Oracle9i Network, Directory, and Security Guide
Release 1 (9.0.1) for Windows

Part Number A90165-01
Go To Documentation Library
Go To Product List
Book List
Go To Table Of Contents
Go To Index

Master Index


Go to previous page Go to next page


Active Directory Service Interfaces (ADSI)

A client-side product based on the Component Object Model (COM). ADSI defines a directory service model and a set of COM interfaces that enable Windows 2000, Windows NT, Windows 98, and Windows 95 client applications to access several network directory services, including Active Directory. ADSI allow applications to communicate with Active Directory.

alert file

A file that contains important information and error messages that are generated during database operations.


To verify the identity of a user, device, or other entity in a computer system, often as a prerequisite for allowing access to resources in a system.


The process of verifying the identity of a user, device, or other entity in a computer system, often as a prerequisite to granting access to resources in a system. A recipient of an authenticated message can be certain of the message's origin (its sender). Authentication is presumed to preclude the possibility that another party has impersonated the sender.


Permission given to a user, program, or process to access an object or set of objects. In Oracle, authorization is done through the role mechanism. A single person or a group of people can be granted a role or a group of roles. A role, in turn, can be granted other roles. The set of privileges available to an authenticated entity.

Certificate Authority

A certificate authority (CA) is a trusted third party that certifies the identity of other entities such as users, databases, administrators, clients, and servers. The certificate authority verifies the user's identity and grants a certificate, signing it with the certificate authority's private key.

Common Object Request Broker Architecture (CORBA)

A standard that enables distributed objects to communicate with each other, independent of programming language, operating system, and location.

connect descriptor

A specially formatted description of the destination for a network connection. A connect descriptor contains destination service and network route information. The destination service is indicated by using its service name for Oracle9i or Oracle8i databases or its Oracle system identifier (SID) for Oracle8 release 8.0 databases. The network route provides, at a minimum, the location of the listener through use of a network address.

connect identifier

A net service name or service name, that maps to a connect descriptor. Users initiate a connect request by passing a username and password along with a connect identifier in a connect string for the service to which they wish to connect, for example:

CONNECT username/password@connect_identifier

connect string

Information the user passes to a service to connect, such as username, password and net service name. For example:

CONNECT username/password@net_service_name

control file

A file that records the physical structure of a database and contains the database name, the names and locations of associated databases and online redo log files, the timestamp of the database creation, the current log sequence number, and checkpoint information.


A username, password, or certificate used to gain access to the database.

data dictionary

A set of read-only tables that provide information about a database.

database alias

See net service name.

digital certificate

An ITU X.509 v3 standard data structure that securely binds an identity to a public key. A certificate is created when an entity's public key is signed by a trusted identity, a certificate authority. The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity.


To transform an installed version of an Oracle database from a later release back into an earlier release.

Dynamic Link Library (DLL)

An executable file that a Windows application can load when needed.


The process of disguising a message rendering it unreadable to any but the intended recipient.

Enterprise Java Beans

A server-side component model for Java.

external role

Roles created and managed by the Windows NT and Windows 20000 operating systems. Once an external role is created, you can grant or revoke that role to a database user. You must set the init.ora parameter OS_ROLES to true and restart your Oracle database before you can create an external role. You cannot use both Windows operating systems and the Oracle database to grant roles concurrently.

external routine

A function written in a third-generation language (3GL), such as C, and callable from within PL/SQL or SQL as if it were a PL/SQL function or procedure.

external user

A user authenticated by the Windows 2000 or Windows NT operating system who can access the Oracle database without being prompted for a password. External users are typically regular database users (non-database administrators) to which you assign standard database roles (such as CONNECT and RESOURCE), but do not want to assign SYSDBA (database administrator) or SYSOPER (database operator) privileges.


A group of one or more Active Directory trees that trust each other. All trees in a forest share a common schema, configuration, and global catalog. When a forest contains multiple trees, the trees do not form a contiguous namespace. All trees in a given forest trust each other through transitive bidirectional trust relationships.

Globalization Support

The Oracle architecture that ensures that database utilities, error messages, sort order, date, time, monetary, numeric, and calendar conventions automatically adapt to the native language and locale.


Represents a unique registry subkey for each Oracle home directory in which you install products. A new HOMEID is created and incremented each time you install products to a different Oracle home directory on one computer. Each HOMEID contains its own configuration parameter settings for installed Oracle products.


Represents the name of an ORACLE_HOME. All Oracle homes have a unique HOME_NAME.

initialization parameter file

An ASCII text file that contains information needed to initialize a database and instance. The init.ora file resides in \ORACLE_BASE\admin\DB_NAME\pfile directory on Windows operating systems.


Every running Oracle database is associated with an Oracle instance. When a database is started on a database server (regardless of the type of computer), Oracle allocates a memory area called the System Global Area (SGA) and starts one or more Oracle processes. This combination of the SGA and the Oracle processes is called an instance. The memory and processes of an instance manage the associated database's data efficiently and serve the one or more users of the database.

Internet Inter-ORB Protocol (IIOP)

A standard that enables Object Request Brokers (ORBs) from different vendors to communicate with each other using TCP/IP.


See Lightweight Directory Access Protocol.

Lightweight Directory Access Protocol (LDAP)

A standard, extensible directory access protocol. It is a common language that LDAP clients and servers use to communicate. LDAP is a framework of design conventions supporting industry-standard directory products, such as the Oracle Internet Directory.


A process that resides on the server whose responsibility is to listen for incoming client connection requests and manage the traffic to the server.

Every time a client requests a network session with a server, a listener receives the actual request. If the client information matches the listener information, then the listener grants a connection to the server.


A configuration file for the listener that identifies the listener name, protocol addresses for accepting connection requests, and the services for which it is listening.

The listener.ora file typically resides in ORACLE_BASE\ORACLE_HOME\network\admin on Windows operating systems.

local role

Roles created and managed by the database. Once a local role is created, you can grant or revoke that role to a database user. You cannot use both Windows NT (for external roles) and the Oracle database (for local roles) to grant roles concurrently.

Microsoft Management Console

An application that serves as a host for administrative tools called snap-ins. By itself, Microsoft Management Console does not provide any functionality.

Microsoft Transaction Server

A COM-based transaction processing system that runs on an Internet or network server.


To transform an installed version of an Oracle database from a major release to another major release, for example, from Oracle8 to Oracle9i.


To associate a database with an instance that has been started.

multiple Oracle homes

The capability of having more than one Oracle home on a computer.

net service name

The name used by clients to identify a database server. A net service name is mapped to a port number and protocol. Also known as a connect string, database alias, or service name.

network listener

A listener on a server that listens for connection requests for one or more databases on one or more protocols. See listener.

network service

In an Oracle application network, a service performs tasks for its service consumers. For example, an Oracle Names server provides name resolution services for clients.

NT global groups

Contains users with access to computers and resources throughout the current domain and within any other domains that trust it. Global groups only contain global domain user accounts as their members.

Object Request Broker (ORB)

A software component that serves as the middle ware between distributed objects. The distributed objects must comply with the Common Object Request Broker Architecture (CORBA) standard.

Optimal Flexible Architecture (OFA)

A set of file naming and placement guidelines for Oracle software and databases.

Oracle Call Interface (OCI)

An application programming interface that enables you to manipulate data and schemas in an Oracle database. You compile and link an Oracle Call Interface program in the same way that you compile and link a nondatabase application. There is no need for a separate preprocessing or precompilation step.

Oracle9i Enterprise Edition, Oracle9i Standard Edition, and Oracle9i Personal Edition

The information in this guide applies to the Oracle9i Enterprise Edition, Oracle9i Standard Edition, and Oracle9i Personal Edition database types. Unless otherwise noted, the features and functionality described in this guide are common to all three database types.


Oracle base, known as ORACLE_BASE in this guide, is the root of the Oracle directory tree.

If you install an OFA-compliant database using Oracle Universal Installer defaults, ORACLE_BASE is X:\ORACLE where X is any hard drive (for example, C:\ORACLE).


Corresponds to the environment in which Oracle products run. This environment includes the location of installed product files, the PATH variable pointing to the products' binary files, registry entries, net service names, and program groups.

If you install an OFA-compliant database, using Oracle Universal Installer defaults, Oracle home (known as \ORACLE_HOME in this guide) is located beneath X:\ORACLE_BASE. It contains subdirectories for Oracle software executables and network files.

Oracle Net

A component of Oracle Net Services that enables a network session from a client application to an Oracle database server. Once a network session is established, Oracle Net acts as a data courier for the client application and the database server. It is responsible for establishing and maintaining the connection between the client application and database server, as well as exchanging messages between them. Oracle Net is able to perform these jobs because it is located on each computer in the network.

Oracle Net foundation layer

A networking communication layer that is responsible for establishing and maintaining the connection between the client application and server, as well as exchanging messages between them.

Oracle Net Services

A suite of networking components that provide enterprise-wide connectivity solutions in distributed, heterogeneous computing environments. Oracle Net Services are comprised of the Oracle Net, listener, Oracle Connection Manager, Oracle Net Configuration Assistant, and Oracle Net Manager.

Oracle Protocol Support

A software layer responsible for mapping Transparent Network Substrate (TNS) functionality to industry-standard protocols used in the client/server connection.

Oracle service

A service that is associated with an Oracle component.

Oracle9i JVM

Oracle9i includes Oracle9i JVM, the integrated Java Virtual Machine. Oracle9i JVM provides Java2 support (JDK1.2), a CORBA 2.0 Object Request Broker, an embedded JDBC driver, a SQLJ translator, and an Enterprise Java Beans transaction server.


Oracle Corporation's procedural language extension to SQL.

PL/SQL enables you to mix SQL statements with procedural constructs. You can define and execute PL/SQL program units such as procedures, functions, and packages.


A programming tool that enables you to embed SQL statements in a high-level source program.

private key

In public-key cryptography, this key is the secret key. It is primarily used for decryption but is also used for encryption with digital signatures.


A right to execute a particular type of SQL statement or to access another user's object.


A mechanism in an operating system that can run an executable. (Some operating systems use the term job or task.) A process normally has its own private memory area in which it runs. On Windows NT, a process is created when a program runs (such as Oracle or Microsoft Word). In addition to an executable program, all processes consist of at least one thread. The ORACLE master process contains hundreds of threads.

public key infrastructure

Information security technology utilizing the principles of public key cryptography. Public key cryptography involves encrypting and decrypting information using a shared public and private key pair. Provides for secure, private communications within a public network.


A limit on a resource, such as a limit on the amount of database storage used by a database user. A database administrator can set tablespace quotas for each Oracle username.


To restore a physical backup is to reconstruct it and make it available to the Oracle server. To recover a restored backup is to update it using redo records (that is, records of changes made to the database after the backup was taken). Recovering a backup involves two distinct operations: rolling forward the backup to a more current time by applying redo data, and rolling back all changes made in uncommitted transactions to their original state.

redo log buffer

A circular buffer in the System Global Area (SGA) that contains information about changes made to the database.

redo log file

A file that contains a record of all changes made to data in the database buffer cache. If an instance failure occurs, the redo log files are used to recover the modified data that was in memory.


A Windows repository that stores configuration information for a computer.

remote computer

A computer on a network other than the local computer.

remote database

A database on a remote computer from the local client computer.


The process of copying and maintaining database objects in multiple databases that make up a distributed database system.


A named group of related privileges. You can grant a role to users or other roles.


A named collection of objects, such as tables, views, clusters, procedures, and packages, associated with a particular user.


An executable process installed in the Windows NT registry and administered by Windows NT. Once a service is created and started, it can run even when no user is logged on to the computer.

service name

See net service name.


See system identifier (SID).


An administrative tool that runs within Microsoft Management Console.

starter database

A preconfigured, ready-to-use database that requires minimal user input to create.


A special database administration role that contains all system privileges with the ADMIN OPTION, and the SYSOPER system privilege. SYSDBA also permits CREATE DATABASE actions and time-based recovery.


A special database administration role that permits a database administrator to perform STARTUP, SHUTDOWN, ALTER DATABASE OPEN/MOUNT, ALTER DATABASE BACKUP, ARCHIVE LOG, and RECOVER, and includes the RESTRICTED SESSION privilege.

System Global Area (SGA)

A group of shared memory structures that contain data and control information for an Oracle instance.

system identifier (SID)

A unique name for an Oracle instance. To switch between Oracle databases, users must specify the desired SID. The SID is included in the CONNECT DATA parts of the connect descriptors in a tnsnames.ora file, and in the definition of the network listener in a listener.ora file.

SYSTEM username

One of two standard DBA usernames automatically created with each database. (The other username is SYS.) SYSTEM is created with an initial password of MANAGER. The SYSTEM username is the preferred username for DBAs to use for database maintenance.


A database is divided into one or more logical storage units called tablespaces. Tablespaces are divided into logical units of storage called segments, which are further divided into extents.


An individual path of execution within a process. Threads are objects within a process that execute program instructions. Threads allow concurrent operations within a process so that a process can execute different parts of its program simultaneously on different processors. A thread is the most fundamental component that can be scheduled on Windows NT.


A file that contains connect descriptors mapped to net service names. The file may be maintained centrally or locally, for use by all or individual clients.

The tnsnames.ora file typically resides in ORACLE_BASE\ORACLE_HOME\network\admin on Windows NT.

trust point

A trust point or trusted certificate is a third party identity that is qualified with a level of trust. The trusted certificate is used when an identity is being validated as the entity it claims to be. The certificate authorities you trust are called trusted certificates. If there are several levels of trusted certificates, a trusted certificate at a lower level in the certificate chain does not need to have all its higher level certificates reverified.


To transform an installed version of an Oracle database major release into another major release of the same version. Compare with "migrate".


A name that can connect to and access objects in a database.


A selective presentation of the structure of, and data in, one or more tables (or other views).

Go to previous page Go to next page
Copyright © 1996-2001, Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Go To Product List
Book List
Go To Table Of Contents
Go To Index

Master Index