|Oracle9i Supplied PL/SQL Packages and Types Reference
Release 1 (9.0.1)
Part Number A89852-02
DBMS_DISTRIBUTED_TRUST_ADMIN procedures maintain the Trusted Servers List. Use these procedures to define whether a server is trusted. If a database is not trusted, Oracle refuses current user database links from the database.
Oracle uses local Trusted Servers Lists, along with enterprise domain membership lists stored in the enterprise LDAP directory service, to determine if another database is trusted. The LDAP directory service entries are managed with the Enterprise Security Manager Tool in OEM.
Oracle considers another database to be "trusted" if it meets the following criteria:
1) It is in the same enterprise domain in the directory service as the local database.
2) The enterprise domain is marked as trusted in the directory service.
3) It is not listed as untrusted in the local Trusted Servers List. Current user database links will only be accepted from another database if both databases involved trust each other.
You can list a database server locally in the Trusted Servers List regardless of what is listed in the directory service. However, if you list a database that is not in the same domain as the local database, or if that domain is untrusted, the entry will have no effect.
This functionality is part of the Enterprise User Security feature of the Oracle Advanced Security Option.
This chapter discusses the following topics:
EXECUTE_CATALOG_ROLE role must be granted to the DBA. To select from the view
SELECT_CATALOG_ROLE role must be granted to the DBA.
It is important to know whether all servers are trusted or not trusted. Trusting a particular server with the
ALLOW_SERVER procedure does not have any effect if the database already trusts all databases, or if that database is already trusted. Similarly, denying a particular server with the
DENY_SERVER procedure does not have any effect if the database already does not trust any database or if that database is already untrusted.
ALLOW_ALL delete all entries (in other words, server names) that are explicitly allowed or denied using the
ALLOW_SERVER procedure or
DENY_SERVER procedure respectively.
Empties the list and inserts a row indicating that all servers should be trusted.
Enables a specific server to be allowed access even though
Empties the list and inserts a row indicating that all servers should be untrusted.
Enables a specific server to be denied access even though allow all is indicated in the list.