Home » RDBMS Server » Security » Database Vault (Oracle Database 11gR2 (11.2.0.3), Windows XP SP3)
Database Vault [message #570880] Sat, 17 November 2012 04:56 Go to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
Hi,
Oracle Database Vault 11g is part of the Oracle Database 11g download. Click here to download Oracle Database 11g Release 2. Ok, so I have run DBCA and checked Oracle Label Security and then Oracle Database Vault, to enable them
Now, at stage 4 of 5 is askes me for database vault owner, and password (optionally, to create a sepparate account manager). I have specified 'vault' and 'vaultmanager' as names (i choosed to create a sepparate manager account)
Now i can login to database vault console with 'vault' user, but when i try to log with 'vaultmanager', i get:

You must have the DV_ADMIN or DV_SECANALYST role granted to your account in order to use this application.

So by default the manager cannot log in to database vault administration console?

Also, another question: when i log in to EM console with sys user, under "Server" category, i clicked "Database vault", but i got: You have been logged in to a Database with Database Vault installed on it. You do not have sufficient privileges to access the Database Vault features on Enterprise Manager. Please contact your administrator

So, sys user is unable to do database vault tasks? which privileges should i grant to sys user (from 'vault' grantee, which is the owner)?
Re: Database Vault [message #570881 is a reply to message #570880] Sat, 17 November 2012 05:10 Go to previous messageGo to next message
Michel Cadot
Messages: 59141
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
So, sys user is unable to do database vault tasks?


Yes, this is the purpose of database Vault.
Please read the documentation, you are too far from the beginning to be helped in a forum, you don't know the basics.
And so come a question, why do you install Database Vault if you don't know what is its purpose?

Regards
Michel
Re: Database Vault [message #570882 is a reply to message #570881] Sat, 17 November 2012 05:13 Go to previous messageGo to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
Because i'm at the beginning, and i want to start learning this
But i have logged on Enterprise manager with 'vault' account and i still cannot access the "Database vault" section (same error). Why?!
Re: Database Vault [message #570883 is a reply to message #570882] Sat, 17 November 2012 05:51 Go to previous messageGo to next message
Michel Cadot
Messages: 59141
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
OK, so start with the documentation, you cannot start with such product BEFORE reading the documentation.

Regards
Michel
Re: Database Vault [message #570886 is a reply to message #570883] Sat, 17 November 2012 06:47 Go to previous messageGo to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
Ok, i started with documentation. But tell me, why, when i log into enterprise manager with the Database Vault owner ('vault' in my case), i cannot acces the Database Vault section? Where is this in the documentation?!
Re: Database Vault [message #570898 is a reply to message #570886] Sat, 17 November 2012 14:01 Go to previous messageGo to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
It "worked", my bad.. i can see that section without error.
Now i want to know, if i checked to create a sepparate account manager, how can i "revert" this? so only the owner exists
From the documentation:

Quote:

Oracle Database Vault prompts for two accounts during installation: Oracle Database Vault Owner and Oracle Database Vault Account Manager. You must supply an account name and password for the Oracle Database Vault Owner account during installation. Creating an Oracle Database Vault Account Manager is optional.

The Oracle Database Vault Owner account is granted the DV_OWNER role. This account can manage Oracle Database Vault roles and configuration. (See "Oracle Database Vault Owner Role, DV_OWNER" for detailed information about this role.)

The Oracle Database Vault Account Manager account is granted the DV_ACCTMGR role. This account is used to manage database user accounts to facilitate separation of duties. (See "Oracle Database Vault Account Manager Role, DV_ACCTMGR" for detailed information about this role.)

If you choose not to create the Oracle Database Vault Account Manager account during installation, then both the DV_OWNER and DV_ACCTMGR roles are granted to the Oracle Database Vault Owner user account.


So now i want only the owner account, and no more that manager account.. how can i do these changes?

Regards,
Re: Database Vault [message #570900 is a reply to message #570898] Sat, 17 November 2012 14:36 Go to previous messageGo to next message
Michel Cadot
Messages: 59141
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Reinstall?

Regards
Michel
Re: Database Vault [message #570912 is a reply to message #570900] Sun, 18 November 2012 02:18 Go to previous messageGo to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
What to reinstall? the entire database? oh no
Re: Database Vault [message #570913 is a reply to message #570912] Sun, 18 November 2012 02:37 Go to previous messageGo to next message
Michel Cadot
Messages: 59141
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
If I was you I'd do it, after all you just want to learn the product so deinstalling and installing several times should be done, at least with different options to see what and how it comes.

Regards
Michel
Re: Database Vault [message #570916 is a reply to message #570912] Sun, 18 November 2012 03:15 Go to previous messageGo to next message
John Watson
Messages: 4562
Registered: January 2010
Location: Global Village
Senior Member
Hello - I don't think you need to de- and re-install (though for practice, why not?) If you run the DBCA agai you should be able to drop your first database, and then create another. It will prompt you for the DBV details if you select the option.
Re: Database Vault [message #570917 is a reply to message #570916] Sun, 18 November 2012 03:26 Go to previous messageGo to next message
Roger22
Messages: 98
Registered: April 2009
Location: Brasov, ROMANIA
Member
i got that, so drop my database and reinstall it.. but i thought there is another option or something, without deleting the database
However, how do you recommend? to create another vault manager account, or use that owner account only for all the administrative vault tasks

[Updated on: Sun, 18 November 2012 03:27]

Report message to a moderator

Re: Database Vault [message #570918 is a reply to message #570917] Sun, 18 November 2012 03:35 Go to previous message
John Watson
Messages: 4562
Registered: January 2010
Location: Global Village
Senior Member
Terminology, Roger: you (de-)install an Oracle Home, you create/drop a database.
As for the other question, just read the docs and decide. My own opinion: consider that DBV is all about separation of duties.

If you really want to work out how to remove DBV from an existing database, I don't think (could be wrong) there is a supported technique but you could look at the ORACLE_HOME/rdbms/admin/catmac.sql script and try to reverse engineer it (and all the scripts it calls...) a good exercise.
Previous Topic: automatic generated grants on sys_plsql_xxxx_yy_z
Next Topic: Database Field size
Goto Forum:
  


Current Time: Fri Sep 19 01:08:43 CDT 2014

Total time taken to generate the page: 0.12605 seconds