Skip Headers
Oracle® Database Vault Release Notes
10g Release 2 (10.2.0.5) for Linux x86-64

Part Number B32497-07
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

  PDF · Mobi · ePub

Oracle® Database Vault

Release Notes

10g Release 2 (10.2.0.5) for Linux x86-64

B32497-07

December 2010

These Release Notes describe issues you may encounter with Oracle Database Vault 10g Release 2 (10.2.0.5). The Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide.

This document may be updated after it is released. To check for updates to this document and to view other Oracle documentation, see the Documentation section on the Oracle Technology Network (OTN) Web site:

http://www.oracle.com/technology/documentation/

This document contains the following sections:

1 Installation Issues and Recommendations

This section describes the known issues pertaining to installation. It also provides the workarounds that you can use.

1.1 Database Vault Administrator Web Application Fails to Start

Bug 9587181

The Database Vault Administrator (DVA) link does not work after an upgrade from Oracle Database Vault 10.2.0.4 to 10.2.0.5.

You can use the following workaround steps:

  1. Set the ORACLE_HOME, ORACLE_SID, and PATH environment variables.

  2. Stop the Enterprise Manager Database Control process. Use the following command:

    $ORACLE_HOME/bin/emctl stop dbconsole
    
  3. Edit the file, $ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_hostname_SID/config/server.xml. Enter the following line just before the last line that reads, </application-server>:

    <application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
    

    For example:

    <application name="dva" path="/home/oracle/product/10.2.0/db1/dv/jlib/dva_webapp.ear" auto-start="true" />
    
  4. Edit the file, $ORACLE_HOME/oc4j/j2ee/OC4J_DBConsole_hostname_SID/config/http-web-site.xml. Enter the following line just above the last line that reads, </web-site>:

    <web-app application="dva" name="dva_webapp" root="/dva" />
    
  5. Start the Enterprise Manager Database Control process. Use the following command:

    $ORACLE_HOME/bin/emctl start dbconsole
    

1.2 Array Index Out of Bounds Error Message in DVCA Install Log

Bug 6912225

When you install Database Vault for a database you may notice an array index out of bounds error message in the DVCA install log. The DVCA install log may contain the following error messages:

java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.Vector.elementAt(Unknown Source)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel$DetailsTextArea.scrollToTo
l(OiifpConfigTablePanel.java:1869)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel.showDetails(OiifpConfigTal
ePanel.java:1487)
at
oracle.sysman.oii.oiif.oiifp.OiifpConfigTablePanel.rowSelected(OiifpConfigTal
ePanel.java:1554)
        at oracle.ewt.grid.Grid.processRowSelectEvent(Unknown Source)
        at oracle.ewt.grid.Grid.processEventImpl(Unknown Source)
        at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
        at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
        at oracle.ewt.grid.Grid.fireRowEvent(Unknown Source)
        at oracle.ewt.grid.SingleRowSelection.setRowSelected(Unknown Source)
        at oracle.ewt.grid.SingleRowSelection.setCellSelected(Unknown Source)
        at oracle.ewt.grid.Grid.processNewFocusCell(Unknown Source)
        at oracle.ewt.grid.Grid._sendKeyToNavigator(Unknown Source)
        at oracle.ewt.grid.Grid._handleKeyPressed(Unknown Source)
        at oracle.ewt.grid.Grid.processKeyEvent(Unknown Source)
        at java.awt.Component.processEvent(Unknown Source)
        at java.awt.Container.processEvent(Unknown Source)
        at oracle.ewt.lwAWT.LWComponent.processEventImpl(Unknown Source)
        at oracle.ewt.grid.Grid.processEventImpl(Unknown Source)
        at oracle.ewt.lwAWT.LWComponent.redispatchEvent(Unknown Source)
        at oracle.ewt.lwAWT.LWComponent.processEvent(Unknown Source)
        at java.awt.Component.dispatchEventImpl(Unknown Source)
        at java.awt.Container.dispatchEventImpl(Unknown Source)
        at java.awt.Component.dispatchEvent(Unknown Source)
        at java.awt.KeyboardFocusManager.redispatchEvent(Unknown Source)
        at java.awt.DefaultKeyboardFocusManager.dispatchKeyEvent(Unknown
Source)
        at java.awt.DefaultKeyboardFocusManager.preDispatchKeyEvent(Unknown
Source)
        at java.awt.DefaultKeyboardFocusManager.typeAheadAssertions(Unknown
Source)
        at java.awt.DefaultKeyboardFocusManager.dispatchEvent(Unknown Source)
        at java.awt.Component.dispatchEventImpl(Unknown Source)
        at java.awt.Container.dispatchEventImpl(Unknown Source)
        at java.awt.Window.dispatchEventImpl(Unknown Source)
        at java.awt.Component.dispatchEvent(Unknown Source)
        at java.awt.EventQueue.dispatchEvent(Unknown Source)
        at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown
Source)
        at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown
Source)
        at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
        at java.awt.EventDispatchThread.run(Unknown Source) 

You can safely ignore this error as it does not affect either the database or Database Vault functionality.

1.3 Cannot Install Oracle Database Vault in a Data Guard Environment

Bug 5577503

The Database Vault installer fails to install Database Vault in an existing physical standby database.

You can create a new physical standby database by using the following steps:

  1. Install Database Vault on the primary database.

  2. Create a physical standby database using a hot backup of the primary database. This backup should include the Oracle home.

  3. Set up communications between the primary and the physical standby database. Redo logs communicate changes from the primary database to the standby database.

See Also:

1.4 Enterprise Manager Does Not Start Automatically

Bug 5613521

After installing Database Vault on a database, and running the postinstallation steps on the nodes, you get an error when trying to access Enterprise Manager.

Also, when you try to check the status of dbconsole using the emctl status dbconsole command, you get a message saying that the EM daemon is not running even though the process is running.

The workaround is to manually restart the dbconsole process using the following commands:

$ORACLE_HOME/bin/emctl stop dbconsole
$ORACLE_HOME/bin/emctl start dbconsole

1.5 Unable to Log In to Enterprise Manager As the SYS User After Database Vault Installation

Bug 6630108

The SYS user is unable to log in to Enterprise Manager after installing Database Vault on an Oracle database. The following error is encountered:

ORA-01031: insufficient privileges

You need to regenerate the password file, using the orapwd utility, to reenable the SYS user to connect as SYSDBA. Use the following syntax to enable SYSDBA logins:

orapwd file=password_filename password=password [entries=users] force=y nosysdba=n

See Also:

Oracle Database Vault Installation Guide for more information on using the orapwd utility

1.6 Database Instance and Listener Do Not Start Automatically on the Remote Node After Database Vault Installation

Bug 6630191

After you install Database Vault, the database instances and listeners on the remote nodes do not start automatically. You must start these manually.

This is expected behavior. The DVCA utility configures the local node, and starts the database instance and listener processes on the local node. You need to start these processes manually on each of the remote nodes.

1.7 Cloned Database Vault Home Contains Invalid Objects

Bug 6658315

The following steps are used to create a cloned Database Vault instance:

  1. Install Oracle Database Vault 10g Release 2 (10.2.0.5) in the first Oracle home.

  2. Clone the first instance to create a second Oracle home.

  3. Run Net Configuration Assistant (NetCA) and Database Configuration Assistant (DBCA) to configure a listener and database for the cloned instance.

  4. Run DBCA again to configure Oracle Label Security (OLS) for the cloned instance.

  5. Run Database Vault Configuration Assistant (DVCA) as follows:

    $ORACLE_HOME/bin/dvca -action option -oh oracle_home
    -jdbc_str jdbc_connection_string -sys_passwd SYS_password -owner_account
    DV_owner_account_name -owner_passwd DV_owner_account_password 
    -acctmgr_account DV_account_manager_account_name -acctmgr_passwd
    DV_account_manager_password -logfile ./dvca.log -nodecrypt
    

The following SQL statement shows that the cloned Database Vault instance contains invalid objects:

SQL> select count(*) from all_objects where status = 'INVALID';
 
  COUNT(*)
----------
        45 

The workaround is to run the utlrp.sql script. This script recompiles all PL/SQL modules that might be in an invalid state, including packages, procedures, and types. Use the following commands to run the utlrp.sql script:

cd $ORACLE_HOME/rdbms/admin
sqlplus SYS "AS SYSDBA"
Enter password:
SQL> @utlrp.sql

1.8 Error Occurs When Oracle Database Vault Security Is Configured on a Remote Node

Bug 6140164

After you add a second node to a single-node Oracle Real Application Clusters (Oracle RAC) installation, the following error occurs when you try to configure Database Vault security for the second node:

ORA-32001: write SPFILE requested but no SPFILE specified at startup

The following steps reproduce the bug:

  1. Install Oracle Clusterware on a 2-node cluster.

  2. Install Oracle Database Vault on the first node.

  3. Run the addnode.sh script on the first node to add the second node.

  4. Configure the database listener and database instance for the second node.

  5. Run the following ALTER SYSTEM statements on the second node:.

    ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE;
    ALTER SYSTEM SET OS_ROLES=FALSE SCOPE=SPFILE;
    ALTER SYSTEM SET RECYCLEBIN='OFF' SCOPE=SPFILE;
    ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE='EXCLUSIVE' SCOPE=SPFILE;
    ALTER SYSTEM SET SQL92_SECURITY=TRUE SCOPE=SPFILE;
    ALTER SYSTEM SET OS_AUTHENT_PREFIX='' SCOPE=SPFILE;
    

The workaround is to run the following steps before running the addnode.sh script in Step 3:

Note:

These steps must be run from the first node.
  1. Shut down the database.

    $ORACLE_HOME/bin/srvctl stop database -d db_name
    
  2. Start the database with the nomount option.

    $ORACLE_HOME/bin/srvctl start database -d db_name -o nomount
    
  3. Connect to the database AS SYSDBA.

    sqlplus SYS "AS SYSDBA"
    Enter password:
    
  4. Create a server parameter file (SPFILE) using the traditional initialization parameter file (PFILE). The initialization parameter file is usually located at $ORACLE_HOME/admin/db_name/pfile for Optimal Flexible Architecture compliant databases.

    For example:

    SQL> CREATE SPFILE='SHARED_LOCATION/spfileORACLE_SID.ora'
         FROM 'PFILE=ORACLE_HOME/admin/db_name/pfile/initORACLE_SID.ora'
    

    This statement reads the text initialization parameter file to create a server parameter file. You must have the or SYSOPER system privilege to run the CREATE SPFILE statement.

  5. Shut down the database.

    $ORACLE_HOME/bin/srvctl stop database -d db_name
    
  6. Clear the current contents of the initialization parameter file. Add the server parameter file location in the initialization parameter file:

    SPFILE = 'SHARED_LOCATION/spfileORACLE_SID.ora'
    
  7. Restart the database.

    For example:

    $ORACLE_HOME/bin/srvctl start database -d db_name
    

1.9 Swap Space Requirement Prerequisite Test Fails

Bug 7506215

The Database Vault installer swap space requirement test may fail in some cases even when enough swap space is available.

The swap space required for installation should not exceed 16 GB. In case the required swap space is shown as more than 16 GB, this warning can be safely ignored.

1.10 Errors Generated by catmac.sql When Upgrading Database Vault

Bug 9888841

The Oracle Database Vault Installation Guide includes instructions to upgrade a previous version of Oracle Database Vault to Oracle Database Vault 10.2.0.5. One of the upgrade steps requires the user to run the catmac.sql script. The Oracle Database Vault Installation Guide advises the user to spool the output of this script into a file in order to look for errors.

The spooled output file may include the following errors:

ORA-01920: user name 'DVSYS' conflicts with another user or role name
ORA-01920: user name 'DVF' conflicts with another user or role name
SP2-0310: unable to open file catmaca.sql
ORA-01952: system privileges not granted to 'DBA'
ORA-00955: name is already used by an existing object
ORA-02260: table can have only one primary key

You can safely ignore these error messages.

1.11 DVCA Error During Database Vault Installation

Bug 10033496

An ORA-01031: insufficient privileges error may be generated during the Lock DVSYS phase of the Database Vault installation process. This may be caused by a low shared pool size.

The workaround is to increase the shared pool size to a larger value. To set the shared pool size, use the following SQL statement:

ALTER SYSTEM SET SHARED_POOL_SIZE=VALUE;

2 Usage Issues and Recommendations

This section discusses usage issues that you may encounter with Database Vault. It also provides the workarounds for these issues.

2.1 Accounts with DV_OWNER, DV_ADMIN, or DV_SECANALYST Role Cannot Use the ALTER USER Command

Bug 5161953

Accounts with the DV_OWNER, DV_ADMIN, or DV_SECANALYST role cannot run the following command:

ALTER USER user QUOTA UNLIMITED ON tablespace

The workaround is to REVOKE the role from the account, run the ALTER USER command, and then GRANT back the role to the account. This works if the account is not the DV_OWNER account that was created during installation. If the account is the DV_OWNER account created during installation, then you would need to use the following steps:

  1. Disable the Database Vault command rule for the ALTER USER command.

  2. Run the ALTER USER command.

  3. Re-enable the Database Vault command rule for the ALTER USER command.

2.2 CREATE SESSION Privilege Is Controlled by the Data Dictionary Realm

Use the following steps to grant the CREATE SESSION privilege:

  1. Temporarily disable the data dictionary realm.

  2. Log in as the SYSTEM user.

  3. Grant the CREATE SESSION privilege.

  4. Enable the data dictionary realm.

3 Frequently Asked Questions on Installation

This section covers some of the frequently asked questions related to Database Vault installation. Oracle Database Vault installation is covered in detail in the Oracle Database Vault Installation Guide.

The installer does not detect my existing Oracle Database Enterprise Edition 10g Release 2 (10.2.0.5) instance. What should I do?

To allow the installer to find the database instance information, you should check the following:

I have installed Oracle Database Vault into an Oracle home that has multiple databases. How do I secure the other databases in the Oracle home?

You would need to run Database Vault Configuration Assistant (DVCA) manually on the other databases. Refer to the Oracle Database Vault Installation Guide for detailed instructions.

I have installed Oracle Database Vault on a Oracle Real Application Clusters (Oracle RAC) database instance. How do I secure the other nodes in the cluster?

You need to configure Database Vault security on the other Oracle RAC nodes. Refer to the Oracle Database Vault Installation Guide for detailed instructions.

4 Miscellaneous Notes

This section contains miscellaneous notes not covered in the Oracle Database Vault documentation.

4.1 Snapshots and Materialized Views

The keyword SNAPSHOT is supported in place of MATERIALIZED VIEW for backward compatibility.

4.2 JOB_QUEUE_PROCESSES Initialization Parameter

The JOB_QUEUE_PROCESSES initialization parameter specifies the maximum number of processes that can be created for the execution of jobs. It specifies the number of job queue processes per instance.

This parameter must have a non-zero value. The default value for JOB_QUEUE_PROCESSES is 10.

5 Documentation Accessibility

Our goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.

Accessibility of Code Examples in Documentation

Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in Documentation

This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/support/contact.html or visit http://www.oracle.com/accessibility/support.html if you are hearing impaired.


Oracle Database Vault Release Notes 10g Release 2 (10.2.0.5) for Linux x86-64

B32497-07

Copyright © 2006, 2010, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.