1. Grid Infrastructure Installation and Upgrade Guide
  2. Configuring Users, Groups and Environments for Oracle Grid Infrastructure and Oracle RAC
  3. Standard Administration and Job Role Separation User Groups
  4. Operating System Groups Created During Installation

5.2.6 Operating System Groups Created During Installation

When you install either Oracle Grid Infrastructure or Oracle RAC, the user groups listed in the following table are created, if they do not already exist.

Table 5-1 Operating System Groups Created During Installation

Operating System Group Names Database Privileges Description

ORA_ASMADMIN

SYSASM system privileges for Oracle ASM administration

The OSASM group for the Oracle ASM instance.

Using this group and the SYSASM system privileges enables the separation of SYSDBA database administration privileges from Oracle ASM storage administration privileges. Members of the OSASM group are authorized to connect using the SYSASM privilege and have full access to Oracle ASM, including administrative access to all disk groups that the Oracle ASM instance manages.

ORA_ASMDBA

SYSDBA system privileges on the Oracle ASM instance

The OSDBA group for the Oracle ASM instance.

This group grants access for the database to connect to Oracle ASM. During installation, the Oracle Installation Users are configured as members of this group. After you create an Oracle Database, this groups contains the Oracle Home Users of those database homes.

ORA_ASMOPER

SYSOPER for Oracle ASM system privileges

The OSOPER group for the Oracle ASM instance.

Members of this group are granted SYSOPER system privileges on the Oracle ASM instance, which permits a user to perform operations such as startup, shutdown, mount, dismount, and check disk group. This group has a subset of the privileges of the OSASM group.

Similar to the ORA_HOMENAME_OPER group, this group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_GRIDHM_DBA

SYSDBA system privileges for the Oracle Grid Infrastructure Management Repository database

Members of this group are granted the SYSDBA system privileges for managing the Oracle Grid Infrastructure Management Repository database, where GRIDHM is the name of the Oracle Grid Infrastructure home.

The default home name is OraGrid12Home1, so the default group name is ORA_OraGrid12Home1_DBA.

ORA_GRIDHM_OPER

SYSOPER system privileges for the Oracle Grid Infrastructure Management Repository database

Members of this group are granted the SYSOPER system privileges for managing the Oracle Grid Infrastructure Management Repository database, where GRIDHM is the name of the Oracle Grid Infrastructure home.

If you use the default Grid home name of OraGrid12Home1,then the default operating system group name is ORA_OraGrid12Home1_OPER.

ORA_DBA

SYSDBA system privileges for all Oracle Database installations on the server

A special OSDBA group for the Windows operating system.

Members of this group are granted SYSDBA system privileges for all Oracle Databases installed on the server.

ORA_OPER

SYSOPER system privileges for all Oracle databases installed on the server

A special OSOPER group for the Windows operating system.

Members of this group are granted SYSOPER system privileges all Oracle Databases installed on the server. This group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_HOMENAME_DBA

SYSDBA system privileges for all database instances that run from the Oracle home with the name HOMENAME

An OSDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group can use operating system authentication to gain SYSDBA system privileges for any database that runs from the specific Oracle home. If you specified an Oracle Home User during installation, the user is added to this group during installation.

ORA_HOMENAME_OPER

SYSOPER system privileges for all database instances that run from the Oracle home with the name HOMENAME

An OSDBA group for the Oracle Home with a name of HOMENAME.

Members of this group can use operating system authentication to gain SYSOPER system privileges for any database that runs from the specific Oracle home. This group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_HOMENAME_SYSBACKUP

SYSBACKUP system privileges for all database instances that run from the Oracle home with a name of HOMENAME

OSBACKUPDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing database backup and recovery tasks on all database instances that run from the specified Oracle Home directory.

ORA_HOMENAME_SYSDG

SYSDG system privileges for all database instances that run from the Oracle home with a name of HOMENAME

OSDGDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing Data Guard administrative tasks on all database instances that run from the specified Oracle Home directory.

ORA_HOMENAME_SYSKM

SYSKM system privileges for all database instances that run from the Oracle home with a name of HOMENAME.

OSKMDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing encryption key management tasks on all database instances that run from the specified Oracle Home directory.

ORA_CRS_USERS

None

Members of this group have privileges necessary for file system permissions on the Grid Infrastructure Oracle Base directory.

When you configure a CRS wallet of type OSUSER, for a user using the crsctl add wallet command, that user is automatically added to this group. This process enables CRS to start user-defined resources as the user that was added to this group.

Refer to the Oracle Clusterware Administration and Deployment Guide for details about adding users to a wallet.

ORA_RAC

SYSRAC privileges for all Oracle Database installations on the server.

The OSRACDBA group for the Windows Operating System. Members of this group have SYSRAC privileges for all Oracle Databases installed on the server.

ORA_CLIENT_LISTENERS

None

This group is created with service-specific SIDs for Listeners in the Client home.

ORA_HOMENAME_SVCSIDS

None

This group is created with service-specific SIDs for all Services in the DB Client home.

ORA_GRID_LISTENERS

None

This group is created with Service specific SIDs for all Grid Home Listeners on the system.

ORA_INSTALL

None

This group is created with Oracle Home Users for all Oracle homes on the system .

Virtual accounts for databases and listeners for all virtual account-based homes are added to this group.

During installation, the gridconfig.bat script creates the services and groups on each node of the cluster. The installed files and permissions are owned by the Oracle Installation user, and require the Administrator privilege.

Oracle creates and populates the groups listed in this table during installation to ensure proper operation of Oracle products. You can manually add other users to these groups to assign these database privileges to other Windows users.

Members of the ORA_DBA group can use operating system authentication to administer all Oracle databases installed on the server. Members of the ORA_HOMENAME_DBA, where HOMENAME is the name of a specific Oracle installation, can use operating system authentication to manage only the databases that run from that Oracle home.

Related Topics

Parent topic: Standard Administration and Job Role Separation User Groups