1. 伺服器上裝有兩個資料庫，分別是snow,lily，版本都是10.2.0.4.0, database vault都沒有開啟。

[oracle@snowlab ~]$ export ORACLE_SID=snow

[oracle@snowlab ~]$ sqlplus / as sysdba

SQL> set line 100

SQL> col value for a40

SQL> col comments for a40

SQL> select version,comments from registry$history;

VERSION COMMENTS

------------------------------ ----------------------------------------

10.2.0.4 PSU 10.2.0.4.4

view recompilation

10.2.0.4 PSU 10.2.0.4.8

view recompilation

SQL> col parameter for a30

SQL> select * from v$option where parameter='Oracle Database Vault';

PARAMETER VALUE

------------------------------ ----------------------------------------

Oracle Database Vault FALSE

[oracle@snowlab ~]$ export ORACLE_SID=lily

[oracle@snowlab ~]$ sqlplus / as sysdba

SQL> set line 100

SQL> col value for a40

SQL> col comments for a40

SQL> select version,comments from registry$history;

VERSION COMMENTS

------------------------------ ----------------------------------------

10.2.0.4 PSU 10.2.0.4.4

view recompilation

10.2.0.4 PSU 10.2.0.4.8

view recompilation

SQL> col parameter for a30

SQL> select * from v$option where parameter='Oracle Database Vault';

PARAMETER VALUE

------------------------------ ----------------------------------------

Oracle Database Vault FALSE

2. 確認目標資料庫remote_login_passwordfile引數為EXCLUSIVE或者SHARED

show parameter remote_login_passwordfile

NAME TYPE VALUE

------------------------------------ ----------- ------------------------------

remote_login_passwordfile string EXCLUSIVE

3. 備份資料庫軟體和資料庫

export ORACLE_SID=snow

rman target /

RMAN> backup format '/backup/snow_full_%U.bak’ database include current controlfile plus archivelog;

export ORACLE_SID=lily

rman target /

RMAN> backup format '/backup/lily_full_%U.bak' database include current controlfile plus archivelog;

cd /u01/app/oracle/product/10.2.0

tar -cvf db_1.tar db_1

4. 禁用profile

本例中資料庫存在使用者自定義的profile，APP_PROFILE和MONITORING_PROFILE

select username,profile from dba_users where profile <> 'DEFAULT';

USERNAME PROFILE

---------- --------------------

HR APP_PROFILE

DBSNMP MONITORING_PROFILE

4.1 官方文件提供了一個指令碼提取profile，儲存在名為myprofiles.sql中。當安裝結束後執行myprofiles.sql指令碼來恢復profile。

set serverout on size 100000

spool myprofiles.sql

.

declare

l_last varchar2(30) := 'X';

l_count number := 0;

begin

for c in (

select profile, resource_name , limit

from dba_profiles

order by profile, resource_name

) loop

if l_last <> c.profile then

l_last := c.profile;

if l_count > 0 then

dbms_output.put_line(';');

end if;

l_count := l_count + 1;

dbms_output.put_line('create profile ' || c.profile || ' limit ');

else

dbms_output.put_line( ' ' || c.resource_name || ' ' || c.limit);

end if;

end loop;

dbms_output.put_line(';');

end;

/
.

spool off

4.2 禁用profile和密碼複雜性設定

SQL> ALTER PROFILE APP_PROFILE LIMIT

PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused

PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password

PASSWORD_VERIFY_FUNCTION NULL

/

SQL> ALTER PROFILE MONITORING_PROFILE LIMIT

PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused

PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password

PASSWORD_VERIFY_FUNCTION NULL

/

4.3 Oracle Database Vault安裝結束後執行myprofiles.sql指令碼來生成建立profile指令碼，執行建立profile指令碼來恢復設定

SQL> @myprofiles.sql

5. 停止所有Oracle程式

建議按照如下順序執行

1. 停止Enterprise Manager Database Console程式

$ORACLE_HOME/bin/emctl stop dbconsole

2. 停止iSQL*Plus程式

$ORACLE_HOME/bin/isqlplusctl stop

3. 停止將要安裝Oracle Database Vault所在的Oracle Home下所有資料庫例項程式。

sqlplus / as sysdba

SQL> shutdown immediate;

4. 停止監聽器

# su - oracle

$ ps -ef grep tns

$ lsnrctl stop

5. 建立database vault資料庫

建立一個Database Vault資料庫用來儲存Database Vault Schema，該方式類似於catalog 或者 emrep資料庫。安裝結束後會新增一個配置工具DVCA。當同一個Oracle軟體下建立的其它資料庫需要啟用Database Vault，可以透過DVCA工具來配置。DVCA將在目標資料庫建立DV_OWNER或者DV_ACCTMGR（可選項），並且部署Database Vault Admiinstrator相關應用程式。

5.1 在這裡採用DBCA建立資料庫dv，用來實現上述功能，過程省略。

5.2 解壓縮Database Vault軟體，生成datavault目錄

cd /software

unzip database_vault_Linux-x86-64_10204.zip

5.3 執行圖形話安裝./runInstaller

cd datavault

./runInstaller

Database Vault Owner: vault_owner

Database Vault Owner Password: dv_12345

Confirm Password: dv_12345

提示Database Vault只會安裝在當前SID所在的資料庫dv中

圖形工具一次只能配置一個資料庫。其它資料庫需要使用DVCA工具配置。此處選擇dv資料庫

這裡的錯誤可以忽略，點選ok，繼續執行。

此時Database Vault已經安裝完成，只是DVCA在為dv資料庫配置時候出錯了，可以手工執行DVCA來糾正。這裡我們就不對dv資料庫操作了。直接對目標庫snow，lily操作。

透過以下方法來檢查Database Vault是否已經安裝

export ORACLE_SID=dv

sqlplus / as sysdba

SYS@dv >select * from v$option where parameter='Oracle Database Vault';

PARAMETER VALUE

------------------------------ ------------------------------

Oracle Database Vault TRUE

[oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0

[oracle@snowlab ~]$ dvca

DVCA started

DVCA Usage:

1. dvca -action option -oh -owner_account -owner_passwd -jdbc_str -sys_passwd [-acctmgr_account ] [-acctmgr_passwd ] [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout] [-racnode node] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}]

2. dvca -action optionrac -oh -jdbc_str -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout]

3. dvca -action enable -service -sys_passwd -owner_account -owner_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node]

4. dvca -action disable -service -sys_passwd -owner_account -owner_passwd [-logfile ./dvca.log] [-nodecrypt] [-racnode node]

5. dvca -action deinstall -oh -jdbc_str | -service -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node]

6. dvca -help

DVCA stopped

6. DVCA配置snow資料庫

使用dvca命令可以看到幫助資訊，按照提示填寫目標庫snow的資訊就可以完成配置。

[oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0

[oracle@snowlab ~]$ dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@snow snow -sys_passwd oracle

DVCA started

Executing task RESTART_SERVICES_PATCH

MANAGE_INSTANCE stop isqlplus

MANAGE_INSTANCE stop OC4J

MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found.

MANAGE_LISTENER start listener

MANAGE_LISTENER start listener result=/u01/app/oracle/product/10.2.0/db_1/bin/dvca_start_listener.sh,1,

MANAGE_LISTENER start listener log=

LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 25-APR-2015 09:41:32

MANAGE_INSTANCE start RDBMS

Executing task SQLPLUS_CATMAC

Executing task UNLOCK_DVSYS

Executing task LOAD_NLS_FILES

load(error):java.sql.SQLException: ORA-12154: TNS:could not resolve the connect identifier specified

Executing task ACCOUNT_CREATE_OWNER

Executing task GRANT_CONNECT_OWNER

Executing task GRANT_ADMIN_DB_TRIG

Executing task GRANT_ALTER_ANY_TRIG

Executing task PASSWORD_CHANGE_DVSYS

Executing task PASSWORD_CHANGE_DVF

RULE_SYNC:TRUE

Executing task GRANT_DV_OWNER_OWNER

Executing task GRANT_DBMS_RLS_OWNER

Executing task GRANT_AUDIT_TRAIL

Executing task GRANT_DV_ACCTMGR_OWNER

COMMAND_RULES:9

Executing task ALTER_TRIGGER_BEFORE_DDL

Executing task ALTER_TRIGGER_AFTER_DDL

Executing task REVOKE_CONNECT_DVSYS

Executing task REVOKE_CONNECT_DVF

Executing task LOCK_DVSYS

Executing task LOCK_DVF

Executing task ALTER_TRIGGER_LBACSYS1

Executing task ALTER_TRIGGER_LBACSYS2

Executing task ALTER_TRIGGER_LBACSYS3

Executing task DEPLOY_DVA

DEPLOY_DVA,validate

DEPLOY_DVA get EM home

DEPLOY_DVA get EM home=/u01/app/oracle/product/10.2.0/db_1/bin/emctl getemhome,2,EM Configuration issue. /u01/app/oracle/product/10.2.0/db_1/snowlab_snow not found.

DVCA_ERROR:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute

Error executing task DEPLOY_DVA:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute

Executing task SQLPLUS_UTLRP

Executing task INIT_AUDIT_SYS_OPERATIONS

Executing task INIT_REMOTE_OS_AUTHENT

Executing task INIT_REMOTE_OS_ROLES

Executing task INIT_OS_ROLES

Executing task INIT_SQL92_SECURITY

Executing task INIT_OS_AUTHENT_PREFIX

Executing task INIT_REMOTE_LOGIN_PASSWORDFILE

Executing task INIT_RECYCLEBIN

Executing task RESTART_SERVICES

MANAGE_INSTANCE stop isqlplus

MANAGE_INSTANCE stop OC4J

MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found.

MANAGE_INSTANCE stop RDBMS

MANAGE_LISTENER stop listener

MANAGE_LISTENER start listener

MANAGE_INSTANCE start RDBMS

MANAGE_INSTANCE start OC4J

使用dvsys使用者登入

[oracle@snowlab ]$ sqlplus dvsys/dv_12345

新增域，名為my_realm

DVSYS@snow >exec dbms_macadm.create_realm('my_realm','my_realm','y',1);

新增HR所有物件到域my_realm

DVSYS@snow >exec dbms_macadm.add_object_to_realm('my_realm','HR','%','%');

使用HR使用者可以訪問自身資料

SYS@snow >conn hr/hr

HR@snow >select * from tab;

TNAME TABTYPE CLUSTERID

------------------------------ ------- ----------

REGIONS TABLE

COUNTRIES TABLE

LOCATIONS TABLE

DEPARTMENTS TABLE

JOBS TABLE

EMPLOYEES TABLE

JOB_HISTORY TABLE

EMP_DETAILS_VIEW VIEW

8 rows selected.

HR@snow >select * from jobs;

JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY

---------- ----------------------------------- ---------- ----------

AD_PRES President 20000 40000

AD_VP Administration Vice President 15000 30000

AD_ASST Administration Assistant 3000 6000

FI_MGR Finance Manager 8200 16000

FI_ACCOUNT Accountant 4200 9000

AC_MGR Accounting Manager 8200 16000

AC_ACCOUNT Public Accountant 4200 9000

SA_MAN Sales Manager 10000 20000

SA_REP Sales Representative 6000 12000

PU_MAN Purchasing Manager 8000 15000

PU_CLERK Purchasing Clerk 2500 5500

JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY

---------- ----------------------------------- ---------- ----------

ST_MAN Stock Manager 5500 8500

ST_CLERK Stock Clerk 2000 5000

SH_CLERK Shipping Clerk 2500 5500

IT_PROG Programmer 4000 10000

MK_MAN Marketing Manager 9000 15000

MK_REP Marketing Representative 4000 9000

HR_REP Human Resources Representative 4000 9000

PR_REP Public Relations Representative 4500 10500

19 rows selected.

使用sys使用者執行查詢會被“隔離”，提示許可權不足

HR@snow >conn / as sysdba

Connected.

SYS@snow >select * from hr.jobs;

select * from hr.jobs

*

ERROR at line 1:

ORA-01031: insufficient privileges

如果SYS需要對域中的HR持有許可權，可以使用DVSYS使用者建立“參與者”

DVSYS@snow >exec dbms_macadm.add_auth_to_realm('my_realm','SYS');

再次使用SYS使用者訪問HR表jobs，驗證“參與者”生效了

DVSYS@snow >conn / as sysdba

Connected.

SYS@snow >select * from hr.jobs;

JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY

---------- ----------------------------------- ---------- ----------

AD_PRES President 20000 40000

AD_VP Administration Vice President 15000 30000

AD_ASST Administration Assistant 3000 6000

FI_MGR Finance Manager 8200 16000

FI_ACCOUNT Accountant 4200 9000

AC_MGR Accounting Manager 8200 16000

AC_ACCOUNT Public Accountant 4200 9000

SA_MAN Sales Manager 10000 20000

SA_REP Sales Representative 6000 12000

PU_MAN Purchasing Manager 8000 15000

PU_CLERK Purchasing Clerk 2500 5500

JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY

---------- ----------------------------------- ---------- ----------

ST_MAN Stock Manager 5500 8500

ST_CLERK Stock Clerk 2000 5000

SH_CLERK Shipping Clerk 2500 5500

IT_PROG Programmer 4000 10000

MK_MAN Marketing Manager 9000 15000

MK_REP Marketing Representative 4000 9000

HR_REP Human Resources Representative 4000 9000

PR_REP Public Relations Representative 4500 10500

19 rows selected.

接下來採用同樣的方法來配置lily資料庫

export DISPLAY=127.0.0.1:0.0

dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@lily lily -sys_passwd oracle

全文完

oracle10.2.0.4 dbvault 安裝篇

相關文章