How To Uninstall or Reinstall Database Vault in 11g

Step 01: Stop database control, listener and the database.

$ emctl stop dbconsole
$ lsnrctl stop [listener_name]
$ srvctl stop database -d {database_name}
in case of single instance database,
$ sqlplus / as sysdba
SQL> shut immediate

Step 02: Disable Database Vault :

In case of Unix :

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_off ioracle

In case of Windows:

$ cd %ORACLE_HOME%\bin
$ move oradv11.dll oradv11.dll.orig

If we are using Oracle database 11gR2 we can use chopt to disable Database Vault.

$ chopt disable dv

More about chopt,

[oracle@DC-DB-01 ~]$ chopt

usage:

chopt [enable|disable] [option]

options:
                  dm = Oracle Data Mining RDBMS Files
                  dv = Oracle Database Vault option
                lbac = Oracle Label Security
                olap = Oracle OLAP
        partitioning = Oracle Partitioning
                 rat = Oracle Real Application Testing

e.g. chopt enable rat

Step 03: Start the listener and the database

$ lsnrctl start [listener_name]
$ srvctl start database -d {database_name}
in case of single instance database,
$ sqlplus / as sysdba
SQL> shut immediate

Step 04: Disable the Database Vault triggers (Applicable for 11gR1)

conn / as sysdba 
alter trigger dvsys.dv_before_ddl_trg disable; 
alter trigger dvsys.dv_after_ddl_trg disable; 

Note that, these two triggers do not exist in 11gR2 so this step should be executed on 11gR1 only.

Step 05: Identify the DV_OWNER and DV_ACCTMGR users that were configured:

select unique GRANTEE from dba_role_privs
where GRANTED_ROLE in ('DV_ACCTMGR','DV_OWNER')
and grantee <> 'DVSYS';

Step 06: Run script dvremov.sql as SYSDBA after setting parameter recyclebin to OFF:

Note that, in 11.2.0.1 run the following statements before running dvremov.sql:

update dvsys.config$ set status=0;
commit;

conn / as sysdba
alter system set recyclebin=off scope=spfile;

shutdown immediate
startup

run ?/rdbms/admin/dvremov.sql 

After this only DVSYS and DVF users and DV roles are removed, but the security admin and account manager accounts are not removed as they are considered custom database accounts. They have to be removed manually, use the usernames obtained in step 5. (take care not to drop any users that you may have granted these roles manually):

conn / as sysdba

drop user &DV_OWNER cascade;

drop user &DV_ACCTMGR cascade;

dvremov.sql just removes the DV components and does not affect in any way OLS.

Step 07: Run dbms_network_acl_admin.drop_acl(In 11gR2 this is not required as it is included in dvremov.sql)

conn / as sysdba 
exec DBMS_NETWORK_ACL_ADMIN.DROP_ACL ('/sys/acls/dvsys-network-privileges.xml'); 
commit;

Step 08: Turn on Recyclebin feature.

conn / as sysdba
alter system set recyclebin=on scope=spfile;

At this stage Database Vault is removed from the database and the binaries are relinked with dv_off. If Database Vault is not needed (all you wanted to do was to remove/uninstall it) then stop here and restart the database.

If Database Vault needs to be enabled then do the following:
1) Stop Database Control, listener and database.

2) Enable DV :

Unix:
sqlplus / as sysdba
shutdown immediate

cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk dv_on ioracle

Windows:

$ cd %ORACLE_HOME%\bin
$ move oradv11.dll.orig oradv11.dll


Note:
In 11gR2 one can use chopt to enable DV

chopt enable dv


3) Start the listener and the database

4) Run DBCA again to register Database Vault.