Recently I was creating a DBCS database clone but the creation failed, luckily we could find out the node IPs through support and from the dcs-agent-debug.log we could see following statement failing:
! com.oracle.dcs.commons.exception.DcsException: DCS-10001:Internal error encountered: Failed to run SQL script: /u01/app/oracle/product/12.2.0.1/dbhome_1/rdbms/admin/utlpwdmg.sql. ********
When looking this script what it tries to do is set the default password limits for DEFAULT profile. While trying it out on the source database I noticed Database Vault was enabled which restricts modifying that profile.
Two possible workarounds since this wasn’t a production database, disable vault and take new backup which required a bounce of database or give SYS access to modify DEFAULT profile.
I opted for latter since it didn’t involve DB bounce. What I wanted to do is to give SYS grant for role DV_ACCTMGR profile, it has less privileges compared to DV_OWNER but it still can modify profiles.
[oracle@dbcs] sqlplus C##DBV_ACCTMGR_ROOT --this is DVACCTMGR role "owner"
SQL*Plus: Release 12.2.0.1.0 Production on Fri Dec 11 15:24:54 2020
Copyright (c) 1982, 2016, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 12c EE Extreme Perf Release 12.2.0.1.0 - 64bit Production
SQL> grant DV_ACCTMGR to sys container=ALL;
Grant succeeded.
SQL> conn sys
Enter password:
Connected.
SQL> ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 3; --try to modify profile to see it works
Profile altered.
After this was done I went to OCI Console and just ran a new manual backup for the instance.
Once the backup is finished I revoked the privilege from SYS.
SQL> conn C##DBV_ACCTMGR_ROOT
Enter password:
Connected.
SQL> revoke DV_ACCTMGR from sys container=all;
Revoke succeeded.
And started the clone:
After this no issues on creating DBCS clone from backup. I also have a SR open for this and will update later what Oracle thinks is required or if they will have a fix for this.
If you have production database which you would need to clone I’d be sure to verify if you can play around with grants like this.
I recently came across requirement to get OCI Oracle Autonomous Database audit logs to OCI…
Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…
I bet few years back folks didn't expect that by 2024 we would be able…
This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…