 |
 |
***********************************************************************
* Description: TDE tablespace without Lob data via moving table method
* Date: 02:14 PM EST, 08/14/2017
***********************************************************************
<1> Step 1 - Bounce database into non-archivelog and session restricted mode:
|
|__ SQL> shutdown immediate;
|
|__ SQL> startup mount;
|
|__ SQL> alter database noarchivelog;
|
|__ SQL> select log_mode from v$database;
|
|__ SQL> alter database open;
|
|__ SQL> alter system enable restricted session;
|
|__ SQL> select logins from v$instance;
<2> Step 2 - Disable database internal jobs:
|
|__ SQL> select 'exec dbms_ijob.broken('||job||',true);' from dba_jobs where broken='N';
<3> Step 3 - Create TDE secured tablespace:
|
|__ SQL> CREATE TABLESPACE BTB_GPS_DATA02_SEC DATAFILE '+DATA' SIZE 32767M AUTOEXTEND ON NEXT 1056M ENCRYPTION USING 'AES256' DEFAULT STORAGE(ENCRYPT);
<4> Step 4 - Run below script to prepare table/index moving commands dynamically:
|
|__ SQL> @BTB_GPS_DATA02.sql
-- Table
set pages 10000 lines 1000
set head off
set feedback off
spool BTB_GPS_DATA02_table.sql
select 'alter session set nls_date_format = "DD-MON-YYYY HH24:MI:SS";' from dual;
select 'select sysdate from dual;' from dual;
select 'ALTER TABLE '||t1.OWNER ||'.'||t1.table_name||' MOVE '||' TABLESPACE '|| T1.TABLESPACE_NAME ||'_SEC PARALLEL(DEGREE 4) NOLOGGING;'
from dba_tables T1 where tablespace_name='BTB_GPS_DATA02';
select 'select sysdate from dual;' from dual;
select 'spool off' from dual;
spool off;
-- Table Index:
set pages 10000 lines 1000
set head off
set feedback off
spool BTB_GPS_DATA02_index.sql
select 'alter session set nls_date_format = "DD-MON-YYYY HH24:MI:SS";' from dual;
select 'select sysdate from dual;' from dual;
select 'ALTER INDEX '||t1.OWNER ||'.'||t1.index_name||' Rebuild '||' TABLESPACE '|| T1.TABLESPACE_NAME ||'_SEC PARALLEL(DEGREE 4) NOLOGGING;'
from dba_indexes T1
where T1.tablespace_name='BTB_GPS_DATA02';
select 'select sysdate from dual;' from dual;
select 'spool off' from dual;
spool off;
exit;
<5> Step 5 - Run moving table script:
|
|__ SQL> @BTB_GPS_DATA02_table.sql
<6> Step 6 - Run moving index script:
|
|__ SQL> @BTB_GPS_DATA02_index.sql
<7> Step 7 - Confirm the tablespace is encrypted:
|
|__ SQL> select tablespace_name, encrypted from dba_tablespaces where encrypted='YES' where tablespace_name = 'BTB_GPS_DATA02_SEC';
TABLESPACE_NAME ENC
------------------------------ ---
BTB_GPS_DATA02_SEC YES
<8> Step 8 - Change user default tablespace:
|
|__ SQL> alter user APP_GPS default tablespace BTB_GPS_DATA02_SEC;
<9> Step 9 - Switch database back to archivelog mode and out of restricted mode:
|
|__ SQL> alter system disable restricted session;
|
|__ SQL> select logins from v$instance;
|
|__ SQL> shutdown immediate;
|
|__ SQL> startup mount;
|
|__ SQL> alter database archivelog;
|
|__ SQL> alter database open;
<10> Step 10 - Re-active database internal jobs:
|
|__ SQL> select 'exec dbms_ijob.broken('||job||',false);' from dba_jobs where broken='Y';
Your Comments