Install & uninstall the Database vault in Oracle 12c database

Install the database vault in Oracle 12c database.

  1. Login with sysdba user and run the script to create the metadata or objects for database vault.
sqlplus / as sysdba
@?/rdbms/admin/catols.sql

2. Check the label security is enabled or not.

SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Label Security';

VALUE
--------------------------
FALSE

3. If its false then enable the Oracle Label Security by executing following procedure other wise skip this step.

EXEC LBACSYS.CONFIGURE_OLS;
EXEC LBACSYS.OLS_ENFORCEMENT.ENABLE_OLS;

--Restart the database
Shutdown immediate
Startup

--Check status after restart
SQL> SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Label Security';

VALUE
-------------------------
TRUE

4. Run the CATMAC.SQL script with parameter tablespace & temp tablespace.

@?/rdbms/admin/catmac.sql system temp <syspasswd>

5. After execute create the user for Database vault. Two user is created by login sysdba user one as OWNER or other as Manager

sqlplus / as sysdba
create user <DV owner> identified by <Password>;
create user <DV Manager> identified by <Password>;

-- used only if you are using CDBROOT database
SQL>  alter session set "_ORACLE_SCRIPT" = true;

Session altered.
-- Owner User

SQL> create user dvowner identified by dvowner;

User created.

SQL> grant connect to dvowner;

Grant succeeded.
-- Manager user 
SQL> create user dvmanager identified by dvmanager;

User created.

SQL> grant connect to dvmanager;

Grant succeeded.

6. Assign the user to Database vault from sysdba user.

sqlplus / as sysdba
exec dvsys.configure_dv('<DV owner user>','<DV Manager user>');

-- Example
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> exec dvsys.configure_dv('DVOWNER','DVMANAGER');

PL/SQL procedure successfully completed.

7. Enable the Database vault by login with DVOWNER user.

SQL> conn dvowner/dvowner
Connected.
SQL> exec dbms_macadm.enable_dv;

PL/SQL procedure successfully completed.

8. Restart the database then database value is enabled.

Shutdown immediate;
Startup

--Verify the status
SQL> SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

VALUE
----------                                                                
TRUE

Uninstall the Database value in Oracle Database

  1. Connect to the Database vault owner user and disable the database vault.
SQL> conn dvowner/dvowner
Connected.
SQL> exec dbms_macadm.disable_dv;

PL/SQL procedure successfully completed.

2. Restart the database to make the changes effect with sysdba user.

Conn / as sysdba
shutdown immediate
startup

3. Check the database vault status, its disabled.

SQL> SELECT value FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';

VALUE
----------------------------------------------------------------
FALSE

4. For complete uninstall, remove the metadata with dvremove.sql

conn / as sysdba

@?/rdbms/admin/dvremov.sql

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.