ORACLE ADVANCE DBA

  Configure Oracle Database Vault for a Pluggable Database (PDB1) Oracle Database Vault (DV) adds a critical layer of security to Oracle Databases by enabling strong access control and separation of duties. When working in a multitenant environment, it's essential to configure DV specifically for each Pluggable Database (PDB) where protection is required. This guide outlines the complete steps to enable and verify Database Vault in PDB1 , including the assignment of privileged users and schema verification. Step 1: Connect to the Target PDB Start by switching your session to the target pluggable database where DV needs to be enabled. sql ALTER SESSION SET CONTAINER = pdb1; Step 2: Verify DV and OLS Installation Ensure that Database Vault (DV) and Oracle Label Security (OLS) are installed and available in the PDB. sql SELECT * FROM SYS.DBA_DV_STATUS; SELECT * FROM DBA_OLS_STATUS; These views should return status information such as ENABLED , DISABLED , or NOT C...

  Creating a User in a Database Vault-Protected Oracle PDB Oracle Database Vault (DV) significantly tightens security by restricting privileged users—even DBA roles—from performing certain operations unless explicitly authorized. One such restriction is creating users in a DV-enabled Pluggable Database (PDB) . This article demonstrates how to properly create a new user ( SCOTT ) in such an environment using the DV Account Manager user .  Background In a standard Oracle environment, a user with DBA or SYSDBA privileges can easily create users. However, once Database Vault is configured and enabled, these privileges are no longer sufficient unless the user is explicitly granted DV-specific roles , like: DV_OWNER DV_ACCTMGR Let’s walk through a real-world scenario where an attempt to create a user fails due to DV restrictions , and how to fix it using the correct privileged user. Initial Attempt — Access Denied First, we switch to the target PDB ( pdb1 ) and...

  Configure Oracle Database Vault on Autonomous Database (ADB) Oracle Autonomous Database offers a rich security framework out of the box, and Database Vault (DV) adds another layer of protection by enforcing strict access controls—even for highly privileged users. This blog post walks you through configuring Database Vault on an Autonomous Database (ADB) , complete with schema setup, realm creation, and data verification.  Prerequisites Oracle Autonomous Database (ATP or ADW) instance. Admin access to the ADB. SQL Developer or OCI CLI for executing SQL commands.  Step 1: Create Schema & Load Sample Data First, create a user HR and a sample EMPLOYEE table to protect using Database Vault. sql CREATE USER hr IDENTIFIED BY ORacle1234##; GRANT CONNECT , RESOURCE TO hr; ALTER USER hr QUOTA UNLIMITED ON DATA; CREATE TABLE hr.employee ( id NUMBER, salary NUMBER ); INSERT INTO hr.employee VALUES ( 101 , 20000 ); INSERT INTO hr.employ...

   Configure Oracle Database Vault for Data Pump Exports When Oracle Database Vault is enabled, traditional operations like Data Pump exports (expdp) are tightly controlled—even for users like SYSTEM . This enhances security, but it also means you must explicitly authorize users to perform exports. In this blog, you'll learn how to configure and authorize exports for users like SYSTEM in a Database Vault–enabled PDB (Pluggable Database).  Why Special Authorization is Required? Oracle Database Vault introduces strict access controls that prevent even high-privilege users (like DBA , SYSTEM ) from performing certain operations—such as exporting schemas—unless explicitly allowed.  Objective We’ll export the HR schema from a DV-protected Pluggable Database ( pdb1 ) using expdp . Step-by-Step Guide  1. Attempt Export (Fails or Denied) Try running a Data Pump export using the SYSTEM user: bash expdp system@pdb1 schemas=HR  In DV-enabled env...

  Configure Oracle Database Vault: Creating a New User in a Secured Environment Oracle Database Vault is a powerful security component that enforces separation of duties and limits access to sensitive data, even from DBAs. When Database Vault is enabled, traditional user creation and privilege management are restricted and must be done by authorized DV accounts . This blog walks through the steps to create a new user (SCOTT) in a PDB ( pdb1 ) within a Database Vault-enabled environment .  Scenario You are working in a multitenant environment with Database Vault enabled . You attempt to create a user in pdb1 , but face privilege errors. Let's walk through the proper method to do this securely and successfully.  Step 1: Switch to Target PDB First, ensure your session is connected to the appropriate Pluggable Database : sql ALTER SESSION SET CONTAINER = pdb1;  Step 2: Attempt to Create a User (Fails with ORA-01031) Now, try to create a new user: sql CRE...

  Configure Realms in Oracle Database Vault on Autonomous Database Oracle Database Vault enhances database security by enforcing separation of duties and protecting application data from unauthorized access — even by privileged users like DBAs. In this guide, we'll walk through the process of creating a Realm on an Autonomous Database , specifically targeting the HR schema . What is a Realm? A Realm is a security boundary in Oracle Database Vault that protects a set of database objects (like tables or schemas) from access—even by users with administrative privileges—unless they are specifically authorized . Steps to Configure a Realm in Autonomous Database  1. Connect as DV Owner User Log in to your Autonomous Database using SQL Developer Web or any SQL client. Ensure that you're connected as the Database Vault Owner (typically a user with DVOWNER role), and set the container to ROOT , if required. sql ALTER SESSION SET CONTAINER = CDB$ROOT; If working with ...

Configure Transparent Database Encryption (TDE) in a Pluggable Database (PDB) Transparent Data Encryption (TDE) is a powerful Oracle feature that helps protect sensitive data at rest by encrypting the physical files of the database. This post walks through the steps to configure TDE within a Pluggable Database (PDB) , create encrypted tablespaces, and verify encryption. Prerequisites Oracle 19c or later with Multitenant architecture (CDB/PDB) Wallet/Keystore must be properly configured at the CDB level Sufficient file system access for wallet and datafiles  Step-by-Step Guide 🔹 1. Switch to the Target PDB sql ALTER SESSION SET CONTAINER = xepdb1; 🔹 2. Open the Keystore in the PDB & Create Master Encryption Key sql ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY oracle12; ADMINISTER KEY MANAGEMENT SET KEY IDENTIFIED BY oracle12 WITH BACKUP; The WITH BACKUP clause creates a backup of the master key for recovery scenarios. 🔹 3. Verify Wallet St...