Saturday, 11 February 2017

Update Existing Database Vault settings.

Overview:
In this article we explain the process of  how to Update the existing Database Vault settings.

Oracle Database Vault is a security product which is being accessed by privileged database users like DBAs.Application data can be protected with policies that control access by setting up the rules.

Environment Details
Hostname
Node1 : db01
Node 2: db02
Database version
11.2.0.4
Database Environment
OMFDB

Login to Database and check the current DBV Rule

$sqlplus / as sysdba
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing options

SQL> set line 200
SQL> set pages 00
SQL> set pages 200
SQL> select name,open_mode,database_role from v$database;

NAME      OPEN_MODE            DATABASE_ROLE
--------- -------------------- ----------------
OMFDB     READ WRITE           PRIMARY

SQL> SELECT RULE_SET_NAME, HANDLER_OPTIONS, HANDLER FROM DVSYS.DBA_DV_RULE_SET
 WHERE RULE_SET_NAME = 'Allow MONITOR_USER Access';  2

no rows selected

SQL>
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = 'Allow MONITOR_USER Access';

NAME                          RULE_EXPR
------------------------------------------------------------------------------------------
Allow MONITOR_USER Access    DVF.F$CLIENT_IP in ('10.10.1.1','172.10.1.1','192.168.1.1') and DVF.F$SESSION_USER = 'MONITOR_USER'


SQL> SELECT RULE_SET_NAME, RULE_NAME, RULE_EXPR FROM DVSYS.DBA_DV_RULE_SET_RULE WHERE RULE_NAME = 'Allow MONITOR_USER Access';

RULE_SET_NAME                    RULE_NAME                         RULE_EXPR
------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------
LIMIT_MONITOR_USER  Allow MONITOR_USER Access       DVF.F$CLIENT_IP in ('10.10.1.1','172.10.1.1','192.168.1.1') and DVF.F$SESSION_USER = 'MONITOR_USER'

Login to DBVOWNER and Update the DBV rules with additional application IPs

SQL> conn dbvowner/*********
Connected.
SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = 'Allow MONITOR_USER Access';

 NAME                        RULE_EXPR
------------------------------------------------------------------------------------------

Allow MONITOR_USER Access DVF.F$CLIENT_IP in ('10.10.1.1','172.10.1.1','192.168.1.1') and DVF.F$SESSION_USER = 'MONITOR_USER'


SQL> begin
DVSYS.DBMS_MACADM.UPDATE_RULE
  2    3  (rule_name => 'Allow MONITOR_USER Access',
  4  rule_expr => 'DVF.F$CLIENT_IP in (''10.10.1.1'',''172.10.1.1'',''192.168.1.1'', ''10.10.10.1'',''10.10.10.120'') and DVF.F$SESSION_USER = ''MONITOR_USER''');
  5  end;
  6  /
PL/SQL procedure successfully completed.
Verify the changes

 SQL> SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = 'Allow MONITOR_USER Access';

 NAME                                 RULE_EXPR
------------------------------------------------------------------------------------------
Allow MONITOR_USER Access      DVF.F$CLIENT_IP in ('10.10.1.1','172.10.1.1','192.168.1.1',10.10.10.1','10.10.10.120') and DVF.F$SESSION_USER = 'MONITOR_USER'


Overview:
In this article we learnt how to Update the existing Database Vault settings.

By at

1 comment:

Subscribe to: Post Comments (Atom)

Comparing Oracle Database Appliance X8-2 Model Family

September 2019 Oracle announced Oracle Database Appliance X8-2 (Small, Medium and HA). ODA X8-2 comes with more computing resources com...