oracle10.2.0.4 dbvault 安装篇
2015-06-23 17:26
621 查看
1. 服务器上装有两个数据库,分别是snow,lily,版本都是10.2.0.4.0, database vault都没有开启。
[oracle@snowlab ~]$ export ORACLE_SID=snow [oracle@snowlab ~]$ sqlplus / as sysdba
SQL> set line 100 SQL> col value for a40 SQL> col comments for a40 SQL> select version,comments from registry$history;
VERSION COMMENTS ------------------------------ ---------------------------------------- 10.2.0.4 PSU 10.2.0.4.4 view recompilation view recompilation 10.2.0.4 PSU 10.2.0.4.8 view recompilation
SQL> col parameter for a30 SQL> select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ---------------------------------------- Oracle Database Vault FALSE
[oracle@snowlab ~]$ export ORACLE_SID=lily [oracle@snowlab ~]$ sqlplus / as sysdba
SQL> set line 100 SQL> col value for a40 SQL> col comments for a40 SQL> select version,comments from registry$history;
VERSION COMMENTS ------------------------------ ---------------------------------------- 10.2.0.4 PSU 10.2.0.4.4 view recompilation view recompilation 10.2.0.4 PSU 10.2.0.4.8 view recompilation
SQL> col parameter for a30 SQL> select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ---------------------------------------- Oracle Database Vault FALSE
2. 确认目标数据库remote_login_passwordfile参数为EXCLUSIVE或者SHARED
show parameter remote_login_passwordfile
NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ remote_login_passwordfile string EXCLUSIVE
3. 备份数据库软件和数据库 export ORACLE_SID=snow rman target / RMAN> backup format '/backup/snow_full_%U.bak’ database include current controlfile plus archivelog;
export ORACLE_SID=lily rman target / RMAN> backup format '/backup/lily_full_%U.bak' database include current controlfile plus archivelog;
cd /u01/app/oracle/product/10.2.0 tar -cvf db_1.tar db_1
4. 禁用profile
本例中数据库存在用户自定义的profile,APP_PROFILE和MONITORING_PROFILE select username,profile from dba_users where profile <> 'DEFAULT';
USERNAME PROFILE ---------- -------------------- HR APP_PROFILE DBSNMP MONITORING_PROFILE
4.1 官方文档提供了一个脚本提取profile,保存在名为myprofiles.sql中。当安装结束后执行myprofiles.sql脚本来恢复profile。
set serverout on size 100000 spool myprofiles.sql . declare l_last varchar2(30) := 'X'; l_count number := 0; begin for c in ( select profile, resource_name , limit from dba_profiles order by profile, resource_name ) loop if l_last <> c.profile then l_last := c.profile; if l_count > 0 then dbms_output.put_line(';'); end if; l_count := l_count + 1; dbms_output.put_line('create profile ' || c.profile || ' limit '); else dbms_output.put_line( ' ' || c.resource_name || ' ' || c.limit); end if; end loop; dbms_output.put_line(';'); end; /
. spool off
4.2 禁用profile和密码复杂性设置
SQL> ALTER PROFILE APP_PROFILE LIMIT PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password PASSWORD_VERIFY_FUNCTION NULL /
SQL> ALTER PROFILE MONITORING_PROFILE LIMIT PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password PASSWORD_VERIFY_FUNCTION NULL /
4.3 Oracle Database Vault安装结束后执行myprofiles.sql脚本来生成创建profile脚本,执行创建profile脚本来恢复设置
SQL> @myprofiles.sql
5. 停止所有Oracle进程
建议按照如下顺序执行 1. 停止Enterprise Manager Database Console进程 $ORACLE_HOME/bin/emctl stop dbconsole
2. 停止iSQL*Plus进程 $ORACLE_HOME/bin/isqlplusctl stop
3. 停止将要安装Oracle Database Vault所在的Oracle Home下所有数据库实例进程。 sqlplus / as sysdba SQL> shutdown immediate;
4. 停止监听器 # su - oracle $ ps -ef grep tns $ lsnrctl stop
5. 创建database vault数据库 创建一个Database Vault数据库用来保存Database Vault Schema,该方式类似于catalog 或者 emrep数据库。安装结束后会新增一个配置工具DVCA。当同一个Oracle软件下创建的其它数据库需要启用Database Vault,可以通过DVCA工具来配置。DVCA将在目标数据库创建DV_OWNER或者DV_ACCTMGR(可选项),并且部署Database Vault Admiinstrator相关应用程序。
5.1 在这里采用DBCA创建数据库dv,用来实现上述功能,过程省略。
5.2 解压缩Database Vault软件,生成datavault目录 cd /software unzip database_vault_Linux-x86-64_10204.zip
5.3 执行图形话安装./runInstaller cd datavault ./runInstaller
Database Vault Owner: vault_owner Database Vault Owner Password: dv_12345 Confirm Password: dv_12345
提示Database Vault只会安装在当前SID所在的数据库dv中
图形工具一次只能配置一个数据库。其它数据库需要使用DVCA工具配置。此处选择dv数据库
这里的错误可以忽略,点击ok,继续执行。 此时Database Vault已经安装完成,只是DVCA在为dv数据库配置时候出错了,可以手工执行DVCA来纠正。这里我们就不对dv数据库操作了。直接对目标库snow,lily操作。
通过以下方法来检查Database Vault是否已经安装 export ORACLE_SID=dv sqlplus / as sysdba
SYS@dv >select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ------------------------------ Oracle Database Vault TRUE
[oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0 [oracle@snowlab ~]$ dvca DVCA started DVCA Usage: 1. dvca -action option -oh -owner_account -owner_passwd -jdbc_str -sys_passwd [-acctmgr_account ] [-acctmgr_passwd ] [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout] [-racnode node] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}] 2. dvca -action optionrac -oh -jdbc_str -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout] 3. dvca -action enable -service -sys_passwd -owner_account -owner_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 4. dvca -action disable -service -sys_passwd -owner_account -owner_passwd [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 5. dvca -action deinstall -oh -jdbc_str | -service -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 6. dvca -help DVCA stopped
6. DVCA配置snow数据库 使用dvca命令可以看到帮助信息,按照提示填写目标库snow的信息就可以完成配置。 [oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0 [oracle@snowlab ~]$ dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@snow snow -sys_passwd oracle DVCA started Executing task RESTART_SERVICES_PATCH MANAGE_INSTANCE stop isqlplus MANAGE_INSTANCE stop OC4J MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found. MANAGE_LISTENER start listener MANAGE_LISTENER start listener result=/u01/app/oracle/product/10.2.0/db_1/bin/dvca_start_listener.sh,1, MANAGE_LISTENER start listener log= LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 25-APR-2015 09:41:32
MANAGE_INSTANCE start RDBMS Executing task SQLPLUS_CATMAC Executing task UNLOCK_DVSYS Executing task LOAD_NLS_FILES load(error):java.sql.SQLException: ORA-12154: TNS:could not resolve the connect identifier specified
Executing task ACCOUNT_CREATE_OWNER Executing task GRANT_CONNECT_OWNER Executing task GRANT_ADMIN_DB_TRIG Executing task GRANT_ALTER_ANY_TRIG Executing task PASSWORD_CHANGE_DVSYS Executing task PASSWORD_CHANGE_DVF RULE_SYNC:TRUE Executing task GRANT_DV_OWNER_OWNER Executing task GRANT_DBMS_RLS_OWNER Executing task GRANT_AUDIT_TRAIL Executing task GRANT_DV_ACCTMGR_OWNER COMMAND_RULES:9 Executing task ALTER_TRIGGER_BEFORE_DDL Executing task ALTER_TRIGGER_AFTER_DDL Executing task REVOKE_CONNECT_DVSYS Executing task REVOKE_CONNECT_DVF Executing task LOCK_DVSYS Executing task LOCK_DVF Executing task ALTER_TRIGGER_LBACSYS1 Executing task ALTER_TRIGGER_LBACSYS2 Executing task ALTER_TRIGGER_LBACSYS3 Executing task DEPLOY_DVA DEPLOY_DVA,validate DEPLOY_DVA get EM home DEPLOY_DVA get EM home=/u01/app/oracle/product/10.2.0/db_1/bin/emctl getemhome,2,EM Configuration issue. /u01/app/oracle/product/10.2.0/db_1/snowlab_snow not found. DVCA_ERROR:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute Error executing task DEPLOY_DVA:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute Executing task SQLPLUS_UTLRP Executing task INIT_AUDIT_SYS_OPERATIONS Executing task INIT_REMOTE_OS_AUTHENT Executing task INIT_REMOTE_OS_ROLES Executing task INIT_OS_ROLES Executing task INIT_SQL92_SECURITY Executing task INIT_OS_AUTHENT_PREFIX Executing task INIT_REMOTE_LOGIN_PASSWORDFILE Executing task INIT_RECYCLEBIN Executing task RESTART_SERVICES MANAGE_INSTANCE stop isqlplus MANAGE_INSTANCE stop OC4J MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found. MANAGE_INSTANCE stop RDBMS MANAGE_LISTENER stop listener MANAGE_LISTENER start listener MANAGE_INSTANCE start RDBMS MANAGE_INSTANCE start OC4J
使用dvsys用户登录 [oracle@snowlab ]$ sqlplus dvsys/dv_12345
添加域,名为my_realm DVSYS@snow >exec dbms_macadm.create_realm('my_realm','my_realm','y',1);
添加HR所有对象到域my_realm DVSYS@snow >exec dbms_macadm.add_object_to_realm('my_realm','HR','%','%');
使用HR用户可以访问自身数据 SYS@snow >conn hr/hr HR@snow >select * from tab;
TNAME TABTYPE CLUSTERID ------------------------------ ------- ---------- REGIONS TABLE COUNTRIES TABLE LOCATIONS TABLE DEPARTMENTS TABLE JOBS TABLE EMPLOYEES TABLE JOB_HISTORY TABLE EMP_DETAILS_VIEW VIEW
8 rows selected.
HR@snow >select * from jobs;
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- AD_PRES President 20000 40000 AD_VP Administration Vice President 15000 30000 AD_ASST Administration Assistant 3000 6000 FI_MGR Finance Manager 8200 16000 FI_ACCOUNT Accountant 4200 9000 AC_MGR Accounting Manager 8200 16000 AC_ACCOUNT Public Accountant 4200 9000 SA_MAN Sales Manager 10000 20000 SA_REP Sales Representative 6000 12000 PU_MAN Purchasing Manager 8000 15000 PU_CLERK Purchasing Clerk 2500 5500
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- ST_MAN Stock Manager 5500 8500 ST_CLERK Stock Clerk 2000 5000 SH_CLERK Shipping Clerk 2500 5500 IT_PROG Programmer 4000 10000 MK_MAN Marketing Manager 9000 15000 MK_REP Marketing Representative 4000 9000 HR_REP Human Resources Representative 4000 9000 PR_REP Public Relations Representative 4500 10500
19 rows selected.
使用sys用户执行查询会被“隔离”,提示权限不足 HR@snow >conn / as sysdba Connected. SYS@snow >select * from hr.jobs; select * from hr.jobs * ERROR at line 1: ORA-01031: insufficient privileges
如果SYS需要对域中的HR持有权限,可以使用DVSYS用户创建“参与者” DVSYS@snow >exec dbms_macadm.add_auth_to_realm('my_realm','SYS');
再次使用SYS用户访问HR表jobs,验证“参与者”生效了 DVSYS@snow >conn / as sysdba Connected. SYS@snow >select * from hr.jobs;
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- AD_PRES President 20000 40000 AD_VP Administration Vice President 15000 30000 AD_ASST Administration Assistant 3000 6000 FI_MGR Finance Manager 8200 16000 FI_ACCOUNT Accountant 4200 9000 AC_MGR Accounting Manager 8200 16000 AC_ACCOUNT Public Accountant 4200 9000 SA_MAN Sales Manager 10000 20000 SA_REP Sales Representative 6000 12000 PU_MAN Purchasing Manager 8000 15000 PU_CLERK Purchasing Clerk 2500 5500
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- ST_MAN Stock Manager 5500 8500 ST_CLERK Stock Clerk 2000 5000 SH_CLERK Shipping Clerk 2500 5500 IT_PROG Programmer 4000 10000 MK_MAN Marketing Manager 9000 15000 MK_REP Marketing Representative 4000 9000 HR_REP Human Resources Representative 4000 9000 PR_REP Public Relations Representative 4500 10500
19 rows selected.
接下来采用同样的方法来配置lily数据库
export DISPLAY=127.0.0.1:0.0
dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@lily lily -sys_passwd oracle
全文完
[oracle@snowlab ~]$ export ORACLE_SID=snow [oracle@snowlab ~]$ sqlplus / as sysdba
SQL> set line 100 SQL> col value for a40 SQL> col comments for a40 SQL> select version,comments from registry$history;
VERSION COMMENTS ------------------------------ ---------------------------------------- 10.2.0.4 PSU 10.2.0.4.4 view recompilation view recompilation 10.2.0.4 PSU 10.2.0.4.8 view recompilation
SQL> col parameter for a30 SQL> select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ---------------------------------------- Oracle Database Vault FALSE
[oracle@snowlab ~]$ export ORACLE_SID=lily [oracle@snowlab ~]$ sqlplus / as sysdba
SQL> set line 100 SQL> col value for a40 SQL> col comments for a40 SQL> select version,comments from registry$history;
VERSION COMMENTS ------------------------------ ---------------------------------------- 10.2.0.4 PSU 10.2.0.4.4 view recompilation view recompilation 10.2.0.4 PSU 10.2.0.4.8 view recompilation
SQL> col parameter for a30 SQL> select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ---------------------------------------- Oracle Database Vault FALSE
2. 确认目标数据库remote_login_passwordfile参数为EXCLUSIVE或者SHARED
show parameter remote_login_passwordfile
NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ remote_login_passwordfile string EXCLUSIVE
3. 备份数据库软件和数据库 export ORACLE_SID=snow rman target / RMAN> backup format '/backup/snow_full_%U.bak’ database include current controlfile plus archivelog;
export ORACLE_SID=lily rman target / RMAN> backup format '/backup/lily_full_%U.bak' database include current controlfile plus archivelog;
cd /u01/app/oracle/product/10.2.0 tar -cvf db_1.tar db_1
4. 禁用profile
本例中数据库存在用户自定义的profile,APP_PROFILE和MONITORING_PROFILE select username,profile from dba_users where profile <> 'DEFAULT';
USERNAME PROFILE ---------- -------------------- HR APP_PROFILE DBSNMP MONITORING_PROFILE
4.1 官方文档提供了一个脚本提取profile,保存在名为myprofiles.sql中。当安装结束后执行myprofiles.sql脚本来恢复profile。
set serverout on size 100000 spool myprofiles.sql . declare l_last varchar2(30) := 'X'; l_count number := 0; begin for c in ( select profile, resource_name , limit from dba_profiles order by profile, resource_name ) loop if l_last <> c.profile then l_last := c.profile; if l_count > 0 then dbms_output.put_line(';'); end if; l_count := l_count + 1; dbms_output.put_line('create profile ' || c.profile || ' limit '); else dbms_output.put_line( ' ' || c.resource_name || ' ' || c.limit); end if; end loop; dbms_output.put_line(';'); end; /
. spool off
4.2 禁用profile和密码复杂性设置
SQL> ALTER PROFILE APP_PROFILE LIMIT PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password PASSWORD_VERIFY_FUNCTION NULL /
SQL> ALTER PROFILE MONITORING_PROFILE LIMIT PASSWORD_REUSE_MAX UNLIMITED -- The number of times a password can be reused PASSWORD_REUSE_TIME UNLIMITED -- The number of days between reuses of a password PASSWORD_VERIFY_FUNCTION NULL /
4.3 Oracle Database Vault安装结束后执行myprofiles.sql脚本来生成创建profile脚本,执行创建profile脚本来恢复设置
SQL> @myprofiles.sql
5. 停止所有Oracle进程
建议按照如下顺序执行 1. 停止Enterprise Manager Database Console进程 $ORACLE_HOME/bin/emctl stop dbconsole
2. 停止iSQL*Plus进程 $ORACLE_HOME/bin/isqlplusctl stop
3. 停止将要安装Oracle Database Vault所在的Oracle Home下所有数据库实例进程。 sqlplus / as sysdba SQL> shutdown immediate;
4. 停止监听器 # su - oracle $ ps -ef grep tns $ lsnrctl stop
5. 创建database vault数据库 创建一个Database Vault数据库用来保存Database Vault Schema,该方式类似于catalog 或者 emrep数据库。安装结束后会新增一个配置工具DVCA。当同一个Oracle软件下创建的其它数据库需要启用Database Vault,可以通过DVCA工具来配置。DVCA将在目标数据库创建DV_OWNER或者DV_ACCTMGR(可选项),并且部署Database Vault Admiinstrator相关应用程序。
5.1 在这里采用DBCA创建数据库dv,用来实现上述功能,过程省略。
5.2 解压缩Database Vault软件,生成datavault目录 cd /software unzip database_vault_Linux-x86-64_10204.zip
5.3 执行图形话安装./runInstaller cd datavault ./runInstaller
Database Vault Owner: vault_owner Database Vault Owner Password: dv_12345 Confirm Password: dv_12345
提示Database Vault只会安装在当前SID所在的数据库dv中
图形工具一次只能配置一个数据库。其它数据库需要使用DVCA工具配置。此处选择dv数据库
这里的错误可以忽略,点击ok,继续执行。 此时Database Vault已经安装完成,只是DVCA在为dv数据库配置时候出错了,可以手工执行DVCA来纠正。这里我们就不对dv数据库操作了。直接对目标库snow,lily操作。
通过以下方法来检查Database Vault是否已经安装 export ORACLE_SID=dv sqlplus / as sysdba
SYS@dv >select * from v$option where parameter='Oracle Database Vault';
PARAMETER VALUE ------------------------------ ------------------------------ Oracle Database Vault TRUE
[oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0 [oracle@snowlab ~]$ dvca DVCA started DVCA Usage: 1. dvca -action option -oh -owner_account -owner_passwd -jdbc_str -sys_passwd [-acctmgr_account ] [-acctmgr_passwd ] [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout] [-racnode node] [-languages {["en"],["de"],["es"],["fr"],["it"],["ja"],["ko"],["pt_BR"],["zh_CN"],["zh_TW"]}] 2. dvca -action optionrac -oh -jdbc_str -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-lockout] 3. dvca -action enable -service -sys_passwd -owner_account -owner_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 4. dvca -action disable -service -sys_passwd -owner_account -owner_passwd [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 5. dvca -action deinstall -oh -jdbc_str | -service -sys_passwd [-silent] [-logfile ./dvca.log] [-nodecrypt] [-racnode node] 6. dvca -help DVCA stopped
6. DVCA配置snow数据库 使用dvca命令可以看到帮助信息,按照提示填写目标库snow的信息就可以完成配置。 [oracle@snowlab ~]$ export DISPLAY=127.0.0.1:0.0 [oracle@snowlab ~]$ dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@snow snow -sys_passwd oracle DVCA started Executing task RESTART_SERVICES_PATCH MANAGE_INSTANCE stop isqlplus MANAGE_INSTANCE stop OC4J MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found. MANAGE_LISTENER start listener MANAGE_LISTENER start listener result=/u01/app/oracle/product/10.2.0/db_1/bin/dvca_start_listener.sh,1, MANAGE_LISTENER start listener log= LSNRCTL for Linux: Version 10.2.0.4.0 - Production on 25-APR-2015 09:41:32
MANAGE_INSTANCE start RDBMS Executing task SQLPLUS_CATMAC Executing task UNLOCK_DVSYS Executing task LOAD_NLS_FILES load(error):java.sql.SQLException: ORA-12154: TNS:could not resolve the connect identifier specified
Executing task ACCOUNT_CREATE_OWNER Executing task GRANT_CONNECT_OWNER Executing task GRANT_ADMIN_DB_TRIG Executing task GRANT_ALTER_ANY_TRIG Executing task PASSWORD_CHANGE_DVSYS Executing task PASSWORD_CHANGE_DVF RULE_SYNC:TRUE Executing task GRANT_DV_OWNER_OWNER Executing task GRANT_DBMS_RLS_OWNER Executing task GRANT_AUDIT_TRAIL Executing task GRANT_DV_ACCTMGR_OWNER COMMAND_RULES:9 Executing task ALTER_TRIGGER_BEFORE_DDL Executing task ALTER_TRIGGER_AFTER_DDL Executing task REVOKE_CONNECT_DVSYS Executing task REVOKE_CONNECT_DVF Executing task LOCK_DVSYS Executing task LOCK_DVF Executing task ALTER_TRIGGER_LBACSYS1 Executing task ALTER_TRIGGER_LBACSYS2 Executing task ALTER_TRIGGER_LBACSYS3 Executing task DEPLOY_DVA DEPLOY_DVA,validate DEPLOY_DVA get EM home DEPLOY_DVA get EM home=/u01/app/oracle/product/10.2.0/db_1/bin/emctl getemhome,2,EM Configuration issue. /u01/app/oracle/product/10.2.0/db_1/snowlab_snow not found. DVCA_ERROR:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute Error executing task DEPLOY_DVA:java.io.IOException: java.io.IOException: /u01/app/oracle/product/10.2.0/db_1/bin/dvca_getipc.sh: cannot execute Executing task SQLPLUS_UTLRP Executing task INIT_AUDIT_SYS_OPERATIONS Executing task INIT_REMOTE_OS_AUTHENT Executing task INIT_REMOTE_OS_ROLES Executing task INIT_OS_ROLES Executing task INIT_SQL92_SECURITY Executing task INIT_OS_AUTHENT_PREFIX Executing task INIT_REMOTE_LOGIN_PASSWORDFILE Executing task INIT_RECYCLEBIN Executing task RESTART_SERVICES MANAGE_INSTANCE stop isqlplus MANAGE_INSTANCE stop OC4J MANAGE_INSTANCE stop OC4J result=/u01/app/oracle/product/10.2.0/db_1/bin/emctl stop dbconsole,2,OC4J Configuration issue. /u01/app/oracle/product/10.2.0/db_1/oc4j/j2ee/OC4J_DBConsole_snowlab_snow not found. MANAGE_INSTANCE stop RDBMS MANAGE_LISTENER stop listener MANAGE_LISTENER start listener MANAGE_INSTANCE start RDBMS MANAGE_INSTANCE start OC4J
使用dvsys用户登录 [oracle@snowlab ]$ sqlplus dvsys/dv_12345
添加域,名为my_realm DVSYS@snow >exec dbms_macadm.create_realm('my_realm','my_realm','y',1);
添加HR所有对象到域my_realm DVSYS@snow >exec dbms_macadm.add_object_to_realm('my_realm','HR','%','%');
使用HR用户可以访问自身数据 SYS@snow >conn hr/hr HR@snow >select * from tab;
TNAME TABTYPE CLUSTERID ------------------------------ ------- ---------- REGIONS TABLE COUNTRIES TABLE LOCATIONS TABLE DEPARTMENTS TABLE JOBS TABLE EMPLOYEES TABLE JOB_HISTORY TABLE EMP_DETAILS_VIEW VIEW
8 rows selected.
HR@snow >select * from jobs;
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- AD_PRES President 20000 40000 AD_VP Administration Vice President 15000 30000 AD_ASST Administration Assistant 3000 6000 FI_MGR Finance Manager 8200 16000 FI_ACCOUNT Accountant 4200 9000 AC_MGR Accounting Manager 8200 16000 AC_ACCOUNT Public Accountant 4200 9000 SA_MAN Sales Manager 10000 20000 SA_REP Sales Representative 6000 12000 PU_MAN Purchasing Manager 8000 15000 PU_CLERK Purchasing Clerk 2500 5500
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- ST_MAN Stock Manager 5500 8500 ST_CLERK Stock Clerk 2000 5000 SH_CLERK Shipping Clerk 2500 5500 IT_PROG Programmer 4000 10000 MK_MAN Marketing Manager 9000 15000 MK_REP Marketing Representative 4000 9000 HR_REP Human Resources Representative 4000 9000 PR_REP Public Relations Representative 4500 10500
19 rows selected.
使用sys用户执行查询会被“隔离”,提示权限不足 HR@snow >conn / as sysdba Connected. SYS@snow >select * from hr.jobs; select * from hr.jobs * ERROR at line 1: ORA-01031: insufficient privileges
如果SYS需要对域中的HR持有权限,可以使用DVSYS用户创建“参与者” DVSYS@snow >exec dbms_macadm.add_auth_to_realm('my_realm','SYS');
再次使用SYS用户访问HR表jobs,验证“参与者”生效了 DVSYS@snow >conn / as sysdba Connected. SYS@snow >select * from hr.jobs;
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- AD_PRES President 20000 40000 AD_VP Administration Vice President 15000 30000 AD_ASST Administration Assistant 3000 6000 FI_MGR Finance Manager 8200 16000 FI_ACCOUNT Accountant 4200 9000 AC_MGR Accounting Manager 8200 16000 AC_ACCOUNT Public Accountant 4200 9000 SA_MAN Sales Manager 10000 20000 SA_REP Sales Representative 6000 12000 PU_MAN Purchasing Manager 8000 15000 PU_CLERK Purchasing Clerk 2500 5500
JOB_ID JOB_TITLE MIN_SALARY MAX_SALARY ---------- ----------------------------------- ---------- ---------- ST_MAN Stock Manager 5500 8500 ST_CLERK Stock Clerk 2000 5000 SH_CLERK Shipping Clerk 2500 5500 IT_PROG Programmer 4000 10000 MK_MAN Marketing Manager 9000 15000 MK_REP Marketing Representative 4000 9000 HR_REP Human Resources Representative 4000 9000 PR_REP Public Relations Representative 4500 10500
19 rows selected.
接下来采用同样的方法来配置lily数据库
export DISPLAY=127.0.0.1:0.0
dvca -action option -oh /u01/app/oracle/product/10.2.0/db_1 -owner_account vault_owner -owner_passwd dv_12345 -nodecrypt -jdbc_str jdbc:oracle:oci:@lily lily -sys_passwd oracle
全文完
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29047826/viewspace-1709397/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/29047826/viewspace-1709397/
相关文章推荐
- DB - Oracle 11g在安装不到文件em.ear
- RHEL 5.4 安装oracle10.2.0.1并升级10.2.0.4
- Hyper-V安装Oracle Linux6_4 Oracle db 12c并使用rman做异机恢复
- Linux平台 Oracle 18c RAC安装Part3:DB配置
- oracle安装--db_install.rsp详解
- Redhat-Linux-Enterprise-AS4-Up2上安装Oracle amd64_db_9204
- vs2015安装ORACLE的DbFirst
- ORACLE 10.2.0.4 rac 安装成功完成提示相关
- 安装Oracle DB 后,修改计算机名(Oracle DB PC Name Change)
- Oracle Database Vault安装过程中遇到的几个问题及解决
- 在OralceLinux6.4上安装OracleDB11.2方法
- x64安装Oracle 10.2.0.4无法启动EM dbconsole问题解决
- win7旗舰版32位安装oracle 10g db
- Redhat RHEL AS3 下安装 Oracle DB 10g 中文乱码问题的解决
- RHEL5安装oracle常见的错误 /opt/oracle/product/10.2.0/db_1/lib/network/lib/ins_net_client.mk
- oracle 安装之 10.2.0.1 且 升级到 10.2.0.4
- 详说Oracle Vault——原理、安装与配置
- Oracle DB 12c远程安装方法
- Oracle 11gR2_DB_11.2.0.4的安装与配置 (RHEL 6.5)
- 安装 Oracle 11g DB