Release 1 (9.0.1) for Windows
Part Number A90165-01
 Home |
 Book List |
 Contents |
 Index |  Master Index |  Feedback |
| Oracle9i Network, Directory, and Security Guide Release 1 (9.0.1) for Windows Part Number A90165-01 |
|
Use Oracle Enterprise Security Manager to create and manage enterprise users, roles, and domains. Oracle Enterprise Security Manager is included as an integrated application of the Oracle Enterprise Manager Console. See the Oracle Advanced Security Administrator's Guide for more information on using Oracle Enterprise Security Manager.
This chapter contains these topics:
You can administer external users and roles in Windows 2000 domains, but you cannot use Oracle Enterprise Security Manager to perform this administration. See "How to Administer External Users and Roles" for more information on tools available for administering external users and roles.
Note:
Enterprise users are created and managed centrally in a directory server (for example, Oracle Internet Directory or Active Directory). To allow access to multiple databases, enterprise users need to be defined in each database as an external user.
For example, assume there is an enterprise user (cn=joe,cn=users,dc=acme,dc=com) who needs access to two databases: sales and marketing. This enterprise user must be defined in both databases as an external user.
Most users do not need their own schemas in the database; they typically need to access only application schemas in a database. This is especially critical in an Internet environment, where a number of users access the same application and there is no need to create schemas for each of these users.
In Oracle9i, you can create one shared schema in the database and map multiple enterprise users in a directory server to this one shared schema with Oracle Enterprise Security Manager.
Enterprise user authentication is enabled, if you:
OSAUTH_X509_NAME registry parameter to true. (See "Oracle9i Integration with Active Directory" for instructions.)
The Kerberos authentication protocol is used if the Windows and Oracle releases match those listed in the table in "Windows Authentication Protocols". Otherwise, NTLM is used.
Enterprise Users are assigned one or more enterprise roles. Authorization of enterprise roles is supported with Oracle8i release 8.1.6 and later. An enterprise role is a single role created in a directory server with Oracle Enterprise Security Manager. Use Oracle Enterprise Security Manager to assign global roles and groups located on multiple databases to an enterprise role. A global role is a role that must be created individually in each Oracle9i database.
For example, an enterprise user can be assigned the enterprise role HR, which contains the global role HR user in the human resources database, and the global role employee in the corporate information database. If a user changes jobs, his enterprise role assignment is only changed in the directory, altering his privileges in multiple databases throughout the enterprise. Also, an administrator can add capabilities to enterprise roles or remove privileges from the enterprise role without having to update each users' privileges individually.
Use enterprise roles in environments where users assigned to these roles are located in many geographic regions and must access multiple databases.
|
See Also:
Oracle Advanced Security Administrator's Guide for more information on creating and storing enterprise roles in a directory server with Oracle Enterprise Security Manager |
The permissions authorized to an enterprise user are authorized for the enterprise role contained in the global role.
Users can belong to Windows 2000 global and universal groups. These groups can be assigned to enterprise roles using Oracle Enterprise Security Manager.
|
 Copyright © 1996-2001, Oracle Corporation. All Rights Reserved. |
|