Thursday, 4 June 2020

How to Enable Database Vault in Oracle database Version 11gR1?


Steps to enable Database Vault in Oracle Database 11gR1:

1. In the command prompt, use DVCA utility to enable Oracle Database Vault.

e.g.

dvca -action enable 
  -oh /u01/app/oracle/product/11.1.0/db_1
  -service conn_alias 
  -instance orcl 
  -dbname orcl 
  -owner_account lbrown_dvowner 
  -logfile dvcalog.txt 

Enter SYS password: sys_password
Enter owner password: owner_password

Parameter Description:
======================

-service is the name of the database specifier. The specifier can be a connect descriptor or net service name. 

-instance is the name of the database instance.

-dbname is the database name.

-sys_passwd is the SYS password. If you use a cleartext password on the command line, you must include the nodecrypt option. If you omit the password, DVCA prompts you for it. Preferably, omit the password and then enter it interactively when prompted.

-owner_account is the Oracle Database Vault Owner account name.

-owner_passwd is the Oracle Database Vault Owner account password. If you use a cleartext password on the command line, you must include the nodecrypt option. If you omit the password, DVCA prompts you for it. Preferably, omit the password and then enter it interactively when prompted.

-logfile is an optional flag to specify a log file name and location. You can enter an absolute path, or enter a path that is relative to the location of the $ORACLE_HOME/bin directory.

-silent is the option to run in command line mode. This option is required if you are not running DVCA in an xterm window.

-nodecrypt is the option to read plaintext passwords.

-lockout is the flag to use to disable SYSDBA operating system authentication.

2. Stop the database, Database Control console process, and listener.

Enable the Oracle Database Vault option as follows:
 The make command enables both Oracle Database Vault (dv_on) and Oracle Label Security (lbac_on).
 You must enable Oracle Label Security before you can use Database Vault.

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_on lbac_on

cd $ORACLE_HOME/bin
relink all

3.Restart the database, Database Control console process, and listener.

4. Verify Oracle Database Vault and Oracle Label Security are enabled.

SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Label Security';

SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

No comments:

Post a comment

Was this Post Helpful?

Feel free to suggest your opinions in the comments section!