1. Installation and Upgrade Guide
  2. Configuring Users, Groups and Environments for Oracle Grid Infrastructure and Oracle RAC
  3. Standard Administration and Job Role Separation User Groups
  4. Extended Oracle Database Administration Groups for Job Role Separation

5.2.5 Extended Oracle Database Administration Groups for Job Role Separation

Oracle Database 12c Release 1 (12.1) and later releases provide an extended set of database groups to grant task-specific system privileges for database administration.

The extended set of Oracle Database system privileges groups are task-specific and less privileged than the ORA_DBA/SYSDBA system privileges. They are designed to provide privileges to carry out everyday database operations. Users granted these system privileges are also authorized through operating system group membership.

The installer automatically creates operating system groups whose members are granted these system privileges. The subset of OSDBA job role separation privileges and groups consist of the following:

  • OSBACKUPDBA group for Oracle Database (ORA_HOMENAME_SYSBACKUP)

    Assign users to this group if you want a separate group of operating system users to have a limited set of database backup- and recovery-related administrative privileges (the SYSBACKUP privilege).

  • OSDGDBA group for Oracle Data Guard (ORA_HOMENAME_SYSDG)

    Assign users to this group if you want a separate group of operating system users to have a limited set of privileges to administer and monitor Oracle Data Guard (the SYSDG privilege). To use this privilege, add the Oracle Database installation owners as members of this group.

  • OSKMDBA group for encryption key management (ORA_HOMENAME_SYSKM)

    Assign users to this group if you want a separate group of operating system users to have a limited set of privileges for encryption key management such as Oracle Wallet Manager management (the SYSKM privilege). To use this privilege, add the Oracle Database installation owners as members of this group.

  • OSRACDBA group for Oracle Real Application Clusters Administration (typically, ORA_HOMENAME_SYSRAC)

    Assign users to this group if you want a separate group of operating system users to have a limited set of Oracle Real Application Clusters (RAC) administrative privileges (the SYSRAC privilege). To use this privilege, add the Oracle Database installation owners as members of this group.

You cannot change the name of these operating system groups. These groups do not have any members after database creation, but an Administrator user can assign users to these groups after installation. Each operating system group identifies a group of operating system users that are granted the associated set of database privileges.

See Also:

Parent topic: Standard Administration and Job Role Separation User Groups