Oracle Local Groups

This release adds enhanced support of the Oracle local user groups. In previous releases, when adding a database to a cluster group (role), if the operating system authentication was chosen for the authentication method, Oracle Fail Safe would create a local group named ORA_sid_DBA on the other nodes in the cluster and it would add the Fail Safe server username to that group. If the ORA_sid_DBA local group on the original owner node contained other member entries, those entries were not replicated to the other cluster nodes.

In this release of Oracle Fail Safe when a database is added to a cluster group, if the ORA_sid_DBA local group exists, it is copied to the other cluster nodes. Similarly, the ORA_sid_OPER group is replicated to other nodes. Fail Safe will not copy any group members that are specific to that node, such as a local user name. It will copy Windows built-in members. For example, the built-in Administrators member will be copied to other nodes.

During cluster validation, Oracle Fail Safe compares the Oracle local user groups on each node in the cluster to determine if they have the same member lists. The specific groups that are verified are:

  • ORA_DBA

  • ORA_OPER

  • ORA_homename_DBA

  • ORA_homename_OPER

  • ORA_homename_SYSBACKUP

  • ORA_homename_SYSDG

  • ORA_homename_SYSKM

  • ORA_sid_DBA

  • ORA_sid_OPER

If a local group does not have identical member lists on all nodes of the cluster, a warning message is issued. Oracle Fail Safe only examines the ORA_sid_DBA and ORA_sid_OPER local groups for databases that are cluster resources (members of a cluster role).