Database Reference
In-Depth Information
common privileges for this schema. As mentioned previously, Oracle-supplied common
users do not necessarily follow the naming convention. You first configure Database Vault
in the root and then configure it in the PDBs. See Exercise 13.2.
exeRCiSe 13.2
Plugging a Database vault-enabled PDB into a CDB
In this example, you will start with a source PDB
PDB1
, a Database Vault-enabled PDB,
and plug it into a multitenant container database (CDB) named
CONT
, using the new
PDB name
PDB2
.
1.
Connect to the
CDB$ROOT
of the target CDB as a user who has been granted the DV_
OWNER role, for example:
sqlplus c##sec_admin/password@CONT
2.
Grant DV_PATCH_ADMIN to user
SYS
, which allows
SYS
to create users but does not
allow access to any secured objects, and include the
CONTAINER = CURRENT
clause.
GRANT DV_PATCH_ADMIN TO SYS CONTAINER = CURRENT;
3.
Connect
SYS
as SYSDBA to the
CDB$ROOT
.
CONNECT / AS SYSDBA
4.
Restart the CDB in read-only mode.
SHUTDOWN IMMEDIATE
STARTUP MOUNT
ALTER DATABASE OPEN READ ONLY;
5.
Connect to the Database Vault source PDB as a user who has the DV_OWNER role.
CONNECT sec_admin@PDB1
6.
Grant DV_PATCH_ADMIN to user
SYS
in this PDB.
GRANT DV_PATCH_ADMIN TO SYS;
7.
Run
DBMS_PDB.CHECK_PLUG_COMPATIBILITY
to verify if the unplugged PDB is compat-
ible with the target CDB. Set
pdb_descr_file
to the full path to the XML file that will
contain a description of the PDB. Set
store_report
to
TRUE
if you want to generate
a report if the PDB is not compatible with the CDB. If it is not compatible, a report is
generated and stored in
SYS.PDB_PLUG_IN_VIOLATIONS
temporarily. To determine if
a PDB is compatible with the current CDB, run the following PL/SQL block using the
XML file output from the unplugged PDB:
SET SERVEROUTPUT ON
DECLARE
Search WWH ::
Custom Search