This content has been marked as final. Show 5 replies
I have run DBCA and checked Oracle Label Security and then Oracle Database Vault, to enable them
Now, at stage 4 of 5 is askes me for database vault owner, and password (optionally, to create a sepparate account manager). I have specified 'vault' and 'vaultmanager' as names (i choosed to create a sepparate manager account)
Now i can login to database vault console with 'vault' user, but when i try to log with 'vaultmanager', i get:
You must have the DV_ADMIN or DV_SECANALYST role granted to your account in order to use this application.
So by default the manager cannot log in to database vault administration console?
Also, another question: when i log in to EM console with sys user, under "Server" category, i clicked "Database vault", but i got: You have been logged in to a Database with Database Vault installed on it. You do not have sufficient privileges to access the Database Vault features on Enterprise Manager. Please contact your administrator
So, sys user is unable to do database vault tasks? which privileges should i grant to sys user (fron 'vault' grantee, which is the owner)?
Edited by: Roger22 on 15.11.2012 18:41
First user you have created is Database Vault Owner user (vault), and he is responsible for creating Realms, Command rules etc in Database Vault Administrator (dva) or command line.
Second user you have created is called Database Vault Account Manager (vaultmanager), and he is responsible for creating and managing user accounts (sys user no longer can create users), and he is not supposed to log in and use Database Vault Administrator (dva).
When you configure Database Vault, SYS user should have restricted privileges, and he is not supposed to manage Database Vault *(you shouldn't give sys user any more privileges, because Database Vault Owner (vault) is supposed to do Database Vault tasks).*