Skip Headers
Oracle® Database Vault Administrator's Guide
Oracle9i Release 2 (9.2.0.8)

Part Number B32509-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

B Enabling and Disabling Oracle Database Vault

This appendix contains:

When You Must Disable Oracle Database Vault

You may need to disable Oracle Database Vault to perform upgrade tasks or correct erroneous configurations. You can reenable Oracle Database Vault after you complete the corrective tasks.

Note:

Be aware that if you disable Oracle Database Vault, the privileges that were revoked from existing users and roles during installation remain in effect. See "Privileges That Are Revoked or Prevented from Existing Users and Roles" for a listing of the revoked privileges.

The following situations require you to disable Oracle Database Vault:

Checking if Oracle Database Vault Is Enabled or Disabled

You can check if Oracle Database Vault has already been enabled or disabled by querying the V$OPTIONS table. Any user can query this table. If Oracle Database Vault is enabled, the query returns TRUE. Otherwise, it returns FALSE.

Remember that the PARAMETER column value is case sensitive. For example:

SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

If Oracle Database Vault is enabled, the following output appears:

PARAMETER                     VALUE
----------------------------- -----------------------
Oracle Database Vault         TRUE

Step 1: Disable Oracle Database Vault

Follow these steps to disable Oracle Database Vault on UNIX systems:

  1. Turn off the software processes. Make sure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set.

    For single-instance installations, shut down the database instance:

    $ sqlplus "SYS / AS SYSOPER"
    Enter password: password
    
    SQL> SHUTDOWN IMMEDIATE
    SQL> EXIT
    

    For Oracle Real Application Clusters (RAC) installations, shut down each database instance as follows:

    $ srvctl stop database -d db_name -c "sys/sys_passwd as sysoper"
    

    If you cannot connect to the database, then proceed to the next step.

  2. Relink the Oracle executable to turn off the Oracle Database Vault option:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_off
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    For RAC installations, run these commands on all nodes.

  3. In SQL*Plus, start the database.

    For single-instance database installations:

    $ sqlplus "SYS / AS SYSOPER"
    Enter password: password
    
    SQL> STARTUP
    SQL> EXIT
    

    For RAC installations:

    $ srvctl start database -d db_name -c "sys/sys_passwd as sysoper"
    
  4. Connect as SYS using the SYSDBA privilege, and then run the following ALTER TRIGGER statements:

    SQL> CONNECT SYS / AS SYSDBA
    Enter password: password
    
    SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
    SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
    

Note:

After you disable Oracle Database Vault, you still can run the Oracle Database Vault API functions. Note also that after you disable Oracle Database Vault, the ANY privileges are available.

Step 2: Perform the Required Tasks

With Oracle Database Vault disabled, you can restart your database and perform the following tasks, as required. You can perform the following types of activities:

Step 3: Enable Oracle Database Vault

Use the following steps to enable Oracle Database Vault on UNIX systems:

  1. Log into SQL*Plus as SYS using the SYSDBA privilege, and then run the following ALTER TRIGGER statements:

    $ sqlplus "sys / as sysdba"
    Enter password: password
    Connected.
    SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG ENABLE;
    SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG ENABLE;
    
  2. Turn off the software processes. Make sure that the environment variables, ORACLE_HOME, ORACLE_SID, and PATH are correctly set.

  3. Shut down the database instance.

    For single-instance installations:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    Connected.
    SQL> SHUTDOWN IMMEDIATE
    SQL> EXIT
    

    For RAC installations:

    $ srvctl stop database -d db_name -c "sys/sys_passwd as sysoper"
    
  4. Relink the oracle executable to turn on the Oracle Database Vault option:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_on
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    For RAC installations, run these commands on all nodes.

  5. In SQL*Plus, start the database:

    For single-instance database installations:

    $ sqlplus "sys / as sysoper"
    Enter password: password
    Connected.
    SQL> STARTUP
    SQL> EXIT
    

    For RAC installations:

    $ srvctl start database -d db_name -c "sys/sys_passwd as sysoper"