sqlplus SYS "AS SYSDBA" Enter password:
Create a server parameter file (
SPFILE) using the traditional initialization parameter file (
PFILE). The initialization parameter file is usually located at
$ORACLE_HOME/admin/db_name/pfile for Optimal Flexible Architecture compliant databases.
SQL> CREATE SPFILE='SHARED_LOCATION/spfileORACLE_SID.ora' FROM 'PFILE=ORACLE_HOME/admin/db_name/pfile/initORACLE_SID.ora'
This statement reads the text initialization parameter file to create a server parameter file. You must have the or
SYSOPER system privilege to run the
CREATE SPFILE statement.
Shut down the database.
$ORACLE_HOME/bin/srvctl stop database -d db_name
Clear the current contents of the initialization parameter file. Add the server parameter file location in the initialization parameter file:
SPFILE = 'SHARED_LOCATION/spfileORACLE_SID.ora'
Restart the database.
$ORACLE_HOME/bin/srvctl start database -d db_name
The Database Vault installer swap space requirement test may fail in some cases even when enough swap space is available.
The swap space required for installation should not exceed 16GB. In case the required swap space is shown as more than 16 GB, this warning can be safely ignored.
When installing Oracle Database Vault for a database, you may see the following error file:
No checks to execute for entry points. Please check input files
You can safely ignore these errors and proceed with the installation.
The Oracle Database Vault Installation Guide includes instructions to upgrade a previous version of Oracle Database Vault to Oracle Database Vault 10.2.0.5. One of the upgrade steps requires the user to run the
catmac.sql script. The Oracle Database Vault Installation Guide advises the user to spool the output of this script into a file in order to look for errors.
The spooled output file may include the following errors:
ORA-01920: user name 'DVSYS' conflicts with another user or role name ORA-01920: user name 'DVF' conflicts with another user or role name SP2-0310: unable to open file catmaca.sql ORA-01952: system privileges not granted to 'DBA' ORA-00955: name is already used by an existing object ORA-02260: table can have only one primary key
You can safely ignore these error messages.
ORA-01031: insufficient privileges error may be generated during the Lock DVSYS phase of the Database Vault installation process. This may be caused by a low shared pool size.
The workaround is to increase the shared pool size to a larger value. To set the shared pool size, use the following SQL statement:
ALTER SYSTEM SET SHARED_POOL_SIZE=
When installing Oracle Database Vault in
ORA_TZFILE environment, installation fails with the following error:
Configuration assistant "Oracle Database Vault Configuration Assistant" failed
The workaround is to remove
$OH/lib32/libociei.so after installing 10.2.0.5 patchset, and proceed with Oracle Database Vault installation.
There may be invalid objects in the database after you install Oracle Database Vault.
Log into SQL*Plus as a user who has been granted the
SYSDBA administrative privilege. For example:
sqlplus sys as sysdba Enter password: password
In SQL*Plus, perform the following query to find invalid objects.
SELECT COUNT(*) FROM ALL_OBJECTS WHERE STATUS = 'INVALID';
If there are invalid objects, then run the
utlrp.sql script, which by default is located in the
$ORACLE_HOME/rdbms/admin directory, to recompile the invalid objects.
utlrp.sql script provides any instructions, follow them, and then run the script again. If the script terminates abnormally without giving any instructions, then run it again.
Oracle Bug: 7631281
This section discusses usage issues that you may encounter with Database Vault. It also provides the workarounds for these issues.
Accounts with the
DV_SECANALYST role cannot run the following command:
ALTER USER user QUOTA UNLIMITED ON tablespace
The workaround is to
REVOKE the role from the account, run the
ALTER USER command, and then
GRANT back the role to the account. This works if the account is not the
DV_OWNER account that was created during installation. If the account is the DV_OWNER account created during installation, then you would need to use the following steps:
Disable the Database Vault command rule for the
ALTER USER command.
ALTER USER command.
Re-enable the Database Vault command rule for the
ALTER USER command.
This section covers some of the frequently asked questions related to Database Vault installation. Oracle Database Vault installation is covered in detail in Oracle Database Vault Installation Guide for Solaris Operating System (x86-64).
To allow the installer to find the database instance information, you should check the following:
The database home has Oracle Enterprise Manager Console DB 10.2.0.5.0 installed.
For an Oracle Real Application Clusters (Oracle RAC) database, make sure that Oracle Clusterware is running on all nodes.
For an Oracle Real Application Clusters (Oracle RAC) database, make sure that the
srvctl utility can be run from Oracle Clusterware home and Oracle RAC database home.
oraInventory/ContentsXML correctly lists the Oracle home information including the node names (for Oracle RAC).
/etc/oratab has an entry for the database. This entry is case-sensitive.
All database names listed in
/etc/oratab have unique system identifier (SID) names.
The oraInventory location is set in the
The oraInventory location set in
/etc/oraInst.loc is the same as the 10.2.0.5 Enterprise Edition database's oraInventory location.
The 10.2.0.5 database home does not have Oracle Database Vault in it.
The 10.2.0.5 database home does not contain an Automatic Storage Management (ASM) instance.
You would need to run Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to Oracle Database Vault Installation Guide for Solaris Operating System (x86-64) for detailed instructions.
You need to configure Database Vault security on the other Oracle RAC nodes. Refer to Oracle Database Vault Installation Guide for Solaris Operating System (x86-64) for detailed instructions.
This section contains miscellaneous notes not covered in the Oracle Database Vault documentation.
SNAPSHOT is supported in place of
MATERIALIZED VIEW for backward compatibility.
JOB_QUEUE_PROCESSES initialization parameter specifies the maximum number of processes that can be created for the execution of jobs. It specifies the number of job queue processes per instance.
This parameter must have a non-zero value. The default value for
JOB_QUEUE_PROCESSES is 10.
For all Oracle Database Vault 10.2.0.5 releases, disregard the DBA_REGISTRY data dictionary view output. This view normally displays information about the components loaded into the database. For these releases, the DBA_REGISTRY view does not update this view's contents.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at
Oracle customers have access to electronic support through My Oracle Support. For information, visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Database Vault Release Notes 10g Release 2 (10.2.0.5) for Oracle Solaris on x86-64 (64-Bit)
Copyright © 2006, 2013, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.