3.2.4 Who Can Add or Modify Entries in the Directory Server

The database service entries are configured during or after installation. You can then use Oracle Enterprise Manager Cloud Control or Oracle Net Manager to modify the Oracle Net attributes of the database service entries. You can also use these tools to create network service name and network service alias entries.

To use these configuration tools, a DIT structure containing a root Oracle Context, and identity management realm must exist. The directory administrator creates this structure with Oracle Internet Directory Configuration Assistant. For some deployments, the directory administrator may need to create additional Oracle Contexts. Additional Oracle Contexts are usually used to subdivide large sites, or separate a production environment from a test environment.

Certain tools are used by certain groups, and you must be a member of the group to use the tools, as described in the following:

• To create a database service entry with Database Configuration Assistant:

  • OracleDBCreators group (cn=OracleDBCreators,cn=OracleContext...)

  • OracleContextAdmins group (cn=OracleContextAdmins,cn=Groups,cn=OracleContext...)

• To create network service names or network service aliases with Oracle Net Manager:

  • OracleNetAdmins group (cn=OracleNetAdmins,cn=OracleContext...)

  • OracleContextAdmins group

The OracleNetAdmins group is owned by itself. Members of the OracleNetAdmins group have create, modify, and read access to Oracle Net objects and attributes. They can also add or delete members in the group, and add or delete groups to be owners of the OracleNetAdmins group.

Any member of the OracleNetAdmins group can add or delete other members from the OracleNetAdmins group. If you prefer another group to add or delete OracleNetAdmins members, then you can change the owner attribute of the OracleNetAdmins group to another group. The owner cannot be an individual user entry but must be a group entry, and the group entry is one comprised of the LDAP schema object classes GroupOfUniqueNames and orclPriviledgeGroup.

The OracleContextAdmins group is a super-user group for Oracle Context. Members of the OracleContextAdmins group can add all supported types of entries to Oracle Context.

The directory user that created Oracle Context is automatically added to these groups. Other users can be added to these groups by the directory administrator.

See Also:

• "Configuring the Directory Naming Method" for additional information about using Oracle Net Manager

• Oracle Database Administrator's Guide for additional information about registering a database service with Database Configuration Assistant