sitemap

RSS地图

收藏本站

设为首页

Oracle研究中心

当前位置:Oracle研究中心 > 运维DBA >

学习笔记:Oracle Database Vault限制所有用户访问特定敏感数据表

时间:2016-05-20 21:58   来源:Oracle研究中心   作者:惜分飞   点击:

天萃荷净

启用与配置Oracle Database Vault功能实现Oracle数据库内部用户与管理限制访问特定数据表等信息 

一、如何关闭Oracle Database Vault

[oracle@node1 ~]$ sqlplus sys/xifenfei@ora11g as sysdba
?
SQL*Plus: Release 10.2.0.5.0 – Production on Fri Nov 4 09:09:00 2011
?
Copyright (c) 1982, 2010, Oracle. ?All Rights Reserved.
?
?
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
?
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
?
PARAMETER ? ? ? ? ? ? ? ? ? ? ?VALUE
—————————— ———-
Oracle Database Vault ? ? ? ? ?TRUE
?
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
?
[oracle@node1 ~]$ emctl stop dbconsole
[oracle@node1 ~]$ lsnrctl stop
[oracle@node1 ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$ pwd
/opt/oracle/product/11.2.0/db_1/rdbms/lib
[oracle@node1 lib]$ make -f ins_rdbms.mk dv_off ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvidv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvndv.o?
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
?
?- Linking Oracle?
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc ?-o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/ ? -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o ?-Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o ?-lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 ?-lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 ?-lrt -lplp11 -lserver11 -lclient11 ?-lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 ?-lrt -lplp11 -ljavavm11 -lserver11 ?-lwwg ?`cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 ? -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 ?-loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged ?-lippsmerged -lippcore ?-lippcpemerged -lippcpmerged ?-lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 ?-lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio ? ?`cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm ? ?`cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm ? -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
? ? ? ? ? ?mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
?
[oracle@node1 lib]$ sqlplus / as sysdba
?
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 09:21:39 2011
?
Copyright (c) 1982, 2011, Oracle. ?All rights reserved.
?
Connected to an idle instance.
?
SQL> startup
ORACLE instance started.
?
Total System Global Area 2137886720 bytes
Fixed Size ? ? ? ? ? ? ? ? ?2230072 bytes
Variable Size ? ? ? ? ? ?1241516232 bytes
Database Buffers ? ? ? ? ?889192448 bytes
Redo Buffers ? ? ? ? ? ? ? ?4947968 bytes
Database mounted.
Database opened.
SQL> col parameter for a30
SQL> col value for a10
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
?
PARAMETER ? ? ? ? ? ? ? ? ? ? ?VALUE
—————————— ———-
Oracle Database Vault ? ? ? ? ?FALSE

二、如何启用Oracle Database Vault

[oracle@node1 ~]$ sqlplus / as sysdba
?
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:50:40 2011
?
Copyright (c) 1982, 2011, Oracle. ?All rights reserved.
?
?
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
?
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
[oracle@node1 ~]$ ?cd $ORACLE_HOME/rdbms/lib
[oracle@node1 lib]$ ?make -f ins_rdbms.mk dv_on lbac_on ioracle
/usr/bin/ar d /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a kzvndv.o
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzvidv.o?
/usr/bin/ar cr /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a /opt/oracle/product/11.2.0/db_1/rdbms/lib/kzlilbac.o?
chmod 755 /opt/oracle/product/11.2.0/db_1/bin
?
?- Linking Oracle?
rm -f /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle
gcc ?-o /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle -m64 -L/opt/oracle/product/11.2.0/db_1/rdbms/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/ -L/opt/oracle/product/11.2.0/db_1/lib/stubs/ ? -Wl,-E /opt/oracle/product/11.2.0/db_1/rdbms/lib/opimai.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ssoraed.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/ttcsoi.o ?-Wl,–whole-archive -lperfsrv11 -Wl,–no-whole-archive /opt/oracle/product/11.2.0/db_1/lib/nautab.o /opt/oracle/product/11.2.0/db_1/lib/naeet.o /opt/oracle/product/11.2.0/db_1/lib/naect.o /opt/oracle/product/11.2.0/db_1/lib/naedhs.o /opt/oracle/product/11.2.0/db_1/rdbms/lib/config.o ?-lserver11 -lodm11 -lcell11 -lnnet11 -lskgxp11 -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lclient11 ?-lvsn11 -lcommon11 -lgeneric11 -lknlopt `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap11" ; fi` -lslax11 -lpls11 ?-lrt -lplp11 -lserver11 -lclient11 ?-lvsn11 -lcommon11 -lgeneric11 `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavserver11.a ] ; then echo "-lavserver11" ; else echo "-lavstub11"; fi` `if [ -f /opt/oracle/product/11.2.0/db_1/lib/libavclient11.a ] ; then echo "-lavclient11" ; fi` -lknlopt -lslax11 -lpls11 ?-lrt -lplp11 -ljavavm11 -lserver11 ?-lwwg ?`cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 -lmm -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lztkg11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnro11 `cat /opt/oracle/product/11.2.0/db_1/lib/ldflags` ? ?-lncrypt11 -lnsgr11 -lnzjs11 -ln11 -lnl11 -lnnz11 -lzt11 ? -lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 `if /usr/bin/ar tv /opt/oracle/product/11.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo11"; fi` -L/opt/oracle/product/11.2.0/db_1/ctx/lib/ -lctxc11 -lctx11 -lzx11 -lgx11 -lctx11 -lzx11 -lgx11 -lordimt11 -lclsra11 -ldbcfg11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 -locr11 -locrb11 -locrutl11 -lhasgen11 -lskgxn2 -lnnz11 -lzt11 -lxml11 ?-loraz -llzopro -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged ?-lippsmerged -lippcore ?-lippcpemerged -lippcpmerged ?-lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lsnls11 -lunls11 ?-lsnls11 -lnls11 ?-lcore11 -lsnls11 -lnls11 -lcore11 -lsnls11 -lnls11 -lxml11 -lcore11 -lunls11 -lsnls11 -lnls11 -lcore11 -lnls11 -lasmclnt11 -lcommon11 -lcore11 -laio ? ?`cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -Wl,-rpath,/opt/oracle/product/11.2.0/db_1/lib -lm ? ?`cat /opt/oracle/product/11.2.0/db_1/lib/sysliblist` -ldl -lm ? -L/opt/oracle/product/11.2.0/db_1/lib
test ! -f /opt/oracle/product/11.2.0/db_1/bin/oracle ||\
? ? ? ? ? ?mv -f /opt/oracle/product/11.2.0/db_1/bin/oracle /opt/oracle/product/11.2.0/db_1/bin/oracleO
mv /opt/oracle/product/11.2.0/db_1/rdbms/lib/oracle /opt/oracle/product/11.2.0/db_1/bin/oracle
chmod 6751 /opt/oracle/product/11.2.0/db_1/bin/oracle
[oracle@node1 lib]$ sqlplus / as sysdba
?
SQL*Plus: Release 11.2.0.3.0 Production on Fri Nov 4 12:52:51 2011
?
Copyright (c) 1982, 2011, Oracle. ?All rights reserved.
?
Connected to an idle instance.
?
SQL> startup
ORACLE instance started.
?
Total System Global Area ?622149632 bytes
Fixed Size ? ? ? ? ? ? ? ? ?2230912 bytes
Variable Size ? ? ? ? ? ? 201328000 bytes
Database Buffers ? ? ? ? ?411041792 bytes
Redo Buffers ? ? ? ? ? ? ? ?7548928 bytes
Database mounted.
Database opened.
?
SQL> col parameter for a30
SQL> col value for a10 ? ?
SQL> SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
?
PARAMETER ? ? ? ? ? ? ? ? ? ? ?VALUE
—————————— ———-
Oracle Database Vault ? ? ? ? ?TRUE
?
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – 64bit Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining,
Oracle Database Vault and Real Application Testing options
?
[oracle@node1 lib]$ lsnrctl start
[oracle@node1 lib]$ emctl start dbconsole

 

三、Oracle Database Vault启用关闭总机

1、关闭实例/EM/监听
2、修改Oracle Database Vault
? ?cd $ORACLE_HOME/rdbms/lib
? ?make -f ins_rdbms.mk dv_off ioracle ?–关闭
? ?make -f ins_rdbms.mk dv_on lbac_on ioracle ?–开启
3、开启实例/EM/监听


-----------------温馨提示--------------------
操作有风险,动手需谨慎
Oracle研究中心
http://www.oracleplus.net
本文由大师惜分飞原创分享,转载请尽量保留本站网址

--------------------------------------ORACLE-DBA----------------------------------------

最权威、专业的Oracle案例资源汇总之学习笔记:Oracle Database Vault限制所有用户访问特定敏感数据表

本文由大师惜分飞原创分享,网址:http://www.oracleplus.net/arch/207.html

Oracle研究中心

关键词:

Oracle Database Vault启用与设置配置

限制Oracle数据库所有用户访问特定敏感数据表权限方法

设置Oracle数据库数据的访问安全策略