Skip Headers

Oracle9i Security and Network Integration Guide
Release 2 (9.2) for Windows

Part Number A95492-01
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback

Go to previous page Go to next page

3
Administering Enterprise Users and Roles

Use Oracle Enterprise Security Manager to create and manage enterprise users, roles, and domains. Oracle Enterprise Security Manager is included as an integrated application of Oracle Enterprise Manager Console. See Oracle Advanced Security Administrator's Guide for more information on using Oracle Enterprise Security Manager.

This chapter contains these topics:

Enterprise User Authentication

Enterprise users are created and managed centrally in a directory server (for example, Oracle Internet Directory or Active Directory). To allow access to multiple databases, enterprise users need to be defined in each database as an external user.

For example, assume there is an enterprise user (cn=joe,cn=users,dc=acme,dc=com) who needs access to two databases: sales and marketing. This enterprise user must be defined in both databases as an external user.

Most users typically need to access only application schemas in a database, so they usually do not need their own schemas. In Oracle9i, you can create one shared schema in the database and map multiple enterprise users in a directory server to this one shared schema with Oracle Enterprise Security Manager. This is especially useful in an Internet environment, where a number of users access an application at the same time. With a shared schema there is no need to create separate schemas for each user.

See Also:

Oracle Advanced Security Administrator's Guide for more information

Enterprise user authentication is enabled, if you:

The Kerberos authentication protocol is used if Windows and Oracle releases match those listed in Table 1-1, "Software Requirements to Enable Kerberos Authentication Protocol". Otherwise, NTLM is used.

Enterprise Role Authorization

An enterprise user is assigned an enterprise role; some users are assigned more than one. Enterprise roles authorization is supported with Oracle8i release 8.1.6 and later. An enterprise role is a single role created in a directory server with Oracle Enterprise Security Manager. Use Oracle Enterprise Security Manager to assign global roles and groups located on multiple databases to an enterprise role. A global role must be created individually in each Oracle9i database.

For example, as an enterprise user you can be assigned enterprise role HR (which contains global role HR user) in the human resources database. You can also be assigned global role employee in the corporate information database. If you change jobs, your enterprise role assignment is changed only in the directory, altering your privileges in multiple databases throughout the enterprise. Also, an administrator can add capabilities to enterprise roles or remove a privilege from the enterprise role without having to update each user's privileges individually.

Use enterprise roles in environments where users assigned to these roles are located in many geographic regions and must access multiple databases.

See Also:

Oracle Advanced Security Administrator's Guide for more information on creating and storing enterprise roles in a directory server with Oracle Enterprise Security Manager

Permissions authorized to an enterprise user are authorized for the enterprise role contained in the global role.

Users can belong to Windows 2000 global groups and universal groups. These groups can be assigned to enterprise roles using Oracle Enterprise Security Manager.


Note:

Enterprise roles are authorized by the directory server, and not by setting initialization file parameter OS_ROLES to true (the method for enabling external role authorization).



Go to previous page Go to next page
Oracle
Copyright © 1996, 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Book List
Go To Table Of Contents
Contents
Go To Index
Index

Master Index

Feedback