Database Vault [message #570880] |
Sat, 17 November 2012 04:56 |
Roger22
Messages: 98 Registered: April 2009 Location: Brasov, ROMANIA
|
Member |
|
|
Hi,
Oracle Database Vault 11g is part of the Oracle Database 11g download. Click here to download Oracle Database 11g Release 2. Ok, so I have run DBCA and checked Oracle Label Security and then Oracle Database Vault, to enable them
Now, at stage 4 of 5 is askes me for database vault owner, and password (optionally, to create a sepparate account manager). I have specified 'vault' and 'vaultmanager' as names (i choosed to create a sepparate manager account)
Now i can login to database vault console with 'vault' user, but when i try to log with 'vaultmanager', i get:
You must have the DV_ADMIN or DV_SECANALYST role granted to your account in order to use this application.
So by default the manager cannot log in to database vault administration console?
Also, another question: when i log in to EM console with sys user, under "Server" category, i clicked "Database vault", but i got: You have been logged in to a Database with Database Vault installed on it. You do not have sufficient privileges to access the Database Vault features on Enterprise Manager. Please contact your administrator
So, sys user is unable to do database vault tasks? which privileges should i grant to sys user (from 'vault' grantee, which is the owner)?
|
|
|
|
Re: Database Vault [message #570882 is a reply to message #570881] |
Sat, 17 November 2012 05:13 |
Roger22
Messages: 98 Registered: April 2009 Location: Brasov, ROMANIA
|
Member |
|
|
Because i'm at the beginning, and i want to start learning this
But i have logged on Enterprise manager with 'vault' account and i still cannot access the "Database vault" section (same error). Why?!
|
|
|
|
Re: Database Vault [message #570886 is a reply to message #570883] |
Sat, 17 November 2012 06:47 |
Roger22
Messages: 98 Registered: April 2009 Location: Brasov, ROMANIA
|
Member |
|
|
Ok, i started with documentation. But tell me, why, when i log into enterprise manager with the Database Vault owner ('vault' in my case), i cannot acces the Database Vault section? Where is this in the documentation?!
|
|
|
Re: Database Vault [message #570898 is a reply to message #570886] |
Sat, 17 November 2012 14:01 |
Roger22
Messages: 98 Registered: April 2009 Location: Brasov, ROMANIA
|
Member |
|
|
It "worked", my bad.. i can see that section without error.
Now i want to know, if i checked to create a sepparate account manager, how can i "revert" this? so only the owner exists
From the documentation:
Quote:
Oracle Database Vault prompts for two accounts during installation: Oracle Database Vault Owner and Oracle Database Vault Account Manager. You must supply an account name and password for the Oracle Database Vault Owner account during installation. Creating an Oracle Database Vault Account Manager is optional.
The Oracle Database Vault Owner account is granted the DV_OWNER role. This account can manage Oracle Database Vault roles and configuration. (See "Oracle Database Vault Owner Role, DV_OWNER" for detailed information about this role.)
The Oracle Database Vault Account Manager account is granted the DV_ACCTMGR role. This account is used to manage database user accounts to facilitate separation of duties. (See "Oracle Database Vault Account Manager Role, DV_ACCTMGR" for detailed information about this role.)
If you choose not to create the Oracle Database Vault Account Manager account during installation, then both the DV_OWNER and DV_ACCTMGR roles are granted to the Oracle Database Vault Owner user account.
So now i want only the owner account, and no more that manager account.. how can i do these changes?
Regards,
|
|
|
|
|
|
Re: Database Vault [message #570916 is a reply to message #570912] |
Sun, 18 November 2012 03:15 |
John Watson
Messages: 8938 Registered: January 2010 Location: Global Village
|
Senior Member |
|
|
Hello - I don't think you need to de- and re-install (though for practice, why not?) If you run the DBCA agai you should be able to drop your first database, and then create another. It will prompt you for the DBV details if you select the option.
|
|
|
Re: Database Vault [message #570917 is a reply to message #570916] |
Sun, 18 November 2012 03:26 |
Roger22
Messages: 98 Registered: April 2009 Location: Brasov, ROMANIA
|
Member |
|
|
i got that, so drop my database and reinstall it.. but i thought there is another option or something, without deleting the database
However, how do you recommend? to create another vault manager account, or use that owner account only for all the administrative vault tasks
[Updated on: Sun, 18 November 2012 03:27] Report message to a moderator
|
|
|
Re: Database Vault [message #570918 is a reply to message #570917] |
Sun, 18 November 2012 03:35 |
John Watson
Messages: 8938 Registered: January 2010 Location: Global Village
|
Senior Member |
|
|
Terminology, Roger: you (de-)install an Oracle Home, you create/drop a database.
As for the other question, just read the docs and decide. My own opinion: consider that DBV is all about separation of duties.
If you really want to work out how to remove DBV from an existing database, I don't think (could be wrong) there is a supported technique but you could look at the ORACLE_HOME/rdbms/admin/catmac.sql script and try to reverse engineer it (and all the scripts it calls...) a good exercise.
|
|
|