| Oracle® Database Vault Release Notes Oracle9i Release 2 (9.2.0.8) for hp Tru64 UNIX Part Number E14407-01 |
|
| View PDF |
| Oracle® Database Vault Release Notes Oracle9i Release 2 (9.2.0.8) for hp Tru64 UNIX Part Number E14407-01 |
|
| View PDF |
Release Notes
Oracle9i Release 2 (9.2.0.8) for hp Tru64 UNIX
E14407-01
April 2009
These Release Notes describe issues you may encounter with Oracle Database Vault Oracle9i Release 2 (9.2.0.8). The Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide for hp Tru64 UNIX.
This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:
http://www.oracle.com/technology/documentation/
This document contains the following sections:
This section describes the known issues pertaining to installation. It also provides the workarounds that you can use.
Cannot Install Oracle Database Vault in a Data Guard Environment
OUI Summary Screen Shows Latest CPU in the List of Products Being Uninstalled
Database Vault Installer Does Not Take You Back to the First Screen
Global Services Daemon Needs to Be Started on the Remote Nodes
Oracle Universal Installer Not Detecting Database in RAC Environments
DVCA Failing During Install of 9208 Database Vault in Oracle RAC Environment
Bug 5258820
After you create a new database in the Database Vault home, running Database Vault Configuration Assistant (DVCA) manually fails if the Oracle System Identifier (SID) for the database is longer than 8 characters.
The following steps reproduce the bug:
Use Database Configuration Assistant (DBCA) to create a new database in an existing Database Vault home.
Run DVCA on the newly created database:
$ORACLE_HOME/bin/dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account DV_owner_account_name -owner_passwd DV_owner_account_password [-acctmgr_account DV_account_manager_account_name] [-acctmgr_passwd DV_account_manager_password] [-logfile ./dvca.log] [-silent] [-nodecrypt] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}]
See Also:
Oracle Database Vault Installation Guide for hp Tru64 UNIX for more information on running the DVCA command.The reason for the bug is that the Oracle Net service name in the tnsnames.ora ($ORACLE_HOME/network/admin/tnsnames.ora) file is truncated to 8 characters.
Workaround: Change the truncated Net service name in the tnsnames.ora file to its correct value. For example, suppose the SID for the database is ORACLEDB90, and the entry in tnsnames.ora appears as:
ORACLEDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Replace the truncated entry in the tnsnames.ora file with the correct entry. In this case, you would replace ORACLEDB with ORACLEDB90. For example:
ORACLEDB90 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST ....
Bug 5577503
Oracle Database Vault installer fails to install Oracle Database Vault in an existing physical standby database.
Workaround: You can create a new physical standby database as follows:
Install Oracle Database Vault on the primary database.
Create a physical standby database using a hot backup of the primary database.
This backup should include the Oracle home.
Set up communications between the primary and the physical standby database.
Redo logs communicate changes from the primary database to the standby database.
See Also:
Oracle Data Guard Concepts and Administration for more information on creating a physical standby databaseBug 5966314
After applying the latest Critical Patch Update (CPU), when you run Oracle Database Vault installer to install Oracle Database Vault, the latest CPU is listed in the products being uninstalled on the Summary screen. This is not a problem, so you can ignore it. Database Vault installer does not rollback already applied patches. It just removes their entries from the inventory.
The current patchset contains patches that include all the fixes provided by already installed patches. Hence, Oracle Universal Installer must remove the old entries from the inventory. Oracle Universal Installer and the OPatch utility use the inventory for conflict detection of patches.
Workaround: Removing old patch entries from the inventory ensures that you do not get false errors related to patches in future.
Bug 8282608
After you complete the Oracle Database Vault installation, the following error message appears when you run root.sh:
rm: /install/raja/Home/rdbms/filemap: No such file or directory
Workaround: You can ignore this message.
Bug 5963717
When a user clicks Cancel to cancel out an error, the Oracle Database Vault installer takes the user back to the Specify File Location screen and not the first screen.
The following steps reproduce the error:
Run the Database Vault Installer for an Oracle Real Applications Cluster (RAC) node
When prompted to shut down the database processes, shut down the database and the listener process, but leave the Global Services Daemon (GSD) service running.
On the node list screen, the installer raises an error about the following process not being shut down:
/private/qatest/9208DV/RC2/d3/jre/1.1.8/bin/../bin/sparc/native_threads/jre
Click Cancel. Click OK in the confirmation prompt.
The installer returns to the Specify File Location screen instead of the first screen.
Workaround: Click the Back button, which then displays the first screen. Alternatively, you can click Cancel to exit Oracle Universal Installer (OUI), and then start OUI again.
Bug 5971092
After you install Oracle Database Vault, the Global Services Daemon (GSD) service does not automatically start on the remote nodes. You must manually start the GSD service on the remote nodes. You then can start the database and the listener process on the remote nodes.
Workaround: Use the following command to start the GSD service on each Oracle Real Application Clusters (RAC) node:
$ORACLE_HOME/bin/gsdctl start
Bug 8278959
For Oracle Real Application Clusters (RAC), DVCA fails to configure Database Vault on remote RAC nodes.
Workaround: Run the same DVCA invocation on it that you used for the first node, except to replace the SID names and node names with those of the remote node. Use the following syntax:
dvca -action optionrac –oh installed_RAC_home -jdbc_str jdbc:oracle:oci:@remote_SID_name -racnode remote_hostname -sys_passwd SYS_password -nodecrypt -silent
Bug 8274858
When a single-instance Oracle Database is installed on a node that is part of a cluster, then that database is treated as an Oracle RAC database with a single node. In this case, the installation of Oracle Database Vault over the single-instance database is not possible.
Workaround: In the oraInventory/ContentsXML folder, update the inventory entry for this Oracle home in the inventory.xml file.
The existing entry is as follows:
<HOME NAME="Home" LOC="/OH_directory" TYPE="O" IDX="1"> <NODE_LIST> <NODE NAME="name_of_node"/> </NODE_LIST> </HOME>
Remove the NODE_LIST element. In other words, replace this entry with the following entry:
<HOME NAME="Home" LOC="/OH_directory" TYPE="O" IDX="1">
</HOME>
Bug 8341489
During the installation of Oracle Database Vault in an Oracle Real Application Clusters (RAC) environment, Database Vault Configuration Assistant fails and displays the following error:
DVCA started Executing task LOCKOUT_OFF @ ORAPWD,result=/install/ranjeet/Home/bin/dvca_lock.sh,1, Executing task RESTART_SERVICES_PATCH MANAGE_INSTANCE stop isqlplus MANAGE_LISTENER start listener MANAGE_INSTANCE start RDBMS Executing task SQLPLUS_CATOLS Executing task RESTART_SERVICES_OLS MANAGE_INSTANCE stop isqlplus MANAGE_LISTENER start listener MANAGE_LISTENER start listener result=/install/ranjeet/Home/bin/dvca_start_listener.sh,1, MANAGE_INSTANCE start RDBMS Executing task SQLPLUS_CATMAC connect SYS:java.sql.SQLException: ORA-00603: ORACLE server session terminated by fatal error Executing task UNLOCK_DVSYS Error executing task UNLOCK_DVSYS:java.lang.NullPointerException Executing task LOAD_NLS_FILES load(error):java.sql.SQLException: ORA-12514: TNS:listener could not resolve SERVICE_NAME given in connect descriptor load(error):java.sql.SQLException: ORA-00603: ORACLE server session terminated by fatal error
Workaround: Before you begin the patch upgrade, set the following system variables:
/sbin/sysconfig -r inet udp_sendspace=65536 /sbin/sysconfig -r inet 655360
You can check the current values of these variables by running the following command:
/sbin/sysconfig -q inet
This section discusses usage issues that you may encounter with Database Vault. It also provides the workarounds for these issues.
Accounts with DV_OWNER, DV_ADMIN, or DV_SECANALYST Role Cannot Use the ALTER USER PL/SQL Statement
Enabling a Realm Fails When a Realm Secured Object Is Invalid
Factors with Validation Functions May Cause Invalid Cursor Errors
CREATE SESSION Privilege Is Controlled by the Data Dictionary Realm
Bug 5161953
Accounts with the DV_OWNER, DV_ADMIN, or DV_SECANALYST role cannot run the following PL/SQL statement:
ALTER USER user QUOTA UNLIMITED ON tablespace;
Workaround: Revoke the role from the account, run the ALTER USER statement, and then run the GRANT statement to grant the role back the role to the account. This works if the account is not the DV_OWNER account that was created during installation. If the account is the DV_OWNER account created during installation, then you would must use the following steps:
Disable the Database Vault command rule for the ALTER USER statement.
Run the ALTER USER statement.
Re-enable the Database Vault command rule for the ALTER USER statement.
Bug 5582720
Enabling a realm fails with the following error:
ORA-00942: Table or view does not exist
This might happen if you try to enable a realm on an invalid object.
Workaround: Ensure that all objects protected by the realm are valid, before trying to enable the realm.
Bug 5508407
The following error is displayed when you try to update the owner or the rule set for the SELECT command rule:
Command Rule SELECT not found for schema.%
After the update has failed, you are not allowed to delete the command rule.
Workaround:
Login to SQL*Plus using the SYSTEM account. Run the following command:
SQL>ALTER SYSTEM FLUSH SHARED_POOL;
Delete the command rule.
If you were trying to update the command rule, then re-create the command rule with the new parameters.
Repeat Step 1 for the new command rule to take effect.
Bug 5953290
After including a validation function in a factor, you might get the ORA-01001 or ORA-07445 error when trying to use the factor in a command rule.
Workaround: Implement the validation logic in the factor function itself rather than using a validation function to implement the logic.
Use the following steps to grant the CREATE SESSION privilege:
Add the SYSTEM user to the data dictionary realm as an owner.
Log in to SQL*Plus as the SYSTEM user.
Grant the CREATE SESSION privilege.
Enable the data dictionary realm.
This section covers some of the frequently asked questions related to Database Vault installation. Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide for hp Tru64 UNIX
The installer does not detect my existing Oracle9i Release 2 (9.2.0.8) instance. What should I do?
To allow the installer to find the database instance information, check the following:
/var/opt/oracle/oratab has an entry for the database. The oratab entry for the database is case-sensitive. Ensure that this entry exactly matches your database.
All database names listed in /var/opt/oracle/oratab have unique system identifier (SID) names.
The file, /var/opt/oracle/oraInst.loc exists.
The oraInventory location is set in the /var/opt/oracle/oraInst.loc file.
The oraInventory location set in /var/opt/oracle/oraInst.loc is the same as the 9.2.0.8 Enterprise Edition database's oraInventory location.
The 9.2.0.8 database home does not have Oracle Database Vault in it.
I have installed Oracle Database Vault into an Oracle home that has multiple databases. How do I secure the other databases in the Oracle home?
You would need to run Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to Appendix C in the Oracle Database Vault Installation Guide for hp Tru64 UNIX for detailed instructions.
I have installed Oracle Database Vault on a Real Application Clusters (RAC) database instance. How do I secure the other nodes in the cluster?
You must run DVCA manually on the other RAC nodes. Refer to "Run DVCA to Set Instance Parameters" in the Oracle Database Vault Installation Guide for hp Tru64 UNIX for detailed instructions.
This section contains miscellaneous notes not covered in the Oracle Database Vault documentation.
The keyword SNAPSHOT is supported in place of MATERIALIZED VIEW for backward compatibility.
The JOB_QUEUE_PROCESSES initialization parameter specifies the maximum number of processes that can be created for the execution of jobs. It specifies the number of job queue processes per instance.
This parameter must have a non-zero value. The default value for JOB_QUEUE_PROCESSES is 10.
Database Vault supports the following languages:
de: German
en: American English
es: Spanish
fr: French
it: Italian
ja: Japanese
ko: Korean
pt_BR: Brazilian Portuguese
zh_CN: Simplified Chinese
zh_TW: Traditional Chinese
Ensure that the NLS_LANG parameter in your database corresponds to one of these languages before you install Oracle Database Vault. If the language setting in the NLS_LANG parameter is not compatible, then the Database Vault Administrator (DVA) application interface is not displayed properly.
Use the following steps to add a supported language to an already installed instance of the Database Vault Administrator (DVA) application:
Disable Database Vault.
See Also:
Appendix B, "Enabling and Disabling Oracle Database Vault" in the Oracle Database Vault Administrator's GuideEnsure that environment variables such as ORACLE_HOME, PATH, ORACLE_SID, and LD_LIBRARY_PATH are properly set.
Run the following command:
java -classpath$ORACLE_HOME/dv/jlib/dvca.jar:$ORACLE_HOME/lib/xmlparserv2.jar:$ORACLE_HOME/jdbc/lib/classes12.zip oracle.security.datval.dvca.util.DvcaNLSLoader"jdbc:oracle:oci:@database_sid" dvsys dvsys_password file1 file2 ... fileN
Here, file1 file2 ... fileN are the names of the language set files. The language files are a set of files with the following names:
code_language.dlf
factor_type_language.dlf
factor_language.dlf
rule_language.dlf
rule_set_language.dlf
realm_language.dlf
For example, to enable support for Japanese language, use the following command:
java -classpath$ORACLE_HOME/dv/jlib/dvca.jar:$ORACLE_HOME/lib/xmlparserv2.jar:$ORACLE_HOME/jdbc/lib/classes12.zip oracle.security.datval.dvca.util.DvcaNLSLoader "jdbc:oracle:oci:@db1" dvsys oracle $ORACLE_HOME/dv/admin/code_ja.dlf
Note:
You can either repeat the preceding command for each file in the language set, or use a single command with the language specific file names separated by whitespace characters.Enable Database Vault.
See Also:
Appendix B, "Enabling and Disabling Oracle Database Vault" in the Oracle Database Vault Administrator's GuideOur goal is to make Oracle products, services, and supporting documentation accessible, with good usability, to the disabled community. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at
http://www.oracle.com/accessibility/
Accessibility of Code Examples in Documentation
Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.
Accessibility of Links to External Web Sites in Documentation
This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.
Deaf/Hard of Hearing Access to Oracle Support Services
To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html.
Oracle Database Vault Release Notes Oracle9i Release 2 (9.2.0.8) for hp Tru64 UNIX
E14407-01
Copyright © 2007, 2009, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.
This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
 Copyright © 2007, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|