Databases Reference
In-Depth Information
Figure 12-2.
Database-scoped security on Exadata
Follow these steps:
1.
Shut down your databases and Oracle cluster resources. Similar to ASM-scoped security
in Recipe 12-3, your compute node resources need to be stopped in order to implement
Database-scoped security.
2.
Launch
cellcli
from any Exadata storage cell and create a key for each database that you
wish to configure Database-scoped security for. In the following example, we will create
two keys, one for a database called
VISX
and one for a database called
EDW
:
CellCLI> create key
2ee72ba501b5884615292616c2c85095
CellCLI> create key
23067149d2eb022aa61c39222148cbea
CellCLI>
Create a
cellkey.ora
file under
$ORACLE_HOME/admin/<DB name>/pfile
directory for
each database you generated a key for. Unless you have previously configured
Database-scoped security, you will likely need to create the
$ORACLE_HOME/admin/<DB
name>/pfile
directory first. In the
cellkey.ora
file, enter the key created above as well as
a line with the string "
asm=+ASM
", where
+ASM
is our ASM instance's
db_unique_name
:
3.
[oracle@cm01dbm01 ~]$ dcli -g ./dbs_group -l oracle \
mkdir -p $ORACLE_HOME/admin/visx/pfile
[oracle@cm01dbm01 ~]$ dcli -g ./dbs_group -l oracle \
mkdir -p $ORACLE_HOME/admin/edw/pfile
[oracle@cm01dbm01 ~]$
[oracle@cm01dbm01 ~]$ dcli -g ./dbs_group -l oracle cat $ORACLE_HOME/admin/
visx/pfile/cellkey.ora
cm01dbm01: key=2ee72ba501b5884615292616c2c85095
cm01dbm01: asm=+ASM
cm01dbm02: key=2ee72ba501b5884615292616c2c85095
cm01dbm02: asm=+ASM
Search WWH ::
Custom Search