Database Vault
Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including users who have administrative access. For example, you can restrict administrative access to employee salaries, customer medical records, or other sensitive information. You configure Oracle Database Vault to manage the security of an individual Oracle Database instance. You can install Oracle Database Vault on standalone Oracle Database installations, in multiple Oracle homes, and in Oracle Real Application Clusters (Oracle RAC) environments. Database Vault is very useful to protect your data from users such as DBA who has access to all tables , But the questions is who is control database vault ? Usually there are two users to control it , Database vault owner this user is granted the DV_Owner role and can manage database role and configurations, the username must be minimum 2 and maximum 30 character , the password for this user should be complex. Another user called : Database Vault manager which is granted DV_ACCTMGR role, and used to manage database user account , this user is created to facilitate separation duties which mean while you install you can only create one user do all this jobs , the username should be minimum 2/maximum 30 character and the password is complex .
The installation will remain in normal procedure , If you want to check it's installed or not you can go with v$option :
SQL> select * from v$option where parameter ='Oracle Database Vault';
PARAMETER VALUE
------------------------------- --------------------------------
Oracle Database Vault FALSE
To enable database vault make sure database , dbconsole and listener are shutdown:
[oracle@prim u01]$ cd /u01/app/oracle/product/11.2.0/db_1/rdbms/lib/
[oracle@prim lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle
SQL> select * from v$option where parameter ='Oracle Database Vault';
PARAMETER VALUE
----------------------------------------------- -----------------
Oracle Database Vault TRUE
Please notice that i use Redhat in windows you need to rename some files read Oracle Documentation.
To disable Database Vault the same thing but :
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off
cd $ORACLE_HOME/bin
relink all
The installation will remain in normal procedure , If you want to check it's installed or not you can go with v$option :
SQL> select * from v$option where parameter ='Oracle Database Vault';
PARAMETER VALUE
------------------------------- --------------------------------
Oracle Database Vault FALSE
To enable database vault make sure database , dbconsole and listener are shutdown:
[oracle@prim u01]$ cd /u01/app/oracle/product/11.2.0/db_1/rdbms/lib/
[oracle@prim lib]$ make -f ins_rdbms.mk dv_on lbac_on ioracle
SQL> select * from v$option where parameter ='Oracle Database Vault';
PARAMETER VALUE
----------------------------------------------- -----------------
Oracle Database Vault TRUE
Please notice that i use Redhat in windows you need to rename some files read Oracle Documentation.
To disable Database Vault the same thing but :
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off
cd $ORACLE_HOME/bin
relink all