Thursday, 24 April 2008

How to Configure Database Vault?

There are two things we'll need for database vault configuration.



1. Installing the software component
2. Configuring the database to use vault

To install the software, we can start the OUI using ./runInstaller



Select the option for advanced installation





Use the same ORACLE_HOME, used for existing database



Make sure, you do not have any pending pre-requisites



Check the available Installed components. Specifically label security & database vault option. If not installed, select them by ticking the box



Once the Installation is over, verify the database options

$ sqlplus / as sysdba

SQL*Plus: Release 11.1.0.6.0 - Production on Thu Apr 17 10:20:27 2008

Copyright (c) 1982, 2007, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options

SQL>

Software installation is now over. Next step is to configure the database to use vault

Select the database to be configured







Select the tablespace name, where respective objects will be created



Specify the details for the Vault owner. Here you can also specify the credentials for separate account manager

Select the server mode




You should dialog boxes like




After selecting OK, OUI will configure the database to be used with vault. While this is happening database will be restarted in the background.



Once the configuration has successfully completed, we can start using the Database vault GUI. Typical URL will be

https://hostname:<port>/dva/login.jsp

Here it will be using the same port, which is currently being used for Database Console.



After successful login, one should see page like

Now you can configure the vault, based on your security requirements.

NOTE: We can not use SYS / SYSTEM users to logging to vault. We'll get following error message if we try to do so.





If we try to grant vault related role using SYS

$ sqlplus / as sysdba

SQL> GRANT DV_SECANALYST TO VTEST;

GRANT DV_SECANALYST TO VTEST
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-47401: Realm violation for grant role privilege on DV_SECANALYST.
ORA-06512: at "DVSYS.AUTHORIZE_EVENT", line 55
ORA-06512: at line 31

One should be Valut owner to grant DV_SECANALYST / DV_ADMIN role.

$ sqlplus vowner

SQL*Plus: Release 11.1.0.6.0 - Production on Thu Apr 17 10:58:38 2008
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options

SQL> GRANT DV_SECANALYST TO VTEST;

Grant succeeded.

SQL> GRANT DV_ADMIN TO VTEST;

Posted by ybhandarkar at 04:08
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)