Saturday, March 9, 2013

[RDBMS] Enabling and Disabling Database Vault in RAC 11g R2

1. You need to stop all the databases and listeners (if there is more than one) running on the Database Oracle Home. With the next commands you can stop this proccesses:

srvctl stop listener
srvctl stop database -d mydb

2. Enable Database Vault in the Oracle Home (remember that we are using 11g R2 and Database Vault is bundle with the installation, you don't have to install it like older versions)

chopt [ enable | disable] db_option

Values for db_option are described in the following table:

dm                    Oracle Data Mining RDBMS Files
dv                    Oracle Database Vault
lbac                  Oracle Label Security
olap                  Oracle OLAP
partitioning          Oracle Partitioning
rat                   Oracle Real Application Testing
ode_net               Oracle Database Extensions for .NET 1.x
ode_net_2             Oracle Database Extensions for .NET 2.0

You will need to run the following commands in every RAC node:

chopt enable lbac
chopt enable dv

3. Start the Databases and Listener again:

srvctl start listener
srvctl start database -d mydb

4. Now that you have enable Database Vault on the Oracle Home you can now decide in which database you want to configure the Database Vault:
You need to use the display, so remember execute xhost + with root.
With the oracle user (or the database installation owner)
Export ORACLE_HOME and PATH to work with the Database Home
Execute dbca

      4.1 Select the Database you want to configure and login as sys or a user with sysdba 

        4.2 Check Oracle Label Security and Oracle Database Vault

       4.3 You need a owner-related user and a admin user

5. You need to restart the database that you configure with the database vault. (follow step 1 and 3, just the database commands.)

6. To verify if the Database Vault is enabled you can run this query:

     WHERE PARAMETER = 'Oracle Database Vault';

PARAMETER                     VALUE
----------------------------- -----------------------
Oracle Database Vault         TRUE

7. If you need to disable the Database Vault:
    Go to all the RAC nodes and execute (with databases and listener stopped), this is 
    to disable at the ORACLE_HOME level to all databases, cause once you are configure it  
    via dbca you cannot un-checked the Label Security and the Database Vault:

             chopt disable lbac
     chopt disable dv