Skip Headers
Oracle® Database Enterprise User Security Administrator's Guide
11g Release 1 (11.1)
Part Number B28528-02
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Intended Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Enterprise User Security?
Oracle Database 11
g
Release 1 (11.1) New Features in Enterprise User Security
Oracle Database 10g Release 2 (10.2) New Features in Enterprise User Security
Oracle Database 10
g
Release 1 (10.1) New Features in Enterprise User Security
Oracle9
i
Release 2 (9.2) New Feature in Enterprise User Security
1
Introducing Enterprise User Security
1.1
Introduction to Enterprise User Security
1.1.1
The Challenges of User Management
1.1.2
Enterprise User Security: The Big Picture
1.1.2.1
How Oracle Internet Directory Implements Identity Management
1.1.2.2
Enterprise Users Compared to Database Users
1.1.2.3
About Enterprise User Schemas
1.1.2.4
How Enterprise Users Access Database Resources with Database Links
1.1.2.5
How Enterprise Users Are Authenticated
1.1.3
About Enterprise User Security Directory Entries
1.1.3.1
Enterprise Users
1.1.3.2
Enterprise Roles
1.1.3.3
Enterprise Domains
1.1.3.4
Database Server Entries
1.1.3.5
User-Schema Mappings
1.1.3.6
Administrative Groups
1.1.3.7
Password Policies
1.2
About Using Shared Schemas for Enterprise User Security
1.2.1
Overview of Shared Schemas Used in Enterprise User Security
1.2.2
How Shared Schemas Are Configured for Enterprise Users
1.2.3
How Enterprise Users Are Mapped to Schemas
1.3
Enterprise User Proxy
1.4
About Using Current User Database Links for Enterprise User Security
1.5
Enterprise User Security Deployment Considerations
1.5.1
Security Aspects of Centralizing Security Credentials
1.5.1.1
Security Benefits Associated with Centralized Security Credential Management
1.5.1.2
Security Risks Associated with Centralized Security Credential Management
1.5.2
Security of Password-Authenticated Enterprise User Database Login Information
1.5.2.1
What Is Meant by Trusted Databases
1.5.2.2
Protecting Database Password Verifiers
1.5.3
Considerations for Defining Database Membership in Enterprise Domains
1.5.4
Choosing Authentication Types between Clients, Databases, and Directories for Enterprise User Security
1.5.4.1
Typical Configurations
2
Getting Started with Enterprise User Security
2.1
Configuring Your Database to Use the Directory
2.2
Registering Your Database with the Directory
2.3
Creating a Shared Schema in the Database
2.4
Mapping Enterprise Users to the Shared Schema
2.5
Connecting to the Database as an Enterprise User
2.6
Using Enterprise Roles
2.7
Using Proxy Permissions
3
Configuration and Administration Tools Overview
3.1
Enterprise User Security Tools Overview
3.2
Oracle Internet Directory Self-Service Console
3.3
Oracle Net Configuration Assistant
3.3.1
Starting Oracle Net Configuration Assistant
3.4
Database Configuration Assistant
3.4.1
Starting Database Configuration Assistant
3.5
Oracle Wallet Manager
3.5.1
Starting Oracle Wallet Manager
3.5.2
The orapki Command-Line Utility
3.6
Oracle Enterprise Manager
3.7
User Migration Utility
3.8
Duties of an Enterprise User Security Administrator/DBA
4
Enterprise User Security Configuration Tasks and Troubleshooting
4.1
Enterprise User Security Configuration Overview
4.2
Enterprise User Security Configuration Roadmap
4.3
Preparing the Directory for Enterprise User Security (Phase One)
4.3.1
About the Database Wallet and Password
4.3.1.1
Sharing Wallets and sqlnet.ora Files Among Multiple Databases
4.4
Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)
4.5
Configure Enterprise User Security for the Authentication Method You Require (Phase Three)
4.5.1
Configuring Enterprise User Security for Password Authentication
4.5.2
Configuring Enterprise User Security for Kerberos Authentication
4.5.3
Configuring Enterprise User Security for SSL Authentication
4.5.3.1
Viewing the Database DN in the Wallet and in the Directory
4.6
Enabling Current User Database Links
4.7
Troubleshooting Enterprise User Security
4.7.1
ORA-# Errors for Password-Authenticated Enterprise Users
4.7.2
ORA-# Errors for Kerberos-Authenticated Enterprise Users
4.7.3
ORA-# Errors for SSL-Authenticated Enterprise Users
4.7.4
NO-GLOBAL-ROLES Checklist
4.7.5
USER-SCHEMA ERROR Checklist
4.7.6
DOMAIN-READ-ERROR Checklist
5
Administering Enterprise User Security
5.1
Administering Identity Management Realms
5.1.1
Identity Management Realm Versions
5.1.2
Setting Properties of an Identity Management Realm
5.1.2.1
Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Management Realm Attributes
5.1.3
Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm
5.1.4
Managing Identity Management Realm Administrators
5.2
Administering Enterprise Users
5.2.1
Creating New Enterprise Users
5.2.2
Setting Enterprise User Passwords
5.2.3
Granting Enterprise Roles to Enterprise Users
5.2.4
Granting Proxy Permissions to Enterprise Users
5.2.5
Creating User-Schema Mappings for Enterprise Users
5.2.6
Creating Label Authorizations for Enterprise Users
5.3
Configuring User-Defined Enterprise Groups
5.3.1
Granting Enterprise Roles to User-Defined Enterprise Groups
5.4
Configuring Databases for Enterprise User Security
5.4.1
Creating User-Schema Mappings for a Database
5.4.2
Adding Administrators to Manage Database Schema Mappings
5.5
Administering Enterprise Domains
5.5.1
Creating an Enterprise Domain
5.5.2
Adding Databases to an Enterprise Domain
5.5.3
Creating User-Schema Mappings for an Enterprise Domain
5.5.4
Configuring Enterprise Roles
5.5.5
Configuring Proxy Permissions
5.5.6
Configuring User Authentication Types and Enabling Current User Database Links
5.5.7
Configuring Domain Administrators
A
Using the User Migration Utility
A.1
Benefits of Migrating Local or External Users to Enterprise Users
A.2
Introduction to the User Migration Utility
A.2.1
Bulk User Migration Process Overview
A.2.1.1
Step 1: (Phase One) Preparing for the Migration
A.2.1.2
Step 2: Verify User Information
A.2.1.3
Step 3: (Phase Two) Completing the Migration
A.2.2
About the ORCL_GLOBAL_USR_MIGRATION_DATA Table
A.2.2.1
Which Interface Table Column Values Can Be Modified Between Phase One and Phase Two?
A.2.3
Migration Effects on Users' Old Database Schemas
A.2.4
Migration Process
A.3
Prerequisites for Performing Migration
A.3.1
Required Database Privileges
A.3.2
Required Directory Privileges
A.3.3
Required Setup to Run the User Migration Utility
A.4
User Migration Utility Command-Line Syntax
A.5
Accessing Help for the User Migration Utility
A.6
User Migration Utility Parameters
A.6.1
Keyword: HELP
A.6.2
Keyword: PHASE
A.6.3
Keyword: DBLOCATION
A.6.4
Keyword: DIRLOCATION
A.6.5
Keyword: DBADMIN
A.6.6
Keyword: ENTADMIN
A.6.7
Keyword: USERS
A.6.8
Keyword: USERSLIST
A.6.9
Keyword: USERSFILE
A.6.10
Keyword: KREALM
A.6.11
Keyword: MAPSCHEMA
A.6.12
Keyword: MAPTYPE
A.6.13
Keyword: CASCADE
A.6.14
Keyword: CONTEXT
A.6.15
Keyword: LOGFILE
A.6.16
Keyword: PARFILE
A.7
User Migration Utility Usage Examples
A.7.1
Migrating Users While Retaining Their Own Schemas
A.7.2
Migrating Users and Mapping to a Shared Schema
A.7.2.1
Mapping Users to a Shared Schema Using Different CASCADE Options
A.7.2.2
Mapping Users to a Shared Schema Using Different MAPTYPE Options
A.7.3
Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters
A.8
Troubleshooting Using the User Migration Utility
A.8.1
Common User Migration Utility Error Messages
A.8.1.1
Resolving Error Messages Displayed for Both Phases
A.8.1.2
Resolving Error Messages Displayed for Phase One
A.8.1.3
Resolving Error Messages Displayed for Phase Two
A.8.2
Common User Migration Utility Log Messages
A.8.2.1
Common Log Messages for Phase One
A.8.2.2
Common Log Messages for Phase Two
A.8.3
Summary of User Migration Utility Error and Log Messages
B
SSL External Users Conversion Script
B.1
Using the SSL External Users Conversion Script
B.2
Converting Global Users into External Users
C
Integrating Enterprise User Security with Microsoft Active Directory
C.1
Set Up Synchronization Between Active Directory and Oracle Internet Directory
C.2
Set Up a Windows 2000 Domain Controller to Interoperate with Oracle Client
C.3
Set Up Oracle Database to Interoperate with a Windows 2000 Domain Controller
C.4
Set Up Oracle Database Client to Interoperate with a Windows 2000 KDC
C.5
Obtain an Initial Ticket for the Client
C.6
Configure Enterprise User Security for Kerberos Authentication
D
Upgrading from Oracle9i to Oracle Database 11
g
Release 1 (11.1)
D.1
Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4
D.2
Upgrading Oracle Database from Release 9.2 to Release 11.1
Glossary
Index