Oracle Database Enterprise User Administrators Guide 10g Release 2 (10.2) b14269-01
346 37 1MB
English Pages 184 Year 2005
Table of contents :
Contents......Page 3
List of Figures......Page 9
List of Tables......Page 10
List of Examples......Page 12
Documentation Accessibility......Page 13
Related Documents......Page 14
Conventions......Page 15
Oracle Database 10g Release 2 (10.2) New Features in Enterprise User Security......Page 19
Oracle Database 10g Release 1 (10.1) New Features in Enterprise User Security......Page 20
Oracle9i Release 2 (9.2) New Feature in Enterprise User Security......Page 21
The Challenges of User Management......Page 23
Enterprise User Security: The Big Picture......Page 24
Enterprise Users Compared to Database Users......Page 26
How Enterprise Users Access Database Resources with Database Links......Page 28
How Enterprise Users Are Authenticated......Page 29
Enterprise Users......Page 30
Password Policies......Page 31
Enterprise Roles......Page 32
Database Server Entries......Page 33
User-Schema Mappings......Page 34
Administrative Groups......Page 35
Overview of Shared Schemas Used in Enterprise User Security......Page 36
How Shared Schemas Are Configured for Enterprise Users......Page 37
How Enterprise Users Are Mapped to Schemas......Page 38
Enterprise User Proxy......Page 39
About Using Current User Database Links for Enterprise User Security......Page 41
Security Aspects of Centralizing Security Credentials......Page 42
What Is Meant by Trusted Databases......Page 43
Considerations for Defining Database Membership in Enterprise Domains......Page 44
Typical Configurations......Page 45
Enterprise User Security Tools Overview......Page 47
Starting Oracle Wallet Manager......Page 48
Enterprise Security Manager Initial Installation and Configuration Overview......Page 49
Starting Enterprise Security Manager......Page 50
Navigating the Enterprise Security Manager User Interface......Page 51
Navigator Pane......Page 52
Right Pane......Page 53
Help Menu......Page 54
Logging In to Enterprise Security Manager Console......Page 55
Configuring Enterprise Security Manager Console for Kerberos-Authenticated Enterprise Users......Page 56
Navigating Enterprise Security Manager Console User Interface......Page 57
Users and Groups Tabbed Window......Page 58
Realm Configuration Tabbed Window......Page 61
Accessing Enterprise Security Manager Command-Line Utility Help......Page 62
Starting Oracle Net Configuration Assistant......Page 63
User Migration Utility......Page 64
Duties of an Enterprise User Security Administrator/DBA......Page 65
Enterprise User Security Configuration Overview......Page 67
Preparing the Directory for Enterprise User Security (Phase One)......Page 70
Sharing Wallets and sqlnet.ora Files Among Multiple Databases......Page 76
Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)......Page 77
Configuring Enterprise User Security for Password Authentication......Page 80
Configuring Enterprise User Security for Kerberos Authentication......Page 82
Configuring Enterprise User Security for SSL Authentication......Page 84
Enabling Current User Database Links......Page 88
ORA-# Errors for Password-Authenticated Enterprise Users......Page 89
ORA-# Errors for Kerberos-Authenticated Enterprise Users......Page 92
ORA-# Errors for SSL-Authenticated Enterprise Users......Page 94
USER-SCHEMA ERROR Checklist......Page 95
DOMAIN-READ-ERROR Checklist......Page 96
Enterprise User Security Administration Tools Overview......Page 99
Identity Management Realm Versions......Page 100
Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Management Realm Attributes......Page 101
Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm......Page 102
Users: Administering Enterprise Users......Page 103
Creating New Enterprise Users......Page 104
Defining an Initial Enterprise Role Assignment......Page 105
Browsing Users in the Directory......Page 106
Domains: Administering Enterprise Domains......Page 107
Creating a New Enterprise Domain......Page 108
Defining Database Membership of an Enterprise Domain......Page 109
Managing Enterprise Domain Administrators......Page 110
Managing Enterprise Domain Database Schema Mappings......Page 111
Managing Password-Accessible Domains......Page 113
Managing Database Administrators......Page 115
Listing Specific Enterprise Users Who Will Proxy......Page 116
Linking Those Enterprise Users to the Target Database Schemas......Page 119
Creating a New Enterprise Role......Page 121
Assigning Database Global Role Membership to an Enterprise Role......Page 122
Granting Enterprise Roles to Users......Page 124
Benefits of Migrating Local or External Users to Enterprise Users......Page 127
Step 1: (Phase One) Preparing for the Migration......Page 128
About the ORCL_GLOBAL_USR_MIGRATION_DATA Table......Page 129
Which Interface Table Column Values Can Be Modified Between Phase One and Phase Two?......Page 130
Migration Process......Page 131
Required Directory Privileges......Page 132
User Migration Utility Command-Line Syntax......Page 133
User Migration Utility Parameters......Page 134
Keyword: DIRLOCATION......Page 135
Keyword: ENTADMIN......Page 136
Keyword: USERSFILE......Page 137
Keyword: MAPSCHEMA......Page 138
Keyword: CASCADE......Page 139
Keyword: PARFILE......Page 140
Migrating Users and Mapping to a Shared Schema......Page 141
Mapping Users to a Shared Schema with CASCADE=YES......Page 142
Mapping Users to a Shared Schema Using Different MAPTYPE Options......Page 143
Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters......Page 144
Troubleshooting Using the User Migration Utility......Page 145
Resolving Error Messages Displayed for Both Phases......Page 146
Resolving Error Messages Displayed for Phase One......Page 147
Common Log Messages for Phase Two......Page 150
Summary of User Migration Utility Error and Log Messages......Page 152
Using the SSL External Users Conversion Script......Page 155
Converting Global Users into External Users......Page 156
Set Up Synchronization Between Active Directory and Oracle Internet Directory......Page 157
Configure Enterprise User Security for Kerberos Authentication......Page 158
Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4......Page 161
Upgrading Oracle Database from Release 9.2 to Release 10.2......Page 162
Glossary......Page 163
O......Page 183
V......Page 184
Contents......Page 3
List of Figures......Page 9
List of Tables......Page 10
List of Examples......Page 12
Documentation Accessibility......Page 13
Related Documents......Page 14
Conventions......Page 15
Oracle Database 10g Release 2 (10.2) New Features in Enterprise User Security......Page 19
Oracle Database 10g Release 1 (10.1) New Features in Enterprise User Security......Page 20
Oracle9i Release 2 (9.2) New Feature in Enterprise User Security......Page 21
The Challenges of User Management......Page 23
Enterprise User Security: The Big Picture......Page 24
Enterprise Users Compared to Database Users......Page 26
How Enterprise Users Access Database Resources with Database Links......Page 28
How Enterprise Users Are Authenticated......Page 29
Enterprise Users......Page 30
Password Policies......Page 31
Enterprise Roles......Page 32
Database Server Entries......Page 33
User-Schema Mappings......Page 34
Administrative Groups......Page 35
Overview of Shared Schemas Used in Enterprise User Security......Page 36
How Shared Schemas Are Configured for Enterprise Users......Page 37
How Enterprise Users Are Mapped to Schemas......Page 38
Enterprise User Proxy......Page 39
About Using Current User Database Links for Enterprise User Security......Page 41
Security Aspects of Centralizing Security Credentials......Page 42
What Is Meant by Trusted Databases......Page 43
Considerations for Defining Database Membership in Enterprise Domains......Page 44
Typical Configurations......Page 45
Enterprise User Security Tools Overview......Page 47
Starting Oracle Wallet Manager......Page 48
Enterprise Security Manager Initial Installation and Configuration Overview......Page 49
Starting Enterprise Security Manager......Page 50
Navigating the Enterprise Security Manager User Interface......Page 51
Navigator Pane......Page 52
Right Pane......Page 53
Help Menu......Page 54
Logging In to Enterprise Security Manager Console......Page 55
Configuring Enterprise Security Manager Console for Kerberos-Authenticated Enterprise Users......Page 56
Navigating Enterprise Security Manager Console User Interface......Page 57
Users and Groups Tabbed Window......Page 58
Realm Configuration Tabbed Window......Page 61
Accessing Enterprise Security Manager Command-Line Utility Help......Page 62
Starting Oracle Net Configuration Assistant......Page 63
User Migration Utility......Page 64
Duties of an Enterprise User Security Administrator/DBA......Page 65
Enterprise User Security Configuration Overview......Page 67
Preparing the Directory for Enterprise User Security (Phase One)......Page 70
Sharing Wallets and sqlnet.ora Files Among Multiple Databases......Page 76
Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)......Page 77
Configuring Enterprise User Security for Password Authentication......Page 80
Configuring Enterprise User Security for Kerberos Authentication......Page 82
Configuring Enterprise User Security for SSL Authentication......Page 84
Enabling Current User Database Links......Page 88
ORA-# Errors for Password-Authenticated Enterprise Users......Page 89
ORA-# Errors for Kerberos-Authenticated Enterprise Users......Page 92
ORA-# Errors for SSL-Authenticated Enterprise Users......Page 94
USER-SCHEMA ERROR Checklist......Page 95
DOMAIN-READ-ERROR Checklist......Page 96
Enterprise User Security Administration Tools Overview......Page 99
Identity Management Realm Versions......Page 100
Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Management Realm Attributes......Page 101
Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm......Page 102
Users: Administering Enterprise Users......Page 103
Creating New Enterprise Users......Page 104
Defining an Initial Enterprise Role Assignment......Page 105
Browsing Users in the Directory......Page 106
Domains: Administering Enterprise Domains......Page 107
Creating a New Enterprise Domain......Page 108
Defining Database Membership of an Enterprise Domain......Page 109
Managing Enterprise Domain Administrators......Page 110
Managing Enterprise Domain Database Schema Mappings......Page 111
Managing Password-Accessible Domains......Page 113
Managing Database Administrators......Page 115
Listing Specific Enterprise Users Who Will Proxy......Page 116
Linking Those Enterprise Users to the Target Database Schemas......Page 119
Creating a New Enterprise Role......Page 121
Assigning Database Global Role Membership to an Enterprise Role......Page 122
Granting Enterprise Roles to Users......Page 124
Benefits of Migrating Local or External Users to Enterprise Users......Page 127
Step 1: (Phase One) Preparing for the Migration......Page 128
About the ORCL_GLOBAL_USR_MIGRATION_DATA Table......Page 129
Which Interface Table Column Values Can Be Modified Between Phase One and Phase Two?......Page 130
Migration Process......Page 131
Required Directory Privileges......Page 132
User Migration Utility Command-Line Syntax......Page 133
User Migration Utility Parameters......Page 134
Keyword: DIRLOCATION......Page 135
Keyword: ENTADMIN......Page 136
Keyword: USERSFILE......Page 137
Keyword: MAPSCHEMA......Page 138
Keyword: CASCADE......Page 139
Keyword: PARFILE......Page 140
Migrating Users and Mapping to a Shared Schema......Page 141
Mapping Users to a Shared Schema with CASCADE=YES......Page 142
Mapping Users to a Shared Schema Using Different MAPTYPE Options......Page 143
Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters......Page 144
Troubleshooting Using the User Migration Utility......Page 145
Resolving Error Messages Displayed for Both Phases......Page 146
Resolving Error Messages Displayed for Phase One......Page 147
Common Log Messages for Phase Two......Page 150
Summary of User Migration Utility Error and Log Messages......Page 152
Using the SSL External Users Conversion Script......Page 155
Converting Global Users into External Users......Page 156
Set Up Synchronization Between Active Directory and Oracle Internet Directory......Page 157
Configure Enterprise User Security for Kerberos Authentication......Page 158
Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4......Page 161
Upgrading Oracle Database from Release 9.2 to Release 10.2......Page 162
Glossary......Page 163
O......Page 183
V......Page 184
![Oracle Enterprise Manager. Database Tuning with the Oracle Tuning Pack [release 9.0.1 ed.]](https://ebin.pub/img/200x200/oracle-enterprise-manager-database-tuning-with-the-oracle-tuning-pack-release-901nbsped.jpg)
![Oracle 9i. Database Administrator's Guide [release 9.0.1 ed.]](https://ebin.pub/img/200x200/oracle-9i-database-administrators-guide-release-901nbsped.jpg)
![Oracle Enterprise Manager. Administrator's Guide [release 9.0.1 ed.]](https://ebin.pub/img/200x200/oracle-enterprise-manager-administrators-guide-release-901nbsped.jpg)
![Oracle Enterprise Manager. Configuration Guide [release 9.0.1 ed.]](https://ebin.pub/img/200x200/oracle-enterprise-manager-configuration-guide-release-901nbsped.jpg)
![Oracle Enterprise Manager. Concepts Guide [release 9.0.1 ed.]](https://ebin.pub/img/200x200/oracle-enterprise-manager-concepts-guide-release-901nbsped.jpg)
