How to Configure Database Vault?

There are two things we’ll need for database vault configuration.

1. Installing the software component
2. Configuring the database to use vault
To install the software, we can start the OUI using ./runInstaller
Select the option for advanced installation
Use the same ORACLE_HOME, used for existing database
Make sure, you do not have any pending pre-requisites
 
 
Check the available Installed components. Specifically label security & database vault option. If not installed, select them by ticking the box
 

Once the Installation is over, verify the database options
$ sqlplus / as sysdba

SQL*Plus: Release 11.1.0.6.0 – Production on Thu Apr 17 10:20:27 2008

Copyright (c) 1982, 2007, Oracle. All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options

SQL>

Software installation is now over. Next step is to configure the database to use vault

Select the database to be configured

Select the tablespace name, where respective objects will be created

Specify the details for the Vault owner. Here you can also specify the credentials for separate account manager

Select the server mode


You should dialog boxes like

After selecting OK, OUI will configure the database to be used with vault. While this is happening database will be restarted in the background.

Once the configuration has successfully completed, we can start using the Database vault GUI. Typical URL will be

https://hostname:/dva/login.jsp

Here it will be using the same port, which is currently being used for Database Console.

After successful login, one should see page like

Now you can configure the vault, based on your security requirements.

NOTE: We can not use SYS / SYSTEM users to logging to vault. We’ll get following error message if we try to do so.

If we try to grant vault related role using SYS

$ sqlplus / as sysdba

SQL> GRANT DV_SECANALYST TO VTEST;

GRANT DV_SECANALYST TO VTEST
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-47401: Realm violation for grant role privilege on DV_SECANALYST.
ORA-06512: at “DVSYS.AUTHORIZE_EVENT”, line 55
ORA-06512: at line 31

One should be Valut owner to grant DV_SECANALYST / DV_ADMIN role.

$ sqlplus vowner

SQL*Plus: Release 11.1.0.6.0 – Production on Thu Apr 17 10:58:38 2008
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options

SQL> GRANT DV_SECANALYST TO VTEST;

Grant succeeded.

SQL> GRANT DV_ADMIN TO VTEST;

Advertisements
This entry was posted in Oracle Database Vault, Oracle Security and tagged . Bookmark the permalink.

7 Responses to How to Configure Database Vault?

  1. cevriye akyol says:

    hello,
    I think, there more steps to realize the database option.
    I have the oracle 11.2 running on Windows 7, i would test some securities with Oracle Database Vault.
    I have installed and configured the db with oracle Refenz.

    after I have registered db vault, i can login to database Vault_owner on em, when i try to acces the rules,
    rule sets or realms, there comes an error:

    “404 Not Found
    Resource / dva / mac / admin ruleset / not found on this server ”

    I am faced first time with db configuration, and have no great experience.
    Can someone tell me which files, paths I miss and how I act.

    Thanks for Answer

  2. Hi,

    I am using Oracle 11GR2. When I choose already existing home for Vault and label security, it says “the chosen installation conflicts with already installed software in the given Oracle home” and so unable to install as you suggested..

    Kindly, guide me please…

    Vimal.

    • This post is for 11gr1. In 11gr2 we can’t install remove specific components

      — Invoke sqlplus to check what all options you have already installed

      Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
      With the Partitioning, Automatic Storage Management, OLAP, Data Mining
      and Real Application Testing options

      — Add Data Vault by using chopt utility (invoke from ORACLE_HOME, where you want to add DV)

      chopt enable dv

      Writing to /u01/app/oracle/product/11.2.0.3/datavault/install/enable_dv.log…
      /usr/bin/make -f /u01/app/oracle/product/11.2.0.3/datavault/rdbms/lib/ins_rdbms.mk dv_on ORACLE_HOME=/u01/app/oracle/product/11.2.0.3/datavault
      /usr/bin/make -f /u01/app/oracle/product/11.2.0.3/datavault/rdbms/lib/ins_rdbms.mk ioracle ORACLE_HOME=/u01/app/oracle/product/11.2.0.3/datavault

      — Other options you can enable using this utility

      dm Oracle Data Mining RDBMS Files
      dv Oracle Database Vault
      lbac Oracle Label Security
      olap Oracle OLAP
      partitioning Oracle Partitioning
      rat Oracle Real Application Testing

      — Check dv is enabled

      /u01/app/oracle/product/11.2.0.3/datavault/rdbms/lib> ar -t libknlopt.a | grep -c kzvidv.o
      1

      — Again check using sqlplus (Now it is showing DV part of install now)

      Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
      With the Partitioning, Automatic Storage Management, OLAP, Data Mining,
      Oracle Database Vault and Real Application Testing options

      Hope this is what you are looking for.

  3. Najeeb Ahmed says:

    Have anyone done any test cases of Database vault on apps database… i mean providing securities to apps using vault…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s