12 Configuring Profiles
Learn how to configure client and server configuration parameters in profiles. A profile is a collection of parameters that specifies preferences for enabling and configuring Oracle Net features on the client or database server.
A profile is stored and implemented through the sqlnet.ora
file.
- Overview of Profile Configuration
- Configuring the Profile During Installation
- Understanding Client Attributes for Names Resolution
- Configuring Database Access Control
- Setting the Advanced Features in the sqlnet.ora File Using Oracle Net Services
- Configuring External Naming Methods
- Configuring Oracle Network Security
Oracle network security features enable data encryption, integrity checking, enhanced authentication, and single sign-on. The features also provide centralized user management on LDAP-compliant directory servers and certificate-based single sign-on. This functionality relies on the Transport Layer Security (TLS) protocol.
Parent topic: Configuration and Administration of Oracle Net Services
12.1 Overview of Profile Configuration
You can use a profile to do the following:
-
Specify the client domain to append to unqualified names
-
Prioritize naming methods
-
Enable logging and tracing features
-
Route connections through specific processes
-
Configure parameters for an external procedure
-
Configure Oracle Advanced Security
-
Use protocol-specific parameters to restrict access to the database
Parent topic: Configuring Profiles
12.2 Configuring the Profile During Installation
Oracle Universal Installer launches Oracle Net Configuration Assistant after software installation on the client and server. Oracle Net Configuration Assistant configures the order of the naming methods that the computer uses to resolve a connect identifier to a connect descriptor.
Configuration with the Oracle Net Configuration Assistant during installation results in an entry in the sqlnet.ora
file similar to the following:
NAMES.DIRECTORY_PATH=(ezconnect,tnsnames)
The NAMES.DIRECTORY_PATH parameter specifies the priority order of the naming
methods to use to resolve connect identifiers. If the installed configuration is not
adequate, then use Oracle Net Manager to change the sqlnet.ora
configuration.
Parent topic: Configuring Profiles
12.3 Understanding Client Attributes for Names Resolution
The following sections describe available client configuration options:
- About the Default Domain for Clients
- Prioritizing Naming Methods
- Routing Connection Requests to a Process
Clients and servers can be configured so connection requests are directed to a specific process. Learn how to route connection requests to a process.
Parent topic: Configuring Profiles
12.3.1 About the Default Domain for Clients
In environments where the client often requests names from a specific domain, it is appropriate to set a default domain in the client sqlnet.ora
file with the NAMES.DEFAULT_DOMAIN parameter. This parameter is available to the local and external naming methods.
When a default domain is set, it is automatically appended to any unqualified network service name given in the connect string, and then compared to network service names stored in a tnsnames.ora
file.
For example, if the client tnsnames.ora
file contains a network service name of sales.us.example.com
, and the default domain is us.example.com
, then the user can enter the following connect string:
CONNECT scott@sales
Enter password: password
In the preceding example, sales
gets searched as sales.us.example.com
.
If the connect string includes the domain extension, such as in CONNECT scott@sales.us.example.com
, then the domain is not appended.
If a network service name in a tnsnames.ora
file is not domain qualified and the NAMES.DEFAULT_DOMAIN parameter is set, then the network service name must be entered with a period (.
) at the end of the name. For example, if the domain is set to us.example.com
and the client tnsnames.ora
file contains a network service name of sales2
, then the user would enter the following connect string:
CONNECT scott@sales2.
Enter password: password
In the preceding example, the client would connect to sales2
, not sales2.us.example.com
.
12.3.1.1 Specifying a Default Domain
The following procedure describes how to specify a default domain:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Naming.
-
Click the Methods tab.
-
In the Default Domain field, enter the domain.
-
Select Save Network Configuration from the File menu.
The
sqlnet.ora
file should contain an entry that looks similar to the following:NAMES.DEFAULT_DOMAIN=us.example.com
Parent topic: About the Default Domain for Clients
12.3.2 Prioritizing Naming Methods
After naming methods are configured, as described in Configuring Naming Methods, they must be prioritized. Naming methods to resolve a connect identifier are tried in the order they appear in the list. If the first naming method in the list cannot resolve the connect identifier, then the second method in the list is used, and so on.
The following procedure describes how to specify the order of naming methods:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Naming.
-
Click the Methods tab.
Table 12-1 describes the naming method values listed in the Methods tab.
Table 12-1 Naming Method Values
Naming Method Value Description Resolve a network service name through the
tnsnames.ora
file on the client.See Also: "Configuring the Local Naming Method"
Resolve a database service name, network service name, or network service alias through a directory server.
See Also: "Configuring the Directory Naming Method"
Enable clients to use a TCP/IP connect identifier, consisting of a host name and optional port and service name, or resolve a host name alias through an existing names resolution service or centrally maintained set of
/etc/hosts
files.See Also: "Understanding the Easy Connect Naming Method"
Resolve service information through an existing network information service (NIS).
-
Select naming methods from the Available Methods list, and then click the right-arrow button.
The selected naming methods move to the Selected Methods list.
-
Order the naming methods according to the order in which you want Oracle Net to try to resolve the network service name or database service name. Select a naming method in the Selected Methods list, and then click Promote or Demote to move the selection up or down in the list.
-
Select Save Network Configuration from the File menu.
The
sqlnet.ora
file updates with the NAMES.DIRECTORY_PATH parameter, such as the following:NAMES.DIRECTORY_PATH=(ldap, tnsnames)
Parent topic: Understanding Client Attributes for Names Resolution
12.3.3 Routing Connection Requests to a Process
Clients and servers can be configured so connection requests are directed to a specific process. Learn how to route connection requests to a process.
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Routing tab.
-
Select the preferred way for routing connections.
Note:
To configure all connections to use a particular server, you select the Always Use Dedicated Server option in Oracle Net Manager. This sets the
USE_DEDICATED_SERVER
parameter in thesqlnet.ora
file to force the listener to spawn a dedicated server for all network sessions from the client. The result is a dedicated server connection, even if a shared server is configured. -
Choose Save Network Configuration from the File menu.
Related Topics
Parent topic: Understanding Client Attributes for Names Resolution
12.4 Configuring Database Access Control
The following procedure describes how to configure database access control:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Access Rights tab.
-
Select the Check TCP/IP client access rights option.
-
In the Clients allowed to access fields and Clients excluded from access field, enter either a host name or an IP address for a client that you want to include or exclude, using commas to delimit entries placed on the same line.
Parent topic: Configuring Profiles
12.5 Setting the Advanced Features in the sqlnet.ora File Using Oracle Net Services
The following procedure describes how to set advanced features in the sqlnet.ora
file:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Advanced tab.
-
Enter the values for the fields or options you want to set.
-
Select Save Network Configuration from the File menu.
Parent topic: Configuring Profiles
12.6 Configuring External Naming Methods
The sqlnet.ora
file is used to configure required client parameters needed for Network Information Service (NIS) external naming. The following procedure describes how to configure the NIS parameter in the sqlnet.ora
file:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the File menu.
-
From the list in the right pane, select Naming.
-
Click the External tab.
-
Enter
NAMES.NIS.META_MAP
in the Meta Map field. -
Select Save Network Configuration from the File menu.
Parent topic: Configuring Profiles
12.7 Configuring Oracle Network Security
Oracle network security features enable data encryption, integrity checking, enhanced authentication, and single sign-on. The features also provide centralized user management on LDAP-compliant directory servers and certificate-based single sign-on. This functionality relies on the Transport Layer Security (TLS) protocol.
The following procedure describes how to configure a client or server to use Oracle network security features:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Network Security.
Each Network Security tab page enables you to configure a separate set of parameters. The tab pages are as follows:
-
Authentication: For configuration of available authentication methods, such as KERBEROS5 and RADIUS.
Note:
Starting with Oracle Database 23ai, users authenticating to the database using the legacy RADIUS API no longer are granted administrative privileges.In previous releases, users authenticating with RADIUS API could be granted administrative privileges such as
SYSDBA
orSYSBACKUP
. In Oracle Database 23ai, Oracle introduces a new RADIUS API that uses the latest standards. To grant administrative privileges to users, ensure the database connection to the database uses the new RADIUS API, and that you are using the Oracle Database 23ai client to connect to the Oracle Database 23ai server. -
Other Params: For configuration of the authentication service.
-
Integrity: For configuration of the type of integrity, checksum level and available methods.
-
Encryption: For configuration of the encryption type and method.
-
TLS: For setting the use of TLS.
-
-
Select or edit options as applicable.
-
Select Save Network Configuration from the File menu.
Note:
For additional details, refer to the help button on a tab page or the network security topics in the Oracle Net Manager online help. To access the network security topics, select Network Security, and then select the How To option.Parent topic: Configuring Profiles