Managing Compliance Holds
A "compliance hold" or "legal hold" is a process that an organization uses to preserve all forms of potentially relevant information when litigation is pending or reasonably anticipated. When initiated, a compliance hold requires that the organization suspend the normal disposition of obsolete records.
The Recovery Appliance administrator can create a compliance hold on existing disk backups for specific databases. Backups on compliance hold cannot be deleted by internal processes or administrator commands, until the compliance hold is disabled.
COMPLIANCE_HOLD
applies to the storage of the Recovery Appliance. Compliance hold backups on the Recovery Appliance that are archived to cloud or tape are treated as normal archived backups along with deletion of obsolete backups (recovery_window_sbt
). Therefore, to ensure legal hold on cloud or tape, immutability settings must also be configured using the administrative interfaces for those locations. If a database is in COMPLIANCE_HOLD
and the Recovery Appliance attempts to delete the backup piece on tape or cloud, tape or cloud location grants or denies the request. If tape or cloud refuses to delete a piece, the pointer to the piece inside of the Recovery Appliance is preserved. In this manner, all cloud and tape backup records are preserved in the Recovery Appliance, because the destination blocks any delete operations issued by the Recovery Appliance.
Note:
COMPLIANCE_HOLD
can prevent the addition of new backups to the Recovery Appliance, when backups associated with the legal hold fill up the storage of the Recovery Appliance, because old backups aren't "expiring" and having their storage reclaimed.
The two main methods for creating and maintaining compliance holds are with an application, such as Enterprise Manager Cloud Control, or using the DBMS_RA API.
The steps for setting and removing compliance hold on a database using Enterprise Manager Cloud Control are:
-
Log in to your Cloud Control page.
See Also:
"Accessing the Recovery Appliance Home Page" for more information.
-
From any Cloud Control page, use the Targets drop-down menu and select Recovery Appliances.
The Recovery Appliances page appears.
-
In the Name column, click the name of a Recovery Appliance.
The Home page for the selected Recovery Appliance page appears.
From this page you can see a snapshot of the entire Recovery Appliance, and also click links to obtain more information about a particular area.
-
From the Recovery Appliances drop-down menu, select Protected Databases.
This displays a table with all of the databases that the Recovery Appliance is currently protecting.
-
Select the row in the Protected Databases table for the database that needs compliance to be turned on. While highlighted, select the Set Compliance button from above the table.
This opens the Set Compliance Hold dialog box with the checkbox to set or remove a compliance hold on that database.
-
To set a compliance hold, specify a start date that is within the current recovery window for the database and mark the checkbox Compliance Hold.
All backups from the specified date onwards will not be deleted.
Later when a given database no longer requires a compliance hold, be sure to remove.
A "compliance hold" is configured by enabling the COMPLIANCE_HOLD
attribute with UPDATE_DB
for a specified database. A starting date for the hold must be within the current recovery window available for the database. All backups from this date onwards are protected from being deleted. The metadata for those backups is assigned the COMPLIANCE_HOLD
attribute that prevents the backup from being deleted by automated processes or administrators. Legal hold backups are indefinitely retained until the hold is disabled. A legal hold is meant to be transitive and not permanent for a database.
PL/SQL Snippets on Setting Immutability Settings in Protection Policies
The protection policy has two new immutability settings and UPDATE_DB
has one.
If you are creating a new protection policy for compliance, refer to Creating a Protection Policy. You can set multiple compliance attributes at the same time, such as in the following snippet.
dbms_ra.CREATE_PROTECTION_POLICY (
PROTECTION_POLICY_NAME => ‘Policy 1’,
STORAGE_LOCATION_NAME => ‘DELTA’,
RECOVERY_WINDOW_GOAL = INTERVAL '14' DAY,
RECOVERY_WINDOW_COMPLIANCE => INTERVAL '7' DAY,
KEEP_COMPLIANCE => ‘YES’,
ALLOW_BACKUP_DELETION => ‘NO’);
If you are modifying existing protection policies for compliance rules, here are PL/SQL snippets on updating a policy.
-
Set
COMPLIANCE_HOLD
settings for one or more databases.BEGIN DBMS_RA.UPDATE_DB( DB_UNIQUE_NAME => '&dbname', COMPLIANCE_HOLD => SYSTIMESTAMP - NUMTODSINTERVAL(7, 'DAY'); END;
COMPLIANCE_HOLD
is the time from which backups may not be deleted from the Recovery Appliance. The database must be recoverable starting at the time specified by thisCOMPLIANCE_HOLD
. Specify the time as any validTIMESTAMP WITH TIME ZONE
expression.If an immutable cloud location is configured (via OCI Console) with an indefinite retention policy on the bucket, the
COMPLIANCE_HOLD
attribute on the database also prevents deletion of backups from the hold period that were archived to the cloud location, until theCOMPLIANCE_HOLD
is removed. -
Set
ALLOW_BACKUP_DELETION
attribute toNO
for one or more protection policies.BEGIN DBMS_RA.UPDATE_PROTECTION_POLICY( PROTECTION_POLICY_NAME => '&pname', ALLOW_BACKUP_DELETION => 'NO'); END;
ALLOW_BACKUP_DELETION
set toNO
means that the Recovery Appliance does not allow deletion of these backups, which is the requirement of a legal hold. .ALLOW_BACKUP_DELETION
set toYES
means that the Recovery Appliance allows deletion of these backups when they expire beyond their recovery window goals.Note:
ALLOW_BACKUP_DELETION
has to be set toNO
(disabled) beforeKEEP_COMPLIANCE
is enabled. -
Enable
KEEP_COMPLIANCE
immutable settings for one or more protection policies.Here is a pseudo snippet for PL/SQL that shows the
KEEP_COMPLIANCE
attribute being set in a given protection policy.BEGIN DBMS_RA.UPDATE_PROTECTION_POLICY( PROTECTION_POLICY_NAME => '&pname', KEEP_COMPLIANCE => 'YES'); END;
YES
: The Recovery Appliance prevents the deletion ofKEEP
backups.NO
: The administrator of the Recovery Appliance is permitted to removeKEEP
backups.The
KEEP_COMPLIANCE
attribute helps enable the archival backup by preventing its storage from getting overwritten when the backup would normally have expired according to its recovery window goals. However, once thekeep_time
is reached, the backup can be deleted.