SCURTY for Oracle Installation Guide¶
Preface¶
This guide provides step-by-step instructions of the SCURTY install, upgrade and uninstall processes.
Requirements¶
SCURTY for Oracle may be installed to any Oracle Database Enterprise Edition version 19.23 or above. It can not be installed to an Oracle Standard Edition 2 or any other database.
The installation process needs to be executed by a database account holding the SYSDBA privilege.
SCURTY has to be installed to a PDB (pluggable database), Installaion to a non-CDB or to then root-conatiner are not supported.
The Oracle UTL_SMTP package must be installed. See “Oracle Database PL/SQL Packages and Types Reference” for installation of UTL_SMTP if it is not already installed.
A tablespace with 10GB of free space needs to be provided for installing SCURTY. For an average installation it is recommended to create a tablespace with an initial size of 2GB and to set the AUTOEXTEND MAXSIZE to 10GB.
At least one tablespace for human or generic users has to be provided before creating these users. This tablespace must be presented to SCURTY by executing the procedure p_rep_admin.associate_user_ts.
If it is planned to use the sandboxing feature, a tablespace for sandboxes needs to be provided. The size of this tablespace depends on the number and size of sandboxes that will be created. There is no minimum free space requirement for this tablespace.
The install scripts require a RHEL8 or RHEL9 compatible Linux operating system.
SQL*Plus must be installed and must be in the PATH.
Installation¶
SCURTY ist shipped as TAR-file named scurty-<version>.tar while <version> denotes the version tag, e.g. scurty-2.0.0.tar.
Unpacking the archive in a temporary folder using tar xvf scurty-<version>.tar creates the following directory structure:
scurty-<version>
├── bin
│ ├── sx_install
│ └── sx_uninstall
└── scurty
├── adm
├── CHANGELOG.md
├── INSTALL.md
├── MODULE
├── post
├── pre
├── setup
├── sx_install
├── sx_uninstall
└── VERSION
Change to the scurty directory and execute the install command sx_install.
For a full installation use the -F option, for an upgrade use -D.
Note that you need to connect as SYSDBA. However if you use SYS the as sysdba clause will be appended implicitly by the installer.
Example for full install:
cd scurty-<version>/scurty
./sx_install -F sys/...@<connect>
The complete log can be found in /tmp/sx_install.<timestamp>.log.
Customizing Environments¶
By default SCURTY is installed in a schema user named SCURTY and a tablespace also named SCURTY. This user has a profile associated named SCURTY_PROFILE.
You may change these naming conventions before starting the full installation by editing the parameter file scurty-<version>/scurty/adm/params.inc.
This is also true for several roles created during installation as well as for the roles created by SCURTY at runtime. For these roles the prefixes may be customized.
For a more flexible customization (especially if you want to handle different environments differently) you may copy the originial file params.incto params_<env>.inc where <env> stands for some alphanumeric string denoting the specific environment.
Then call the installer using the -eoption.
For instance, if you have created a file params_SXDEV.inc:
./sx_install -F -e SXDEV sys/...@<connect>
In addition, you may prepare a post-config file in the adm-directory containing several SCURTY API calls which will be executed immediately after the installation is finished.
The file must be named like conf_<mode>_<env>.sql and must have a valid SQL*Plus syntax. <mode>can be F or D depending on the fact that the conf-file should be used for a full or delta (i.e. upgrade) installation, while
For example, for a full installation in the SXDEV environment you may create a conf-file as follows:
--
-- conf_F_SXDEV.sql
--
-- post config after full install in environment SXDEV
-- executed as scurty user
--
begin
p_rep_admin.set_param('adm_env_desc','SX-DEV');
p_rep_admin.set_param('log_level','DEBUG');
p_rep_admin.enable_mv_xch_method;
p_rep_admin.set_param('mon_mail','some.user@sphinx.at');
p_rep_admin.set_param('sbx_spoc_mail','some.user@sphinx.at');
p_rep_admin.set_mail_params (p_server => 'webmail.sphinx.at'
,p_port => 587
,p_noreply => 'noreply@sphinx.at'
,p_user => '...'
,p_pass => '...'
,p_encr => 'STARTTLS'
,p_test_recp => 'some.user@sphinx.at');
end;
/
Removing SCURTY from a DB¶
SCURTY may be removed completely from the database by calling:
./sx_uninstall sys/...@<connect>
During the uninstall process a logical backup from the REG_* views is written to the directory /tmp/sx_uninstall.<timestamp>.backup.
In case of a new installation you may use these SQL-scripts in order to recreate a comple SCURTY configuration.
Warning
Apart from the SCURTY user itsself the uninstaller will remove all VPD-policies and all roles created by SCURTY either at runtime or during installation. Therefore, column and row level security is not in place any more and your data may be accessible in an uncontrolled way.
Users and sandbox schemas created via SCURTY APIs will remain.
Feedback¶
This documentation was created with care. Nevertheless, mistakes slip in. If you find a mistake, we would be happy to know about it and to correct it. Suggestions and comments are welcome, too! Please use customers@sphinx.at for your feedback. Thanks a lot!