Scribd
Upload
79 views4 pages

Vault Kurulum

This document provides instructions for setting up Oracle Database Vault on an Oracle E-Business Suite R12 database. The steps include: 1. Registering Database Vault by running commands to enable LBAC and DV. 2. Applying various patches to integrate Database Vault with the E-Business Suite application. 3. Configuring database initialization parameters for security and setting Database Vault accounts. 4. Running scripts to create realms and grant privileges for Database Vault integration. 5. Notes on patching and administration implications with Database Vault enabled.

Uploaded by

Gökay Masmanacı
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
79 views4 pages

Vault Kurulum

This document provides instructions for setting up Oracle Database Vault on an Oracle E-Business Suite R12 database. The steps include: 1. Registering Database Vault by running commands to enable LBAC and DV. 2. Applying various patches to integrate Database Vault with the E-Business Suite application. 3. Configuring database initialization parameters for security and setting Database Vault accounts. 4. Running scripts to create realms and grant privileges for Database Vault integration. 5. Notes on patching and administration implications with Database Vault enabled.

Uploaded by

Gökay Masmanacı
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

DECLARE

CURSOR c1 IS
SELECT owner, synonym_name name
FROM dba_synonyms
WHERE table_owner = 'SYSMAN';
BEGIN
FOR r1 IN c1 LOOP
IF r1.owner = 'PUBLIC' THEN
EXECUTE IMMEDIATE 'DROP PUBLIC SYNONYM '||r1.name;
ELSE
EXECUTE IMMEDIATE 'DROP SYNONYM '||r1.owner||'.'||r1.name;
END IF;
END LOOP;
END;
/

DROP USER mgmt_view CASCADE;


DROP ROLE mgmt_user;
DROP USER sysman CASCADE;

emca -config dbcontrol db -repos create

orapwd file=orapwTEST password=oracle123 entries=5 ignorecase=y

https://ebstst.experteam.com.tr:1158/em

--- ebs stop

Task 3: Register Oracle Database Vault

chopt enable lbac


chopt enable dv

[oradb@ebstst ~]$ chopt enable lbac

Writing to /ebsdata/oracle/TEST/db/tech_st/11.2.0/install/enable_lbac.log...
/usr/bin/make -f /ebsdata/oracle/TEST/db/tech_st/11.2.0/rdbms/lib/ins_rdbms.mk
lbac_on ORACLE_HOME=/ebsdata/oracle/TEST/db/tech_st/11.2.0
/usr/bin/make -f /ebsdata/oracle/TEST/db/tech_st/11.2.0/rdbms/lib/ins_rdbms.mk
ioracle ORACLE_HOME=/ebsdata/oracle/TEST/db/tech_st/11.2.0

[oradb@ebstst ~]$ chopt enable dv

Writing to /ebsdata/oracle/TEST/db/tech_st/11.2.0/install/enable_dv.log...
/usr/bin/make -f /ebsdata/oracle/TEST/db/tech_st/11.2.0/rdbms/lib/ins_rdbms.mk
dv_on ORACLE_HOME=/ebsdata/oracle/TEST/db/tech_st/11.2.0
/usr/bin/make -f /ebsdata/oracle/TEST/db/tech_st/11.2.0/rdbms/lib/ins_rdbms.mk
ioracle ORACLE_HOME=/ebsdata/oracle/TEST/db/tech_st/11.2.0
dbca

spfile dan db a��lmal�.

dbvowner ---- Oracle_1234%

dbvmanager --- Oracle_123#

--- hata
ORA-29504: invalid or missing schema name
ORA-06512: at line 8

ORA-29504: invalid or missing schema name reported during DV Installation (Doc ID


1509963.1)
-- hsta ignore edildi.

Task 4: Set Database Security Initialization Parameters

REMOTE_LOGIN_PASSWORDFILE = EXCLUSIVE
REMOTE_OS_ROLES = FALSE
OS_ROLES = FALSE
O7_DICTIONARY_ACCESSIBILITY = FALSE

AUDIT_SYS_OPERATIONS = TRUE
SQL92_SECURITY = TRUE
OS_AUTHENT_PREFIX = ''

Task 5: Apply Oracle E-Business Suite Release 12 Realm Creation Patch

Stop all processes (Listener, Oracle Enterprise Manager, and Oracle Database).
chopt disable dv

maintence mode enable

patch 8207603 apply


If you have multiple application tiers, apply this patch to any one application
tier

Apply the following patch to get the latest fnddbvpatch2.sql


For R12.1.X Customers, apply patch 9531731 ( R12.FND.B) for latest
fnddbvpatch2.sql.

For R12.1.X Customers, apply patch 8317506 "DB VAULT RELATED CHANGE TO ADEMUSR.SQL
"

Copy the script fnddbvebs.sql from the application tier ($FND_TOP/patch/115/sql/)


to the database tier, as some commands require a SYSDBA privileged connection

[oradb@ebstst admin]$ pwd


/ebsdata/oracle/TEST/db/tech_st/11.2.0/appsutil/admin
[oradb@ebstst admin]$
[oradb@ebstst admin]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Sat Jul 25 00:09:49 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options

SQL> GRANT SELECT ANY TABLE to dbvowner ;


SQL> CREATE SYNONYM dbvowner.FND_ORACLE_USERID for APPLSYS.FND_ORACLE_USERID;
SQL> CREATE SYNONYM dbvowner.FND_APPLICATION for APPLSYS.FND_APPLICATION;
SQL> CREATE SYNONYM dbvowner.FND_PRODUCT_INSTALLATIONS for
APPLSYS.FND_PRODUCT_INSTALLATIONS;

Log in as <dbvowner> and execute the following command to allow access to objects
in the CTXSYS schema that are otherwise protected by the Oracle Data Dictionary
realm

CONNECT DBVOWNER

SQL>
BEGIN
dvsys.dbms_macadm.DELETE_OBJECT_FROM_REALM(
realm_name => 'Oracle Data Dictionary'
,object_owner => 'CTXSYS'
,object_name => '%'
,object_type => '%');
END;
/

CONNECT DBVOWNER

/ebsdata/oracle/TEST/db/tech_st/11.2.0/appsutil/admin

SQL> @fnddbvebs.sql

CONNECT DBVOWNER

SQL>

BEGIN
dvsys.dbms_macadm.ADD_OBJECT_TO_REALM(
realm_name => 'Oracle Data Dictionary'
,object_owner => 'CTXSYS'
,object_name => '%'
,object_type => '%');
END;
/

Log in as SYSDBA on the Database Tier and execute the following commands to revoke
the privilege you granted to the Database Vault owner.

SQL> DROP SYNONYM DBVOWNER.FND_ORACLE_USERID;


SQL> DROP SYNONYM DBVOWNER.FND_APPLICATION;
SQL> DROP SYNONYM DBVOWNER.FND_PRODUCT_INSTALLATIONS;
SQL> REVOKE SELECT ANY TABLE FROM DBVOWNER;

Section 5: Oracle E-Business Suite Release 12 Patching & Administration


Implications

dbvmanager --- Oracle_123#

/ebsdata/oracle/TEST/apps/apps_st/appl/fnd/12.0.0/patch/115/sql

[applr12@ebstst sql]$ sqlplus dbvmanager


SQL*Plus: Release 10.1.0.5.0 - Production on Sat Jul 25 00:53:49 2015
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options

SQL> @fnddbvpatch3 PATCH


PL/SQL procedure successfully completed.
Commit complete.

dbvowner ---- Oracle_1234%

sqlplus dbvowner

SQL> @fnddbvpatch2 PATCH

sqlplus dbvowner

@fnddbvpatch2 PROD

sqlplus dbvmanager

@fnddbvpatch3 PROD

http://www.oneappsdba.com/2012/11/database-vault-on-e-bsuiness-suite-r121.html

You might also like