| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Microsoft Windows (32-Bit) Part Number B32384-02 |
|
|
View PDF |
| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Microsoft Windows (32-Bit) Part Number B32384-02 |
|
|
View PDF |
If you have Oracle Database Vault 10g Release 2 (10.2.0.3) installed, then you can upgrade it to Oracle Database Vault 10g Release 2 (10.2.0.4) without uninstalling the existing instance.
Note:
If you are upgrading Cluster Ready Services (CRS) only, then you should ensure that you disable Oracle Database Vault before upgrading Cluster Ready Services (CRS).Use steps 1 to 5 to disable Oracle Database Vault. After the upgrade, use steps 14 to 18 to reenable Oracle Database Vault.
Use the following steps to upgrade an Oracle Database Vault 10.2.0.x installation to Oracle Database Vault 10g Release 2 (10.2.0.4):
Re-create the password file with the nosysdba=n and force=y flags, to allow the SYS user to connect AS SYSDBA. Use the following syntax:
C:\> ORACLE_HOME\bin\orapwd file=ORACLE_HOME\dbs\orapwSID password=password force=y nosysdba=n
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (RAC) database, use the following command:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name -c "SYS/password AS SYSDBA"
Here db_name is the name of the database.
Stop Oracle services from the Services window. For an Oracle Real Application Clusters (RAC) database, you must repeat this step on all nodes.
See Also:
"Stop Oracle Services" for more information on stopping Oracle ServicesUnder ORACLE_HOME\bin, rename the oradv10.dll file to another name.
For example, you could rename oradv10.dll to oradv10_backup.dll.
Note:
Ensure that Oracle services are not running before you try to rename the file.
Remember the name that you use, as you would be required to restore the file in a subsequent step.
For an Oracle Real Application Clusters (RAC) database, you must repeat this step on all nodes.
Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (RAC) database, use the following command:
C:\> ORACLE_HOME\bin\srvctl start database -d db_name
Unlock the DVSYS account as the SYS user:
sqlplus SYS "AS SYSDBA" Enter password: SQL>ALTER USER DVSYS ACCOUNT UNLOCK;
Run Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action disable option. This disables the Database Vault triggers. Use the following syntax:
C:\> ORACLE_HOME\bin\dvca -action disable
-service service_name
-owner_account DV_owner_account_name
[-logfile ./dvca.log]
[-nodecrypt]
Enter SYS password: sys_password
Enter owner password: owner_password
Here:
-action is the action to perform. In this case the action is disable.
-service is the database service name.
-owner_account is the Oracle Database Vault Owner account name.
-logfile is an optional flag to specify a log file name and location. You can enter an absolute path, or enter a path that is relative to the location of the ORACLE_HOME\bin directory.
-nodecrypt is the option to read plaintext passwords.
Install the Oracle Database Release 10.2.0.4 Patch Set
See Also:
"Apply Oracle Database Release 10.2.0.4 Patch Set" for more information about installing the patch setRestart the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate SQL> startup
For an Oracle Real Application Clusters (RAC) database, use the following commands:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name C:\> ORACLE_HOME\bin\srvctl start database -d db_name
Connect AS SYSDBA and run the following SQL statements:
SQL> DROP FUNCTION DVSYS.REALM_SDML_AUTHORIZED ;
SQL> DROP PROCEDURE DVSYS.SYNCHRONIZE_POLICY_FOR_OBJECT;
SQL> DECLARE
CURSOR stmt IS
select u.name, o.name, r.pname
from user$ u, obj$ o, rls$ r
where u.user# = o.owner#
and r.obj# = o.obj#
and bitand(r.stmt_type,65536) > 0;
object_schema VARCHAR2(32) := NULL;
object_name VARCHAR2(32) := NULL;
policy_name VARCHAR2(32) := NULL;
BEGIN
OPEN stmt;
LOOP
FETCH stmt INTO object_schema, object_name, policy_name;
EXIT WHEN stmt%NOTFOUND;
dbms_rls.drop_policy('"'||object_schema||'"',
'"'||object_name||'"',
'"'||policy_name||'"');
END LOOP;
Close stmt;
END;
/
Run DVCA to reconfigure Database Vault. Use the following syntax:
C:\> ORACLE_HOME\bin\dvca -action option -oh oracle_home -jdbc_str jdbc_connection_string -owner_account DV_owner_account_name [-acctmgr_account DV_account_manager_account_name] [-logfile .\dvca.log] [-nodecrypt]
Where:
action: The action to perform. option creates the Database Vault schema objects, creates the DV_OWNER account and the optional DV_ACCTMGR account, and deploys the Database Vault Administrator application.
oh: The Oracle home for the database.
jdbc_str: The JDBC connection string used to connect to the database. For example, jdbc:oracle:oci:@orcl1, where orcl1 is the net service name in the tnsnames.ora file (ORACLE_HOME\network\admin\tnsnames.ora).
owner_account: Oracle Database Vault Owner account name
acctmgr_account: (Optional) Oracle Database Vault Account Manager user
logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the ORACLE_HOME\bin directory
nodecrypt: Reads plaintext passwords as passed on the command line. You must use this option if you are passing plaintext passwords to the command.
Note:
You are prompted to enter theSYS, Database Vault Owner, and Database Vault Account Manager passwords. The Database Vault Owner and Account Manager passwords must be your current Database Vault 10.2.0.x passwords.See Also:
Appendix C, "Running DVCA After Creating a Database Vault Database" for more options available with thedvca -action option commandRun Oracle Database Vault Configuration Assistant (DVCA) by using the dvca -action enable option. This enables the Database Vault triggers. Use the following syntax:
C:\> ORACLE_HOME\bin\dvca -action enable
-service service_name
-owner_account DV_owner_account_name
[-logfile ./dvca.log]
[-nodecrypt]
Enter SYS password: sys_password
Enter owner password: owner_password
See Step 7 for details of the options used in the command.
Lock the DVSYS account. Use the following SQL statements:
SQL> CONNECT SYS "AS SYSDBA" Enter password: SQL> ALTER USER DVSYS ACCOUNT LOCK;
Shut down the database.
To stop a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
For an Oracle Real Application Clusters (RAC) database, use the following command:
C:\> ORACLE_HOME\bin\srvctl stop database -d db_name
Here db_name is the name of the database.
Stop Oracle services from the Services window. For an Oracle Real Application Clusters (RAC) database, you must repeat this step on all nodes.
See Also:
"Stop Oracle Services" for more information on stopping Oracle ServicesUnder ORACLE_HOME\bin, rename the backup of the oradv10.dll file to its original name. You had renamed this file in Step 4.
For example, if you renamed it oradv10_backup.dll, then rename it back to oradv10.dll.
Note:
For an Oracle Real Application Clusters (RAC) database, you must repeat this step on all nodes.Start the database. For a single-instance database, use the following commands:
sqlplus SYS "AS SYSDBA" Enter password: SQL> startup
For an Oracle Real Application Clusters (RAC) database, use the following command:
C:\> ORACLE_HOME\bin\srvctl start database -d db_name
If you wish to disable connections with SYSDBA privileges, then re-create the password file with the nosysdba=y and force=y flags. Use the following syntax:
C:\> ORACLE_HOME\bin\orapwd file=ORACLE_HOME\dbs\orapwSID password=password force=y nosysdba=y
Here SID is the Oracle system identifier (SID) of the database and password is the password for the SYS account.
