During Oracle Database installation, by default Oracle Universal Installer installs software in the ORACLE_HOME directory.

Oracle Universal Installer sets the following permissions to this directory, and to all files and directories under this directory:

During Oracle Database configuration, Oracle Database Configuration Assistant installs files and directories in the following default locations, where database_name is the database name or SID.

• ORACLE_BASE\admin\database_name (administration file directories)

• ORACLE_BASE\oradata\database_name (database file directories)

• ORACLE_BASE\oradata\database_name (redo log files and control files)

• ORACLE_HOME\database (SPFILESID.ORA)

Oracle Database Configuration Assistant sets the following permission to these directories, and to all the files and directories under these directories:

• Full control Administrators, SYSTEM, Oracle Home User or ORA_<HomeName>_SVCACCTS group for Virtual Account homes

  Note:

  If these accounts already exist and have more restrictive permissions, then the most restrictive permissions are retained. If accounts other than Administrators, SYSTEM, and Oracle Home User already exist, then the permissions for these accounts are removed.

When an earlier version of the database is upgraded to Oracle Database 12c Release 2 (12.2), Oracle Database Upgrade Assistant installs software in the following directories, where database_name is the database name or SID.

When an earlier version of the database is upgraded to Oracle Database 12c Release 2 (12.2), Oracle Database Upgrade Assistant installs software in the following directories, where database_name is the database name or SID:

• ORACLE_BASE\admin\database_name (administration files)

• ORACLE_BASE\oradata\database_name (database file directories)

• ORACLE_BASE\oradata\database_name (redo log files and control files)

• ORACLE_BASE\ORACLE_HOME\database (SPFILESID.ORA)

Oracle Database Upgrade Assistant sets the following permissions to these directories, and to all files and directories under these directories:

• Full control Administrators, SYSTEM, Oracle Home User or ORA_<HomeName>_SVCACCTS group for Virtual Account homes

  Note:

  If these accounts already exist and have more restrictive permissions, then the most restrictive permissions are retained. If accounts other than Administrators, SYSTEM, and Oracle Home User already exist, then the permissions for these accounts are removed.

Starting with Oracle Database 12c Release 2 (12.2), Oracle Database Upgrade Assistant can also configure Oracle Enterprise Manager. If the Enable daily backup option is selected while configuring Oracle Enterprise Manager, then Oracle Database Upgrade Assistant shows a separate screen asking for Fast Recovery Area. Oracle Database Upgrade Assistant tries to create the directory structure (if it does not exist) in the specified file system location. Oracle Database Upgrade Assistant also puts the same set of file permissions to this location. The default location shown by Oracle Database Upgrade Assistant for Fast Recovery Area is:

• ORACLE_BASE\recovery_area

When an Oracle Wallet is created in the file system, the user creating the wallet is granted access to the wallet by wallet creation tools.

Starting with Oracle Database 12c Release 1 (12.1), Oracle Database Windows services may run under a standard Windows User Account or Virtual Account and might not be able to access to the wallet. You may need to change the file system ACL for the wallet file manually to grant access to database and listener services.

As Oracle Database services now run under a standard Windows User Account, a file might not be accessible by Oracle Database services unless the file system Access Control Lists (ACLs) grant access to the file.

Though Oracle installation configures the ACLs in a way to ensure that you do not have to change ACLs manually for typical usage, it is necessary to change ACLs manually, for example, to manually upgrade databases, and database files not in Oracle base, or to grant access to wallets in the file system.

The rules to set file system ACLs manually are:

• To allow Oracle Database service access to a file: Grant access to Oracle Home User for the file when a Windows User Account is used as the Oracle Home User. If a Windows built-in account is used as the Oracle Home User, then no such permission is necessary because the Oracle Database services run under the administrative account.

• To allow Oracle Grid Listeners services access to a file: Grant access to ORA_GRID_LISTENERS group for the file.

• To allow Oracle services from a client ORACLE_HOME access to a file: Grant access to Oracle Home User for the file when a Windows User Account is used as the Oracle Home User for the client home. If a Windows built-in account is used as the Oracle Home User, then grant access to the ORA_HOMENAME_SVCSIDS group for the file.