Enterprise Backup Utility Privileges
This chapter describes how to set up the Enterprise Backup Utility
Topics covered in this chapter are:
Installing and Setting Up EBU in a Target Database
Setting up the Enterprise Backup Utility has been simplified with release 2.1. Perform the following steps to install EBU and set up a backup catalog:
1. Verify that the database names of the target databases (and catalog database if it already exists) are not "DEFAULT". The database name is specified in the initsid.ora file or one of its include files, or you can query the V$DATABASE view from each database.
Additional Information: Oracle7 Server Administrator's Guide for instructions on how to change the name of a target database, if necessary.
2. Create a database in which to install the backup catalog user and schema (if one does not already exist).
3. Verify that you can connect to the catalog database from the target database machine with a SQL*Net connect string. For example:
obk/obk@ebu_cat
Note: EBU supports both SQL*Net v1 and v2. Only SQL*Net v2, however, can be used with Oracle7 release 7.3.
4. As the oracle software owner, install EBU using the Oracle Installer (see the CD-ROM insert that accompanies the EBU distribution for instructions on starting the Installer).
5. Set the OBK_HOME environment variable to the directory where EBU is installed, and update the PATH of all EBU users to include $OBK_HOME/bin.
6. Verify that the DMO from the media management vendor (libobk) is installed according to the media management vendor's instructions, and its location is included in the environment variable that sets the search path for shared libraries.
Attention: Proper installation of the DMO and specifying its location in the search path for shared libraries is essential for using EBU.
7. Create a release 2.1 backup catalog. The method for doing this depends on whether you have a release 2.0 catalog, and whether you will continue to have target database running EBU release 2.0, even after installing EBU 2.1 on some target databases.
Registration does the following:
- If one does not already exist, registration creates the $OBK_HOME/admin/catalog.obk file, which is used to connect to the catalog database.
- It prompts for the connect string to the backup catalog.
- If the catalog user/password does not exist, registration creates the catalog user/password using the SYS account.
- It prompts for the target database user/password and connect string to the target database. This user/password is the same one you created in Step 8.
Note: If you enter incorrect information when EBU prompts for a connection string, EBU prompts you again for correct information, up to three times. You can abort connect operations with [Ctrl]-c.
Database Module for Oracle
EBU release 2.1 includes a version of the DMO that bypasses the media management software and writes directly to disk. This DMO is in the file $OBK_HOME/lib/libobk.DISK (the exact filename varies slightly from platform to platform). It should only be used for testing purposes, such as trying to determine whether a problem originates from EBU or the media management software.
The libobk.DISK DMO is indicated in the log file by the following message:
BACKUP_DIR is not set!!
The following banner may also be written to the log file, indicating the use of the libobk.DISK file:
Tape Management Software: Release 9.9.9.9
Vendor API: Disk API (Oracle Internal Only)
Additional Information: See Also: "Troubleshooting for EBU" ![[*]](jump.gif)
.
Authorizing Target Database Backups
Unless you intend to perform all EBU operations as SYS or INTERNAL, each target database must have a backup user. This is the Oracle user under which all Enterprise Backup Utility operations are performed. Creating the backup user and performing all backup operations with it ensures that the Enterprise Backup Utility has sufficient privileges to execute the necessary SQL commands on the target database.
You must create the backup user with the ebutool utility before registering a database in the backup catalog.
$ ebutool -cretrgtusr
The utility prompts you for the SYS user password and other necessary information for creating the backup user. If you want to change any information about the target database or backup user, you can run ebutool -cretrgtusr again.
OBK_DB_LOGIN
When you invoke obackup to register a database or update its configuration information, the Enterprise Backup Utility prompts you for the backup user/password and the connect alias to the target database. You can pre-empt these prompts by defining the environment variable OBK_DB_LOGIN in the startup files of EBU users.
The syntax for OBK_DB_LOGIN is:
backup_user/password[@connect_alias_to_target_database]
If you define a user/password in OBK_DB_LOGIN, but no connect alias, the Enterprise Backup Utility defaults to the SQL*Net V2 Pipe driver.
Note: If you enter incorrect information when EBU prompts for a connection string, EBU prompts you again for correct information, up to three times. You can abort connect operations with [Ctrl]-c.
Authorizing Database Recovery
Database recovery requires greater privileges than performing backups. Recovery must be performed either by INTERNAL, with the user being in the OSDBA group, or by a user with SYSDBA privileges. For recovery, EBU attempts to connect to the database AS SYSDBA, unless the user is INTERNAL. If you want to use the backup user for recovery, you must grant the SYSDBA role to that user, or be in the OSDBA group. When connecting to perform recovery, the backup user must then connect to the Server as SYSDBA or INTERNAL. For example:
SQL> CONNECT backup_user/password AS SYSDBA
Additional Information: Chapter 1, "The Oracle7 Database Administrator", in the Oracle7 Server Administrator's Guide for more information on administrative privileges and how to grant them.
Setting Up the Backup Catalog
Figure 2 - 1 illustrates the possible scenarios for creating a backup catalog, and outlines the appropriate procedure for each one. Each procedure is described in detail, beginning .
Figure 2 - 1. Backup Catalog Installation Scenarios
First-Time EBU Installation
EBU release 2.1 creates the backup catalog schema automatically, the first time it is invoked. Prior to invoking the utility, you must perform the following steps:
1. Install EBU in the ORACLE_HOME of the target database.
Attention: EBU must be installed on a one-per-oracle software owner, per machine basis. This means that if you have multiple Oracle7 Servers owned by the same UNIX account on a single machine, you only need to install EBU in one ORACLE_HOME.
2. Install an Oracle7 instance and create a database to house the backup catalog.
3. Configure a network connection and SQL*Net v2 alias for the catalog database that should be accessible from the target database.
Note: The default database you can create with the Oracle Installer is adequate for the catalog database. The database name cannot be longer than eight characters (Oracle Corporation recommends four characters or less).
All EBU Installations are Upgraded Together
If all EBU installations can be upgraded within a single time frame, use the following procedure:
1. Install EBU release 2.1 on all target database machines.
2. Verify that the existing, 2.0 backup catalog is running and accessible to all target databases.
3. Execute the following command once to upgrade the catalog:
$ obackup -upgrade
Target Databases are Upgraded at Different Times
If you intend to operate EBU release 2.0 and release 2.1 at the same time, use the following procedure:
1. Install EBU release 2.1 on the desired target database machines.
2. Create a new Oracle7 database as the catalog database for the 2.1 backup catalog.
3. Verify that the new catalog database is accessible from the host where EBU release 2.1 is installed.
4. Execute the following command once for each target database where you have installed EBU release 2.1:
$ ebutool -migrate
The utility prompts for the following connect strings:
The ebutool utility then creates the structures for the new catalog, copies job entries from the 2.0 catalog to the 2.1 catalog, and finally overwrites the catalog.obk file in the $OBK_HOME/admin directory to point to the new catalog database.
If you enter incorrect information when EBU prompts for a connection string, EBU prompts you again for correct information, up to three times. You can abort connect operations with [Ctrl]-c.
Remaining target databases running EBU 2.0 can be upgraded by installing EBU 2.1 on the target database and running the
ebutool -migrate command.
Attention: You must migrate the information from the 2.0 backup catalog before performing any backup jobs with EBU 2.1. If you perform a backup before migrating the catalog, EBU registers the target database as a new target and you lose the ability to use backups from release 2.0.
Enterprise Backup Utility Privileges
Backing up, restoring, and recovering a database requires a high level of Oracle RDBMS privileges. The privileges required by EBU and the reasons for those privileges are summarized in the following sections.
The obackup Executable
The obackup executable assumes the privileges of the oracle software owner (setuid oracle) for the following reasons:
- The executable must be able to clean up the shared memory of the user who started it.
- Signals from the Instance Manager and obackup process must be from the same user.
- The executable must be able to back up and restore all .dbf files, which should be owned by the oracle software owner with permissions set to 600.
- All members of the DBA group should be able to cancel the backup job of another DBA.
The Instance Manager
EBU starts the Instance Manager (the brd process) once per oracle software owner, per host machine basis for the following reasons:
- EBU does not perform cross-host cleanup of system resources such as shared memory.
- The Instance Manager can only monitor jobs pertaining to one catalog. It connects via the $OBK_HOME/admin/catalog.obk file, which is not designed to hold more than one connect string.
Target Database Privileges
Oracle Corporation recommends that the user running EBU on the target database be granted SYSDBA privileges for the following reasons:
- If EBU is used to perform recovery, then the user must have SYSDBA privileges or be in the OSDBA group.
- On backup, the user must be able to issue the ALTER TABLESPACE BEGIN BACKUP command, must be able to create a view, X_$KCCDI, and to select from SYS.X_$KCCDI.
- On restore, the user must be the same as the user that performed the backup.
