Required O/S permissions for the Delphix user
The provision itself is executed within the context of the environment user specified during the provision. This user does not have to be the Oracle user, and in fact, often is not. The Delphix user must be a member of the oracle group. During a TDE-enabled vPDB provision, the parent keystore is merged from a user-specified location to a location under the keystores root directory. The Delphix user does this copy via ADMINISTER KEY MANAGEMENT
command. Since the Oracle user will do this, the Oracle user must be able to also create files in the wallet location.
The privilege requirements are satisfied by ensuring that the parent keystore has group read privileges, and the keystores root directory (owned by the Delphix user) has group write privileges.
Applicable only for OKV
If TDE is configured using sqlnet.ora
for a database version of Oracle 18c or higher and provisioning to a vCDB, it is crucial to ensure that the Delphix Continuous Data Engine user has the necessary access to create a directory under WALLET_ROOT
. This is because Delphix Continuous Data Engine attempts to configure the virtual Container Database (vCDB) using the WALLET_ROOT
initialization parameter. In the case of Oracle Key Vault, the location of WALLET_ROOT
is fixed, specifically the parent directory of OKV_HOME
.