The OracleDBCreators group is for the person registering the Oracle Database server.

The domain administrator is automatically a member of this group. Users in this group can:

• Create new Oracle Database objects in the Oracle Context.

• Modify the Oracle Database objects that they create.

• Read, but not modify, the membership for this group.

Describes the various tasks that the users in this group can perform.

Users in the OracleNetAdmins group can:

• Create, modify, and read Oracle Net Services objects and attributes.

• Read the group membership of this group.

In Oracle Database Client 11g or later, directory clients may optionally be configured to authenticate with the directory while resolving DB names to connect strings.

This makes it possible for Oracle Net Services objects to be protected using ACLs.

There are many ways in which the identities of users may be defined in the directory, and how those users or certain groups of users may be given access to some or all Net Services. Oracle Database supplies no predefined groups, and has no procedures in the config tools for defining read-access restrictions on this data. Therefore, administrators must use standard object management tools from their directory system to manually create any necessary groups and ACLs. Existing identity structures may be referred to by Net Service ACLs.

The access definitions for objects are complex and may involve security properties which are inherited from parent nodes in the Directory Information Tree (DIT).

Oracle recommends that the administrators should refer to the relevant tools and documentation for the directory system they are using, and formulate or integrate access management for Oracle Net Services objects into a directory-wide policy and security implementation.