Steps to configure Database Vault on E-Business Suite R12.1

Steps to configure Database Vault on E-Business Suite R12.1

- Shutdown Database and Listener

- cd $ORACLE_HOME/rdbms/lib

- make -f ins_rdbms.mk dv_on lbac_on ioracle

- Startup Database and Listener

- Verify Database Vault & Label Security Enabled

Display configuration in aix

[tmofadevdb:devdb:/home/devdb:]su - root

root's Password:

[tmofadevdb:root:/:]vi /etc/ssh/sshd_config

#X11Forwarding no set it to... X11Forwarding yes Save file ...then... Stop / start sshd daemon..

[tmofadevdb:root:/:]stopsrc -s sshd

0513-044 The sshd Subsystem was requested to stop.

[tmofadevdb:root:/:]startsrc -s sshd

0513-059 The sshd Subsystem has been started. Subsystem PID is 24903882.

- Configure ‘Oracle Label Security’ and ‘Database Vault’ with dbca

Note:before running dbca make sure that oratab set correct.

Password:Qatar+123

Error

alter system set audit_sys_operations=TRUE scope=spfile

*ERROR at line 1:

ORA-01031: insufficient privileges

alter system set os_roles=FALSE scope=spfile

ERROR at line 1:

ORA-01031: insufficient privileges

alter system set recyclebin='OFF' scope=spfile

*

ERROR at line 1:

ORA-01031: insufficient privileges

alter system set remote_login_passwordfile='EXCLUSIVE' scope=spfile

*

ERROR at line 1:

ORA-01031: insufficient privileges

alter system set sql92_security=TRUE scope=spfile

*

alter system set os_roles=FALSE scope=spfile;

alter system set recyclebin='OFF' scope=spfile;

alter system set remote_login_passwordfile='EXCLUSIVE' scope=spfile;

alter system set sql92_security=TRUE scope=spfile;

alter system set remote_os_roles=FALSE scope=spfile;

alter system set audit_sys_operations=TRUE scope=spfile;

Apply Oracle E-Business Suite Release 12 Realm Creation Patch

820760395317317622309---no need for 12.1.X8317506

Integrate Oracle Database Vault 11gR2 with Oracle E-Business Suite Release 12

Create R12 Realms

1.

Copy from app-tier $FND_TOP/patch/115/sql/fnddbvebs.sql to DB-tier

CONNECT / AS SYSDBAGRANT SELECT ANY TABLE to DBV_OWNER ;CREATE SYNONYM DBV_OWNER.FND_ORACLE_USERID for APPLSYS.FND_ORACLE_USERID;CREATE SYNONYM DBV_OWNER.FND_APPLICATION for APPLSYS.FND_APPLICATION;CREATE SYNONYM DBV_OWNER.FND_PRODUCT_INSTALLATIONS for APPLSYS.FND_PRODUCT_INSTALLATIONS;

2.

Allow access to objects in the CTXSYS schema CONNECT DBV_OWNER

SQL> BEGINdvsys.dbms_macadm.DELETE_OBJECT_FROM_REALM(realm_name => 'Oracle Data Dictionary',object_owner => 'CTXSYS',object_name => '%'

,object_type => '%');END;

3. Log in as <dbvowner> and run the fnddbvebs.sql script.

4. log in as <dbvowner> and execute the following command to restore the Oracle Data Dictionary realm

SQL> BEGINdvsys.dbms_macadm.ADD_OBJECT_TO_REALM(realm_name => 'Oracle Data Dictionary',object_owner => 'CTXSYS',object_name => '%',object_type => '%');END;

/

5.log in as SYSDBA on the Database Tier and execute the following commands to revoke the privilege you granted to the Database Vault owner.

SQL> DROP SYNONYM DBV_OWNER.FND_ORACLE_USERID;SQL> DROP SYNONYM DBV_OWNER.FND_APPLICATION;SQL> DROP SYNONYM DBV_OWNER.FND_PRODUCT_INSTALLATIONS;SQL> REVOKE SELECT ANY TABLE FROM DBV_OWNER;

Enable Database Vault SQL> shutdown immediate$ chopt enable dvSQL> startup

[tmofadevdb:devdb:/devdbfs/ERPDEV/11.2.0/cfgtoollogs/dbca/ERPDEV:]chopt disable dv

Writing to /devdbfs/ERPDEV/11.2.0/install/disable_dv.log...

/usr/ccs/bin/make -f /devdbfs/ERPDEV/11.2.0/rdbms/lib/ins_rdbms.mk dv_off ORACLE_HOME=/devdbfs/ERPDEV/11.2.0

/usr/ccs/bin/make -f /devdbfs/ERPDEV/11.2.0/rdbms/lib/ins_rdbms.mk ioracle ORACLE_HOME=/devdbfs/ERPDEV/11.2.0

Note : sysman does not exits in eprdev instance Configure sysman user

SQL> grant SELECT_CATALOG_ROLE to dbv_owner;

Grant succeeded.

SQL> grant SELECT ANY DICTIONARY to dbv_owner;

Grant succeeded.

SQL>

Creating Realm using 12c OEM.

1.Login to dbv_owner

Now we logged in.

https://docs.oracle.com/database/121/DVADM/cfrealms.htm#DVADM70146

create realm

TEST CASE 1.grant sysdba to test2 user and try to access application table.

Steps number from doc id

http://www.oneappsdba.com/2012/11/database-vault-on-e-bsuiness-suite-r121.html#

Integrating Oracle E-Business Suite Release 12 with Oracle Database Vault 11gR2 (Doc ID 1091083.1)

Task 1: Verify Oracle E-Business Suite Release 12 Prerequisites

Oracle Database Vault 11g release 2 (11.2.0) is certified with Oracle E-Business Suite Release 12 (12.0 and 12.1)

Task 2: Install Oracle Database Vault 11gR2

Starting with 11g Release 2 Oracle Database Vault is included as an installed program with Oracle Database. To make it functional, one just need to register it with the database. For more details refer Oracle Database Vault 11g Release 2 documentation

Task 2.1: Install Oracle Database 11g Release 2 (11.2.0)

1. Install Oracle Database 11gR2 with Database Vault Option using a separate ORACLE_HOME than 12.0 or 12.1 Database. Perform software only install. It will install database software along with Oracle Database Vault components.

Note: If your E-Business Suite R12 is already integrated with 11gR2 database, you just need to enable Database Vault 11gR2 & register it with the database as per Task

Task 3: Register Oracle Database Vault

http://sandeepnandhadba.blogspot.qa/2014/06/step-by-step-procedure-to-install.html

During error I have granted below grant

Grant create any job to dba;Grant create external job to dba;

Grant become user to dba;Grant become user to imp_full_Database;Grant dequeue any queue to dba;Grant enqueue any queue  to dba;Grant execute any program to dba;Grant manage any queue to imp_full_database;Grant create any job to scheduler_admin;Grant create external job to scheduler_admin;Grant execute any class to scheduler_admin;Grant execute any program to scheduler_admin;Grant manage scheduler to scheduler_admin;Grant execute on utl_file to public;