7.7.2 ASSIGN KEY
Purpose
The ASSIGN KEY command assigns or removes a security key to or from a client.
Syntax
ASSIGN KEY FOR [ASMCLUSTER] 'client_name1' = 'key-value1' [, 'client_name2' = 'key-value2'...]
ASSIGN KEY FOR CELL 'key-value'
ASSIGN KEY FOR [REMOTE | LOCAL] CELL 'client_name1' = 'key-value1' [, 'client_name2' = 'key-value2'...]
Options
-
client_name is an alias that is the unique name (
DB_UNIQUE_NAME) for a database client or Oracle ASM cluster.Note:
The client name or Oracle ASM cluster name not case-sensitive. For example,ASM1andasm1are treated as the same value. -
key-value is a hexadecimal string key that is assigned to the client as a security key. The key value is generated with the
CREATE KEYcommand. The key values assigned with theASSIGNcommand must match the key in the clientcellkey.orafile on the database servers. The key value can be the same for multiple clients that need the same access. An empty string for the key-value removes a previously assigned key. -
Starting with Oracle Exadata System Software release 12.2.1.1.0, you can use the optional keyword
ASMCLUSTERto indicate that the client is an Oracle ASM cluster. The Oracle ASM cluster alias must not be longer than 15 characters, and only alphanumeric and hyphen characters are allowed. - Starting with Oracle Exadata System Software release 12.2.1.1.0, the use of the
CELLkeyword can be used to assign a single key to all storage servers to enable cell-to-cell direct operations. You specify only a single key-value; you do not specify a client_name. You cannot use a list of values with theCELLkeyword. -
Starting with Oracle Exadata System Software release 12.2.1.1.0, the
FOR LOCAL CELLclause assigns a cell key to the local (current) cell. If you specifyFOR LOCAL CELL, there can be only one key; a list of values is not supported. The client_name is a unique identifier for each cell. -
Starting with Oracle Exadata System Software release 12.2.1.1.0, the
FOR REMOTE CELLclause specifies the cell keys that the current cell will accept. The client_name is the unique identifier for the cell assigned the key-value. You can specify a single client and key, or a list of values.
Usage Notes
-
For ASM-scoped security or DB-scoped security, the client aliases must be entered in the
availableToattribute of theGRIDDISKobject. -
When using the
ASMCLUSTERkeyword in Oracle Exadata System Software release 12.2.1.1.0 or later, if you specify a client name and key that already exists (that is a key was already specified for an Oracle ASM client prior to Oracle Exadata System Software release 12.2.1.1.0), then the client will be changed to be an Oracle ASM cluster client. In this case, the name and key will be removed from the ASM-scoped security list, and added as an Oracle ASM cluster client. Grid disks with this Oracle ASM client in their ACL can remain online for this operation.
Examples
Example 7-72 Assigning Keys to Clients
This example shows how to use the ASSIGN KEY command to assign keys to one or multiple clients.
CellCLI> ASSIGN KEY FOR 'db0' ='b67d5587fe728118af47c57ab8da650a'
CellCLI> ASSIGN KEY FOR '+asm'='7c57ab8da650ab118587feaf467d5728'
CellCLI> ASSIGN KEY FOR '+asm'='ed63f41779c262ddd34a00c0d83590b8', -
'db1' ='118af47c57ab8da650ab67d5587fe728', -
'db2' ='8a65313e8de6cd8bcbab7f4bdddb0498', -
'db3' ='9140c767bd92d1b45783e7fe6520e6d'
CellCLI> ASSIGN KEY FOR LOCAL CELL mykey='fa292e11b31b210c4b7a24c5f1bb4d32'
CellCLI> ASSIGN KEY FOR REMOTE CELL -
'cellkey1'='b67d5587fe728118af47c57ab8da650a', -
'cellkey2'='118af47c57ab8da650ab67d5587fe728'
CellCLI> ASSIGN KEY FOR CELL '4839deff903625aab394df7638e7b29a'
CellCLI> ASSIGN KEY FOR ASMCLUSTER asm1='118af47c57ab8da650ab67d5587fe728'Example 7-73 Removing Keys from Clients
This example shows how to use the ASSIGN KEY command to remove keys from clients.
CellCLI> ASSIGN KEY FOR 'db1'='', 'db2'='', 'db3'='', '+asm'=''
CellCLI> ASSIGN KEY FOR ASMCLUSTER asm1=''Related Topics
Parent topic: CellCLI Command Reference