Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Why virtual private catalog?

362 views

Published on

Virtual private catalog will allow you to maintain only one recovery catalog repository by securing boundaries between administrators of various databases or between DBAs, as well as allowing you to separate their duties.

Join the Webinar to learn about Virtual Private Catalog and Demo.
Overview of RMAN
Overview of Recovery Catalog
About Virtual Private Catalog
Benefits of Virtual Private Catalog
Create Virtual Private Catalog
Manage Virtual Private Catalog
RMAN stored Script
Q& A

  • Be the first to comment

  • Be the first to like this

Why virtual private catalog?

  1. 1. What is Virtual Private Catalog? Satishbabu Gunukula, Oracle ACE • 19+ Years of Experience in Database Technologies and specialized in high availability solutions. • Masters Degree in Computer Applications • Written articles for major publications • Oracle Certified Professional Oracle 8i,9i,10g • Oracle Certified Expert Oracle 10g RAC http://www.oracleracexpert.com
  2. 2. Program Agenda • Overview of RMAN • Overview of Recovery Catalog • About Virtual Private Catalog • Benefits of Virtual Private Catalog • Create Virtual Private Catalog • Manage Virtual Private Catalog • RMAN stored Script • Q& A
  3. 3. Overview of RMAN • Recovery Manager (RMAN) is the backup and recovery tool supplied for Oracle Databases from version 8 by Oracle • RMAN has backup, restore and recovery capabilities addressing high availability and disaster recovery • RMAN always maintains metadata about its backup and recovery operations on a database in the control file of the database. The RMAN metadata is known as the RMAN repository.
  4. 4. Overview of Recovery Catalog • Recovery Catalog is used to record RMAN activity against one or more target database • You can use recovery catalog or the control file of the target database for RMAN Repository • Recovery Catalog is the preferred method as it offers several advantages over the others, like reporting operations, simple recovery in case of control file damage, and more.
  5. 5. About Virtual Private Catalog • The virtual private catalog was introduced in Oracle 11g. • Before Oracle 11g, a user cannot restrict access on RMAN Repository for security reasons or segregate the duties between DBAs. All users of an RMAN Recovery Catalog have full privileges to insert, update, and delete any metadata in the Recovery Catalog • Each virtual private catalog is owned by a database schema user which is different than the user who owns the recovery catalog.
  6. 6. About Virtual Private Catalog • Oracle 11g recovery catalog supports virtual private catalog, but they are not used unless explicitly created and each virtual private catalog is owned by a database schema user. • The Recovery Catalog owner is different to the virtual private catalog user in that they control user privileges for the Recovery Catalog for one or more databases that are registered with Recovery Catalog • There is no restriction to the number of virtual private catalogs that can be created beneath one recovery catalog
  7. 7. Benefits of Virtual Private Catalog • This new feature lets you grant restricted access on RMAN Catalog to some users so that they can access a limited set of application databases that are registered in the recovery catalog • This feature is very useful if you need to separate the duties between administrators of various databases or between DBAs and the administrator of the Recovery Catalog.
  8. 8. Create Virtual Private Catalog • RCAT – Recovery Catalog Database, RMAN is the Catalog owner • DB1,DB2,DB2,DB4 – User/Application Databases • VPC_USER1 has access to the DB1 and DB2 catalog metadata • VPC_USER2 has access to the DB3, DB4 catalog metadata.
  9. 9. Create Virtual Private Catalog Step1: Create the database user VPC_USER1, VPC_USER2 in the Recovery Catalog database and grant the RECOVERY_CATALOG_OWNER privilege SQL> create user VPC_USER1 identified by password default tablespace VPC_USERS TABLESPACE vpc_users temporary tablespace TEMP; SQL> create user VPC_USER2 identified by password default tablespace VPC_USERS TABLESPACE vpc_users temporary tablespace TEMP; SQL> grant RECOVERY_CATALOG_OWNER to VPC_USER1; SQL> grant RECOVERY_CATALOG_OWNER to VPC_USER2;
  10. 10. Create Virtual Private Catalog Step2: Connect to the RMAN catalog as catalog owner and grant privileges to the virtual private catalog owner SQL> rman CATALOG rman/<password>@rmancat Recovery Manager: Release 10.2.0.4.0 - Production on Wed Jul 1 10:56:59 2015 Copyright (c) 1982, 2007, Oracle. All rights reserved. Connected to recovery catalog database RMAN> grant catalog for database DB1 to VPC_USER1; RMAN> grant catalog for database DB2 to VPC_USER1; RMAN> grant catalog for database DB3 to VPC_USER2; RMAN> grant catalog for database DB4 to VPC_USER2; Note: The virtual private catalog users VPC_USER1, VPC_USER2 don’t have access to the metadata as the virtual private catalog is not yet created.
  11. 11. Create Virtual Private Catalog Step3: Connect to the RMAN catalog as virtual private catalog owner and create a virtual private catalog VPC_USER1 SQL> rman catalog VPC_USER1/password@RMANCAT Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jul 1 12:18:38 2015 Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved. connected to recovery catalog database RMAN> create VIRTUAL CATALOG; found eligible base catalog owned by RMAN created virtual catalog against base catalog owned by RMAN
  12. 12. Create Virtual Private Catalog • Connect to the RMAN catalog as virtual private catalog owner and create a virtual private catalog VPC_USER2 SQL> rman catalog VPC_USER2/password@RMANCAT Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jul 1 12:18:38 2015 Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved. connected to recovery catalog database RMAN> create VIRTUAL CATALOG; found eligible base catalog owned by RMAN created virtual catalog against base catalog owned by RMAN
  13. 13. Manage Virtual Private Catalog Step4: Connect to catalog owner RMAN and list all registered databases RMAN> list db_unique_name all; List of Databases DB Key DB Name DB ID Database Role Db_unique_name ------- ------- ----------------- --------------- 1 DB1 1790162170 PRIMARY DB1 3419 DB2 3510904891 PRIMARY DB2 6531 DB3 3510904891 PRIMARY DB3 9231 DB4 3510904891 PRIMARY DB4
  14. 14. Manage Virtual Private Catalog • Connect to catalog owner VPC_USER1 and list all registered databases RMAN> list db_unique_name all; List of Databases DB Key DB Name DB ID Database Role Db_unique_name ------- ------- ----------------- --------------- 1 DB1 1790162170 PRIMARY DB1 3419 DB2 3510904891 PRIMARY DB2
  15. 15. Manage Virtual Private Catalog • Connect to catalog owner VPC_USER2 and list all registered databases RMAN> list db_unique_name all; List of Databases DB Key DB Name DB ID Database Role Db_unique_name ------- ------- ----------------- --------------- 6531 DB3 3510904891 PRIMARY DB3 89231 DB4 3510904891 PRIMARY DB4
  16. 16. Manage Virtual Private Catalog Step 5: Granting/revoking privileges from the virtual private catalog owner • Grant the access to register new target database to virtual private catalog owner: RMAN> grant register database to VPC_USER1; RMAN> grant register database to VPC_USER2; • Revoke the access to register new target database from virtual private catalog owner RMAN> revoke register database from VPC_USER1; RMAN> revoke register database from VPC_USER2;
  17. 17. Manage Virtual Private Catalog • Revoke the access to metadata for DB2 ,DB4 databases from virtual private catalog owners. RMAN> revoke catalog for database DB2 from VPC_USER1; RMAN> revoke catalog for database DB4 from VPC_USER2;
  18. 18. Manage Virtual Private Catalog Step 6: Drop the virtual private catalog • Connect to the RMAN catalog as virtual private catalog owner and drop the virtual private catalog SQL> rman catalog VPC_USER1/password@RMANCAT RMAN> RMAN> drop catalog; recovery catalog owner is VPC_USER1 enter DROP CATALOG command again to confirm catalog removal RMAN> drop catalog; recovery catalog dropped RMAN>
  19. 19. Manage Virtual Private Catalog Step 7: If you are planning to use a 10.2 or older release of RMAN with virtual private catalog then you need to execute below procedures to create/drop virtual private catalogs • Create virtual private catalog: SQL> execute RMAN.DBMS_RCVCAT.CREATE_VIRTUAL_CATALOG; Drop virtual private catalog: SQL> execute RMAN.DBMS_RCVCAT.DROP_VIRTUAL_CATALOG; Where RMAN is the BASE CATALOG OWNER in the above command.
  20. 20. RMAN stored Script • The stored scripts play an important role between virtual private catalogs. • All virtual private catalog users have “read” access to all global stored scripts, and the scripts can be run across the environment or are common across the environment need to be created as global scripts. • Each virtual private catalog user has non-global stored scripts that belong to the databases to which they have privileges. • The virtual private catalog user cannot access non-global stored scripts that belong to databases where they don’t have the correct privileges.
  21. 21. RMAN stored Script • For example, use the below script to create global backup script. You might want to connect target database DB1 and recovery catalog owner VPC_USER1. SQL> rman target sys/password@DB1 catalog VPC_USER1/password@RMANCAT RMAN> connected to target database: DB1(DBID=4256066018) connected to recovery catalog database RMAN> create GLOBAL script GLOBAL_BACKUP (backup database plus archivelog;);
  22. 22. RMAN stored Script Now the user can connect to a new target database (DB2) and run the global stored script “global_backup” to back up the database. SQL> rman target sys/password@DB2 catalog VPC_USER1/password@RMANCAT RMAN> connected to target database: DB2(DBID=4257696119) connected to recovery catalog database RMAN> RUN {execute script GLOBAL_BACKUP;}
  23. 23. RMAN stored Script If the user created a non-global script by connecting to DB1 and catalog owner as VPC_USER1 then it is not accessible to the virtual private catalog owner VPC_USER2. CREATE SCRIPT NON_GLOBACL_backup { BACKUP FORMAT "/rman-backup/DB1/%d_%t_%s_%p.rmn" DATABASE PLUS ARCHIVELOG; } RUN {EXECUTE SCRIPT NON_GLOBACL_backup;} The user can run the PRINT SCRIPT command to display stored script RMAN> print script GLOBAL_BACKUP;
  24. 24. Summary Virtual private catalog will allow you to maintain only one recovery catalog repository by securing boundaries between administrators of various databases or between DBAs, as well as allowing you to separate their duties.
  25. 25. Questions & Answers

×