First Enable DV in Container DB (CDB$ROOT)
-------------------------------------------------------------Create Common User c##dbvowner & c##dbvactmgr in CDB$ROOT
SQL>connect / as sysdba
SQL>create user c##dbvowner identified by pdit_dv15 CONTAINER=ALL;
SQL>create user c##dbvactmgr identified by pdit_dv15 CONTAINER=ALL;
SQL>grant SET CONTAINER,CREATE SESSION to c##dbvowner ;
SQL>grant SET CONTAINER,CREATE SESSION to c##dbvactmgr ;
Configure DV on CDB$ROOT
SQL>exec dvsys.configure_dv('c##dbvowner','c##dbvactmgr');
SQL>@?/rdbms/admin/utlrp.sql
SQL>conn c##dbvowner/****
SQL>EXEC DBMS_MACADM.ENABLE_DV;
SQL>Shutdown immediate
SQL>startup
Enable DV in PDB
-------------------------------------------------------------If PDB has database vault configured previously (before migration)(DV_CONFIGURE_STATUS in dba_dv_status is TRUE)
We need to drop and recreate database vault metadata to proceed after it is migrated into Container DB.
Drop DV metadata:
SQL>conn sys@PDB1 as sysdba
SQL>@$ORACLE_HOME/rdbms/admin/dvremov.sql
Recreate DV metadata:
SQL>@?/rdbms/admin/catols.sql
SQL>exec lbacsys.configure_ols
SQL>exec lbacsys.ols_enforcement.enable_ols
SQL>@$ORACLE_HOME/rdbms/admin/catmac.sql system temp <syspasswd>
SQL>GRANT CREATE SESSION, SET CONTAINER TO c##dbvowner ;
SQL>GRANT CREATE SESSION, SET CONTAINER TO c##dbvactmgr ;
Configure DV on PDB1
SQL>exec dvsys.configure_dv('c##dbvowner','c##dbvactmgr');
SQL>exit
SQL>@?/rdbms/admin/utlrp.sql
SQL>connect c##dbvowner@PDB1;
SQL>EXEC DBMS_MACADM.ENABLE_DV;
SQL>alter pluggable database PDB1 close immediate;
SQL>alter pluggable database PDB1 open;
SQL to check Database Vault enable and configuration status
select parameter,value from gv$option where parameter in ('Oracle Database Vault','Oracle Label Security');select * from dba_dv_status;
select wrl_type,con_id,wrl_parameter,status from v$encryption_wallet;
No comments:
Post a Comment