Skip Headers
Oracle® Database Vault Administrator's Guide
Oracle9i Release 2 (9.2.0.8)

Part Number B32509-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

B Enabling and Disabling Oracle Database Vault

You must disable Oracle Database Vault to perform upgrade tasks or correct erroneous configurations. You can reenable Oracle Database Vault after you complete the corrective tasks.

This chapter includes the following sections:

B.1 When You Must Disable Oracle Database Vault

The following situations require you to disable Oracle Database Vault:

B.2 Step 1: Disable Oracle Database Vault

Follow these steps to disable Oracle Database Vault on UNIX systems:

  1. Turn off the software processes. Make sure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set.

    For single-instance installations, shut down the database instance:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    SQL> SHUTDOWN IMMEDIATE
    SQL> EXIT
    

    For Oracle Real Application Clusters (RAC) installations, shut down each database instance as follows:

    $ srvctl stop database -d db_name -c "sys/sys_passwd as sysoper"
    

    If you cannot connect to the database, then proceed to the next step.

  2. Relink the Oracle executable to turn off the Oracle Database Vault option:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_off
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    For RAC installations, run these commands on all nodes.

  3. Start the database.

    For single-instance database installations:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    SQL> STARTUP
    SQL> EXIT
    

    For RAC installations:

    $ srvctl start database -d db_name -c "sys/sys_passwd as sysoper"
    
  4. Run Oracle Database Vault Configuration Assistant (DVCA) to disable Oracle Database Vault using the following syntax:

    $ORACLE_HOME/bin/dvca -silent -action disable -service service -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_password -nodecrypt [-logfile ./dvca.log]
    

    For RAC installations, run this command on all nodes.

    In this specification:

    • silent: Required if you are not running Oracle Database Vault Configuration Assistant in an xterm window

    • action: The action to perform. enable enables Oracle Database Vault. Other options are as follows:

      • disable: Disables Oracle Database Vault.

      • option: If you are using Oracle Real Application Clusters (RAC) and are setting the racnode value, include this setting to update the instance parameters for primary RAC node instance.

      • optionrac: Also used with the racnode value, but used for the non-primary RAC node.

    • service: The alias for a connection in the tnsnames.ora file. Used to connect to a listener/database. For example, orcl.

    • sys_passwd: Password for user SYS

    • owner_account: Oracle Database Vault Owner account name

    • owner_password: Oracle Database Vault owner account password

    • nodecrypt: Reads plaintext passwords as passed on the command line. You must use this option if you are passing plaintext passwords to the command.

    • logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME/bin directory.

Note:

After you disable Oracle Database Vault, you still can run the Oracle Database Vault API functions. Note also that after you disable Oracle Database Vault, the ANY privileges are available.

B.3 Step 2: Perform the Required Tasks

With Oracle Database Vault disabled, you can restart your database and perform the following tasks, as required. Advice is as follows:

B.4 Step 3: Enable Oracle Database Vault

Use the following steps to enable Oracle Database Vault on UNIX systems:

  1. Run Oracle Database Vault Configuration Assistant (DVCA) using the following syntax:

    $ORACLE_HOME/bin/dvca -silent -action enable -service service -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_password -nodecrypt [-logfile ./dvca.log]
    

    For RAC installations, run this command on all nodes. See Step 4 under "Step 1: Disable Oracle Database Vault" for an explanation of the DVCA command options.

    See also Appendix B, "Running DVCA After Creating a Database Vault Database" in Oracle Database Vault Installation Guide.

  2. Turn off the software processes. Make sure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set.

  3. Shut down the database instance.

    For single-instance installations:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    SQL> SHUTDOWN IMMEDIATE
    SQL> EXIT
    

    For RAC installations:

    $ srvctl stop database -d db_name -c "sys/sys_passwd as sysoper"
    
  4. Relink the oracle executable to turn on the Oracle Database Vault option:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_on
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    For RAC installations, run these commands on all nodes.

  5. Start the database:

    For single-instance database installations:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    SQL> STARTUP
    SQL> EXIT
    

    For RAC installations:

    $ srvctl start database -d db_name -c "sys/sys_passwd as sysoper"