20 Oracle Database Vault General Administrative APIs

The DBMS_MACADM PL/SQL package and the DVSYS.CONFIGURE_DV standalone procedure enable you to you perform general maintenance tasks.

DBMS_MACADM General System Maintenance Procedures
DVSYS.CONFIGURE_DV General System Maintenance Procedure

DBMS_MACADM General System Maintenance Procedures

The general system maintenance procedures of the DBMS_MACADM PL/SQL package enable you to you perform tasks such as authorizing users or adding new language to Oracle Database Vault.

About the DBMS_MACADM General System Maintenance Procedures

Table 20-1 lists the procedures within the DBMS_MACADM PL/SQL package that you can use to perform general maintenance activities that require the DV_OWNER role.

Table 20-1 DBMS_MACADM General System Maintenance Procedures

Procedure	Description
ADD_NLS_DATA Procedure	Adds a new language to Oracle Database Vault
AUTHORIZE_DATAPUMP_USER Procedure	Authorizes a user to perform Oracle Data Pump operations when Oracle Database Vault is enabled
AUTHORIZE_DDL	Grants a user authorization to execute data definition language (DDL) statements on the specified schema
AUTHORIZE_PROXY_USER	Grants a proxy user authorization to proxy other user accounts
AUTHORIZE_SCHEDULER_USER Procedure	Authorizes a user to schedule database jobs when Oracle Database Vault is enabled
AUTHORIZE_TTS_USER Procedure	Authorizes a user to perform Oracle Data Pump transportable tablespace operations for a tablespace when Oracle Database Vault is enabled
UNAUTHORIZE_DATAPUMP_USER Procedure	Revokes the authorization that was granted by the `DBMS_MACADM.AUTHORIZE_DATAPUMP_USER` procedure
UNAUTHORIZE_DDL Procedure	Revokes authorization from a user who was granted authorization to execute DDL statements through the `DBMS_MACDM.AUTHORIZE_DDL` procedure
UNAUTHORIZE_PROXY_USER Procedure	Revokes authorization from a user who was granted proxy authorization from the `DBMS_MACADM.AUTHORIZE_PROXY_USER` procedure
UNAUTHORIZE_SCHEDULER_USER Procedure	Revokes authorization that was granted by the `DBMS_MACADM.AUTHORIZE_SCHEDULER_USER` procedure
UNAUTHORIZE_TTS_USER Procedure	Revokes from authorization a user who had been granted authorization to perform Oracle Data Pump transportable tablespace operations for a tablespace when Oracle Database Vault is enabled
DISABLE_DV Procedure	Disables Oracle Database Vault
DISABLE_DV_DICTIONARY_ACCTS Procedure	Prevents users from logging into the `DVSYS` and `DFV` schema accounts
DISABLE_DV_PATCH_ADMIN_AUDIT Procedure	Disables realm, command rule, and rule set auditing of the actions by users who have been granted the `DV_PATCH_ADMIN` role
DISABLE_ORADEBUG Procedure	Disables the use of the `ORADEBUG` utility in an Oracle Database Vault environment
ENABLE_DV Procedure	Enables Oracle Database Vault
ENABLE_DV_DICTIONARY_ACCTS Procedure	Enables users to log into the `DVSYS` and `DFV` schema accounts
ENABLE_DV_PATCH_ADMIN_AUDIT Procedure	Enables realm, command rule, and rule set auditing of the actions by users who have been granted the `DV_PATCH_ADMIN` role
ENABLE_ORADEBUG Procedure	Enables the use of the `ORADEBUG` utility in an Oracle Database Vault environment

ADD_NLS_DATA Procedure

The ADD_NLS_DATA procedure adds a new language to Oracle Database Vault.

Syntax

DBMS_MACADM.ADD_NLS_DATA(
  language      IN VARCHAR );

Parameters

Table 20-2 ADD_NLS_DATA

Parameter Description

Parameter	Description
`language`	Enter one of the following settings. (This parameter is case insensitive.) `ENGLISH` `GERMAN` `SPANISH` `FRENCH` `ITALIAN` `JAPANESE` `KOREAN` `BRAZILIAN PORTUGUESE` `SIMPLIFIED CHINESE` `TRADITIONAL CHINESE`

language

Enter one of the following settings. (This parameter is case insensitive.)

ENGLISH
GERMAN
SPANISH
FRENCH
ITALIAN
JAPANESE
KOREAN
BRAZILIAN PORTUGUESE
SIMPLIFIED CHINESE
TRADITIONAL CHINESE

Examples

EXEC DBMS_MACADM.ADD_NLS_DATA('french');

AUTHORIZE_DATAPUMP_USER Procedure

The AUTHORIZE_DATAPUMP_USER procedure authorizes a user to perform Oracle Data Pump operations when Oracle Database Vault is enabled. It applies to both the expdp and impdp utilities.

See "Authorizing Users for Oracle Data Pump Regular Operations in Database Vault" for full usage information, including the levels of additional authorization the user must have to use Oracle Data Pump in an Oracle Database Vault environment.

Syntax

DBMS_MACADM.AUTHORIZE_DATAPUMP_USER(
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2 DEFAULT NULL,
  table_name     IN VARCHAR2 DEFAULT NULL);

Parameters

Table 20-3 AUTHORIZE_DATAPUMP_USER

Parameter Description

Parameter	Description
`user_name`	Name of the Oracle Data Pump user to whom you want to grant authorization. To find a list of users who have privileges to use Oracle Data Pump (that is, the `EXP_FULL_DATABASE` and `IMP_FULL_DATABASE` roles), query the `DBA_ROLE_PRIVS` data dictionary view as follows: SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTED_ROLE LIKE '%FULL%'
`schema_name`	Name of the database schema that the Oracle Data Pump user must export or import. If you omit this parameter, then the user is granted global authorization to export and import any schema in the database. In this case, ensure the user has been granted the `DV_OWNER` role.
`table_name`	Name of the table within the schema specified by the `schema_name` parameter. If you omit this parameter, then the user you specified can export and import all tables within the schema specified by the `schema_name` parameter.

user_name

Name of the Oracle Data Pump user to whom you want to grant authorization.

To find a list of users who have privileges to use Oracle Data Pump (that is, the EXP_FULL_DATABASE and IMP_FULL_DATABASE roles), query the DBA_ROLE_PRIVS data dictionary view as follows:

SELECT GRANTEE, GRANTED_ROLE FROM DBA_ROLE_PRIVS WHERE GRANTED_ROLE LIKE '%FULL%'

schema_name

Name of the database schema that the Oracle Data Pump user must export or import. If you omit this parameter, then the user is granted global authorization to export and import any schema in the database. In this case, ensure the user has been granted the DV_OWNER role.

table_name

Name of the table within the schema specified by the schema_name parameter. If you omit this parameter, then the user you specified can export and import all tables within the schema specified by the schema_name parameter.

Examples

EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('DP_MGR');

EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('DP_MGR', 'HR');

EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('DP_MGR', 'HR', 'EMPLOYEES');

AUTHORIZE_DDL

The AUTHORIZE_DDL procedure grants a user authorization to execute Data Definition Language (DDL) statements on the specified schema.

To find information about users who have been granted this authorization, query the DVSYS.DBA_DV_DDL_AUTH data dictionary view.

Syntax

DBMS_MACADM.AUTHORIZE_DDL(
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2);

Parameters

Table 20-4 AUTHORIZE_DDL

Parameter	Description
`user_name`	Name of the user to whom you want to grant DDL authorization.
`schema_name`	Name of the database schema in which the user wants to perform the DDL statements. Enter `%` to specify all schemas.

Examples

The following example enables user psmith to execute DDL statements in any schema:

EXEC DBMS_MACADM.AUTHORIZE_DDL('psmith', '%');

This example enables user psmith to execute DDL statements in the HR schema only.

EXEC DBMS_MACADM.AUTHORIZE_DDL('psmith', 'HR');

AUTHORIZE_PROXY_USER

The AUTHORIZE_PROXY_USER procedure grants a proxy user authorization to proxy other user accounts, as long as the proxy user has database authorization (for example, the CREATE SESSION privilege).

To find information about users who have been granted this authorization, query the DVSYS.DBA_DV_PROXY_AUTH view.

Syntax

DBMS_MACADM.AUTHORIZE_PROXY_USER(
  proxy_user   IN VARCHAR2,
  user_name    IN VARCHAR2);

Parameters

Table 20-5 AUTHORIZE_PROXY_USER

Parameter	Description
`proxy_user`	Name of the proxy user.
`user_name`	Name of the database user who will be proxied by the `proxy_user` user. Enter `%` to specify all users.

Examples

The following example enables proxy user preston to proxy all users:

DBMS_MACADM.AUTHORIZE_PROXY_USER('preston', '%');

This example enables proxy user preston to proxy database user dkent only.

DBMS_MACADM.AUTHORIZE_PROXY_USER('preston', 'dkent');

AUTHORIZE_SCHEDULER_USER Procedure

The AUTHORIZE_SCHEDULER_USER procedure grants a user authorization to schedule database jobs when Oracle Database Vault is enabled.

This authorization applies to anyone who has privileges to schedule database jobs. These privileges include any of the following: CREATE JOB, CREATE ANY JOB, CREATE EXTERNAL JOB, EXECUTE ANY PROGRAM, EXECUTE ANY CLASS, MANAGE SCHEDULER. See "Using Oracle Scheduler with Oracle Database Vault" full usage information, including the levels of authorization the user must have to schedule database jobs in an Oracle Database Vault environment.

Syntax

DBMS_MACADM.AUTHORIZE_SCHEDULER_USER(
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2 DEFAULT NULL);

Parameters

Table 20-6 AUTHORIZE_SCHEDULER_USER

Parameter Description

Parameter	Description
`user_name`	Name of the user to whom you want to grant authorization. To find a list of users who have privileges to schedule jobs, query the `DBA_SYS_PRIVS` data dictionary view. See Step 2 in "Granting a Job Scheduling Administrator Authorization for Oracle Database Vault".
`schema_name`	Name of the database schema for which a job will be scheduled. If you omit this parameter, then the user is granted global authorization to schedule a job for any schema in the database.

user_name

Name of the user to whom you want to grant authorization.

To find a list of users who have privileges to schedule jobs, query the DBA_SYS_PRIVS data dictionary view. See Step 2 in "Granting a Job Scheduling Administrator Authorization for Oracle Database Vault".

schema_name

Name of the database schema for which a job will be scheduled. If you omit this parameter, then the user is granted global authorization to schedule a job for any schema in the database.

Examples

The following example authorizes the user JOB_MGR to run a job under any schema.

EXEC DBMS_MACADM.AUTHORIZE_SCHEDULER_USER('JOB_MGR');

This example authorizes user JOB_MGR to run a job under the HR schema only.

EXEC DBMS_MACADM.AUTHORIZE_SCHEDULER_USER('JOB_MGR', 'HR');

AUTHORIZE_TTS_USER Procedure

The AUTHORIZE_TTS_USER procedure authorizes a user to perform Oracle Data Pump transportable tablespace operations for a tablespace when Oracle Database Vault is enabled. It applies to both the EXPDP and IMPDP utilities.

Syntax

DBMS_MACADM.AUTHORIZE_TTS_USER
  uname      IN VARCHAR2,
  tsname     IN VARCHAR2);

Parameters

Table 20-7 AUTHORIZE_TTS_USER

Parameter Description

Parameter	Description
`uname`	Name of the user who you want to authorize to perform Oracle Data Pump transportable tablespace operations. To find a list of users and their current privileges, query the `DBA_SYS_PRIVS` data dictionary view.
`tsname`	Name of the tablespace in which the `uname` user is to perform the transportable tablespace operation. To find a list of tablespaces, query the `DBA_TABLESPACES` data dictionary view.

uname

Name of the user who you want to authorize to perform Oracle Data Pump transportable tablespace operations.

To find a list of users and their current privileges, query the DBA_SYS_PRIVS data dictionary view.

tsname

Name of the tablespace in which the uname user is to perform the transportable tablespace operation.

To find a list of tablespaces, query the DBA_TABLESPACES data dictionary view.

Example

EXEC DBMS_MACADM.AUTHORIZE_TTS_USER('PSMITH', 'HR_TS');

UNAUTHORIZE_DATAPUMP_USER Procedure

The UNAUTHORIZE_DATAPUMP_USER procedure revokes the authorization that was granted by the AUTHORIZE_DATAPUMP_USER procedure.

When you run this procedure, ensure that its settings correspond exactly to the equivalent AUTHORIZE_DATAPUMP_USER procedure.

For example, the following two procedures will work because the parameters are consistent:

EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('DP_MGR');

EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('DP_MGR');

However, because the parameters in the following procedures are not consistent, the UNAUTHORIZE_DATAPUMP_USER procedure will not work:

EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('JSMITH');

EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('JSMITH', 'HR');

Syntax

DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER(
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2 DEFAULT NULL,
  table_name     IN VARCHAR2 DEFAULT NULL);

Parameters

Table 20-8 UNAUTHORIZE_DATAPUMP_USER

Parameter Description

Parameter	Description
`user_name`	Name of the Oracle Data Pump user from whom you want to revoke authorization. To find a list of users and authorizations from the `AUTHORIZE_DATAPUMP_USER` procedure, query the `DVSYS.DVSYS.DBA_DV_DATAPUMP_AUTH` data dictionary view as follows: SELECT * FROM DVSYS.DBA_DV_DATAPUMP_AUTH;
`schema_name`	Name of the database schema that the Oracle Data Pump user is authorized to export or import.
`table_name`	Name of the table within the schema specified by the `schema name` parameter.

user_name

Name of the Oracle Data Pump user from whom you want to revoke authorization.

To find a list of users and authorizations from the AUTHORIZE_DATAPUMP_USER procedure, query the DVSYS.DVSYS.DBA_DV_DATAPUMP_AUTH data dictionary view as follows:

SELECT * FROM DVSYS.DBA_DV_DATAPUMP_AUTH;

schema_name

Name of the database schema that the Oracle Data Pump user is authorized to export or import.

table_name

Name of the table within the schema specified by the schema name parameter.

Examples

EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('JSMITH');

EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('JSMITH', 'HR');

EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('JSMITH', 'HR', 'SALARY');

UNAUTHORIZE_DDL Procedure

The UNAUTHORIZE_DDL procedure revokes authorization from a user who was granted authorization to execute DDL statements through the DBMS_MACDM.AUTHORIZE_DDL procedure.

To find information about users who have been granted this authorization, query the DVSYS.DBA_DV_DDL_AUTH data dictionary view.

Syntax

DBMS_MACADM.UNAUTHORIZE_DDL(
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2);

Parameters

Table 20-9 UNAUTHORIZE_DDL

Parameter	Description
`user_name`	Name of the user from whom you want to revoke DDL authorization.
`schema_name`	Name of the database schema in which the user wants to perform the DDL statements. Enter `%` specify all schemas.

Examples

The following example revokes DDL statement execution authorization from user psmith for all schemas:

EXEC DBMS_MACADM.UNAUTHORIZE_DDL('psmith', '%');

This example revokes DDL statement execution authorization from user psmith for the HR schema only.

EXEC DBMS_MACADM.UNAUTHORIZE_DDL('psmith', 'HR');

UNAUTHORIZE_PROXY_USER Procedure

The UNAUTHORIZE_PROXY_USER procedure revokes authorization from a user who was granted proxy authorization from the DBMS_MACADM.AUTHORIZE_PROXY_USER procedure.

Syntax

DBMS_MACADM.UNAUTHORIZE_PROXY_USER(
  proxy_user   IN VARCHAR2,
  user_name    IN VARCHAR2);

Parameters

Table 20-10 UNAUTHORIZE_PROXY_USER

Parameter	Description
`proxy_user`	Name of the proxy user.
`user_name`	Name of the database user who was proxied by the `proxy_user` user. Enter `%` to specify all users.

Examples

The following example revokes proxy authorization from user preston for proxying all users:

DBMS_MACADM.UNAUTHORIZE_PROXY_USER('preston', '%');

This example revokes proxy authorization from user preston for proxying database user psmith only.

DBMS_MACADM.UNAUTHORIZE_PROXY_USER('preston', 'psmith');

UNAUTHORIZE_SCHEDULER_USER Procedure

The UNAUTHORIZE_SCHEDULER_USER procedure revokes the authorization that was granted by the AUTHORIZE_SCHEDULER_USER procedure.

When you run this procedure, ensure that its settings correspond exactly to the equivalent AUTHORIZE_SCHEDULER_USER procedure. For example, the following two procedures will work because the parameters are consistent:

EXEC DBMS_MACADM.AUTHORIZE_SCHEDULER_USER('JOB_MGR');

EXEC DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER('JOB_MGR');

However, because the parameters in the following procedures are not consistent, the UNAUTHORIZE_SCHEDULER_USER procedure will not work:

EXEC DBMS_MACADM.AUTHORIZE_SCHEDULER_USER('JOB_MGR');

EXEC DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER('JOB_MGR', 'HR');

Syntax

DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER
  user_name      IN VARCHAR2,
  schema_name    IN VARCHAR2 DEFAULT NULL);

Parameters

Table 20-11 UNAUTHORIZE_SCHEDULER_USER

Parameter Description

Parameter	Description
`user_name`	Name of the job scheduling user from whom you want to revoke authorization. To find a list of users and authorizations from the `AUTHORIZE_SCHEDULER_USER` procedure, query the `DVSYS.DBA_DV_JOB_AUTH` data dictionary view as follows: SELECT * FROM DVSYS.DBA_DV_JOB_AUTH;
`schema_name`	Name of the database schema for which the user is authorized to schedule jobs.

user_name

Name of the job scheduling user from whom you want to revoke authorization.

To find a list of users and authorizations from the AUTHORIZE_SCHEDULER_USER procedure, query the DVSYS.DBA_DV_JOB_AUTH data dictionary view as follows:

SELECT * FROM DVSYS.DBA_DV_JOB_AUTH;

schema_name

Name of the database schema for which the user is authorized to schedule jobs.

Examples

EXEC DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER('JOB_MGR');

EXEC DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER('JOB_MGR', 'HR');

UNAUTHORIZE_TTS_USER Procedure

The UNAUTHORIZE_TTS_USER procedure removes from authorization users who had previously been granted the authorization to perform Oracle Data Pump transportable tablespace operations for a tablespace when Oracle Database Vault is enabled.

Syntax

DBMS_MACADM.UNAUTHORIZE_TTS_USER
  uname      IN VARCHAR2,
  tsname     IN VARCHAR2);

Parameters

Table 20-12 UNAUTHORIZE_TTS_USER

Parameter Description

Parameter	Description
`uname`	Name of the user who you want to remove from being authorized to perform Oracle Data Pump transportable tablespace operations. To find a list of users and their current privileges, query the `DBA_SYS_PRIVS` data dictionary view.
`tsname`	Name of the tablespace that is used in the transportable tablespace operation. To find a list of tablespaces, query the `DBA_TABLESPACES` data dictionary view.

uname

Name of the user who you want to remove from being authorized to perform Oracle Data Pump transportable tablespace operations.

To find a list of users and their current privileges, query the DBA_SYS_PRIVS data dictionary view.

tsname

Name of the tablespace that is used in the transportable tablespace operation.

To find a list of tablespaces, query the DBA_TABLESPACES data dictionary view.

Example

EXEC DBMS_MACADM.UNAUTHORIZE_TTS_USER('PSMITH', 'HR_TS');

DISABLE_DV Procedure

The DISABLE_DV procedure disables Oracle Database Vault. After you run this procedure, you must restart the database.

Syntax

DBMS_MACADM.DISABLE_DV;

Parameters

None.

Example

EXEC DBMS_MACADM.DISABLE_DV;

See Also:

Appendix B, "Disabling and Enabling Oracle Database Vault," for detailed information about disabling and enabling Database Vault, including to how to find out if Database Vault is enabled

DISABLE_DV_DICTIONARY_ACCTS Procedure

The DISABLE_DV_DICTIONARY_ACCTS procedure prevents any user from logging into the database as the DVSYS or DVF schema user.

By default these two accounts are locked. Only a user who has been granted the DV_OWNER role can execute this procedure. To find the status of whether users can log into DVSYS and DVF, query the DVSYS.DBA_DV_DICTIONARY_ACCTS data dictionary view. For stronger security, run this procedure to better protect the DVSYS and DVF schemas. The disablement takes place immediately, so you do not need to restart the database after running this procedure.

Syntax

DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS;

Parameters

None.

Example

EXEC DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS;

DISABLE_DV_PATCH_ADMIN_AUDIT Procedure

The DISABLE_DV_PATCH_ADMIN_AUDIT procedure disables realm, command rule, and rule set auditing of the actions by users who have been granted the DV_PATCH_ADMIN role.

This procedure disables the successful actions of this user, not the failed actions. You should run this procedure after the DV_PATCH_ADMIN user has completed database patch operation. To find if auditing is enabled or not, query the DVSYS.DBA_DV_PATCH_AUDIT data dictionary view.

Syntax

DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT;

Parameters

None.

Example

EXEC DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT;

See Also:

DISABLE_ORADEBUG Procedure

The DISABLE_ORADEBUG procedure disables the use of the ORADEBUG utility in an Oracle Database Vault environment.

The disablement takes place immediately, so you do not need to restart the database after running this procedure. To find the status of whether the ORADEBUG utility is available in Database Vault, query the DVYS.DBA_DV_ORADEBUG data dictionary view.

Syntax

DBMS_MACADM.DISABLE_ORADEBUG;

Parameters

None.

Example

EXEC DBMS_MACADM.DISABLE_ORADEBUG;

ENABLE_DV Procedure

The ENABLE_DV procedure enables Oracle Database Vault and Oracle Label Security. After you run this procedure, you must restart the database.

Syntax

DBMS_MACADM.ENABLE_DV;

Parameters

None.

Example

EXEC DBMS_MACADM.ENABLE_DV;

See Also:

Appendix B, "Disabling and Enabling Oracle Database Vault," for detailed information about disabling and enabling Database Vault, including to how to find out if Database Vault is enabled

ENABLE_DV_PATCH_ADMIN_AUDIT Procedure

The ENABLE_DV_PATCH_ADMIN_AUDIT procedure enables realm, command rule, and rule set auditing of the actions by users who have been granted the DV_PATCH_ADMIN role, in accordance with the existing audit configuration.

This procedure is designed to audit these users' actions during a patch upgrade. To find if this auditing is enabled or not, query the DVSYS.DBA_DV_PATCH_AUDIT data dictionary view.

Syntax

DBMS_MACADM.ENABLE_DV_PATCH_ADMIN_AUDIT;

Parameters

None.

Example

EXEC DBMS_MACADM.ENABLE_DV_PATCH_ADMIN_AUDIT;

See Also:

ENABLE_DV_DICTIONARY_ACCTS Procedure

The ENABLE_DV_DICTIONARY_ACCTS procedure enables users to log into the database as the DVSYS or DVF user. By default, these accounts are locked.

Only a user who has been granted the DV_OWNER role can execute this procedure. To find the status of whether users can log into DVSYS and DVF, query the DVSYS.DBA_DV_DICTIONARY_ACCTS data dictionary view. For stronger security, only run this procedure when you need to better protect the DVSYS and DVF schemas. The enablement takes place immediately, so you do not need to restart the database after running this procedure.

Syntax

DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS;

Parameters

None.

Example

EXEC DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS;

ENABLE_ORADEBUG Procedure

The ENABLE_ORADEBUG procedure enables the use of the ORADEBUG utility in an Oracle Database Vault environment.

The enablement takes place immediately, so you do not need to restart the database after running this procedure. To find the status of whether the ORADEBUG utility is available in Database Vault, query the DVYS.DBA_DV_ORADEBUG data dictionary view.

Syntax

DBMS_MACADM.ENABLE_ORADEBUG;

Parameters

None.

Example

EXEC DBMS_MACADM.ENABLE_ORADEBUG;

DVSYS.CONFIGURE_DV General System Maintenance Procedure

The DVSYS.CONFIGURE_DV procedure configures the initial two Oracle Database user accounts, which are granted the DV_OWNER and DV_ACCTMGR roles, respectively.

Before you run this procedure, you must create the two user accounts and grant them the CREATE SESSION privilege. The accounts can be either local or common. If you create common user accounts, then the Database Vault roles that are granted to these users apply to the current pluggable database (PDB) only. You then refer to these user accounts for the CONFIGURE_DV procedure.

You only can run the DVSYS.CONFIGURE_DV procedure once, when you are ready to register Oracle Database Vault with an Oracle database. After you run this procedure, you must run utlrp.sql script and then DBMS_MACADM.ENABLE_DV to complete the registration process. Oracle recommends that for better security, you use the two accounts you create here as back-up accounts and then create additional accounts for every day use. See "Oracle Database Vault Accounts" for guidance.

When you run the DVSYS.CONFIGURE_DV procedure, it checks the DVSYS schema for problems such as missing tables or packages. If it finds problems, then it raises an ORA-47500 Database Vault cannot be configured error. If this happens, deinstall and then reinstall Oracle Database Vault. See the following sections for more information:

Together, the DVSYS.CONFIGURE_DV and DBMS_MACADM.ENABLE_DV procedures, and the and utlrp.sql script, are designed to be a command-line alternative to using Oracle Database Configuration Assistant (DBCA) to register Oracle Database Vault with an Oracle database.

You must run this procedure as user SYS. See "Registering Oracle Database Vault with an Oracle Database" for the process you would use.

Syntax

DVSYS.CONFIGURE_DV
  dvowner_uname         IN VARCHAR2,
  dvacctmgr_uname       IN VARCHAR2;

Parameters

Table 20-13 CONFIGURE_DV

Parameter	Description
`dvowner_uname`	Name of the user who will be the Database Vault Owner. This user will be granted the `DV_OWNER` role.
`dvacctmgr_uname`	Name of the user who will be the Database Vault Account Manager. This user will be granted the `DV_ACCTMGR` role. If you omit this setting, the user specified by the `dvowner_uname` parameter is made the Database Vault Account Manager and granted the `DV_ACCTMGR` role.

Example

CREATE USER dbv_owner IDENTIFIED BY password CONTAINER = CURRENT;
CREATE USER dbv_acctmgr IDENTIFIED BY password CONTAINER = CURRENT;
GRANT CREATE SESSION TO dbv_owner, dbv_acctmgr;

BEGIN
 DVSYS.CONFIGURE_DV (
   dvowner_uname         => 'dbv_owner',
   dvacctmgr_uname       => 'dbv_acctmgr';
 END;
/