Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for HP-UX Itanium Part Number E10001-03 |
|
|
View PDF |
If you have Oracle Database Vault 10g Release 2 (10.2.0.2), Oracle Database Vault 10g Release 2 (10.2.0.3), or Oracle Database Vault 10g Release 2 (10.2.0.4) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.
Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.5):
Re-create the password file with the nosysdba=n
and force=y
flags, to allow the SYS
user to connect AS SYSDBA
. Use the following syntax:
orapwd file=$ORACLE_HOME/dbs/orapwSID password=password force=y nosysdba=n
Here SID
is the Oracle system identifier (SID) of the database and password
is the password for the SYS
account.
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name -c "SYS/password AS SYSDBA"
Here db_name
is the name of the database.
Relink the Oracle executable to turn off the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_off cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
Unlock the DVSYS
account as the SYS
user:
sqlplus SYS "AS SYSDBA" Enter password: SQL>ALTER USER DVSYS ACCOUNT UNLOCK;
Run Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action disable
option. This disables the Database Vault triggers. Use the following syntax:
dvca -action disable -service service_name -owner_account DV_owner_account_name [-logfile ./dvca.log] [-nodecrypt] [-racnode host_name] Enter SYS password: sys_password Enter owner password: owner_password
Here:
-action
is the action to perform. In this case the action is disable.
-service
is the database service name.
-owner_account
is the Oracle Database Vault Owner account name.
-
hostname: The physical or virtual host name of the host on which the action is performed.
-logfile
is an optional flag to specify a log file name and location. You can enter an absolute path, or enter a path that is relative to the location of the $ORACLE_HOME/bin
directory.
-nodecrypt
is the option to read plaintext passwords.
-racnode
is the host name of the Oracle RAC node on which the action is performed. Use this option only in an Oracle RAC environment.
Install the Oracle Database Release 10.2.0.5 Patch Set.
See Also:
"Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch setRestart the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name $ORACLE_HOME/bin/srvctl start database -d db_name
This step is required only when you upgrade from Oracle Database Vault 10g Release 2 (10.2.0.3). Connect AS SYSDBA
and run the following SQL statements:
SQL> DECLARE CURSOR stmt IS select u.name, o.name, r.pname from user$ u, obj$ o, rls$ r where u.user# = o.owner# and r.obj# = o.obj# and bitand(r.stmt_type,65536) > 0; object_schema VARCHAR2(32) := NULL; object_name VARCHAR2(32) := NULL; policy_name VARCHAR2(32) := NULL; BEGIN OPEN stmt; LOOP FETCH stmt INTO object_schema, object_name, policy_name; EXIT WHEN stmt%NOTFOUND; dbms_rls.drop_policy('"'||object_schema||'"', '"'||object_name||'"', '"'||policy_name||'"'); END LOOP; Close stmt; END; /
Run DVCA to reconfigure Database Vault. Use the following syntax:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -hostname host_name -jdbc_str jdbc_connection_string -owner_account DV_owner_account_name [-acctmgr_account DV_account_manager_account_name] [-logfile ./dvca.log] [-nodecrypt][-racnode node]
Where:
action
: The action to perform. option
creates the Database Vault schema objects, creates the DV_OWNER
account and the optional DV_ACCTMGR
account, and deploys the Database Vault Administrator application.
oh
: The Oracle home for the database.
jdbc_str
: The JDBC connection string used to connect to the database. For example, jdbc:oracle:oci:@orcl1
, where orcl1
is the net service name in the tnsnames.ora
file ($ORACLE_HOME/network/admin/tnsnames.ora
).
owner_account
: Oracle Database Vault Owner account name
acctmgr_account
: (Optional) Oracle Database Vault Account Manager user
hostname: The physical or virtual host name of the host on which the action is performed.
logfile
: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin
directory
nodecrypt
: Reads plaintext passwords as passed on the command line. You must use this option if you are passing plaintext passwords to the command.
racnode
: The host name of the Real Application Clusters (Oracle RAC) node on which the action is being performed. Do not include the domain name with the host name.Use this option if this is an Oracle RAC database.
Note:
You are prompted to enter theSYS
, Database Vault Owner, and Database Vault Account Manager passwords.See Also:
Appendix C, "Running DVCA After Creating a Database Vault Database" for more options available with thedvca -action option
commandRun Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action enable
option. This enables the Database Vault triggers. Use the following syntax:
dvca -action enable -service service_name -owner_account DV_owner_account_name [-logfile ./dvca.log] [-nodecrypt] [-racnode node] Enter SYS password: sys_password Enter owner password: owner_password
See Step 6 for details of the options used in the command.
Lock the DVSYS
account. Use the following SQL statements:
SQL> CONNECT SYS "AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name
Here db_name
is the name of the database.
Relink the Oracle executable to turn on the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_on cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
If you wish to disable connections with SYSDBA
privileges, then re-create the password file with the nosysdba=y
and force=y
flags. Use the following syntax:
orapwd file=$ORACLE_HOME/dbs/orapwSID password=password force=y nosysdba=y
Here SID
is the Oracle system identifier (SID) of the database and password
is the password for the SYS
account.