Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Microsoft Windows Itanium (64-Bit) Part Number B32486-04 |
|
|
PDF · Mobi · ePub |
If you have Oracle Database Vault 10g Release 2 (10.2.0.2), 10g Release 2 (10.2.0.3), or 10g Release 2 (10.2.0.5) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.
Note:
If you are upgrading Oracle Clusterware only, then you should ensure that you disable Oracle Database Vault before upgrading Oracle Clusterware. You should reenable Oracle Database Vault after the upgrade.Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.5):
Re-create the password file with the nosysdba=n
and force=y
flags, to allow the SYS
user to connect AS SYSDBA
. Use the following syntax:
C:\> ORACLE_HOME\bin\orapwd file=ORACLE_HOME\dbs\orapwSID password=password force=y nosysdba=n
Here SID
is the Oracle system identifier (SID) of the database and password
is the password for the SYS
account.
Stop the database service from the Services window.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command to stop the database from any one node before stopping the database service:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name
Note:
You must use the Server Control (srvctl
) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You must enable SYSDBA
connections before you can use the srvctl
command.To stop the database service:
In the Control Panel, under Administrative Services, select the Services utility. Select the Standard tab, right-click the following services, and from the menu, select Stop:
OracleServiceSID
OracleHOMETNSListener
Note:
For an Oracle RAC database, you must stop the OracleServiceSID and OracleHOMETNSListener services on each Oracle RAC instance.Disable Oracle Database Vault. Under ORACLE_HOME
\bin
, rename the oradv10.dll
file to another name.
For example, you could rename oradv10.dll
to oradv10_backup.dll
.
Note:
Ensure that Oracle services are not running before you try to rename the file.
Remember the name that you use, as you would be required to restore the file in a subsequent step.
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat this step on all nodes.
Start the database service from the Services window.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command to start the database:
C:\> ORACLE_HOME\bin\srvctl start database -d db_name
Note:
You must use the Server Control (srvctl
) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You must enable SYSDBA
connections before you can use the srvctl
command.To start the database service:
In the Control Panel, under Administrative Services, select the Services utility. Select the Standard tab, right-click the following services, and from the menu, select Start:
OracleServiceSID
OracleHOMETNSListener
Note:
For an Oracle RAC database, you must start the OracleServiceSID and OracleHOMETNSListener service on each Oracle RAC instance.Unlock the DVSYS
account as the SYS
user:
C:\> sqlplus "SYS / AS SYSDBA" Enter password: SQL>ALTER USER DVSYS ACCOUNT UNLOCK;
Disable the Oracle Database Vault triggers. Log into SQL*Plus as SYS
using the SYSDBA
privilege, and then run the following ALTER TRIGGER
statements:
C:\> sqlplus "SYS / AS SYSDBA"
Enter password: password
Connected.
SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
Stop the database service from the Services window.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command to stop the database from any one node before stopping the database service:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name
Note:
You must use the Server Control (srvctl
) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You must enable SYSDBA
connections before you can use the srvctl
command.To stop the database service:
In the Control Panel, under Administrative Services, select the Services utility. Select the Standard tab, right-click the following services, and from the menu, select Stop:
OracleServiceSID
OracleHOMETNSListener
Note:
For an Oracle RAC database, you must stop the OracleServiceSID and OracleHOMETNSListener services on each Oracle RAC instance.Install the Oracle Database Release 10.2.0.5 Patch Set and run DBUA to upgrade the database.
See Also:
"Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch setStop the database service if it is running.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command to stop the database from any one node before stopping the database service:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name
Note:
You must use the Server Control (srvctl
) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You must enable SYSDBA
connections before you can use the srvctl
command.To stop the database service:
In the Control Panel, under Administrative Services, select the Services utility. Select the Standard tab, right-click the following services, and from the menu, select Stop:
OracleServiceSID
OracleHOMETNSListener
Note:
For an Oracle RAC database, you must stop the OracleServiceSID and OracleHOMETNSListener services on each Oracle RAC instance.Enable Oracle Database Vault. Under ORACLE_HOME\bin
, rename the backup of the oradv10.dll
file to its original name. You had renamed this file in Step 3.
For example, if you renamed it oradv10_backup.dll
, then rename it back to oradv10.dll
.
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat this step on all nodes.Start the database service from the Services window.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command to start the database:
C:\> ORACLE_HOME\bin\srvctl start database -d db_name
Note:
You must use the Server Control (srvctl
) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You must enable SYSDBA
connections before you can use the srvctl
command.To start the database service:
In the Control Panel, under Administrative Services, select the Services utility. Select the Standard tab, right-click the following services, and from the menu, select Start:
OracleServiceSID
OracleHOMETNSListener
Note:
For an Oracle RAC database, you must start only the OracleHOMETNSListener service, as you have usedsrvctl
to start the database.
You must start the OracleHOMETNSListener on each Oracle RAC instance.
Create the DV_PATCH_ADMIN
and DV_MONITOR
roles. This is a one-time task. Use the following statements:
SQL> CONNECT DVSYS
Enter password:
SQL> CREATE ROLE DV_PATCH_ADMIN;
SQL> GRANT DV_PATCH_ADMIN TO DV_OWNER WITH ADMIN OPTION;
SQL> GRANT DV_PATCH_ADMIN TO SYS;
SQL> CREATE ROLE DV_MONITOR;
Connect AS SYSDBA
and run the following SQL statements:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> @?\rdbms\admin\prvtstas.plb SQL> @?\rdbms\admin\prvtstat.plb SQL> @?\rdbms\admin\catols.sql -- Ignore any errors generated by this script SQL> STARTUP SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> DECLARE CURSOR stmt IS select u.name, o.name, r.pname from user$ u, obj$ o, rls$ r where u.user# = o.owner# and r.obj# = o.obj# and bitand(r.stmt_type,65536) > 0; object_schema VARCHAR2(32) := NULL; object_name VARCHAR2(32) := NULL; policy_name VARCHAR2(32) := NULL; BEGIN OPEN stmt; LOOP FETCH stmt INTO object_schema, object_name, policy_name; EXIT WHEN stmt%NOTFOUND; dbms_rls.drop_policy('"'||object_schema||'"', '"'||object_name||'"', '"'||policy_name||'"'); END LOOP; Close stmt; END; / SQL> spool catmac.log -- please check catmac.log for errors SQL> @?\rdbms\admin\catmac.sql DVSYS_user_tablespace TEMP_TABLESPACE SYS_PASSWORD DVSYS_PASSWORD SQL> INSERT INTO DVSYS.RULE_SET_T$ VALUES (8, 'Allow Datapump Operation', 'Rule set that controls the objects that can be exported or imported by the datapump user.', ' ', 'us'); SQL> COMMIT; SQL> EXEC DVSYS.DBMS_MACADM.SYNC_RULES;
Run the following script as SYSDBA
:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> @?\rdbms\admin\utlrp.sql
Enable the Oracle Database Vault triggers:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG ENABLE; SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG ENABLE;
Lock the DVSYS
account. Use the following SQL statements:
SQL> CONNECT "SYS / AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Revoke the DV_PATCH_ADMIN
role from SYS
as the DV_OWNER
user:
SQL> CONNECT DV_OWNER
Enter password:
SQL> REVOKE DV_PATCH_ADMIN FROM SYS;
SQL> QUIT