| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Linux x86-64 Part Number B32496-07 |
|
|
PDF · Mobi · ePub |
| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Linux x86-64 Part Number B32496-07 |
|
|
PDF · Mobi · ePub |
If you have Oracle Database Vault 10g Release 2 (10.2.0.2), Oracle Database Vault 10g Release 2 (10.2.0.3), or Oracle Database Vault 10g Release 2 (10.2.0.4) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.5) without uninstalling the existing instance.
Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.5):
Re-create the password file with the nosysdba=n and force=y flags, to allow the SYS user to connect AS SYSDBA. Use the following syntax:
$ orapwd file=$ORACLE_HOME/dbs/orapwSID password=syspasswd force=y nosysdba=n
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
Stop the database service.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ srvctl stop database -d db_name -c "SYS/SYS_password as SYSDBA"
Here db_name is the name of the database.
For a single instance database, use the following commands:
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
SQL> SHUTDOWN
Relink the Oracle executable to turn off the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_off cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database service.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ srvctl start instance -d db_name -c "SYS/SYS_password as SYSDBA"
Here db_name is the name of the database.
For a single instance database, use the following commands:
$ sqlplus/nolog
SQL> CONNECT SYS/as SYSDBA
Enter password: SYS_password
SQL> startup
Unlock the DVSYS account as the SYS user:
SQL> CONNECT SYS/as SYSDBA ALTER USER DVSYS ACCOUNT UNLOCK; SQL>
Disable the Oracle Database Vault triggers. Log into SQL*Plus as SYS using the SYSDBA privilege, and then run the following ALTER TRIGGER statements:
SQL> CONNECT SYS/ as SYSDBA ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG DISABLE; ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG DISABLE; SQL>
Install the Oracle Database Release 10.2.0.5 Patch Set and run DBUA to upgrade the database.
See Also:
"Apply Oracle Database Release 10.2.0.5 Patch Set" for more information about installing the patch setStop the database service if it is running.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ srvctl stop database -d db_name -c "SYS/SYS_password as SYSDBA"
Here db_name is the name of the database.
For a single instance database, use the following commands:
SQL> CONNECT SYS as SYSDBA
Enter password: SYS_password
SQL> SHUTDOWN
Relink the Oracle executable to turn on the Oracle Database Vault option. Use the following commands:
cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk dv_on cd $ORACLE_HOME/bin relink oracle
Note:
For an Oracle Real Application Clusters (Oracle RAC) database, you must repeat the preceding commands on all nodes.Start the database.
For an Oracle Real Application Clusters (Oracle RAC) database, use the following command:
$ srvctl start instance -d db_name -c "SYS/SYS_password as SYSDBA"
Here db_name is the name of the database.
For a single instance database, use the following commands:
$ sqlplus/nolog
SQL> CONNECT SYS/as SYSDBA
Enter password: SYS_password
SQL> startup
Create the DV_PATCH_ADMIN and DV_MONITOR roles. This is a one-time task. Use the following statements:
SQL> CONNECT DVSYS
Enter password:
SQL>
CREATE ROLE DV_PATCH_ADMIN;
GRANT DV_PATCH_ADMIN TO DV_OWNER WITH ADMIN OPTION;
GRANT DV_PATCH_ADMIN TO SYS;
CREATE ROLE DV_MONITOR;
SQL>
Connect AS SYSDBA and run the following SQL statements:
SQL> CONNECT SYS/ as SYSDBA
Enter password:
SQL>
@?/rdbms/admin/prvtstas.plb
@?/rdbms/admin/prvtstat.plb
@?/rdbms/admin/catols.sql -- Ignore any errors generated by this script
STARTUP
CONNECT SYS/ as SYSDBA
SQL>
Enter password:
SQL> DECLARE
CURSOR stmt IS
select u.name, o.name, r.pname
from user$ u, obj$ o, rls$ r
where u.user# = o.owner#
and r.obj# = o.obj#
and bitand(r.stmt_type,65536) > 0;
object_schema VARCHAR2(32) := NULL;
object_name VARCHAR2(32) := NULL;
policy_name VARCHAR2(32) := NULL;
BEGIN
OPEN stmt;
LOOP
FETCH stmt INTO object_schema, object_name, policy_name;
EXIT WHEN stmt%NOTFOUND;
dbms_rls.drop_policy('"'||object_schema||'"',
'"'||object_name||'"',
'"'||policy_name||'"');
END LOOP;
Close stmt;
END;
/
SQL> spool catmac.log -- please check catmac.log for errors
SQL> @?/rdbms/admin/catmac.sql DVSYS_user_tablespace TEMP_TABLESPACE
SYS_PASSWORD DVSYS_PASSWORD
SQL> INSERT INTO DVSYS.RULE_SET_T$ VALUES (8,
'Allow Datapump Operation',
'Rule set that controls the objects that can be exported or imported by the datapump user.',
' ', 'us');
SQL> COMMIT;
SQL> EXEC DVSYS.DBMS_MACADM.SYNC_RULES;
Run the following script as SYSDBA:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> @?/rdbms/admin/utlrp.sql
Enable the Oracle Database Vault triggers:
SQL> CONNECT SYS/ as SYSDBA Enter password: SQL> ALTER TRIGGER DVSYS.DV_BEFORE_DDL_TRG ENABLE; ALTER TRIGGER DVSYS.DV_AFTER_DDL_TRG ENABLE; SQL>
Lock the DVSYS account. Use the following SQL statements:
SQL> CONNECT SYS "AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Revoke the DV_PATCH_ADMIN role from SYS as the DV_OWNER user:
SQL> CONNECT DV_OWNER
Enter password:
SQL> REVOKE DV_PATCH_ADMIN FROM SYS;
SQL> QUIT
|
 Copyright © 2006, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|