4.
5. RMAN> backup tablespace users;
6. RMAN> restore tablespace users;
7. RMAN-00571: ===========================================================
8. RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
9. RMAN-00571: ===========================================================
10. RMAN-03002: failure of restore command at 08/12/2011 10:20:40
11. ORA-19870: error reading backup piece /u01/app/flash_recovery_area/ORA10G/backupset/2011_08_12/xxxx
12. ORA-19913: unable to decrypt backup
13.
14. RMAN> set decryption identified by b123456,c123456,a123456;
15. RMAN> restore tablespace users;
16. RMAN> recover tablespace users;
17. RMAN> sql "alter tablespace users online";
3;双重模式,适用于本地和远程加密备份场景,只需要去掉之前密码模式中的only关键字即可,同时需要将主密钥打开,只要有一种条件满足就可以解开rman备份
1. RMAN> set encryption on identified by b123456;
2. executing command: SET encryption
3. using target database control file instead of recovery catalog
四:使用虚拟专用数据库VPD
使用VPD,可以实现细粒度的访问控制(FGAC),利用函数自动返回where条件改写用户的sql语句,保护敏感的数据,当用户的查询不涉及敏感数据的时候,返回全部的值
1.创建用户,准备基础数据
1. SQL> create user zhang3 identified by oracle account unlock;
2. User created.
3. SQL> create user li4 identified by oracle account unlock;
4. User created.
5. SQL> grant resource,connect to zhang3,li4;
6. Grant succeeded.
7. SQL> grant select on hr.t04315_vpd to zhang3,li4;
8. Grant succeeded
9.
10. SQL> conn hr/hr
11. Connected.
12. SQL> create table t04315_vpd(first_name varchar2(20),salary number(8,2),department_id number);
13. Table created.
14.
15. SQL> insert into t04315_vpd values ('ZHANG3',3000,10);
16. 1 row created.
17.
18. SQL> insert into t04315_vpd values ('LI4',4000,20);
19. 1 row created.
20.
21. SQL> commit;
22. Commit complete.
2.创建函数
1. SQL> create or replace function func_t04315_vpd
2. 2 (owner varchar2,objectname varchar2)
3. 3 return varchar2
4. 4 is
5. 5 where_cluase varchar2(4000);
7. 7 where_cluase := 'first_name=sys_context(''userenv'',''session_user'')';
8. 8 return where_cluase;
9. 9 end;
10. Function created.
11.
12. SQL> select status from dba_objects where object_name='FUNC_T04315_VPD';
13.
14. STATUS
15. ---------------------
16. VALID
3.添加策略
1. SQL> BEGIN
2. 2 dbms_rls.add_policy(object_schema => 'hr',
3. 3 object_name => 't04315_vpd',
4. 4 policy_name => 'policy1',
5. 5 function_schema =>'sys',
6. 6 policy_function => 'func_t04315_vpd',
7. 7 statement_types =>'select',
8. 8 sec_relevant_cols=>'salary');
9. 9* END;
10. PL/SQL procedure successfully completed
11.
12. SQL> select object_owner,sel,ins from dba_policies where object_name='T04315_VPD';
13.
14. OBJECT_OWN SEL INS
15. ---------- --------- ---------
16. HR YES NO
4:测试,sys用户不受策略影响
1. SQL> conn /as sysdba
2. Connected.
3. SQL> select * from hr.t04315_vpd;
4.
5. FIRST_NAME SALARY DEPARTMENT_ID
6. ---------- ---------- -------------
7. ZHANG3 3000 10
8. LI4 4000 20
9.
10. SQL> conn hr/hr
11. Connected.
12. SQL> select * from t04315_vpd;
13. no rows selected
14.
15. SQL> conn zhang3/oracle
16. Connected.
17. SQL> select * from hr.t04315_vpd;
18.
19. FIRST_NAME SALARY DEPARTMENT_ID
20. ---------- ---------- ------------