Uncategorized

Update Existing Database Vault settings.

Overview:
In this article we explain the process of  how to Update the existing Database Vault settings.

Oracle Database Vault is a security product which is being accessed by privileged database users like DBAs.Application data can be protected with policies that control access by setting up the rules.

Environment Details
Hostname
Node1 : db01
Node 2: db02
Database version
11.2.0.4
Database Environment
OMFDB

Login to Database and check the current DBV Rule

$sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 – 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options

SQL> set line 200
SQL> set pages 00
SQL> set pages 200
SQL> select name,open_mode,database_role from v$database;

NAME      OPEN_MODE            DATABASE_ROLE
——— ——————– —————-
OMFDB     READ WRITE           PRIMARY

SQL> SELECT RULE_SET_NAME, HANDLER_OPTIONS, HANDLER FROM DVSYS.DBA_DV_RULE_SET
 WHERE RULE_SET_NAME = ‘Allow MONITOR_USER Access’;  2

no rows selected

SQL>
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;

NAME                          RULE_EXPR
——————————————————————————————
Allow MONITOR_USER Access    DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’


SQL> SELECT RULE_SET_NAME, RULE_NAME, RULE_EXPR FROM DVSYS.DBA_DV_RULE_SET_RULE WHERE RULE_NAME = ‘Allow MONITOR_USER Access’;

RULE_SET_NAME                    RULE_NAME                         RULE_EXPR
—————————————————————————————— ——————————————————————————————
LIMIT_MONITOR_USER  Allow MONITOR_USER Access       DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’

Login to DBVOWNER and Update the DBV rules with additional application IPs

SQL> conn dbvowner/*********
Connected.
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;

NAME                        RULE_EXPR
——————————————————————————————

Allow MONITOR_USER Access DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’


SQL> begin
DVSYS.DBMS_MACADM.UPDATE_RULE
  2    3  (rule_name => ‘Allow MONITOR_USER Access’,
  4  rule_expr => ‘DVF.F$CLIENT_IP in (”10.10.1.1”,”172.10.1.1”,”192.168.1.1”, ”10.10.10.1”,”10.10.10.120”) and DVF.F$SESSION_USER = ”MONITOR_USER”’);
  5  end;
  6  /


PL/SQL procedure successfully completed.


Verify the changes

SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;

NAME                                 RULE_EXPR
——————————————————————————————
Allow MONITOR_USER Access      DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1′,10.10.10.1′,’10.10.10.120’) and DVF.F$SESSION_USER = ‘MONITOR_USER’


Overview:
In this article we learnt how to Update the existing Database Vault settings.