|Oracle® Database Platform Guide
12c Release 1 (12.1) for Microsoft Windows
|PDF · Mobi · ePub|
This preface describes new and deprecated features of Oracle Database and provides pointers to additional information.
The following are changes in Oracle Database Platform Guide for Oracle Database 12c Release 1 (12.1).
The following features are new in this release:
Support of Oracle Home User on Windows
Starting with Oracle Database 12c Release 1 (12.1), Oracle Database supports the use of Oracle Home User, specified at the time of installation. Oracle Home User is used to run Windows services for the Oracle home. Oracle Home User is associated with an Oracle home and cannot be changed post installation. On a system, different Oracle homes can share the same Oracle Home User or use different Oracle Home User names.
Oracle Home User can be a Windows built-in account or a Windows User Account. For enhanced security, Oracle recommends that the standard Windows User Account be chosen as the Oracle Home User for Oracle Database installations. The primary purpose of Oracle Home User is to run Windows services with Windows User Account. This user account (Oracle Home User) must be a standard Windows user account (not an Administrator). Windows User Account can be a Local User, a Domain User, or a Managed Services Account.
Note:See the Microsoft documentation for more information on different types of Windows user accounts.
This release has also introduced a new Windows utility called the Oracle Home User Control. This is a command-line tool that displays the Oracle Home User name associated with the current Oracle home and updates the password for the Windows User Account (used as Oracle Home User).
"Recommended File System" in Oracle Database Installation Guide for Microsoft Windows
"Configuring Environment Variables for the Software Installation Owner" in Oracle Database Installation Guide for Microsoft Windows
"Managing User Accounts with User Account Control" in Oracle Database Installation Guide for Microsoft Windows
"Operating System Groups Created During Oracle Database Installation" in Oracle Database Installation Guide for Microsoft Windows
The "Specify Oracle Home User" screen in "Table 5-1 Oracle Universal Installer Windows" in Oracle Database Installation Guide for Microsoft Windows
"Set Up the Environment to Support the Standby Database" in Oracle Data Guard Concepts and Administration
"Step 5: (Windows Only) Create an Instance" and "Step 14: (Optional) Enable Automatic Instance Startup" in Oracle Database Administrator's Guide
Oracle ASM File Access Control on Windows
Oracle Automatic Storage Management (Oracle ASM) File Access Control restricts the access of files to specific Oracle ASM clients that connect as
SYSDBA. An Oracle ASM client is typically a database, which is identified as the user that owns the database instance home.
Starting with Oracle Database 12c Release 1 (12.1), Oracle supports the use of standard Windows User Account instead of Local System Account to run Oracle Database services that lets you use separate users for different Oracle databases. This release also supports Oracle ASM disk group file-level access control and privilege separation.
The Oracle ASM File Access Control feature helps to replace the current user with a new user and allows the user to change ownership, group membership, and permissions of a file while the file is open by one or more Oracle ASM clients. This release onwards, the Windows User Accounts used as Oracle Home Users are restricted from directly accessing Oracle ASM storage devices and can be accessed through the Oracle Database services that have sufficient privileges to run that service.
Oracle ASM disk group users now manage ASM disk group user replacement with new ASMCMD commands and SQL statements.
"Managing Oracle ASM File Access Control for Disk Groups" in Oracle Automatic Storage Management Administrator's Guide
"Preparing Disks for Oracle Automatic Storage Management" in Oracle Database Installation Guide for Microsoft Windows
Oracle Enterprise Manager Database Express 12c
Oracle Database 12c introduces Oracle Enterprise Manager Database Express 12c, a web-based management tool built into Oracle Database without any need for special installation or management. Using Oracle Enterprise Manager Database Express 12c, you can perform basic administrative tasks such as user, performance, memory, and space management. You can also view performance and status information about your database.
"Features Provided by Oracle Enterprise Manager Database Express 12c" in Oracle Database Installation Guide
"Getting Started with Oracle Database" in Oracle Database Installation Guide
"Installing the Oracle Database Software" in Oracle Database Installation Guide
Support of Oracle Home User for Oracle Net Services
Oracle Database 12c supports Oracle Net services such as Oracle Listener, CMADMIN, and CMAN Proxy Listener to run under Oracle Home User account specified during Oracle Database installation. In earlier releases, Oracle Net services ran under the high-privileged, Windows built-in Local System Account (LSA).
Securing External Procedures
Starting with Oracle Database 12c Release 1 (12.1), a
LIBRARY object can be defined using either an explicit path or a
DIRECTORY object. You can also use the
CREDENTIAL clause to specify the operating system user.
"Configuring Authentication for External Procedures" in Oracle Database Security Guide
"Overview of Commonality in a CDB" in Oracle Database Concepts
Support for Separation of Database Administration Duties
Oracle Database 12c provides support for separation of database administration duties for Oracle Database by introducing task-specific and least-privileged administrative privileges that do not require the
SYSDBA administrative privilege. These new privileges are:
SYSBACKUP for backup and recovery,
SYSDG for Oracle Data Guard, and
SYSKM for encryption key management.
"Extended Oracle Database Groups for Job Role Separation" in Oracle Database Installation Guide
"About Job Role Separation Operating System Privileges Groups and Users" in Oracle Database Installation Guide
"Creating Job Role Separation Operating System Privileges Groups and Users" in Oracle Grid Infrastructure Installation Guide
"Database Administrator Authentication" in Oracle Database Administrator's Guide
"Managing Administrative Privileges" in Oracle Database Security Guide
The following feature is deprecated in this release, and might be desupported in a future release:
Windows NTS Authentication Using the NTLM Protocol
The NTS authentication adapter no longer supports the use of the NT Lan Manager (NTLM) protocol to authenticate Windows domain users. Thus the NTS adapter cannot be used to authenticate users in old Windows NT domains or domains with old Windows NT domain controllers. However, local connections and Oracle Database services running as a Windows Local User continues to be authenticated using NTLM.
See Also:"About Windows Authentication Protocols"
The following features previously described in this guide are no longer supported by Oracle. See Oracle Database Upgrade Guide for a list of desupported features.
Oracle Enterprise Manager Database Control
Oracle COM Automation
Oracle Objects for OLE
Oracle Counters for Windows Performance Monitor