Enabling Oracle Database Vault After Upgrading Oracle Database
Depending on your target database release, you can be required to disable Oracle Database Vault to complete an Oracle Database upgrade.
- Upgrading Oracle Database Without Disabling Oracle Database Vault
To upgrade to Oracle Database 12c Release 2 (12.2.0.1) or later releases, either grant theDV_PATCH_ADMIN
role toSYS
commonly in the root container, and revoke after the upgrade, or disable Oracle Database Vault and reenable it after upgrade. - Common Upgrade Scenarios with Oracle Database Vault
The requirements to enable Oracle Database Vault after upgrades change, depending on your source Oracle Database release.
Parent topic: Preparing to Upgrade Oracle Database
Upgrading Oracle Database Without Disabling Oracle Database Vault
To upgrade to Oracle Database 12c Release 2 (12.2.0.1) or later releases,
either grant the DV_PATCH_ADMIN
role to SYS
commonly in
the root container, and revoke after the upgrade, or disable Oracle Database Vault and
reenable it after upgrade.
If Oracle Database Vault is enabled and you are upgrading an entire CDB, then use one of the following methods:
- CDB upgrade method 1: Temporarily grant the
DV_PATCH_ADMIN
to userSYS
commonly by logging into the root container as a common user with theDV_OWNER
role, and then issuing theGRANT DV_PATCH_ADMIN TO SYS CONTAINER=ALL
statement. Oracle Database Vault controls will be in the same state as it was before the upgrade. When the upgrade is complete, log into the root container as theDV_OWNER
user, and revoke theDV_PATCH_ADMIN
role fromSYS
by issuing theREVOKE DV_PATCH_ADMIN FROM SYS CONTAINER=ALL
statement. - CDB upgrade method 2: Log into each container as a user who has the
DV_OWNER
role, and then run theDBMS_MACADM.DISABLE_DV
procedure. You must first disable Oracle Database Vault on the PDBs, and then after that, disable Oracle Database Vault on the root container last. If you are upgrading only one PDB, then you can disable Oracle Database Vault in that PDB only. After you have completed the upgrade, you can enable Oracle Database Vault by logging into each container as theDV_OWNER
user and then executing theDVSYS.DBMS_MACADM.ENABLE_DV
procedure. The order of enabling Oracle Database Vault must be the root container first and PDBs afterward. You can enable the PDBs in any order, but the root container must be enabled first.
If you manually disable Oracle Database Vault before the upgrade, then you must enable Oracle Database Vault manually after the upgrade.
If you did not have Oracle Database Vault enabled before the upgrade, then you can enable it manually after the upgrade.
Note:
This procedure applies to non-CDB upgrades as wellCommon Upgrade Scenarios with Oracle Database Vault
The requirements to enable Oracle Database Vault after upgrades change, depending on your source Oracle Database release.
-
Upgrades from Oracle Database 11g release 2 (11.2) or earlier: After the upgrade, Oracle Database Vault is disabled by default.
-
Upgrades from Oracle Database 12c release 1 (12.1) or later: After the upgrade, Oracle Database Vault has the same enforcement status that you had in place before the upgrade.
Table 2-1 Common Oracle Database Vault Upgrade Scenarios and Upgrade Preparation Tasks
Source Database Release | Target Database Release | Do you need to disable Database Vault Before Upgrade | What is Database Vault Status After Upgrade |
---|---|---|---|
11.2 or earlier | 12.1 | Yes | Disabled. You need to enable Database Vault manually after the upgrade. |
11.2.or earlier | 12.2, 18.1 and later | No | Disabled. You need to enable Database Vault manually after the upgrade. |
12.1, 12.2, 18.1, and later | 12.2, 18.1 and later | No | Database Vault has the same enforcement status that you had in place before the upgrade. |