Enabling Oracle Database Vault After Upgrading Oracle Database
Depending on your target database release, you can be required to reenable Oracle Database Vault, or revoke Oracle Database Vault role granted for upgrade.
- Upgrading Oracle Database Without Disabling Oracle Database Vault
To upgrade to Oracle Database 21c or later releases, either grant theDV_PATCH_ADMINrole toSYScommonly in the root container, and revoke after the upgrade, or disable Oracle Database Vault and reenable it after upgrade. - Postupgrade Scenarios with Oracle Database Vault
Postupgrade tasks for Oracle Database Vault change, depending on your target Oracle Database release, and the option you chose to prepare for upgrade.
Parent topic: Preparing to Upgrade Oracle Database
Upgrading Oracle Database Without Disabling Oracle Database Vault
To upgrade to Oracle Database 21c or later releases, either grant the
DV_PATCH_ADMIN role to SYS commonly in the root
container, and revoke after the upgrade, or disable Oracle Database Vault and reenable it
after upgrade.
If Oracle Database Vault is enabled and you are upgrading an entire CDB, then use one of the following methods:
- CDB upgrade method 1: Temporarily grant the
DV_PATCH_ADMINto userSYScommonly by logging into the root container as a common user with theDV_OWNERrole, and then issuing theGRANT DV_PATCH_ADMIN TO SYS CONTAINER=ALLstatement. Oracle Database Vault controls will be in the same state as it was before the upgrade. When the upgrade is complete, log into the root container as theDV_OWNERuser, and revoke theDV_PATCH_ADMINrole fromSYSby issuing theREVOKE DV_PATCH_ADMIN FROM SYS CONTAINER=ALLstatement. - CDB upgrade method 2: Log into each container as a user who has the
DV_OWNERrole, and then execute theDBMS_MACADM.DISABLE_DVprocedure. You must first disable the PDBs (in any order) and then after that, disable the root container last. If you are upgrading only one PDB, then you can disable Oracle Database Vault in that PDB only. After you have completed the upgrade, you can enable Oracle Database Vault by logging into each container as theDV_OWNERuser and then executing theDVSYS.DBMS_MACADM.ENABLE_DVprocedure. The order of enabling Oracle Database Vault must be the root container first and PDBs afterward. You can enable the PDBs in any order, but the root container must be enabled first.
If you manually disable Oracle Database Vault before the upgrade, then you must enable Oracle Database Vault manually after the upgrade.
If you did not have Oracle Database Vault enabled before the upgrade, then you can enable it manually after the upgrade.
Enable Oracle Database Vault in the upgraded database by using the procedure dvsys.dbms_macadm.enable_dv(). Run this procedure with a user account that is granted DV_OWNER. After you run the procedure, restart the database instance so that the procedure takes effect.
Postupgrade Scenarios with Oracle Database Vault
Postupgrade tasks for Oracle Database Vault change, depending on your target Oracle Database release, and the option you chose to prepare for upgrade.
Upgrades to Oracle Database 21c and Later
You must choose one of the following options:
- Grant the
DV_PATCH_ADMINrole toSYScommonly (container=all). - Disable Oracle Database Vault before upgrade.
If you granted the DV_PATCH_ADMIN role to
SYS before the upgrade, then revoke the
DV_PATCH_ADMIN role from SYS after the
upgrade. If you disabled Oracle Database Vault, then reenable it after the upgrade
is complete.
Upgrades to Oracle Database 18c and 19c
You do not need to disable Oracle Database Vault.
Note:
For all upgrades, after the upgrade is complete, Oracle Database Vault has the same enforcement status that was in place for your source database before the upgrade.