1. Owner's Guide
  2. Security and Maintenance of Recovery Appliance
  3. User Security on Recovery Appliance
  4. Quorum

Quorum

This chapter describes how quorum works when compliance is in operation on the Oracle Zero Data Loss Recovery Appliance.

When compliance is in effect, certain RACLI commands are not just restricted to privileged users but also can be subject to a quorum operation that requires two approvals and no denials from the set of other privileged users. The two tests for validating quorum are:

  • Test 1: TRUE if there are backups under compliance, legal hold, or other keep control.

  • Test 2: TRUE if the compliance mode has been enabled.

If Test 1 or Test 2 are TRUE, quorum is required. If both tests are FALSE, quorum isn't required.

The quorum scenario given below assumes:

  • bob, sue, and jim are db_users of the system.

  • bob and sue are given db_user --user_type=admin for administration rights.

  • bob, sue and jim are given admin_user with administration rights.

The scenario below illustrates quorum operations.

  1. Administrator bob is working. He uses his db_user --user_type=admin with his ssh_user account. He's been adding protected database and trouble shooting incidents.

  2. An issue arises with the Recovery Appliance.

  3. The action plan from Oracle Support/Development includes tasks that require rasys to run.

  4. User bob issues the RACLI command to enable the rasys login for 6 hours. 

    racli enable rasys_user --expire=6

    This returns a request identifier that is associated with the user and an increment, such as bob.1.

  5. User bob can monitor that status of his request. 

    racli status request --request_id=bob.1

  6. At least two users who are admin_user must approve the request. Users sue and jim use the request identifier and approve the request. 

    (sue) racli approve request --request_id=bob.1
(jim) racli approve request --request_id=bob.1
(bob) racli status request --request_id=bob.1

    If one admin_user denies the request, then the operation (with that request identifier) will not be processed.

  7. When the request is approved, user bob can proceed with his task of enabling rasys, but this time with the request identifier. 

    racli enable rasys_user --request_id=bob.1

    This particular operation may prompt bob for the password to be used for rasys while rasys is enabled.

  8. User bob performs the action plan from Oracle Support/Development, logging in as rasys with the password specified by bob in the command.

  9. User bob disables rasys. 

    racli disable rasys_user

    This returns a request identifier that is associated with the user and an increment, such as bob.2.

  10. User bob can monitor that status of his request. 

    racli status request --request_id=bob.2

  11. At least users who are admin_user must approve the request. Users sue and jim use the request identifier and approve the request. 

    (sue) racli approve request --request_id=bob.2
(jim) racli approve request --request_id=bob.2
(bob) racli status request --request_id=bob.2

    If one admin_user denies the request, then the operation (with that request identifier) will not be processed.

  12. When the request is approved, user bob can proceed with his task of disabling rasys, but this time with the request identifier. 

    racli disable rasys_user --request_id=bob.2