Steps to configure Database Vault on E-Business Suite R12.1
Steps to configure Database Vault on E-Business Suite R12.1
- Shutdown Database and Listener
- cd $ORACLE_HOME/rdbms/lib
- make -f ins_rdbms.mk dv_on lbac_on ioracle
- Startup Database and Listener
- Verify Database Vault & Label Security Enabled
Display configuration in aix
[tmofadevdb:devdb:/home/devdb:]su - root
root's Password:
[tmofadevdb:root:/:]vi /etc/ssh/sshd_config
#X11Forwarding no set it to... X11Forwarding yes Save file ...then... Stop / start sshd daemon..
[tmofadevdb:root:/:]stopsrc -s sshd
0513-044 The sshd Subsystem was requested to stop.
[tmofadevdb:root:/:]startsrc -s sshd
0513-059 The sshd Subsystem has been started. Subsystem PID is 24903882.
- Configure ‘Oracle Label Security’ and ‘Database Vault’ with dbca
Note:before running dbca make sure that oratab set correct.
Password:Qatar+123
Error
alter system set audit_sys_operations=TRUE scope=spfile
*ERROR at line 1:
ORA-01031: insufficient privileges
alter system set os_roles=FALSE scope=spfile
ERROR at line 1:
ORA-01031: insufficient privileges
alter system set recyclebin='OFF' scope=spfile
*
ERROR at line 1:
ORA-01031: insufficient privileges
alter system set remote_login_passwordfile='EXCLUSIVE' scope=spfile
*
ERROR at line 1:
ORA-01031: insufficient privileges
alter system set sql92_security=TRUE scope=spfile
*
alter system set os_roles=FALSE scope=spfile;
alter system set recyclebin='OFF' scope=spfile;
alter system set remote_login_passwordfile='EXCLUSIVE' scope=spfile;
alter system set sql92_security=TRUE scope=spfile;
alter system set remote_os_roles=FALSE scope=spfile;
alter system set audit_sys_operations=TRUE scope=spfile;
Apply Oracle E-Business Suite Release 12 Realm Creation Patch
820760395317317622309---no need for 12.1.X8317506
Integrate Oracle Database Vault 11gR2 with Oracle E-Business Suite Release 12
Create R12 Realms
1.
Copy from app-tier $FND_TOP/patch/115/sql/fnddbvebs.sql to DB-tier
CONNECT / AS SYSDBAGRANT SELECT ANY TABLE to DBV_OWNER ;CREATE SYNONYM DBV_OWNER.FND_ORACLE_USERID for APPLSYS.FND_ORACLE_USERID;CREATE SYNONYM DBV_OWNER.FND_APPLICATION for APPLSYS.FND_APPLICATION;CREATE SYNONYM DBV_OWNER.FND_PRODUCT_INSTALLATIONS for APPLSYS.FND_PRODUCT_INSTALLATIONS;
2.
Allow access to objects in the CTXSYS schema CONNECT DBV_OWNER
SQL> BEGINdvsys.dbms_macadm.DELETE_OBJECT_FROM_REALM(realm_name => 'Oracle Data Dictionary',object_owner => 'CTXSYS',object_name => '%'
,object_type => '%');END;
3. Log in as <dbvowner> and run the fnddbvebs.sql script.
4. log in as <dbvowner> and execute the following command to restore the Oracle Data Dictionary realm
SQL> BEGINdvsys.dbms_macadm.ADD_OBJECT_TO_REALM(realm_name => 'Oracle Data Dictionary',object_owner => 'CTXSYS',object_name => '%',object_type => '%');END;
/
5.log in as SYSDBA on the Database Tier and execute the following commands to revoke the privilege you granted to the Database Vault owner.
SQL> DROP SYNONYM DBV_OWNER.FND_ORACLE_USERID;SQL> DROP SYNONYM DBV_OWNER.FND_APPLICATION;SQL> DROP SYNONYM DBV_OWNER.FND_PRODUCT_INSTALLATIONS;SQL> REVOKE SELECT ANY TABLE FROM DBV_OWNER;
Enable Database Vault SQL> shutdown immediate$ chopt enable dvSQL> startup
[tmofadevdb:devdb:/devdbfs/ERPDEV/11.2.0/cfgtoollogs/dbca/ERPDEV:]chopt disable dv
Writing to /devdbfs/ERPDEV/11.2.0/install/disable_dv.log...
/usr/ccs/bin/make -f /devdbfs/ERPDEV/11.2.0/rdbms/lib/ins_rdbms.mk dv_off ORACLE_HOME=/devdbfs/ERPDEV/11.2.0
/usr/ccs/bin/make -f /devdbfs/ERPDEV/11.2.0/rdbms/lib/ins_rdbms.mk ioracle ORACLE_HOME=/devdbfs/ERPDEV/11.2.0
Note : sysman does not exits in eprdev instance Configure sysman user
SQL> grant SELECT_CATALOG_ROLE to dbv_owner;
Grant succeeded.
SQL> grant SELECT ANY DICTIONARY to dbv_owner;
Grant succeeded.
SQL>
Creating Realm using 12c OEM.
1.Login to dbv_owner
Now we logged in.
https://docs.oracle.com/database/121/DVADM/cfrealms.htm#DVADM70146
create realm
TEST CASE 1.grant sysdba to test2 user and try to access application table.
Steps number from doc id
http://www.oneappsdba.com/2012/11/database-vault-on-e-bsuiness-suite-r121.html#
Integrating Oracle E-Business Suite Release 12 with Oracle Database Vault 11gR2 (Doc ID 1091083.1)
Task 1: Verify Oracle E-Business Suite Release 12 Prerequisites
Oracle Database Vault 11g release 2 (11.2.0) is certified with Oracle E-Business Suite Release 12 (12.0 and 12.1)
Task 2: Install Oracle Database Vault 11gR2
Starting with 11g Release 2 Oracle Database Vault is included as an installed program with Oracle Database. To make it functional, one just need to register it with the database. For more details refer Oracle Database Vault 11g Release 2 documentation
Task 2.1: Install Oracle Database 11g Release 2 (11.2.0)
1. Install Oracle Database 11gR2 with Database Vault Option using a separate ORACLE_HOME than 12.0 or 12.1 Database. Perform software only install. It will install database software along with Oracle Database Vault components.
Note: If your E-Business Suite R12 is already integrated with 11gR2 database, you just need to enable Database Vault 11gR2 & register it with the database as per Task
Task 3: Register Oracle Database Vault
http://sandeepnandhadba.blogspot.qa/2014/06/step-by-step-procedure-to-install.html
During error I have granted below grant
Grant create any job to dba;Grant create external job to dba;
Grant become user to dba;Grant become user to imp_full_Database;Grant dequeue any queue to dba;Grant enqueue any queue to dba;Grant execute any program to dba;Grant manage any queue to imp_full_database;Grant create any job to scheduler_admin;Grant create external job to scheduler_admin;Grant execute any class to scheduler_admin;Grant execute any program to scheduler_admin;Grant manage scheduler to scheduler_admin;Grant execute on utl_file to public;
Top Related