| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for HP-UX Itanium Part Number E10001-03 |
|
|
View PDF |
| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for HP-UX Itanium Part Number E10001-03 |
|
|
View PDF |
If you have Oracle Database Vault 10g Release 2 (10.2.0.2), Oracle Database Vault 10g Release 2 (10.2.0.3), or Oracle Database Vault 10g Release 2 (10.2.0.4) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.
Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.5):
Re-create the password file with the nosysdba=n and force=y flags, to allow the SYS user to connect AS SYSDBA. Use the following syntax:
orapwd file=$ORACLE_HOME/dbs/orapwSID password=password force=y nosysdba=n
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name -c "SYS/password AS SYSDBA"
Here db_name is the name of the database.
Relink the Oracle executable to turn off the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_off cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
Unlock the DVSYS account as the SYS user:
sqlplus SYS "AS SYSDBA" Enter password: SQL>ALTER USER DVSYS ACCOUNT UNLOCK;
Run Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action disable option. This disables the Database Vault triggers. Use the following syntax:
dvca -action disable
-service service_name
-owner_account DV_owner_account_name
[-logfile ./dvca.log]
[-nodecrypt] [-racnode host_name]
Enter SYS password: sys_password
Enter owner password: owner_password
Here:
-action is the action to perform. In this case the action is disable.
-service is the database service name.
-owner_account is the Oracle Database Vault Owner account name.
-hostname: The physical or virtual host name of the host on which the action is performed.
-logfile is an optional flag to specify a log file name and location. You can enter an absolute path, or enter a path that is relative to the location of the $ORACLE_HOME/bin directory.
-nodecrypt is the option to read plaintext passwords.
-racnode is the host name of the Oracle RAC node on which the action is performed. Use this option only in an Oracle RAC environment.
Install the Oracle Database Release 10.2.0.5 Patch Set.
See Also:
"Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch setRestart the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name $ORACLE_HOME/bin/srvctl start database -d db_name
This step is required only when you upgrade from Oracle Database Vault 10g Release 2 (10.2.0.3). Connect AS SYSDBA and run the following SQL statements:
SQL> DECLARE
CURSOR stmt IS
select u.name, o.name, r.pname
from user$ u, obj$ o, rls$ r
where u.user# = o.owner#
and r.obj# = o.obj#
and bitand(r.stmt_type,65536) > 0;
object_schema VARCHAR2(32) := NULL;
object_name VARCHAR2(32) := NULL;
policy_name VARCHAR2(32) := NULL;
BEGIN
OPEN stmt;
LOOP
FETCH stmt INTO object_schema, object_name, policy_name;
EXIT WHEN stmt%NOTFOUND;
dbms_rls.drop_policy('"'||object_schema||'"',
'"'||object_name||'"',
'"'||policy_name||'"');
END LOOP;
Close stmt;
END;
/
Run DVCA to reconfigure Database Vault. Use the following syntax:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -hostname host_name -jdbc_str jdbc_connection_string -owner_account DV_owner_account_name [-acctmgr_account DV_account_manager_account_name] [-logfile ./dvca.log] [-nodecrypt][-racnode node]
Where:
action: The action to perform. option creates the Database Vault schema objects, creates the DV_OWNER account and the optional DV_ACCTMGR account, and deploys the Database Vault Administrator application.
oh: The Oracle home for the database.
jdbc_str: The JDBC connection string used to connect to the database. For example, jdbc:oracle:oci:@orcl1, where orcl1 is the net service name in the tnsnames.ora file ($ORACLE_HOME/network/admin/tnsnames.ora).
owner_account: Oracle Database Vault Owner account name
acctmgr_account: (Optional) Oracle Database Vault Account Manager user
hostname: The physical or virtual host name of the host on which the action is performed.
logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin directory
nodecrypt: Reads plaintext passwords as passed on the command line. You must use this option if you are passing plaintext passwords to the command.
racnode: The host name of the Real Application Clusters (Oracle RAC) node on which the action is being performed. Do not include the domain name with the host name.Use this option if this is an Oracle RAC database.
Note:
You are prompted to enter theSYS, Database Vault Owner, and Database Vault Account Manager passwords.See Also:
Appendix C, "Running DVCA After Creating a Database Vault Database" for more options available with thedvca -action option commandRun Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action enable option. This enables the Database Vault triggers. Use the following syntax:
dvca -action enable
-service service_name
-owner_account DV_owner_account_name
[-logfile ./dvca.log]
[-nodecrypt]
[-racnode node]
Enter SYS password: sys_password
Enter owner password: owner_password
See Step 6 for details of the options used in the command.
Lock the DVSYS account. Use the following SQL statements:
SQL> CONNECT SYS "AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name
Here db_name is the name of the database.
Relink the Oracle executable to turn on the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_on cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
If you wish to disable connections with SYSDBA privileges, then re-create the password file with the nosysdba=y and force=y flags. Use the following syntax:
orapwd file=$ORACLE_HOME/dbs/orapwSID password=password force=y nosysdba=y
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
|
 Copyright © 2006, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|