OCP 1Z0 053 113

113.Which statement is true regarding virtual private catalogs? 
A. A virtual private catalog owner can create a local stored script, and have read/write access to a global 
stored script. 
B. The virtual private catalog owner cannot create and modify the stored scripts. 
C. The set of views and synonyms that make up the virtual private catalog is stored in the schema of the 
RMAN recovery catalog owner. 
D. To perform most of the RMAN operations, the virtual catalog owner must have the SYSDBA or 
SYSOPER privilege on the target database. 
Answer: D

A 对于global stored script，只能access，不能write
B 可以修改所管辖数据库的备份脚本
C 数据字典应存于catalog的sys下面

对D的描述存疑

System PrivilegeOperations AuthorizedSYSDBA

• Perform STARTUP and SHUTDOWN operations

• ALTER DATABASE: open, mount, back up, or change character set

• CREATE DATABASE

• DROP DATABASE

• CREATE SPFILE

• ALTER DATABASE ARCHIVELOG

• ALTER DATABASE RECOVER

• Includes the RESTRICTED SESSION privilege

Effectively, this system privilege allows a user to connect as user SYS.

SYSOPER

• Perform STARTUP and SHUTDOWN operations

• CREATE SPFILE

• ALTER DATABASE OPEN/MOUNT/BACKUP

• ALTER DATABASE ARCHIVELOG

• ALTER DATABASE RECOVER (Complete recovery only. Any form of incomplete recovery, such as UNTIL TIME|CHANGE|CANCEL|CONTROLFILE requires connecting as SYSDBA.)

• Includes the RESTRICTED SESSION privilege

This privilege allows a user to perform basic operational tasks, but without the ability to look at user data.

http://docs.oracle.com/cd/E11882_01/backup.112/e10642/rcmcatdb.htm#BRADV89656

Creating and Managing Virtual Private Catalogs

About Virtual Private Catalogs

By default, all of the users of an RMAN recovery catalog have full privileges to insert, update, and delete any metadata in the catalog. For example, if the administrators of two unrelated databases share the same recovery catalog, each administrator could, whether inadvertently or maliciously, destroy catalog data for the other's database. In many enterprises, this situation is tolerated because the same people manage many different databases and also manage the recovery catalog. But in other enterprises where clear separation of duty exists between administrators of various databases, and between the DBA and the administrator of the recovery catalog, you may desire to restrict each database administrator to modify only backup metadata belonging to those databases that they are responsible for, while still keeping the benefits of a single, centrally-managed, RMAN recovery catalog. This goal can be achieved by implementing virtual private catalogs.

Every 11g recovery catalog supports virtual private catalogs, but they are not used unless explicitly created. There is no restriction to the number of virtual private catalogs that can created beneath one recovery catalog. Each virtual private catalog is owned by a database schema user which is different than the user who owns the recovery catalog.

After creating one or more virtual private catalogs, using the directions that follow, the administrator for the recovery catalog grants each virtual private catalog the privilege to use that catalog for one or more databases that are currently registered in the recovery catalog. The administrator of the recovery catalog can also grant the privilege to register new databases while using a virtual private catalog.

Note:

Every virtual private catalog has access to allglobal stored scripts and those non-global stored scripts thatbelong to those databases for which this virtual private catalog has privileges. Virtual private catalogs cannot access non-global stored scripts that belong to databases that they do not have privileges for, and they cannot create global stored scripts.