If the user that will own the virtual private catalog does not exist, then create the user.

For example, if you want to create database user vpc1 to own the catalog, then you could execute the following command (replacing password with a user-defined password):

SQL> CREATE USER vpc1 IDENTIFIED BY password
  2  DEFAULT TABLESPACE vpcusers
  3  QUOTA UNLIMITED ON vpcusers;

Note:

Grant the RECOVERY_CATALOG_OWNER role to the database user that will own the virtual private catalog, and then exit SQL*Plus.

The following example grants the role to user vpc1:

SQL> GRANT recovery_catalog_owner TO vpc1;
SQL> EXIT;

Start RMAN and connect to the recovery catalog database as the base recovery catalog owner (not the virtual private catalog owner).

The following example connects to the base recovery catalog as catowner:

% rman
RMAN> CONNECT CATALOG catowner@catdb;

recovery catalog database Password: password
connected to recovery catalog database

Grant desired privileges to the virtual private catalog owner.

The following example gives user vpc1 access to the metadata for prod1 and prod2 (but not prod3):

RMAN> GRANT CATALOG FOR DATABASE prod1 TO vpc1;
RMAN> GRANT CATALOG FOR DATABASE prod2 TO vpc1;

You can also use a DBID rather than a database name. The virtual private catalog user does not have access to the metadata for any other databases registered in the recovery catalog.

You can also grant the user the ability to register new target databases in the recovery catalog. For example:

RMAN> GRANT REGISTER DATABASE TO vpc1;

Creating a Virtual Private Catalog

This section assumes that the virtual private catalog owner has been given the RECOVERY_CATALOG_OWNER database role. Also, the base recovery catalog owner used the GRANT command to give the virtual private catalog owner access to metadata in the base recovery catalog.

To create a virtual private catalog:

Start RMAN and connect to the recovery catalog database as the virtual private catalog owner (not the base recovery catalog owner).

The following example connects to the recovery catalog as vpc1:

% rman
RMAN> CONNECT CATALOG vpc1@catdb;

Create the virtual private catalog.

The following command creates the virtual private catalog:

RMAN> CREATE VIRTUAL CATALOG;

If you intend to use a 10.2 or earlier release of RMAN with this virtual private catalog, then execute the following PL/SQL procedure (wherebase_catalog_owner is the database user who owns the base recovery catalog):

SQL> EXECUTE base_catalog_owner.DBMS_RCVCAT.CREATE_VIRTUAL_CATALOG;

Revoking Privileges from a Virtual Private Catalog Owner

This section assumes that you have created a virtual private catalog.

Assume that two databases are registered in the base recovery catalog: prod1 and prod2. As owner of the base recovery catalog, you have granted the vpc1user access privileges to prod1. You have also granted this user the right to register databases in his virtual private catalog. Now you want to revoke privileges from vpc1.

To revoke privileges from a virtual private catalog owner:

Start RMAN and connect to the recovery catalog database as the recovery catalog owner (not the virtual private catalog owner).

The following example connects to the recovery catalog as catowner:

% rman
RMAN> CONNECT CATALOG catowner@catdb;

Revoke specified privileges from the virtual private catalog owner.