{"id":2227,"date":"2010-11-29T10:49:07","date_gmt":"2010-11-29T14:49:07","guid":{"rendered":"http:\/\/onlineappsdba.com\/index.php\/2010\/11\/29\/enterprise-user-security-eus-overview-for-oracle-database-1011g\/"},"modified":"2010-11-29T10:56:12","modified_gmt":"2010-11-29T14:56:12","slug":"enterprise-user-security-eus-overview-for-oracle-database-1011g","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2010\/11\/29\/enterprise-user-security-eus-overview-for-oracle-database-1011g\/","title":{"rendered":"Enterprise User Security (EUS) overview for Oracle Database 10\/11g"},"content":{"rendered":"

Enterprise User Security<\/strong> (EUS)\u00a0is process of integrating Oracle Database with LDAP compliant directory server like Oracle Internet Directory (OID) or Microsoft Active Directory so that database Users can be centrally managed in LDAP Directory Server.
\n\u00a0\u00a0\u00a0 When EUS feature of databases is configured and enabled, all EUS enabled databases can authenticate users based on information in LDAP server.<\/p>\n

.
\nDatabase Users <\/strong>: are users created in database using CREATE USER [username] IDENTIFIED BY [password];<\/strong> command. Database user is associated with a database schema. (When you create user using create user command it automatically creates schema<\/font>)
\n.\u00a0<\/strong><\/p>\n

Database Schema <\/strong>: is named collection of objects, such as tables, views, clusters, procedures, packages, attributes, object classes. Schema is associated to a particular database user.<\/p>\n

.<\/p>\n

Enterprise Users <\/strong>: are users that are defined and managed in LDAP server (Oracle Internet Directory or Active Directory).<\/p>\n

.\u00a0<\/strong><\/p>\n

Global Users<\/strong>: are enteprise users created in database using
\na) Private Schema<\/strong> (each user having dedicated schema<\/font>) “CREATE USER [username] IDENTIFIED GLOBALLY AS ‘cn=username,cn=users,dc=mydomain,dc=com’;”
\nb) Shared Schema <\/strong>(multiple users sharing single schema<\/font>)\u00a0 “CREATE USER [username] IDENTIFIED GLOBALLY AS “”;<\/p>\n

.\u00a0<\/strong><\/p>\n

Role<\/strong> : Role is a named groups of related privileges.<\/p>\n

.\u00a0<\/strong><\/p>\n

Enterprise Role<\/strong> : is a directory (LDAP) object that acts as container to hold one or more database global roles. Enterprise Role is mapped to database global role and is assigned to Enterprise user. Enterprise Role<\/strong> are defined in LDAP server and assigned to enterprise user, which \u00a0determines access privileges on database.<\/p>\n

.\u00a0<\/strong><\/p>\n

Database Global Role<\/strong> : is a role that is managed in directory , but its privileges are contained within a single database. Global role is created using CREATE ROLE [role_name] IDENTIFIED GLOBALLY<\/strong>;<\/p>\n

.\u00a0<\/strong><\/p>\n

Database Local Role <\/strong>: Local Roles are created and managed by the database and created using CREATE ROLE [role_name];<\/strong>\u00a0\u00a0 For more on roles here<\/a><\/p>\n

.\u00a0<\/strong><\/p>\n

Enterprise Domain <\/strong>: is group of databases and enterprise roles. Domain resides under “Realm <\/strong>-> Oracle Context <\/strong>->Products <\/strong>-> OracleDBSecurity<\/strong>” . As\u00a0shown in below\u00a0screenshot, there are two domains. When enterprise roles are assigned to users or mapping created using enterprise manager, these enterprise roles<\/strong>, members<\/strong> and mapping<\/strong>\u00a0are stored here.<\/p>\n

.<\/p>\n

<\/a><\/p>\n

.<\/p>\n

Enterprise Domain subtree\u00a0 is composed of three types of entries: enterprise role<\/strong> entries, user-schema<\/strong> mappings<\/strong>, and the enterprise domain administrator’s group<\/strong> for that domain<\/p>\n

.<\/p>\n

Database Server Entry<\/strong>: is a directory entry containing information about database server which is registered in LDAP Server. This entry is created during database registration phase in OID using DBCA<\/strong>. This entry is under “Realm <\/strong>-> Oracle Context<\/strong> as shown in figure\u00a0below<\/p>\n

\u00a0Database Server subtree consists of mapping entries (mapping0<\/strong>…) called user-schema<\/strong> mappings.<\/p>\n

<\/a><\/p>\n

.<\/p>\n

References<\/u><\/strong> \u00a0<\/p>\n