You can choose to create one administrative user and one group for operating

You can choose to create one administrative user and

This preview shows page 94 - 96 out of 284 pages.

You can choose to create one administrative user and one group for operating system authentication for all system privileges on the storage and database tiers. For example, you can designate the oracle user to be the installation owner for all Oracle software, and designate oinstall to be the group whose members are granted all system privileges for Oracle Clusterware; all system privileges for Oracle ASM; all system privileges for all Oracle Databases on the servers; and all OINSTALL system privileges for installation owners. This group must also be the Oracle Inventory group. If you do not want to use role allocation groups, then Oracle strongly recommends that you use at least two groups: A system privileges group whose members are granted administrative system privileges, including OSDBA, OSASM, and other system privileges groups. An installation owner group (the oraInventory group) whose members are granted Oracle installation owner system privileges (the OINSTALL system privilege). Note: To configure users for installation that are on a network directory service such as Network Information Services (NIS), refer to your directory service documentation. Related Topics Oracle Database Administrator’s Guide Oracle Automatic Storage Management Administrator's Guide Chapter 5 Oracle Installations with Standard and Job Role Separation Groups and Users 5-8
Image of page 94
Standard Oracle Database Groups for Database Administrators Oracle Database has two standard administration groups: OSDBA, which is required, and OSOPER, which is optional. The OSDBA group (typically, dba ) You must create this group the first time you install Oracle Database software on the system. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA privilege). If you do not create separate OSDBA, OSOPER, and OSASM groups for the Oracle ASM instance, then operating system user accounts that have the SYSOPER and SYSASM privileges must be members of this group. The name used for this group in Oracle code examples is dba . If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also by default the OSASM group. The OSOPER group for Oracle Database (typically, oper ) OSOPER grants the OPERATOR privilege to start up and shut down the database (the SYSOPER privilege). By default, members of the OSDBA group have all privileges granted by the SYSOPER privilege. Extended Oracle Database Groups for Job Role Separation Oracle Database 12 c Release 1 (12.1) and later releases provide an extended set of database groups to grant task-specific system privileges for database administration. The extended set of Oracle Database system privileges groups are task-specific and less privileged than the OSDBA/SYSDBA system privileges. They are designed to provide privileges to carry out everyday database operations. Users granted these system privileges are also authorized through operating system group membership.
Image of page 95
Image of page 96

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture