Enterprise User Security Administrator's Guide - Oracle
Oracle Database Enterprise User Security Administrator's Guide 18c E81136-05 May 2020
Oracle Database Enterprise User Security Administrator's Guide, 18c E81136-05 Copyright 2000, 2020, Oracle and/or its affiliates. Primary Author: Rod Ward Contributors: Apoorva Srinivas, Tanvir Ahmed, Chi Ching Chui, Santanu Datta, Janis Greenberg, Rishabh Gupta, Pat Huey, Min-Hank Ho, Yong Hu, Sudha Iyer, Sumit Jeloka, Supriya Kalyanasundaram, Srinidhi Kayoor, Lakshmi Kethana, Manoj Kamani, Van Le, Nina Lewis, Stella Li, Chao Liang, Gopal Mulagund, Sarma Namuduri, Janaki Narasinghanallur, Hozefa Palitanawala, Eric Paapanen, Vikram Pesati, Andy Philips, Richard Smith, Deborah Steiner, Srividya Tata, Philip Thornton, Ramana Turlapati, Sudheesh Varma, Anand Verma, Peter Wahl , Alan Williams This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or “commercial computer software documentation” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents Preface Intended Audience xviii Documentation Accessibility xviii Related Documents xix Conventions xx Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide 1 Changes in Oracle Database Release 18c Version 18.1 xxi Changes in Oracle Database 12c Release 2 (12.2.0.1) xxii Introducing Enterprise User Security 1.1 Introduction to Enterprise User Security 1.1.1 The Challenges of User Management 1-1 1.1.2 Enterprise User Security: The Big Picture 1-2 1.1.2.1 How Oracle Internet Directory Implements Identity Management 1-4 1.1.2.2 Enterprise Users Compared to Database Users 1-5 1.1.2.3 About Enterprise User Schemas 1-6 1.1.2.4 How Enterprise Users Access Database Resources with Database Links 1-7 How Enterprise Users Are Authenticated 1-8 1.1.2.5 1.1.3 1.2 1-1 About Enterprise User Security Directory Entries 1-10 1.1.3.1 Enterprise Users 1-10 1.1.3.2 Enterprise Roles 1-11 1.1.3.3 Enterprise Domains 1-13 1.1.3.4 Database Server Entries 1-13 1.1.3.5 User-Schema Mappings 1-15 1.1.3.6 Administrative Groups 1-15 1.1.3.7 Password Policies 1-17 About Using Shared Schemas for Enterprise User Security 1.2.1 Overview of Shared Schemas Used in Enterprise User Security 1-18 1-19 iii
1.2.2 How Shared Schemas Are Configured for Enterprise Users 1-19 1.2.3 How Enterprise Users Are Mapped to Schemas 1-20 1.3 Enterprise User Proxy 1-22 1.4 About Using Current User Database Links for Enterprise User Security 1-24 1.5 Enterprise User Security Deployment Considerations 1-25 1.5.1 Security Aspects of Centralizing Security Credentials 1.5.1.1 Security Benefits Associated with Centralized Security Credential Management 1-26 Security Risks Associated with Centralized Security Credential Management 1-26 Security of Password-Authenticated Enterprise User Database Login Information 1-26 1.5.1.2 1.5.2 1.5.2.1 What Is Meant by Trusted Databases 1-27 1.5.2.2 Protecting Database Password Verifiers 1-27 1.5.3 1.5.4 Considerations for Defining Database Membership in Enterprise Domains 1-28 Choosing Authentication Types between Clients, Databases, and Directories for Enterprise User Security 1-28 1.5.4.1 2 3 1-26 Typical Configurations 1-29 Getting Started with Enterprise User Security 2.1 Configuring Your Database to Use the Directory 2-1 2.2 Registering Your Database with the Directory 2-4 2.3 Registering an Oracle RAC Database with the Directory 2-7 2.4 Creating a Shared Schema in the Database 2-8 2.5 Mapping Enterprise Users to the Shared Schema 2-8 2.6 Connecting to the Database as an Enterprise User 2-9 2.7 Using Enterprise Roles 2-9 2.8 Using Proxy Permissions 2-14 2.9 Using Pluggable Databases 2-18 2.9.1 Wallet Location for Pluggable Databases 2-19 2.9.2 Wallet Root for Pluggable Databases 2-19 2.9.3 Default Database DN Format 2-20 2.9.4 Plugging and Unplugging PDBs 2-20 2.9.5 Switching Containers 2-20 Configuration and Administration Tools Overview 3.1 Enterprise User Security Tools Overview 3-1 3.2 Oracle Internet Directory Self-Service Console 3-2 3.3 Oracle Net Configuration Assistant 3-2 3.3.1 Starting Oracle Net Configuration Assistant 3-3 iv
3.4 Database Configuration Assistant 3.4.1 3.5 4 Starting Database Configuration Assistant Oracle Wallet Manager 3-4 3-4 3.5.1 Starting Oracle Wallet Manager 3-5 3.5.2 The orapki Command-Line Utility 3-5 3.6 Oracle Enterprise Manager 3-5 3.7 User Migration Utility 3-6 3.8 Duties of an Enterprise User Security Administrator/DBA 3-7 Enterprise User Security Configuration Tasks and Troubleshooting 4.1 Enterprise User Security Configuration Overview 4-1 4.2 Enterprise User Security Configuration Roadmap 4-4 4.3 Preparing the Directory for Enterprise User Security (Phase One) 4-4 4.3.1 Configuring Directory Access for Enterprise Users 4-10 4.3.2 About the Database Wallet and Password 4-11 4.3.2.1 4.4 4.5 Sharing Wallets and sqlnet.ora Files Among Multiple Databases 4-12 Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two) 4-13 Configure Enterprise User Security for the Authentication Method You Require (Phase Three) 4-17 4.5.1 Configuring Enterprise User Security for Password Authentication 4-17 4.5.2 Configuring Enterprise User Security for Kerberos Authentication 4-19 4.5.3 Configuring Enterprise User Security for SSL Authentication 4-22 4.5.3.1 5 3-4 Viewing the Database DN in the Wallet and in the Directory 4-27 4.6 Enabling Current User Database Links 4-27 4.7 Troubleshooting Enterprise User Security 4-28 4.7.1 ORA-n Errors for Password-Authenticated Enterprise Users 4-28 4.7.2 ORA-n Errors for Kerberos-Authenticated Enterprise Users 4-31 4.7.3 ORA-n Errors for SSL-Authenticated Enterprise Users 4-33 4.7.4 NO-GLOBAL-ROLES Checklist 4-34 4.7.5 USER-SCHEMA ERROR Checklist 4-35 4.7.6 DOMAIN-READ-ERROR Checklist 4-36 Administering Enterprise User Security 5.1 Administering Identity Management Realms 5-1 5.1.1 Identity Management Realm Versions 5-2 5.1.2 Setting Properties of an Identity Management Realm 5-2 5.1.2.1 Setting Login Name, Kerberos Principal Name, User Search Base, and Group Search Base Identity Management Realm Attributes 5-3 v
5.1.3 5.1.4 5.2 5.3 5.5 Managing Identity Management Realm Administrators 5-4 5-5 5.2.1 Creating New Enterprise Users 5-6 5.2.2 Setting Enterprise User Passwords 5-6 5.2.3 Granting Enterprise Roles to Enterprise Users 5-7 5.2.4 Granting Proxy Permissions to Enterprise Users 5-8 5.2.5 Creating User-Schema Mappings for Enterprise Users 5-9 5.2.6 Creating Label Authorizations for Enterprise Users Configuring User-Defined Enterprise Groups Granting Enterprise Roles to User-Defined Enterprise Groups Configuring Databases for Enterprise User Security 5-10 5-10 5-11 5-11 5.4.1 Creating User-Schema Mappings for a Database 5-12 5.4.2 Adding Administrators to Manage Database Schema Mappings 5-12 Administering Enterprise Domains 5-13 5.5.1 Creating an Enterprise Domain 5-14 5.5.2 Adding Databases to an Enterprise Domain 5-14 5.5.3 Creating User-Schema Mappings for an Enterprise Domain 5-15 5.5.4 Configuring Enterprise Roles 5-16 5.5.5 Configuring Proxy Permissions 5-18 5.5.6 Configuring User Authentication Types and Enabling Current User Database Links 5-19 Configuring Domain Administrators 5-20 5.5.7 6 5-3 Administering Enterprise Users 5.3.1 5.4 Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm Using Oracle Wallet Manager 6.1 About Oracle Wallet Manager 6-1 6.1.1 What Is Oracle Wallet Manager? 6-2 6.1.2 Wallet Password Management 6-2 6.1.3 Strong Wallet Encryption 6-2 6.1.4 Microsoft Windows Registry Wallet Storage 6-2 6.1.5 ACL Settings Needed for Wallet Files Created Using Wallet Manager 6-3 6.1.6 Backward Compatibility 6-3 6.1.7 Public-Key Cryptography Standards (PKCS) Support 6-4 6.1.8 Multiple Certificate Support 6-4 6.1.9 LDAP Directory Support 6-6 6.2 Starting Oracle Wallet Manager 6-7 6.3 General Process for Creating an Oracle Wallet 6-7 6.4 Managing Oracle Wallets 6-8 6.4.1 Required Guidelines for Creating Oracle Wallet Passwords 6-8 6.4.2 Creating a New Oracle Wallet 6-9 vi
6.5 6.4.2.1 Creating a Standard Oracle Wallet 6.4.2.2 Creating an Oracle Wallet to Store Hardware Security Module Credentials 6-10 6.4.3 Opening an Existing Oracle Wallet 6-11 6.4.4 Closing an Oracle Wallet 6-12 6.4.5 Exporting an Oracle Wallet to a Third-Party Environment 6-12 6.4.6 Exporting an Oracle Wallet to a Tools That Does Not Support PKCS #12 6-13 6.4.7 Uploading an Oracle Wallet to an LDAP Directory 6-14 6.4.8 Downloading an Oracle Wallet from an LDAP Directory 6-15 6.4.9 Saving Changes to an Oracle Wallet 6-16 6.4.10 Saving the Open Wallet to a New Location 6-16 6.4.11 Saving an Oracle Wallet to the System Default Directory Location 6-17 6.4.12 Deleting an Oracle Wallet 6-17 6.4.13 Changing the Oracle Wallet Password 6-18 6.4.14 Using Auto Login for Oracle Wallets to Enable Access Without Human Intervention 6-19 6.4.14.1 About Using Auto Login for Oracle Wallets 6-19 6.4.14.2 Enabling Auto Login for Oracle Wallets 6-19 6.4.14.3 Disabling Auto Login for Oracle Wallets 6-20 Managing Certificates for Oracle Wallets 6-20 6.5.1 About Managing Certificates for Oracle Wallets 6-20 6.5.2 Managing User Certificates for Oracle Wallets 6-21 6.5.2.1 About Managing User Certificates 6-21 6.5.2.2 Adding a Certificate Request 6-21 6.5.2.3 Importing the User Certificate into an Oracle Wallet 6-23 6.5.2.4 Importing Certificates and Wallets Created by Third Parties 6-25 6.5.2.5 Removing a User Certificate from an Oracle Wallet 6-26 6.5.2.6 Removing a Certificate Request 6-27 6.5.2.7 Exporting a User Certificate 6-27 6.5.2.8 Exporting a User Certificate Request 6-28 Managing Trusted Certificates for Oracle Wallets 6-29 6.5.3 7 6-9 6.5.3.1 Importing a Trusted Certificate 6-29 6.5.3.2 Removing a Trusted Certificate 6-30 6.5.3.3 Exporting a Trusted Certificate to Another File System Location 6-31 6.5.3.4 Exporting All Trusted Certificates to Another File System Location 6-31 Enterprise User Security Manager (EUSM) Command Reference 7.1 About SSL Port Connectivity through EUSM to OID 7-2 7.2 Enterprise User Security Manager (EUSM) Command Summary 7-2 7.2.1 createDomain 7-6 vii
7.2.2 deleteDomain 7-7 7.2.3 listDomains 7-8 7.2.4 listDomainInfo 7-9 7.2.5 addDomainAdmin 7-10 7.2.6 removeDomainAdmin 7-12 7.2.7 listDomainAdmins 7-13 7.2.8 addDatabase 7-14 7.2.9 removeDatabase 7-15 7.2.10 addDBAdmin 7-17 7.2.11 listDBAdmins 7-18 7.2.12 listDBInfo 7-19 7.2.13 removeDBAdmin 7-20 7.2.14 createMapping 7-21 7.2.15 deleteMapping 7-23 7.2.16 listMappings 7-24 7.2.17 setCulinkStatus 7-25 7.2.18 setAuthTypes 7-27 7.2.19 createRole 7-28 7.2.20 deleteRole 7-29 7.2.21 addGlobalRole 7-31 7.2.22 removeGlobalRole 7-33 7.2.23 grantRole 7-35 7.2.24 revokeRole 7-37 7.2.25 listEnterpriseRoles 7-38 7.2.26 listEnterpriseRolesOfUser 7-40 7.2.27 listEnterpriseRoleInfo 7-41 7.2.28 listGlobalRolesInDB 7-43 7.2.29 listSharedSchemasInDB 7-44 7.2.30 createProxyPerm 7-44 7.2.31 deleteProxyPerm 7-46 7.2.32 addTargetUser 7-47 7.2.33 removeTargetUser 7-49 7.2.34 grantProxyPerm 7-51 7.2.35 revokeProxyPerm 7-52 7.2.36 listProxyPermissions 7-54 7.2.37 listProxyPermissionsOfUser 7-55 7.2.38 listProxyPermissionInfo 7-56 7.2.39 listTargetUsersInDB 7-58 7.2.40 setDBOIDAuth 7-58 7.2.41 listDBOIDAuth 7-60 7.2.42 addToPwdAccessibleDomains 7-61 viii
A 7.2.43 removeFromPwdAccessibleDomains 7-62 7.2.44 listPwdAccessibleDomains 7-63 7.2.45 listRealmCommonAttr 7-64 7.2.46 createAppCtxNamespace 7-65 7.2.47 deleteAppCtxNamespace 7-66 7.2.48 listAppCtxNamespaces 7-68 7.2.49 createAppCtxAttribute 7-69 7.2.50 deleteAppCtxAttribute 7-70 7.2.51 listAppCtxAttributes 7-71 7.2.52 createAppCtxAttributeValue 7-72 7.2.53 deleteAppCtxAttributeValue 7-74 7.2.54 listAppCtxAttributeValues 7-75 7.2.55 createAppCtxUsers 7-76 7.2.56 deleteAppCtxUsers 7-78 7.2.57 listAppCtxUsers 7-79 Using the User Migration Utility A.1 Benefits of Migrating Local or External Users to Enterprise Users A-1 A.2 Introduction to the User Migration Utility A-2 A.2.1 Bulk User Migration Process Overview A.2.1.1 Step 1: (Phase One) Preparing for the Migration A-3 A.2.1.2 Step 2: Verify User Information A-3 A.2.1.3 Step 3: (Phase Two) Completing the Migration A-3 A.2.2 About the ORCL GLOBAL USR MIGRATION DATA Table A.2.2.1 A.3 A-2 Which Interface Table Column Values Can Be Modified Between Phase One and Phase Two? A-4 A-5 A.2.3 Migration Effects on Users' Old Database Schemas A-5 A.2.4 Migration Process A-6 Prerequisites for Performing Migration A-7 A.3.1 Required Database Privileges A-7 A.3.2 Required Directory Privileges A-7 A.3.3 Required Setup to Run the User Migration Utility A-8 A.4 User Migration Utility Command-Line Syntax A-8 A.5 Accessing Help for the User Migration Utility A-10 A.6 User Migration Utility Parameters A-10 A.6.1 Keyword: HELP A-10 A.6.2 Keyword: PHASE A-11 A.6.3 Keyword: DBLOCATION A-11 A.6.4 Keyword: DIRLOCATION A-11 A.6.5 Keyword: DBADMIN A-11 A.6.6 Keyword: ENTADMIN A-12 ix
A.7 A.6.7 Keyword: USERS A-12 A.6.8 Keyword: USERSLIST A-13 A.6.9 Keyword: USERSFILE A-13 A.6.10 Keyword: KREALM A-13 A.6.11 Keyword: MAPSCHEMA A-14 A.6.12 Keyword: MAPTYPE A-14 A.6.13 Keyword: CASCADE A-15 A.6.14 Keyword: CONTEXT A-15 A.6.15 Keyword: LOGFILE A-16 A.6.16 Keyword: PARFILE A-16 User Migration Utility Usage Examples A.7.1 Migrating Users While Retaining Their Own Schemas A-16 A.7.2 Migrating Users and Mapping to a Shared Schema A-17 A.7.2.1 A.7.2.2 A.7.3 A.8 A-18 Mapping Users to a Shared Schema Using Different MAPTYPE Options A-20 Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters Common User Migration Utility Error Messages A-21 A-22 A-23 A.8.1.1 Resolving Error Messages Displayed for Both Phases A-23 A.8.1.2 Resolving Error Messages Displayed for Phase One A-24 A.8.1.3 Resolving Error Messages Displayed for Phase Two A-27 A.8.2 C Mapping Users to a Shared Schema Using Different CASCADE Options Troubleshooting Using the User Migration Utility A.8.1 B A-16 Common User Migration Utility Log Messages A-27 A.8.2.1 Common Log Messages for Phase One A-28 A.8.2.2 Common Log Messages for Phase Two A-28 A.8.3 Summary of User Migration Utility Error and Log Messages A-29 A.8.4 Tracing for UMU A-30 SSL External Users Conversion Script B.1 Using the SSL External Users Conversion Script B-1 B.2 Converting Global Users into External Users B-2 Integrating Enterprise User Security with Microsoft Active Directory C.1 About Direct Integration with Microsoft Active Directory C-1 C.2 Set Up Synchronization Between Active Directory and Oracle Internet Directory C-2 C.3 Set Up Active Directory to Interoperate with Oracle Client C-2 C.4 Set Up Oracle Database to Interoperate with Microsoft Active Directory C-3 x
D C.5 Set Up Oracle Database Client to Interoperate with Microsoft Active Directory C-3 C.6 Obtain an Initial Ticket for the Client C-3 C.7 Configure Enterprise User Security for Kerberos Authentication C-4 Upgrading from Oracle9i to Oracle Database Release 18c Version 18.1 D.1 Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4 D-1 D.2 Upgrading Oracle Database from Release 9.2.0.8 to Oracle Database Release 18c Version 18.1 D-2 Upgrading Oracle Database from Release 10g (10.1) and Higher to Oracle Database Release 18c Version 18.1 D-2 D.3 Glossary Index xi
List of Examples 2-1 Creating a Shared Schema 2-8 2-2 Mapping Enterprise Users to the Shared Schema 2-8 2-3 Connecting to the Database as an Enterprise User 2-9 2-4 Using Enterprise Roles 2-10 2-5 Using Proxy Permissions 2-14 7-1 Creating a Domain in the Realm with SSL Port Conectivity to OID 7-7 7-2 Creating a Domain in the Realm with non-SSL Port Conectivity to OID 7-7 7-3 Deleting a Domain from the Realm with SSL Port Conectivity to OID 7-8 7-4 Deleting a Domain from the Realm with non-SSL Port Conectivity to OID 7-8 7-5 Lists the domains in the realm with SSL Port Conectivity to OID 7-9 7-6 Lists the domains in the realm with non-SSL Port Conectivity to OID 7-9 7-7 Listing the Domain Information with SSL Port Conectivity to OID 7-10 7-8 Listing the Domain Information with non-SSL Port Conectivity to OID 7-10 7-9 Adding a Domain Administrator with SSL Port Conectivity to OID 7-11 7-10 Adding a Domain Administrator with non-SSL Port Conectivity to OID 7-11 7-11 Removing a Domain Administrator with SSL Port Conectivity to OID 7-13 7-12 Removing a Domain Administrator with non-SSL Port Conectivity to OID 7-13 7-13 Listing the Domain Administrators with SSL Port Conectivity to OID 7-14 7-14 Listing the Domain Administrators with non-SSL Port Conectivity to OID 7-14 7-15 Adding a Database to the Domain with SSL Port Conectivity to OID 7-15 7-16 Adding a Database to the Domain with non-SSL Port Conectivity to OID 7-15 7-17 Removing a Database from the Domain with SSL Port Conectivity to OID 7-16 7-18 Removing a Database from the Domain with non-SSL Port Conectivity to OID 7-16 7-19 Adding a Database Administrator with SSL Port Conectivity to OID 7-18 7-20 Adding a Database Administrator with non-SSL Port Conectivity to OID 7-18 7-21 Listing the Database Administrators with SSL Port Conectivity to OID 7-19 7-22 Listing the Database Administrators with non-SSL Port Conectivity to OID 7-19 7-23 Lists the Database Information with SSL Port Conectivity to OID 7-20 7-24 Lists the Database Information with non-SSL Port Conectivity to OID 7-20 7-25 Removing a Database Administrator with SSL Port Conectivity to OID 7-21 7-26 Removing a Database Administrator with non-SSL Port Conectivity to OID 7-21 7-27 Creating the User or Shared Schema Mapping with SSL Port Conectivity to OID 7-22 7-28 Creating the User or Shared Schema Mapping with non-SSL Port Conectivity to OID 7-23 7-29 Deleting the User or Shared Schema Mapping with SSL Port Conectivity to OID 7-24 7-30 Deleting the User or Shared Schema Mapping with non-SSL Port Conectivity to OID 7-24 xii
7-31 Listing the User or Shared Schema Mappings with SSL Port Conectivity to OID 7-25 7-32 Listing the User or Shared Schema Mappings with non-SSL Port Conectivity to OID 7-25 7-33 Enabling the Current User Database-link Usage in the Domain with SSL Port Conectivity to OID 7-34 Enabling the Current User Database-link Usage in the Domain with non-SSL Port Conectivity to OID 7-35 7-26 Setting the Authentication Types Accepted for the Users in the Domain with SSL Port Conectivity to OID 7-36 7-26 7-28 Setting the Authentication Types Accepted for the Users in the Domain with non-SSL Port Conectivity to OID 7-28 7-37 Creating a Role with SSL Port Conectivity to OID 7-29 7-38 Creating a Role with non-SSL Port Conectivity to OID 7-29 7-39 Deleting a Role with SSL Port Conectivity to OID 7-30 7-40 Deleting a Role with non-SSL Port Conectivity to OID 7-31 7-41 Adding a Global Role with SSL Port Conectivity to OID 7-32 7-42 Adding an Administrative Role with SSL Port Conectivity to OID 7-32 7-43 Adding a Global Role with non-SSL Port Conectivity to OID 7-33 7-44 Adding an Administrative Role with non-SSL Port Conectivity to OID 7-33 7-45 Removing a Global Role with SSL Port Conectivity to OID 7-34 7-46 Removing an Administrative Role with SSL Port Conectivity to OID 7-35 7-47 Removing a Global Role with non-SSL Port Conectivity to OID 7-35 7-48 Removing an Administrative Role with non-SSL Port Conectivity to OID 7-35 7-49 Granting a Role to a User with SSL Port Conectivity to OID 7-36 7-50 Granting a Role to a User with non-SSL Port Conectivity to OID 7-37 7-51 Revoking a Role from a User with SSL Port Conectivity to OID 7-38 7-52 Revoking a Role from a User with non-SSL Port Conectivity to OID 7-38 7-53 List the Enterprisre Roles with SSL Port Conectivity to OID 7-39 7-54 List the Enterprisre Roles with non-SSL Port Conectivity to OID 7-40 7-55 List the Enterprise Roles of a User with SSL Port Conectivity to OID 7-41 7-56 List the Enterprise Roles of a User with non-SSL Port Conectivity to OID 7-41 7-57 List the Enterprise Role Information with SSL Port Conectivity to OID 7-42 7-58 List the Enterprise Role Information with non-SSL Port Conectivity to OID 7-43 7-59 Listing the Global Roles in the Database 7-44 7-60 List the Shared Schemas in the Database 7-44 7-61 Create the Proxy Permission Object PROXY01 with SSL Port Conectivity to OID 7-46 7-62 Create the Proxy Permission Object PROXY01 with non-SSL Port Conectivity to OID 7-46 7-63 Deleting the Proxy Permission PROXY01 with SSL Port Conectivity to OID 7-47 xiii
7-64 Deleting the Proxy Permission PROXY01 with non-SSL Port Conectivity to OID 7-65 Add the Target Database User to the Proxy Permission Object with SSL Port Conectivity to OID 7-66 7-52 Revoking Proxy Permission Object PROXY01 From the User with SSL Port Conectivity to OID 7-72 7-52 Mapping the Enterprise User to the Database User Through the PROXY01 Permission Object with non-SSL Port Conectivity to OID 7-71 7-50 Mapping the Enterprise User to the Database User Through the PROXY01 Permission Object with SSL Port Conectivity to OID 7-70 7-50 Removing the Target User from the Proxy Permission Object with non-SSL Port Conectivity to OID 7-69 7-49 Removing the Target User from the Proxy Permission Object with SSL Port Conectivity to OID 7-68 7-49 Add the Target Database User to the Proxy Permission Object with non-SSL Port Conectivity to OID 7-67 7-47 7-53 Revoking Proxy Permission Object PROXY01 From the User with non-SSL Port Conectivity to OID 7-54 7-73 Listing the Proxy Permissions for the Domain with SSL Port Conectivity to OID 7-55 7-74 Listing the Proxy Permissions for the Domain with non-SSL Port Conectivity to OID 7-55 7-75 List the Proxy Permission for the User with SSL Port Conectivity to OID 7-56 7-76 List the Proxy Permission for the User with non-SSL Port Conectivity to OID 7-56 7-77 List Proxy Permission Information with SSL Port Conectivity to OID 7-57 7-78 List Proxy Permission Information with non-SSL Port Conectivity to OID 7-58 7-79 Listing the Target Users in the Database 7-58 7-80 Setting the Database-OID Authentication Method with SSL Port Conectivity to OID 7-59 7-81 Setting the Database-OID Authentication Method with non-SSL Port Conectivity to OID 7-59 7-82 Listing the Database-OID Authentication Method with SSL Port Conectivity to OID 7-60 7-83 Listing the Database-OID Authentication Method with non-SSL Port Conectivity to OID 7-61 7-84 Adding to Password Accessible Domains with SSL Port Conectivity to OID 7-62 7-85 Adding to Password Accessible Domains with non-SSL Port Conectivity to OID 7-62 7-86 Removing from Password Accessible Domains with SSL Port Conectivity to OID 7-63 7-87 Removing from Password Accessible Domains with non-SSL Port Conectivity to OID 7-63 7-88 Listing the Password Accessible Domains with SSL Port Conectivity to OID 7-64 7-89 Listing the Password Accessible Domains with non-SSL Port Conectivity to OID 7-64 7-90 Listing the Realm Common Attributes with SSL Port Conectivity to OID 7-65 7-91 Listing the Realm Common Attributes with non-SSL Port Conectivity to OID 7-65 7-92 Adding a New Domain Namespace with SSL Port Conectivity to OID 7-66 xiv
7-93 Adding a New Domain Namespace with non-SSL Port Conectivity to OID 7-66 7-94 Deleting a Domain Namespace with SSL Port Conectivity to OID 7-67 7-95 Deleting a Domain Namespace with non-SSL Port Conectivity to OID 7-68 7-96 Listing the Namespaces with SSL Port Conectivity to OID 7-69 7-97 Listing the Namespaces with non-SSL Port Conectivity to OID 7-69 7-98 Adding a New Attribute with SSL Port Conectivity to OID 7-70 7-99 Adding a New Attribute with non-SSL Port Conectivity to OID 7-70 7-100 Deleting Attributes with SSL Port Conectivity to OID 7-71 7-101 Deleting Attributes with non-SSL Port Conectivity to OID 7-71 7-102 Listing Attributes with SSL Port Conectivity to OID 7-72 7-103 Example Title with non-SSL Port Conectivity to OID 7-72 7-104 Adding a New Attribute Value with SSL Port Conectivity to OID 7-74 7-105 Adding a New Attribute Value with non-SSL Port Conectivity to OID 7-74 7-106 Deleting an Attribute Value with SSL Port Conectivity to OID 7-75 7-107 Deleting an Attribute Value with non-SSL Port Conectivity to OID 7-75 7-108 Listing the Attribute Values with SSL Port Conectivity to OID 7-76 7-109 Listing the Attribute Values with non-SSL Port Conectivity to OID 7-76 7-110 Adding a New User for an Attribute Value with SSL Port Conectivity to OID 7-78 7-111 Adding a New User for an Attribute Value with non-SSL Port Conectivity to OID 7-78 7-112 Deleting a User from an Attribute Value with SSL Port Conectivity to OID 7-79 7-113 Deleting a User from an Attribute Value with non-SSL Port Conectivity to OID 7-79 7-114 Listing All Users for an Attribute Value with SSL Port Conectivity to OID 7-80 7-115 Listing All Users for an Attribute Value with non-SSL Port Conectivity to OID 7-81 A-1 User Migration Utility Command-Line Syntax A-2 Migrating Users with MAPSCHEMA PRIVATE (Default) A-17 A-3 Migrating Users with MAPSCHEMA SHARED A-17 A-4 Migrating Users with Shared Schema Mapping and CASCADE YES A-19 A-5 Migrating Users with Shared Schema Mapping Using the MAPTYPE Parameter A-20 A-6 Parameter Text File (par.txt) to Use with the PARFILE Parameter A-22 A-7 Users List Text File (usrs.txt) to Use with the USERSFILE Parameter A-22 A-8 Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters A-22 A-9 xv
List of Figures 1-1 Enterprise User Security and the Oracle Security Architecture 1-3 1-2 Example of Enterprise Roles 1-12 1-3 Related Entries in a Realm Oracle Context 1-15 3-1 Opening Page of Oracle Net Configuration Assistant 3-3 4-1 Enterprise User Security Configuration Flow Chart 4-3 xvi
List of Tables 1-1 Enterprise User Security Authentication: Selection Criteria 1-2 Administrative Groups in a Realm Oracle Context 1-3 Enterprise User Security: Supported Authentication Types for Connections between Clients, Databases, and Directories 1-8 1-16 1-28 3-1 Enterprise User Security Tasks and Tools Summary 3-1 3-2 Summary of orapki Commands 3-5 3-3 Common Enterprise User Security Administrator Configuration and Administrative Tasks 3-7 4-1 Identity Realm Defaults 4-5 4-2 Oracle Internet Directory Matching Rules 5-1 Identity Management Realm Properties 5-2 5-2 Enterprise User Security Identity Management Realm Administrators 5-4 6-1 KeyUsage Values 6-5 6-2 Oracle Wallet Manager Import of User Certifi
1 Introducing Enterprise User Security 1.1 Introduction to Enterprise User Security 1-1 1.1.1 The Challenges of User Management 1-1 1.1.2 Enterprise User Security: The Big Picture 1-2 1.1.2.1 How Oracle Internet Directory Implements Identity Management 1-4 1.1.2.2 Enterprise Users Compared to Database Users 1-5 1.1.2.3 About Enterprise User .
Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolic y, . Example Script: Populating Active Directory from a Data Source .143 Using Data Modeling .
Enterprise User Security (EUS) Oracle Internet Directory Datenbanken Enterprise User User DBA RoleEnterpriseUser RoleEnterpriseDBA Enterprise Rollen Enterprise User Enterprise Rollen RoleUserGlobal1 RoleUserGlobal2 RoleDBAGlobal RoleUserLocal1 RoleUserLocal2 Resource DBA. DOAG Security Day 2016 13 AD-Integration mit Oracle
4.4 Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two) 4-12 4.5 Configure Enterprise User Security for the Authentication Method You Require (Phase Three) 4-16 4.5.1 Configuring Enterprise User Security for Password Authentication 4-16 4.5.2 Configuring Enterprise User Security for Kerberos Authentication .
New users are assigned a Teacher role by default. The Organization Administrator can assign other users the roles of Organization Administrator, Panel Administrator, and Site Manager. An Organization Administrator has access to both Panel Management and User Management, while a Panel Administrator only has access to Panel Management.
Red Hat Enterprise Linux 7 - IBM Power System PPC64LE (Little Endian) Red Hat Enterprise Linux 7 for IBM Power LE Supplementary (RPMs) Red Hat Enterprise Linux 7 for IBM Power LE Optional (RPMs) Red Hat Enterprise Linux 7 for IBM Power LE (RPMs) RHN Tools for Red Hat Enterprise Linux 7 for IBM Power LE (RPMs) Patch for Red Hat Enterprise Linux - User's Guide 1 - Overview 4 .
Microsoft Windows 7 Enterprise 32 bit and 64 bit The Installation Process Important - To install Endpoint Security VPN on any version of Windows, you need Administrator permissions. Consult with your system administrator. To install the Endpoint Security VPN client: 1. Log in to Windows with a user name that has Administrator permissions. 2.
The Administrator 3 THE ADMINISTRATOR The Administrator provides an overall view of various parameters relating to your installation of BOSaNOVA Secure. The Administrator also enables you to run certain administrative procedures. Opening the Administrator To open the Admi
Artificial Intelligence in Supply Chains Martin Zapke, 3806 A Field Lab carried out on the Master in Management Program, under the supervision of: Professor José Crespo de Carvalho 4th January 2019 . ii Disclaimer With this disclaimer, Martin Zapke, ensures that the following work project to obtain the Master of Science degree in Management is conducted by himself. The mentioned references .
