Virtual private catalog will allow you to maintain only one recovery catalog repository by securing boundaries between administrators of various databases or between DBAs, as well as allowing you to separate their duties.
Join the Webinar to learn about Virtual Private Catalog and Demo.
Overview of RMAN
Overview of Recovery Catalog
About Virtual Private Catalog
Benefits of Virtual Private Catalog
Create Virtual Private Catalog
Manage Virtual Private Catalog
RMAN stored Script
Q& A
Introduction to Prompt Engineering (Focusing on ChatGPT)
Why virtual private catalog?
1. What is Virtual Private Catalog?
Satishbabu Gunukula, Oracle ACE
• 19+ Years of Experience in Database Technologies and
specialized in high availability solutions.
• Masters Degree in Computer Applications
• Written articles for major publications
• Oracle Certified Professional Oracle 8i,9i,10g
• Oracle Certified Expert Oracle 10g RAC
http://www.oracleracexpert.com
2. Program Agenda
• Overview of RMAN
• Overview of Recovery Catalog
• About Virtual Private Catalog
• Benefits of Virtual Private Catalog
• Create Virtual Private Catalog
• Manage Virtual Private Catalog
• RMAN stored Script
• Q& A
3. Overview of RMAN
• Recovery Manager (RMAN) is the backup and recovery
tool supplied for Oracle Databases from version 8 by
Oracle
• RMAN has backup, restore and recovery capabilities
addressing high availability and disaster recovery
• RMAN always maintains metadata about its backup and
recovery operations on a database in the control file of
the database. The RMAN metadata is known as the RMAN
repository.
4. Overview of Recovery Catalog
• Recovery Catalog is used to record RMAN activity against
one or more target database
• You can use recovery catalog or the control file of the
target database for RMAN Repository
• Recovery Catalog is the preferred method as it offers
several advantages over the others, like reporting
operations, simple recovery in case of control file damage,
and more.
5. About Virtual Private Catalog
• The virtual private catalog was introduced in Oracle 11g.
• Before Oracle 11g, a user cannot restrict access on RMAN
Repository for security reasons or segregate the duties
between DBAs. All users of an RMAN Recovery Catalog
have full privileges to insert, update, and delete any
metadata in the Recovery Catalog
• Each virtual private catalog is owned by a database
schema user which is different than the user who owns
the recovery catalog.
6. About Virtual Private Catalog
• Oracle 11g recovery catalog supports virtual private
catalog, but they are not used unless explicitly created and
each virtual private catalog is owned by a database
schema user.
• The Recovery Catalog owner is different to the virtual
private catalog user in that they control user privileges for
the Recovery Catalog for one or more databases that are
registered with Recovery Catalog
• There is no restriction to the number of virtual private
catalogs that can be created beneath one recovery catalog
7. Benefits of Virtual Private Catalog
• This new feature lets you grant restricted access on RMAN
Catalog to some users so that they can access a limited set
of application databases that are registered in the recovery
catalog
• This feature is very useful if you need to separate the
duties between administrators of various databases or
between DBAs and the administrator of the Recovery
Catalog.
8. Create Virtual Private Catalog
• RCAT – Recovery Catalog Database, RMAN is the Catalog owner
• DB1,DB2,DB2,DB4 – User/Application Databases
• VPC_USER1 has access to the DB1 and DB2 catalog metadata
• VPC_USER2 has access to the DB3, DB4 catalog metadata.
9. Create Virtual Private Catalog
Step1: Create the database user VPC_USER1, VPC_USER2 in
the Recovery Catalog database and grant the
RECOVERY_CATALOG_OWNER privilege
SQL> create user VPC_USER1 identified by password default
tablespace VPC_USERS TABLESPACE vpc_users temporary tablespace
TEMP;
SQL> create user VPC_USER2 identified by password default
tablespace VPC_USERS TABLESPACE vpc_users temporary tablespace
TEMP;
SQL> grant RECOVERY_CATALOG_OWNER to VPC_USER1;
SQL> grant RECOVERY_CATALOG_OWNER to VPC_USER2;
10. Create Virtual Private Catalog
Step2: Connect to the RMAN catalog as catalog owner and
grant privileges to the virtual private catalog owner
SQL> rman CATALOG rman/<password>@rmancat
Recovery Manager: Release 10.2.0.4.0 - Production on Wed Jul 1
10:56:59 2015 Copyright (c) 1982, 2007, Oracle. All rights
reserved. Connected to recovery catalog database
RMAN> grant catalog for database DB1 to VPC_USER1;
RMAN> grant catalog for database DB2 to VPC_USER1;
RMAN> grant catalog for database DB3 to VPC_USER2;
RMAN> grant catalog for database DB4 to VPC_USER2;
Note: The virtual private catalog users VPC_USER1, VPC_USER2 don’t have access
to the metadata as the virtual private catalog is not yet created.
11. Create Virtual Private Catalog
Step3: Connect to the RMAN catalog as virtual private catalog
owner and create a virtual private catalog VPC_USER1
SQL> rman catalog VPC_USER1/password@RMANCAT
Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jul 1
12:18:38 2015 Copyright (c) 1982, 2011, Oracle and/or its
affiliates. All rights reserved. connected to recovery catalog
database
RMAN> create VIRTUAL CATALOG;
found eligible base catalog owned by RMAN created virtual
catalog against base catalog owned by RMAN
12. Create Virtual Private Catalog
• Connect to the RMAN catalog as virtual private catalog
owner and create a virtual private catalog VPC_USER2
SQL> rman catalog VPC_USER2/password@RMANCAT
Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jul 1
12:18:38 2015 Copyright (c) 1982, 2011, Oracle and/or its
affiliates. All rights reserved. connected to recovery catalog
database
RMAN> create VIRTUAL CATALOG;
found eligible base catalog owned by RMAN created virtual
catalog against base catalog owned by RMAN
13. Manage Virtual Private Catalog
Step4: Connect to catalog owner RMAN and list all registered
databases
RMAN> list db_unique_name all;
List of Databases
DB Key DB Name DB ID Database Role Db_unique_name
------- ------- ----------------- ---------------
1 DB1 1790162170 PRIMARY DB1
3419 DB2 3510904891 PRIMARY DB2
6531 DB3 3510904891 PRIMARY DB3
9231 DB4 3510904891 PRIMARY DB4
14. Manage Virtual Private Catalog
• Connect to catalog owner VPC_USER1 and list all
registered databases
RMAN> list db_unique_name all;
List of Databases
DB Key DB Name DB ID Database Role Db_unique_name
------- ------- ----------------- ---------------
1 DB1 1790162170 PRIMARY DB1
3419 DB2 3510904891 PRIMARY DB2
15. Manage Virtual Private Catalog
• Connect to catalog owner VPC_USER2 and list all
registered databases
RMAN> list db_unique_name all;
List of Databases
DB Key DB Name DB ID Database Role Db_unique_name
------- ------- ----------------- ---------------
6531 DB3 3510904891 PRIMARY DB3
89231 DB4 3510904891 PRIMARY DB4
16. Manage Virtual Private Catalog
Step 5: Granting/revoking privileges from the virtual private
catalog owner
• Grant the access to register new target database to virtual private catalog owner:
RMAN> grant register database to VPC_USER1;
RMAN> grant register database to VPC_USER2;
• Revoke the access to register new target database from virtual private catalog owner
RMAN> revoke register database from VPC_USER1;
RMAN> revoke register database from VPC_USER2;
17. Manage Virtual Private Catalog
• Revoke the access to metadata for DB2 ,DB4 databases from virtual private catalog
owners.
RMAN> revoke catalog for database DB2 from VPC_USER1;
RMAN> revoke catalog for database DB4 from VPC_USER2;
18. Manage Virtual Private Catalog
Step 6: Drop the virtual private catalog
• Connect to the RMAN catalog as virtual private catalog owner and drop the virtual
private catalog
SQL> rman catalog VPC_USER1/password@RMANCAT
RMAN>
RMAN> drop catalog;
recovery catalog owner is VPC_USER1
enter DROP CATALOG command again to confirm catalog removal
RMAN> drop catalog;
recovery catalog dropped
RMAN>
19. Manage Virtual Private Catalog
Step 7: If you are planning to use a 10.2 or older release of
RMAN with virtual private catalog then you need to execute
below procedures to create/drop virtual private catalogs
• Create virtual private catalog:
SQL> execute RMAN.DBMS_RCVCAT.CREATE_VIRTUAL_CATALOG;
Drop virtual private catalog:
SQL> execute RMAN.DBMS_RCVCAT.DROP_VIRTUAL_CATALOG;
Where RMAN is the BASE CATALOG OWNER in the above command.
20. RMAN stored Script
• The stored scripts play an important role between virtual
private catalogs.
• All virtual private catalog users have “read” access to all
global stored scripts, and the scripts can be run across the
environment or are common across the environment need
to be created as global scripts.
• Each virtual private catalog user has non-global stored
scripts that belong to the databases to which they have
privileges.
• The virtual private catalog user cannot access non-global
stored scripts that belong to databases where they don’t
have the correct privileges.
21. RMAN stored Script
• For example, use the below script to create global backup
script. You might want to connect target database DB1 and
recovery catalog owner VPC_USER1.
SQL> rman target sys/password@DB1 catalog VPC_USER1/password@RMANCAT
RMAN> connected to target database: DB1(DBID=4256066018)
connected to recovery catalog database
RMAN> create GLOBAL script GLOBAL_BACKUP (backup database plus
archivelog;);
22. RMAN stored Script
Now the user can connect to a new target database (DB2) and
run the global stored script “global_backup” to back up the
database.
SQL> rman target sys/password@DB2 catalog VPC_USER1/password@RMANCAT
RMAN> connected to target database: DB2(DBID=4257696119)
connected to recovery catalog database
RMAN> RUN {execute script GLOBAL_BACKUP;}
23. RMAN stored Script
If the user created a non-global script by connecting to DB1
and catalog owner as VPC_USER1 then it is not accessible to
the virtual private catalog owner VPC_USER2.
CREATE SCRIPT NON_GLOBACL_backup
{ BACKUP FORMAT "/rman-backup/DB1/%d_%t_%s_%p.rmn"
DATABASE PLUS ARCHIVELOG;
}
RUN {EXECUTE SCRIPT NON_GLOBACL_backup;}
The user can run the PRINT SCRIPT command to display stored script
RMAN> print script GLOBAL_BACKUP;
24. Summary
Virtual private catalog will allow you to maintain only one
recovery catalog repository by securing boundaries between
administrators of various databases or between DBAs, as well
as allowing you to separate their duties.