Skip Headers
Oracle® Database Vault Installation Guide
10g Release 2 (10.2) for IBM: Linux on System z

Part Number E10074-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

D Upgrading from a Previous Version of Database Vault

If you have Oracle Database Vault 10g Release 2 (10.2.0.2), Oracle Database Vault 10g Release 2 (10.2.0.3), or Oracle Database Vault 10g Release 2 (10.2.0.4) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.

D.1 Upgrading from a 10.2.0.x Version

Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.4):

  1. Re-create the password file with the nosysdba=n and force=y flags, to allow the SYS user to connect AS SYSDBA. Use the following syntax:

    $ orapwd file=$ORACLE_HOME/dbs/orapwSID password=syspasswd force=y nosysdba=n
    

    Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.

  2. Shut down the database.

    To stop a single-instance database, use the following commands:

    $ sqlplus SYS "AS SYSDBA"
    Enter password:
    SQL> shutdown immediate
    

    For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:

    $ ORACLE_HOME/bin/srvctl stop database -d db_name
    

    Here db_name is the name of the database.

    Note:

    You must use the Server Control (srvctl) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You need to enable SYSDBA connections before you can use the srvctl command.
  3. Relink the Oracle executable to turn off the Oracle Database Vault option. Use the following commands:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_off
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    Note:

    For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.
  4. Start the database.

    For a single instance database, use the following commands:

    $ sqlplus SYS "AS SYSDBA"
    Enter password:
    SQL> startup
    

    For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:

    $ ORACLE_HOME/bin/srvctl start instance -d db_name
    
  5. Unlock the DVSYS account as the SYS user:

    $ sqlplus SYS "AS SYSDBA"
    Enter password:
    SQL> ALTER USER DVSYS ACCOUNT UNLOCK;
    
  6. Disable the Oracle Database Vault triggers. Log into SQL*Plus as SYS using the SYSDBA privilege, and then run the following ALTER TRIGGER statements:

    $ sqlplus SYS "AS SYSDBA"
    Enter password: password
    Connected.
    SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE;
    SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE;
    
  7. Shut down the database.

    To stop a single-instance database, use the following commands:

    $ sqlplus SYS "AS SYSDBA"
    Enter password:
    SQL> shutdown immediate
    

    For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:

    $ ORACLE_HOME/bin/srvctl stop database -d db_name
    

    Here db_name is the name of the database.

    Note:

    You must use the Server Control (srvctl) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You need to enable SYSDBA connections before you can use the srvctl command.
  8. Install the Oracle Database Release 10.2.0.5 Patch Set and run DBUA to upgrade the database.

    See Also:

    "Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch set
  9. Shut down the database if it is running.

    For a single instance database, use the following commands:

    $ sqlplus SYS "AS SYSDBA"
    Enter password: SYS_password
    SQL> SHUTDOWN
    

    For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:

    $ ORACLE_HOME/bin/srvctl stop database -d db_name
    

    Here db_name is the name of the database.

    Note:

    You must use the Server Control (srvctl) utility to start and stop Oracle RAC instances. Do not use SQL*Plus to start and stop Oracle RAC instances. You need to enable SYSDBA connections before you can use the srvctl command.
  10. Relink the Oracle executable to turn on the Oracle Database Vault option. Use the following commands:

    $ cd $ORACLE_HOME/rdbms/lib
    $ make -f ins_rdbms.mk dv_on
    $ cd $ORACLE_HOME/bin
    $ relink oracle
    

    Note:

    For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.
  11. Start the database.

    For a single instance database, use the following commands:

    $ sqlplus SYS "AS SYSDBA"
    Enter password:
    SQL> startup
    

    For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:

    $ ORACLE_HOME/bin/srvctl start instance -d db_name
    
  12. Create the DV_PATCH_ADMIN and DV_MONITOR roles. This is a one-time task. Use the following statements:

    SQL> CONNECT DVSYS
    Enter password:
    SQL> CREATE ROLE DV_PATCH_ADMIN;
    SQL> GRANT DV_PATCH_ADMIN TO DV_OWNER WITH ADMIN OPTION;
    SQL> GRANT DV_PATCH_ADMIN TO SYS;
    SQL> CREATE ROLE DV_MONITOR;
    
  13. Connect AS SYSDBA and run the following SQL statements:

    SQL> CONNECT SYS "AS SYSDBA"
    Enter password: 
    SQL> @?/rdbms/admin/prvtstas.plb
    SQL> @?/rdbms/admin/prvtstat.plb
    SQL> @?/rdbms/admin/catols.sql -- Ignore any errors generated by this script
    SQL> STARTUP
    SQL> CONNECT SYS "AS SYSDBA"
    Enter password:
    SQL> DECLARE
              CURSOR stmt IS
                       select u.name, o.name, r.pname
                           from user$ u, obj$ o, rls$ r
                       where u.user# = o.owner#
                           and r.obj# = o.obj#
                           and bitand(r.stmt_type,65536) > 0;
     
                       object_schema VARCHAR2(32) := NULL;
                       object_name VARCHAR2(32) := NULL;
                       policy_name VARCHAR2(32) := NULL;
     
                       BEGIN
                        OPEN stmt;
                          LOOP
                               FETCH stmt INTO object_schema, object_name, policy_name;
                               EXIT WHEN stmt%NOTFOUND;
                               dbms_rls.drop_policy('"'||object_schema||'"',
                               '"'||object_name||'"',
                               '"'||policy_name||'"');
                          END LOOP;
                        Close stmt;
                       END;
                      /
    SQL> spool catmac.log -- please check catmac.log for errors
    SQL> @?/rdbms/admin/catmac.sql DVSYS_user_tablespace TEMP_TABLESPACE
    SYS_PASSWORD DVSYS_PASSWORD    
    SQL> INSERT INTO DVSYS.RULE_SET_T$ VALUES (8, 
    'Allow Datapump Operation',
    'Rule set that controls the objects that can be exported or imported by the datapump user.',
    ' ', 'us');
    SQL> COMMIT;
    SQL> EXEC DVSYS.DBMS_MACADM.SYNC_RULES;
    
  14. Run the following script as SYSDBA:

    SQL> CONNECT SYS "AS SYSDBA"
    Enter password:
    SQL> @?/rdbms/admin/utlrp.sql
    
  15. Enable the Oracle Database Vault triggers:

    SQL> CONNECT SYS "AS SYSDBA"
    Enter password:
    SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG ENABLE;
    SQL> ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG ENABLE;
    
  16. Lock the DVSYS account. Use the following SQL statements:

    SQL> CONNECT SYS "AS SYSDBA"
    Enter password:
    SQL> ALTER USER DVSYS ACCOUNT LOCK;
    
  17. Connect as a user who has the DV_OWNER role. Revoke the DV_PATCH_ADMIN role from SYS :

    SQL> CONNECT DV_OWNER    
    Enter password: 
    SQL> REVOKE DV_PATCH_ADMIN FROM SYS;
    SQL> QUIT