The recovery catalog can be a base recovery catalog or a virtual private catalog.
A base recovery catalog is a database schema that contains RMAN metadata for a set of target databases.
A virtual private catalog is a set of synonyms and views that enable user access to a subset of a base recovery catalog.
Execute this command only at the RMAN prompt. RMAN must be connected to the recovery catalog database either through the
CATALOG command-line option or the
CATALOG command, and the catalog database must be open. A connection to a target database is not required.
The recovery catalog owner, whether the catalog is a base recovery catalog or a virtual private catalog, must be granted the
RECOVERY_CATALOG_OWNER role. This user must also be granted space privileges in the tablespace where the recovery catalog tables will reside. The recovery catalog is created in the default tablespace of the recovery catalog owner.
CATALOG description for restrictions for RMAN client connections to a virtual catalog when the RMAN client is from release Oracle Database 10g or earlier.
Typically, you create the recovery catalog in a database created especially for this purpose. It is not recommended to create the recovery catalog in the
The best practice is to create one recovery catalog that serves as the central RMAN repository for many databases. For this reason it is called the base recovery catalog.
The owner of the base recovery catalog can
REVOKE restricted access to the catalog to other database users. Each restricted user has full read/write access to his own metadata, which is called a virtual private catalog. The RMAN metadata is stored in the schema of the virtual private catalog owner. The owner of the base recovery catalog controls what each virtual catalog user can access.
You must take an extra step when intending to use a 10.2 or earlier release of RMAN with a virtual catalog. Before using the virtual private catalog, this user must connect to the recovery catalog database as the virtual catalog owner and execute the following PL/SQL procedure (where
base_catalog_owner is the database user who owns the base recovery catalog):
See Also:Oracle Database Administrator's Guide for more information about the
||Creates a virtual private catalog in an existing recovery catalog.
Run this command after connecting RMAN to the recovery catalog database as the virtual catalog user.
Note: All of the mechanisms for virtual private catalogs are in the recovery catalog schema itself. The security is provided by the catalog database, not by the RMAN client.
Assume that you start SQL*Plus and connect to the recovery catalog
catdb with administrator privileges. You execute the
CREATE USER statement as follows, replacing password with a user-specified password (see Oracle Database Security Guide for information on creating secure passwords). The SQL statement creates a user
catowner in database
catdb and grant the
catowner user the
SQL> CREATE USER catowner IDENTIFIED BY password 2 DEFAULT TABLESPACE cattbs 3 QUOTA UNLIMITED ON cattbs; SQL> GRANT recovery_catalog_owner TO catowner; SQL> EXIT
You then start RMAN and run the following RMAN commands to connect to the recovery catalog database as
catowner and create the recovery catalog:
RMAN> CONNECT CATALOG catowner@catdb recovery catalog database Password: password connected to recovery catalog database RMAN> CREATE CATALOG;
In the same RMAN session, you connect to a target database using operating system authentication and use the
REGISTER DATABASE command to register this database in the catalog:
RMAN> CONNECT TARGET / RMAN> REGISTER DATABASE; RMAN> EXIT
Assume that you created the recovery catalog and registered a database as shown in Example 2-58. Now you want to create a virtual private catalog for database user
vpc1. You start SQL*Plus and connect to recovery catalog database
catdb with administrator privileges. You create the
vpc1 user and grant recovery catalog ownership as follows, replacing password with a user-specified password (see Oracle Database Security Guide for information on creating secure passwords):
SQL> CREATE USER vpc1 IDENTIFIED BY password 2 DEFAULT TABLESPACE vpcusers 3 QUOTA UNLIMITED ON vpcusers; SQL> GRANT recovery_catalog_owner TO vpc1; SQL> EXIT
You then start RMAN and connect to the recovery catalog database as the catalog owner
catowner. By default, the virtual catalog owner has no access to the base recovery catalog. You use the
GRANT command to grant virtual private catalog access to
vpc1 for RMAN operations on database
prod1 (but not
RMAN> CONNECT CATALOG catowner@catdb recovery catalog database Password: password connected to recovery catalog database RMAN> GRANT CATALOG FOR DATABASE prod1 TO vpc1; RMAN> EXIT;
At this point the backup operator who will use virtual private catalog
vpc1 is ready to create the virtual catalog. In the following example, the backup operator connects to the recovery catalog database as
vpc1 and creates the virtual private catalog for
RMAN> CONNECT CATALOG vpc1@catdb recovery catalog database Password: password connected to recovery catalog database RMAN> CREATE VIRTUAL CATALOG; RMAN> EXIT;
Because this operator eventually intends to use the virtual catalog with Oracle Database 10g target databases, the operator must execute the
CREATE_VIRTUAL_CATALOG PL/SQL procedure before using the virtual catalog (as explained in "Usage Notes"). In the following example, the backup operator connects to the recovery catalog database as
vpc1 and executes the PL/SQL procedure as follows:
SQL> CONNECT vpc1@catdb Enter password: password Connected. SQL> BEGIN 2 catowner.DBMS_RCVCAT.CREATE_VIRTUAL_CATALOG; 3 END; 4 /