Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for hp OpenVMS Part Number E13804-01 |
|
|
PDF · Mobi · ePub |
Oracle Database Vault enables you to secure business data in ways that were not possible before. Database Vault uses a multifactored and multilayered approach to implementing database security.
This chapter provides an overview of the Database Vault installation process. This chapter includes the following sections:
Oracle Database Vault can be installed as an option to the following:
Oracle Database 10g Release 2 (10.2.0.4) standalone installation
Oracle Database 10g Release 2 (10.2.0.4) with Oracle Real Application Clusters (RAC)
Database Vault uses two accounts that you can create during installation. These are the Database Vault Owner and the Database Vault Account Manager accounts. You must supply an account name and password for the Database Vault Owner during installation. Creating a Database Vault Account Manager is optional.
The Database Vault Owner account is granted the DV_OWNER
role. This account can manage Database Vault roles and configuration.
The Database Vault Owner user name can be a minimum of 2, and a maximum of 30 characters long. The account password can be a minimum of 8, and a maximum of 30 characters.
The password that you choose for the Database Vault Owner account must be a secure one. The following password restrictions are enforced:
The password must include at least one alphabet, one digit, and one non alphanumeric character (symbol).
The password cannot be the same as the account name.
The password cannot contain any consecutive repeating characters.
This symbol can be either the #
symbol or an underscore (_
).
The Database Vault Account Manager is granted the DV_ACCTMGR
role. This account is used to manage database user accounts. The Database Vault Account Manager is created to facilitate separation of duties. If you do not opt to create the Database Vault Account Manager account, then the DV_ACCTMGR
role is granted to the Database Vault Owner account by default.
The Database Vault Account Manager user name can be a minimum of 2, and a maximum of 30 characters long. The account password can be a minimum of 8, and a maximum of 30 characters.
The same password restrictions that apply to Database Vault Owner are applicable to Database Vault Account Manager as well.
Oracle Database Vault installs a baseline database auditing policy. This policy covers the access control configuration information stored in Database Vault database tables, information stored in Oracle Catalog (rollback segments, tablespaces, and so on), the use of system privileges, and Oracle Label Security configuration.
See Also:
Oracle Database Vault Administrator's Guide for more information on the database audit policyWhen you install Oracle Database Vault, the security specific database initialization parameters are initialized with default values. These security specific initialization parameters are listed in Appendix E
This section contains information that you should consider before deciding how to install this product. It contains the following sections:
The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system software versions might be certified after this guide is published, review the certification matrix on the OracleMetaLink Web site for the most up-to-date list of certified hardware platforms and operating system versions. The OracleMetaLink Web site is available at the following URL:
http://metalink.oracle.com
If you do not have a current Oracle Support Services contract, then you can access the same information at the following Web site:
http://www.oracle.com/technology/support/metalink/content.html
This product supports multiple Oracle homes. This means that you can install this release of the software more than once on the same system.
Note:
The Oracle Database Vault installation session must not have any logical names or symbols defined as a result of execution of theorauser.com
script. If any such logical names or symbols are defined, you must exit the current process and then log back inEnsure that the LOGIN.COM
file of the account that is used to install Oracle Database Vault does not define any of the Oracle logical names or symbols, and does not run any command file that may define them. Ensure that none of the general Oracle specific logical names (typically beginning with ORA_
) are defined in the system table, except for some of the logical names related to mailbox devices and shared libraries. Oracle Database Vault may not run correctly if these logical names are defined.