Step by Step - Creating RMAN Virtual Private Catalog - Oracle Database 11g New Feature

By -

About Virtual Private Catalogs

By default, all of the users of an RMAN recovery catalog have full privileges to insert, update, and delete any metadata in the catalog. For example, if the administrators of two unrelated databases share the same recovery catalog, each administrator could, whether inadvertently or maliciously, destroy catalog data for the other's database. In many enterprises, this situation is tolerated because the same people manage many different databases and also manage the recovery catalog. But in other enterprises where clear separation of duty exists between administrators of various databases, as well as between the DBA and the administrator of the recovery catalog, you may desire to restrict each database administrator to modify only backup metadata belonging to those databases that they are responsible for, while still keeping the benefits of a single, centrally-managed, RMAN recovery catalog. This goal can be achieved by implementing virtual private catalogs.  - source - docs.oracle.com

What is Virtual Private Catalog?

A subset of the metadata in a base recovery catalog to which a database user is granted access. The owner of a base recovery catalog can grant or revoke restricted access to the recovery catalog to other database users. Each restricted user has full read/write access to his own virtual private catalog.

Follow these steps to create virtual private catalog on RMAN.
  1. Create a Recovery Catalog at RCDB database. [DB Server 3]
    1.  SQL> create tablespace vpc_ts datafile 'C:\vpc_ts01.dbf' size 100m ;  

    2.  SQL> create user vpc_owner identified by vpc default tablespace vpc_ts quota unlimited on vpc_ts;

    3.  SQL> grant recovery_catalog_owner to vpc_owner;

    4.  C:\rman catalog vpc_owner/vpc
       RMAN> create catalog;
       RMAN> exit;
  2. Now we need to create two more database user on [DB Server 3] which will act as virtual user for [DB Server 2] and [DB Server 1]
    1.  SQL> create user vpc_orcl identified by orcl default tablespace vpc_ts quota unlimited on vpc_ts;
       SQL> create user vpc_test identified by test default tablespace vpc_ts quota unlimited on vpc_ts;
    2.  SQL> grant recovery_catalog_owner to vpc_test,vpc_orcl;
  3. Now register both test and orcl to the recovery catalog using user vpc_owner.[DB Server 3] Make sure you have net service name configure on [DB Server 3] to connect to [DB Server 2] and [DB Server 1]
    1.  C:\ rman catalog vpc_owner/vpc target sys/admin@orcl
       RMAN> register database; 
       RMAN> exit;
    2.  C:\ rman catalog vpc_owner/vpc target sys/admin@test
       RMAN> register database;
       RMAN> exit;
  4. Now we need to grant privileges to vpc_orcl and vpc_test to accesss RMAN metadata stored on RCDB from vpc_owner
    [DB Server 3]
    1.  C:\ rman catalog vpc_owner/vpc

    2.  RMAN> grant catalog for database orcl to vpc_orcl;
       RMAN> exit; 
    3.  C:\ rman catalog vpc_owner/vpc
    4.  RMAN> grant catalog for database test to vpc_test;
       RMAN> exit;
  5. Now we need to connect our target database with the newly created users and create virtual catalog so that they can only access RMAN metadata stored on RCDB for there respective databases only. E.g vpc_orcl cannot view matadata of test database and vice-versa.[DB Server 3]
    1.  C:\ rman catalog vpc_orcl/orcl@orcl <--- orcl is net service name.
    2.  RMAN> create virual catalog;
       RMAN> exit; 
    3.  C:\ rman catalog vpc_test/test@test <--- test is net service name.
    4.  RMAN> create virual catalog;
       RMAN> exit;
  6. Now you can connect to respective virtual catalog normal user for your respective databases to query recovery catalog views. E.g vpc_test can only see RMAN meta database generated from his own test database and he will not be able to see any metadata generated by other databases registered on the catalog server i.e [DB Server 3].
    1.  C:\sqlplus vpc_test/test@test <--- test is net service name.
       SQL> select * from tab;
       SQL> select * from rc_database;
    2.  C:\sqlplus vpc_orcl/orcl@orcl <--- orcl is net service name.
       SQL> select * from tab;
       SQL> select * from rc_database;
  7. Now if you connect to recovery from vpc_owner you will be to see all the RMAN metadata generated from both orcl and test databases.
    1.  C:\sqlplus vpc_owner/vpc
       SQL> select * from tab;
       SQL> select * from rc_database;
  8. You can also grant the user the ability to register new target databases in the recovery catalog. E.g :- Suppose on [DB Server 1] you have one database called orcl1 and you want to register it with your virtual private catalog then you need one more privielge granted to you. 
    1.  C:\rman catalog vpc_owner/vpc
       RMAN> grant register database to vpc_orcl;
       RMAN> exit;
    2.  C:\ rman target sys/admin@orcl1 catalog vpc_orcl/orcl@orcl <--- orcl is net service name.
       RMAN> register database;

Comments

  1. shankar9 August 2019 at 19:25

    And indeed, Iím just always astounded concerning the remarkable things served by you. Some four facts on this page are undeniably the most effective Iíve had.
    Database Administration Training | Database Administration course in chennai | Database Administration Training in chennai

    ReplyDelete
  2. Anonymous24 January 2022 at 00:26

    No Deposit Casino Bonus Codes 2021 - Casinowed
    No deposit bonuses can be a great way to test 온카지노 the waters of online casinos that don't require you to sign up at the online casino. That jeetwin being said, 카지노사이트 new players

    ReplyDelete

Post a Comment

Popular posts from this blog

Oracle Architecture - Explained In Detailed - Administration I

By -
Image
Figures shown in these notes are from Oracle® Database Concepts 11 g Release 2 Objectives These notes introduce the Oracle server architecture.   The architecture includes physical components, memory components, processes, and logical structures. Primary Architecture Components The figure shown above details the Oracle architecture. Oracle server :   An Oracle server includes an Oracle Instance and an Oracle database .   ·         An Oracle database includes several different types of files:   datafiles, control files, redo log files and archive redo log files.   The Oracle server also accesses parameter files and password files.   ·         This set of files has several purposes.   o    One is to enable system users to process SQL statements.   o    Another is to improve system performance.   o    Still another is to ensure the database can be recovered if there is a software/hardware failure. ·         The database server must manage large amo
Read more

Oracle Database SQL - Practise - Question - Scott Schema Examples

By -
Image
Oracle SQL Practice Questions for Students All Question are Based on Scott Schema Exhibits EMP TABLE Exhibits DEPT TABLE Exhibits SALGRADE TABLE Question 1) Display all the records in emp table? 2) Display all the records in emp table where employee belongs to deptno 10? 3) Display all the records in emp table where employee does not belong to deptno 30? 4) Display total number of records in Emp table? 5) Display emp table with salary descending order? 6) Display first five records in employee table? 7) Display all the records in emp table order by ascending deptno, descending salary? 8) Display all employees those who were joined in year 1981? 9) Display COMM in emp table. Display zero in place of null. 10) Display the records in emp table where MGR in 7698,7566 and sal should be greater then 1500 11) Display all employees where employees hired before 01-JAN-1981 12) Display all employees with
Read more

Step by Step - How to resolve redo log file corruption using ALTER DATABASE CLEAR UNARCHIVED LOGFILE command

By -
Image
Connect to sys using sqlplus in admin command prompt Check whether your database is in archive log mode or not. Run command ARCHIVE LOG LIST. It will show you the following details: It is always preferable to have your database in archive log mode. The reason being if your database is in archive log mode you can recover from all committed changes in the event of an OS or disk failure. This query will display the path of redo log files, their group and their status. It is always recommended to have a minimum of two members in one group. As you can see I have only 1 member in group 6 whose current status is INACTIVE. I intentionally have 1 member to generate a scenario for the sake of this practical. Now go to the specified path where the redo log member of group 6 is located and open it in a notepad. It will show some symbolic data. Delete couple of lines and save it the original location which is the one we got as a result of query. Why did we do the above step i.
Read more