Skip to main content
  • EN
Solved

How can I run RMAN without 'LOCAL OS' ACCOUNT ???

Hi all,

 

I have a question about RMAN Backup.

 

I've been testing RMAN Backup at a customer recently.

 

For security reasons, they have blocked access to DB and RMAN with the OS account and only allow access with the DB account 'sys'.

 

I know Veeam recommends that use an OS account (typically ‘oracle’) that belongs to the 'dba' group and has ‘SYSDBA’ privileges but, this is company's security policy.

 

This doesn't work, so the plug-in won't install, and I can't run the RMAN script.
My case is not the first one in the world.
Veeam support team just tells me to assign permissions to the OS account (which is irresponsible).

 

Is there any workaround?

 

Thanks in advanced !

 

 

 

2 comments

Michael Melter
Userlevel 7
Badge +10

Hi @hoon0715.

Welcome to the community.

Are we talking Linux or Windows here? Do you refer to installing the plugin manually or do you try to get into managed mode? If you have high security demands, I would suggest going unmanaged first as you don’t have to provide any credentials within VBR then. Backup will be completely in the hands of the DBAs on the Oracle machine.

According to your description I fear you mixed up “classical” non-RMAN backup with Veeam - which is also well possible - with RMAN integration?

To be able to backup with RMAN you have to install the plugin with the user that also runs RMAN, as it integrates and has to interfere here.

Regarding Linux the user has to be member of the OSDBA group (in most cases called “dba”) and has to have sysdba privileges. Otherwise you cannot register the plugin within RMAN.

https://helpcenter.veeam.com/docs/backup/plugins/rman_plugin_permissions.html?ver=120

This is something that can completely be done by the Oracle DBAs and should not lead to any security concerns.

 

Michael Melter - #VeeamLegend #veeam100 | VMCT | VMCE9 | VMCE2020 | VMCE2023 | VMCE2021 | VMCAv1 | VMCA2022 | VCP | MCP | DCIE | PhD | VDST TL3
H

@Michael Melter 
Thanks for reply!

 

This issue was caused by changing the 'TNS' option to 'NONE' in the 'sqlora.net' file, which then required a password to access the database instance and RMAN.

 

I talked with Veeam support team, it seems that the Veeam plugin for oracle rman is still not able to be used normally if the configuration requires a password to access the database instance and RMAN.

Comment


Terms & Conditions