Uncategorized
Update Existing Database Vault settings.
Overview:
In this article we explain the process of how to Update the existing Database Vault settings.
Oracle Database Vault is a security product which is being accessed by privileged database users like DBAs.Application data can be protected with policies that control access by setting up the rules.
Environment Details
Hostname
|
Node1 : db01
Node 2: db02
|
Database version
|
11.2.0.4
|
Database Environment
|
OMFDB
|
Login to Database and check the current DBV Rule
$sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 – 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options
SQL> set line 200
SQL> set pages 00
SQL> set pages 200
SQL> select name,open_mode,database_role from v$database;
NAME OPEN_MODE DATABASE_ROLE
——— ——————– —————-
OMFDB READ WRITE PRIMARY
SQL> SELECT RULE_SET_NAME, HANDLER_OPTIONS, HANDLER FROM DVSYS.DBA_DV_RULE_SET
WHERE RULE_SET_NAME = ‘Allow MONITOR_USER Access’; 2
no rows selected
SQL>
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;
NAME RULE_EXPR
——————————————————————————————
Allow MONITOR_USER Access DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’
SQL> SELECT RULE_SET_NAME, RULE_NAME, RULE_EXPR FROM DVSYS.DBA_DV_RULE_SET_RULE WHERE RULE_NAME = ‘Allow MONITOR_USER Access’;
RULE_SET_NAME RULE_NAME RULE_EXPR
—————————————————————————————— ——————————————————————————————
LIMIT_MONITOR_USER Allow MONITOR_USER Access DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’
Login to DBVOWNER and Update the DBV rules with additional application IPs
Connected.
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;
NAME RULE_EXPR
——————————————————————————————
Allow MONITOR_USER Access DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1’) and DVF.F$SESSION_USER = ‘MONITOR_USER’
DVSYS.DBMS_MACADM.UPDATE_RULE
2 3 (rule_name => ‘Allow MONITOR_USER Access’,
4 rule_expr => ‘DVF.F$CLIENT_IP in (”10.10.1.1”,”172.10.1.1”,”192.168.1.1”, ”10.10.10.1”,”10.10.10.120”) and DVF.F$SESSION_USER = ”MONITOR_USER”’);
5 end;
6 /
PL/SQL procedure successfully completed.
Verify the changes
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = ‘Allow MONITOR_USER Access’;
NAME RULE_EXPR
——————————————————————————————
Allow MONITOR_USER Access DVF.F$CLIENT_IP in (‘10.10.1.1′,’172.10.1.1′,’192.168.1.1′,10.10.10.1′,’10.10.10.120’) and DVF.F$SESSION_USER = ‘MONITOR_USER’
Overview:
In this article we learnt how to Update the existing Database Vault settings.