B Disabling and Enabling Oracle Database Vault
Periodically you must disable and then re-enable Oracle Database Vault, for activities such as installing Oracle Database optional products or features.
- When You Must Disable Oracle Database Vault
You may need to disable Oracle Database Vault to perform upgrade tasks or correct erroneous configurations. - Step 1: Disable Oracle Database Vault
Be aware that after you disable Oracle Database Vault, Oracle Label Security, which is required to run Database Vault, is still enabled. - Step 2: Perform the Required Tasks
At this stage, Oracle Database Vault is disabled and you can perform the required tasks. - Step 3: Enable Oracle Database Vault
You can enable Oracle Database Vault and Oracle Label Security from SQL*Plus.
When You Must Disable Oracle Database Vault
You may need to disable Oracle Database Vault to perform upgrade tasks or correct erroneous configurations.
You can reenable Oracle Database Vault after you complete the corrective tasks.
To find the enablement and configuration status of Oracle Database Vault, see Verifying That Database Vault Is Configured and Enabled.
The following situations require you to disable Oracle Database Vault:
-
You must install any of the Oracle Database optional products or features, such as Oracle Spatial, by using Database Configuration Assistant (DBCA).
-
If you did not configure backup
DV_OWNER
andDV_ACCTMGR
accounts when you registered Oracle Database Vault, and these accounts are inadvertently locked or their passwords forgotten. Note that if your site only has oneDV_OWNER
user and this user has lost his or her password, you will be unable to disable Oracle Database Vault. However, if your site's onlyDV_ACCTMGR
user has lost the password, you can disable Database Vault. As a best practice, you should grant theDV_OWNER
andDV_ACCTMGR
roles to new or existing user accounts, and use the Database Vault Owner and Account Manager accounts that you created when you registered Database Vault as back-up accounts. (See Backup Oracle Database Vault Accounts for a guideline for avoiding this problem in the future.) -
If you want to register Oracle Internet Directory (OID) using Oracle Database Configuration Assistant (DBCA).
Note:
-
Be aware that if you disable Oracle Database Vault, the privileges that were revoked from existing users and roles during installation remain in effect. See Privileges That Are Revoked from Existing Users and Roles for a listing of the revoked privileges.
-
When Oracle Database Vault is disabled, there are some Database Vault features that you can still use.
-
Oracle does not support the deinstallation of Oracle Database Vault.
Parent topic: Disabling and Enabling Oracle Database Vault
Step 1: Disable Oracle Database Vault
Be aware that after you disable Oracle Database Vault, Oracle Label Security, which is required to run Database Vault, is still enabled.
Parent topic: Disabling and Enabling Oracle Database Vault
Step 2: Perform the Required Tasks
At this stage, Oracle Database Vault is disabled and you can perform the required tasks.
You can perform the following types of activities:
-
Use the Oracle Database Vault PL/SQL packages and functions. For example, to correct a login or
CONNECT
rule set error, use theDBMS_MACADM
PL/SQL package or the Oracle Database Vault pages in Enterprise Manager Cloud Control. Note that a CONNECT command rule cannot prevent a user who has theDV_OWNER
orDV_ADMIN
role from connecting to the database. This enables a Database Vault administrator to correct a misconfigured protection without having to disable Database Vault. -
Use the SYSTEM or SYS accounts to perform tasks such as creating or changing passwords, or locking and unlocking accounts. In addition to modifying standard database and administrative user accounts, you can modify passwords and the lock status of any of the Oracle Database Vault-specific accounts, such as users who have been granted the
DV_ADMIN
orDV_ACCTMGR
roles. (See the tip under Oracle Database Vault Accounts Created During Registration for a guideline for avoiding this problem in the future.) -
Perform the installation or other tasks that require security protections to be disabled.
Parent topic: Disabling and Enabling Oracle Database Vault
Step 3: Enable Oracle Database Vault
You can enable Oracle Database Vault and Oracle Label Security from SQL*Plus.
Parent topic: Disabling and Enabling Oracle Database Vault