You can choose to create one administrative user and one group for operating systemauthentication for all system privileges on the storage and database tiers. Forexample, you can designate the oracleuser to be the installation owner for all Oraclesoftware, and designate oinstallto be the group whose members are granted allsystem privileges for Oracle Clusterware; all system privileges for Oracle ASM; allsystem privileges for all Oracle Databases on the servers; and all OINSTALLsystemprivileges for installation owners. This group must also be the Oracle Inventory group.If you do not want to use role allocation groups, then Oracle strongly recommends thatyou use at least two groups:•A system privileges group whose members are granted administrative systemprivileges, including OSDBA, OSASM, and other system privileges groups.•An installation owner group (the oraInventorygroup) whose members are grantedOracle installation owner system privileges (the OINSTALLsystem privilege).Note:To configure users for installation that are on a network directory servicesuch as Network Information Services (NIS), refer to your directory servicedocumentation.Related Topics•Oracle Database Administrator’s Guide•Oracle Automatic Storage Management Administrator's GuideChapter 5Oracle Installations with Standard and Job Role Separation Groups and Users5-8
Standard Oracle Database Groups for Database AdministratorsOracle Database has two standard administration groups: OSDBA, which is required,and OSOPER, which is optional.•The OSDBA group (typically, dba)You must create this group the first time you install Oracle Database software onthe system. This group identifies operating system user accounts that havedatabase administrative privileges (the SYSDBAprivilege).If you do not create separate OSDBA, OSOPER, and OSASM groups for theOracle ASM instance, then operating system user accounts that have the SYSOPERand SYSASMprivileges must be members of this group. The name used for thisgroup in Oracle code examples is dba. If you do not designate a separate group asthe OSASM group, then the OSDBA group you define is also by default theOSASM group.•The OSOPER group for Oracle Database (typically, oper)OSOPER grants the OPERATOR privilege to start up and shut down the database(the SYSOPERprivilege). By default, members of the OSDBA group have allprivileges granted by the SYSOPERprivilege.Extended Oracle Database Groups for Job Role SeparationOracle Database 12cRelease 1 (12.1) and later releases provide an extended set ofdatabase groups to grant task-specific system privileges for database administration.The extended set of Oracle Database system privileges groups are task-specific andless privileged than the OSDBA/SYSDBA system privileges. They are designed toprovide privileges to carry out everyday database operations. Users granted thesesystem privileges are also authorized through operating system group membership.