Friday, November 9, 2012

Database Vault on E-Bsuiness Suite R12.1


Steps to configure Database Vault on E-Business Suite R12.1
- Shutdown Database and Listener
- cd $ORACLE_HOME/rdbms/lib
- make -f ins_rdbms.mk dv_on lbac_on ioracle
- Startup Database and Listener
- Verify Database Vault & Label Security Enabled




select * from v$option where parameter in ('Oracle Database Vault', 'Oracle Label Security');
PARAMETER VALUE
----------------------------------- -------
Oracle Label Security TRUE
Oracle Database Vault TRUE
- Configure ‘Oracle Label Security’ and ‘Database Vault’ with dbca
- dbca, select "configure database options", uncheck "configure enterprise manager"
- check Oracle Label Security and Oracle Database Vault
- Create two user DBV_OWNER and DBV_ACCTMGR
- Check if the following parameter are set on the database
remote_login_passwordfile EXCLUSIVE
remote_os_roles FALSE
os_roles FALSE
O7_DICTIONARY_ACCESSIBILITY FALSE
audit_sys_operations TRUE
sql92_security TRUE
os_authent_prefix '' (null)
-Apply Oracle E-Business Suite Release 12 Realm Creation Patch
Disable Database Vault
shutdown immediate
chopt disable dv
startup
Apply EBS Realm Creation Patches using adpatch
8207603
9531731
7622309
8317506
Create R12 Realms
Copy from app-tier $FND_TOP/patch/115/sql/fnddbvebs.sql to DB-tier
CONNECT / AS SYSDBA
GRANT SELECT ANY TABLE to DBVOWNER ;
CREATE SYNONYM DBVOWNER.FND_ORACLE_USERID for APPLSYS.FND_ORACLE_USERID;
CREATE SYNONYM DBVOWNER.FND_APPLICATION for APPLSYS.FND_APPLICATION;
CREATE SYNONYM DBVOWNER.FND_PRODUCT_INSTALLATIONS for APPLSYS.FND_PRODUCT_INSTALLATIONS;
Allow access to objects in the CTXSYS schema CONNECT DBVOWNER
BEGIN
dvsys.dbms_macadm.DELETE_OBJECT_FROM_REALM(
realm_name => 'Oracle Data Dictionary'
,object_owner => 'CTXSYS'
,object_name => '%'
,object_type => '%');
END;
SQL> CONNECT DBVOWNER
SQL> @fnddbvebs.sql
CONNECT DBVOWNER
BEGIN
dvsys.dbms_macadm.ADD_OBJECT_TO_REALM(
realm_name => 'Oracle Data Dictionary'
,object_owner => 'CTXSYS'
,object_name => '%'
,object_type => '%');
END;
/
DROP SYNONYM DBVOWNER.FND_ORACLE_USERID;
DROP SYNONYM DBVOWNER.FND_APPLICATION;
DROP SYNONYM DBVOWNER.FND_PRODUCT_INSTALLATIONS;
REVOKE SELECT ANY TABLE FROM DBVOWNER;
Enable Database Vault
SQL> shutdown immediate
$ chopt enable dv
SQL> startup
Reference - Integrating Oracle E-Business Suite Release 12 with Oracle Database Vault 11gR2 [ID 1091083.1]

No comments: