| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Linux x86 Part Number B25165-08 |
|
|
PDF · Mobi · ePub |
| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Linux x86 Part Number B25165-08 |
|
|
PDF · Mobi · ePub |
If you have Oracle Database Vault 10g Release 2 (10.2.0.2), Oracle Database Vault 10g Release 2 (10.2.0.3), or Oracle Database Vault 10g Release 2 (10.2.0.4) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.
Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.5):
Re-create the password file with the nosysdba=n and force=y flags, to allow the SYS user to connect AS SYSDBA. Use the following syntax:
orapwd file=$ORACLE_HOME/dbs/orapwSID password=password force=y nosysdba=n
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name
Here db_name is the name of the database.
Relink the Oracle executable to turn off the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_off cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
Unlock the DVSYS account as the SYS user:
sqlplus SYS "AS SYSDBA" Enter password: SQL>ALTER USER DVSYS ACCOUNT UNLOCK;
Disable the Oracle Database Vault triggers. Log into SQL*Plus as SYS using the SYSDBA privilege, and then run the following ALTER TRIGGER statements:
sqlplus "SYS / AS SYSDBA"
Enter password: password
Connected.
SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name
Here db_name is the name of the database.
Install the Oracle Database Release 10.2.0.5 Patch Set and run DBUA to upgrade the database.
See Also:
"Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch setShut down the database if it is running.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl stop database -d db_name
Here db_name is the name of the database.
Relink the Oracle executable to turn on the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_on cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ORACLE_HOME/bin/srvctl start database -d db_name
Create the DV_PATCH_ADMIN and DV_MONITOR roles. This is a one-time task. Use the following statements:
SQL> CONNECT DVSYS
Enter password:
SQL> CREATE ROLE DV_PATCH_ADMIN;
SQL> GRANT DV_PATCH_ADMIN TO DV_OWNER WITH ADMIN OPTION;
SQL> GRANT DV_PATCH_ADMIN TO SYS;
SQL> CREATE ROLE DV_MONITOR;
Connect AS SYSDBA, and run the following SQL statements:
SQL> CONNECT SYS "as SYSDBA"
Enter password:
SQL> @?/rdbms/admin/prvtstas.plb
SQL> @?/rdbms/admin/prvtstat.plb
SQL> @?/rdbms/admin/catols.sql -- Ignore any errors generated by this script
SQL> STARTUP
SQL> CONNECT SYS/ as SYSDBA
Enter password:
SQL> DECLARE
CURSOR stmt IS
select u.name, o.name, r.pname
from user$ u, obj$ o, rls$ r
where u.user# = o.owner#
and r.obj# = o.obj#
and bitand(r.stmt_type,65536) > 0;
object_schema VARCHAR2(32) := NULL;
object_name VARCHAR2(32) := NULL;
policy_name VARCHAR2(32) := NULL;
BEGIN
OPEN stmt;
LOOP
FETCH stmt INTO object_schema, object_name, policy_name;
EXIT WHEN stmt%NOTFOUND;
dbms_rls.drop_policy('"'||object_schema||'"',
'"'||object_name||'"',
'"'||policy_name||'"');
END LOOP;
Close stmt;
END;
/
SQL> spool catmac.log -- please check catmac.log for errors
SQL> @?/rdbms/admin/catmac.sql DVSYS_user_tablespace TEMP_TABLESPACE
SYS_PASSWORD DVSYS_PASSWORD
SQL> INSERT INTO DVSYS.RULE_SET_T$ VALUES (8,
'Allow Datapump Operation',
'Rule set that controls the objects that can be exported or imported by the datapump user.',
' ', 'us');
SQL> COMMIT;
SQL> EXEC DVSYS.DBMS_MACADM.SYNC_RULES;
Run the following script as SYSDBA:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> @?/rdbms/admin/utlrp.sql
Enable the Oracle Database Vault triggers:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG ENABLE; SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG ENABLE;
Lock the DVSYS account. Use the following SQL statements:
SQL> CONNECT SYS "AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Revoke the DV_PATCH_ADMIN role from SYS as the DV_OWNER user:
SQL> CONNECT DV_OWNER
Enter password:
SQL> REVOKE DV_PATCH_ADMIN FROM SYS;
SQL> QUIT
|
 Copyright © 2006, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|