Oracle database vault
Oracle Data Vault is the use of the Data Vault data warehousing methodology on Oracle Database by Oracle Corporation. It organizes data into Hubs (business keys), Links (relationships), and Satellites (descriptive history). It is designed for scalable, agile, and auditable enterprise data warehouses. Oracle tools like Oracle Data Integrator are commonly used to load and transform the data. It should not be confused with Oracle Database Vault, which is a security product.
oraclesqlsecurity-auditingv1.0.0
0 stars1 downloads29 views0 comments
By fathy • Created
Code
(123 lines)123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
Vault Steps
============
Step 1: Verify Prerequisites
====================================
- Ensure that Oracle Database 19c is already installed.
- Verify that your database is in ARCHIVELOG mode:
SQL> SELECT log_mode FROM v$database;
- If it returns NOARCHIVELOG, switch to ARCHIVELOG mode:
SQL> SHUTDOWN IMMEDIATE;
SQL> STARTUP MOUNT;
SQL> ALTER DATABASE ARCHIVELOG;
SQL> ALTER DATABASE OPEN;
- Check if Oracle Label Security (OLS) is enabled, as Database Vault requires it, If it is not installed, you must enable it.
SQL> SELECT * FROM dba_registry WHERE comp_id='OLS';
****************************************** DATABASE VAULT ************************************************************
Check whether DB Vault is enabled
___________________________________
1- select * from v$option where lower(PARAMETER) like '%vault%';
PARAMETER
----------------------------------------------------------------
VALUE CON_ID
---------------------------------------------------------------- ----------
Oracle Database Vault
FALSE 0
SQL> select * from dba_dv_status;
NAME
-------------------
STATUS
----------------------------------------------------------------
DV_APP_PROTECTION
NOT CONFIGURED
DV_CONFIGURE_STATUS
FALSE
DV_ENABLE_STATUS
FALSE
SQL>Select * from dba_objects where status='INVALID';
no rows selected
Users to manage database vault:
_______________________________
create user c##dvowner identified by dvowner;
create user c##dvactmgr identified by dvactmgr;
BEGIN
DVSYS.CONFIGURE_DV (
dvowner_uname => 'c##dvowner', ===========> to set configuration for users
dvacctmgr_uname => 'c##dvactmgr');
END;
/
conn c##dvowner/dvowner
EXEC DBMS_MACADM.ENABLE_DV;
execute dvsys.dbms_macadm.enable_app_protection(NULL); ==========> to enable database vault
EXEC DBMS_MACADM.DISENABLE_APP_PROTECTION;
EXEC DBMS_MACADM.ENABLE_APP_PROTECTION ('HRPDB');
conn / as sysdba
shutdown immediate ===============> restart database to confige database vault
startup
alter pluggable database all open;
select * from dba_dv_status;
conn c##dvowner/dvowner
16---BEGIN
DVSYS.DBMS_MACADM.CREATE_REALM(
realm_name =>'ARABANK_REALM',
description =>'Realm to protect tables ARABANK schema' ,
enabled =>DBMS_MACUTL.G_YES, --realm enabled
audit_options =>DBMS_MACUTL.G_REALM_AUDIT_FAIL); --audit enabled ============>set a specific users with privilege
END;
/
17---BEGIN
DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM(
realm_name =>'ARABANK_REALM',
object_owner => 'ARABANK', ============>set a specific table encrypt
object_name => 'pa_tran_monthly_dtl',
object_type =>'TABLE');
END;
/
18---BEGIN
DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(
realm_name =>'ARABANK_REALM',
grantee =>'ARABANK',
auth_options =>DBMS_MACUTL.G_REALM_AUTH_OWNER); ============>set a specific Users Access
end;
/
======================================================================================================================