Enterprise User Security (EUS) overview for Oracle Database 10/11g

Enterprise User Security (EUS) is process of integrating Oracle Database with LDAP compliant directory server like Oracle Internet Directory (OID) or Microsoft Active Directory so that database Users can be centrally managed in LDAP Directory Server.
    When EUS feature of databases is configured and enabled, all EUS enabled databases can authenticate users based on information in LDAP server.

.
Database Users : are users created in database using CREATE USER [username] IDENTIFIED BY [password]; command. Database user is associated with a database schema. (When you create user using create user command it automatically creates schema)

Database Schema : is named collection of objects, such as tables, views, clusters, procedures, packages, attributes, object classes. Schema is associated to a particular database user.

.

Enterprise Users : are users that are defined and managed in LDAP server (Oracle Internet Directory or Active Directory).

Global Users: are enteprise users created in database using
a) Private Schema (each user having dedicated schema) “CREATE USER [username] IDENTIFIED GLOBALLY AS ‘cn=username,cn=users,dc=mydomain,dc=com’;”
b) Shared Schema (multiple users sharing single schema)  “CREATE USER [username] IDENTIFIED GLOBALLY AS “”;

Role : Role is a named groups of related privileges.

Enterprise Role : is a directory (LDAP) object that acts as container to hold one or more database global roles. Enterprise Role is mapped to database global role and is assigned to Enterprise user. Enterprise Role are defined in LDAP server and assigned to enterprise user, which  determines access privileges on database.

Database Global Role : is a role that is managed in directory , but its privileges are contained within a single database. Global role is created using CREATE ROLE [role_name] IDENTIFIED GLOBALLY;

Database Local Role : Local Roles are created and managed by the database and created using CREATE ROLE [role_name];   For more on roles here

Enterprise Domain : is group of databases and enterprise roles. Domain resides under “Realm -> Oracle Context ->Products -> OracleDBSecurity” . As shown in below screenshot, there are two domains. When enterprise roles are assigned to users or mapping created using enterprise manager, these enterprise roles, members and mapping are stored here.

.

.

Enterprise Domain subtree  is composed of three types of entries: enterprise role entries, user-schema mappings, and the enterprise domain administrator’s group for that domain

.

Database Server Entry: is a directory entry containing information about database server which is registered in LDAP Server. This entry is created during database registration phase in OID using DBCA. This entry is under “Realm -> Oracle Context as shown in figure below

 Database Server subtree consists of mapping entries (mapping0…) called user-schema mappings.

.

References  

.

More on Enterprise User Security in Oracle Database coming soon ….

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

9 comments
Enterprise User Security (EUS) overview for Oracle Database 10/11g | APP Servers says December 5, 2010

[…] Follow this link: Enterprise User Security (EUS) overview for Oracle Database 10/11g […]

Reply
venkat says December 6, 2010

how to recover control file through Rman when control file is corrupted

Reply
Atul Kumar says December 7, 2010

@ Venkat

Check RMAN Guide with command to restore control file at

http://download.oracle.com/docs/cd/B19306_01/backup.102/b14192/recov004.htm#CFABADJC

Reply
Hi Atul, says December 8, 2010

Hi Atul,

/**** please don’t reject***/
I facing an issue.Please help me with this.
I am working on 12.1.3 instance.
A new responsibility named:

Manufacturing operations center user –>Manufacturing operations center analytics–>plant manager dashboard

when i am trying to open the above throwing error.Page cannot be displayed.Tried a lot but no luck.can u please help with this.

Regards,
naga.

Reply
» Registering Database with OID : Directory does not contain the required Oracle Schema or Schema version is not correct Online Apps DBA: One Stop Shop for Apps DBA’s says March 18, 2011

[…] 18th, 2011 byAtul Kumar in eus, oid, troubleshooting  Print This Post I discussed about Enterprise User Security  , This post covers issue I faced during Oracle Database Registration with LDAP Server (Oracle […]

Reply
bernie says January 25, 2013

A warning and a plea for help!

With EUS setup and working, if you accidentally delete any directory group that is mapped to an enterprise role, it causes Enterprise Manager to report an internal error when accessing ‘enterprise roles’ but it seems impossible to troubleshoot which group is missing as that essential piece of information is not reported….

Frustratingly, the emoms log contains:

2013-01-25 14:16:08,285 [EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR eus.EUSDomainComponentUtility logp.251 – EUSException: There is no enterprise role with the specific name
2013-01-25 14:16:08,291 [EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR eus.EUSComponentController logp.251 – The Execption in EUS is oracle.sysman.emo.adm.security.eus.EntDBSecEUSException
2013-01-25 14:16:08,294 [EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR svlt.PageHandler handleRequest.640 – java.lang.NullPointerException

Reply
adibi.askar@gmail.com says September 30, 2014

Hi atul
for a 2 month i tried setup my oracle enterprise user security.but i see ora-28030
now i explain my environment for u.i hope help me
————
Sever A : oracle identity management server
– weblog 10.3.6
– oracle identity 11.1.1.6
– oracle database 11.2.0.3 (for repository)
Server B : oracle database 11.2.0.3 for test EUS

install and configure like this instruction:
http://download.oracle.com/otndocs/products/oid/11113-oid-fresh-installation/11113oidfreshinstallation_viewlet_swf.html

for configure EUS in sever b i used oracle enterprise user security 11r2 from oracle document.
i install and configure any things whiteout any error! but when i try log on into the oracle database in server B (from server B) i see ora-28030

have OID need other configuration?
i think my oid server configuration not true!

thank for your consideration
askar

Reply
Sudeep says March 31, 2015

I am also facing the issue reported by bernie “[EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR eus.EUSDomainComponentUtility logp.251 – EUSException: There is no enterprise role with the specific name
2013-01-25 14:16:08,291 [EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR eus.EUSComponentController logp.251 – The Execption in EUS is oracle.sysman.emo.adm.security.eus.EntDBSecEUSException
2013-01-25 14:16:08,294 [EMUI_14_16_08_/console/database/EntDBSec/EUS/EUSComponent] ERROR svlt.PageHandler handleRequest.640 – java.lang.NullPointerException”

Can some one help

Reply
bernie says May 29, 2015

It was quite a while ago so not sure if this will help but you might be able to use the eusm utility to diagnoe the problem.

e.g.

eusm listenterpriseroleinfo enterprise_role=connect_INSTANCE domain_name=”OracleDefaultDomain” realm_dn=”dc=xx,dc=com” ldap_host=”LDAP_HOST” ldap_port=”3060″ ldap_user_dn=”cn=orcladmin” ldap_user_password=”ORCLADMIN_PASSWORD”

Reply
Add Your Reply

Not found