User's Manual

Configuring Enterprise User Security Objects in the Database and the Directory

12-12 Oracle Database Advanced Security Administrator's Guide

To conﬁgure Enterprise User Security objects in the database and directory perform

the following tasks:

■ Task 1: Create Global Schemas and Global Roles in the Database

■ Task 2: Conﬁgure User-Schema Mappings for the Enterprise Domain

■ Task 3: Create Enterprise Roles in the Enterprise Domain

■ Task 4: Add Global Database Roles to Enterprise Roles

■ Task 5: Grant Enterprise Roles to Enterprise Users for Database Access

■ Task 6: Conﬁgure Enterprise User Security for the Authentication Method You

Require

Task 1: Create Global Schemas and Global Roles in the Database

Although this step can also be completed by using Oracle Enterprise Manager, the

following examples use SQL*Plus directly:

1. Create a shared schema for enterprise users. The following syntax example

creates a shared schema named guest:

SQL> CREATE USER guest IDENTIFIED GLOBALLY AS '';

If you do not want to use a shared schema, then specify a user DN between the

single quotation marks to create an exclusive schema.

2. Grant the CREATE SESSION privilege to the shared schema created in Step 1 so

users can connect to it. The following syntax example grants the CREATE

SESSION privilege to the guest shared schema:

SQL> GRANT CREATE SESSION TO guest;

If you do not use the OracleDefaultDomain or store your users in

an identity management realm Users subtree, then see the follow-

ing documentation:

■ Oracle Internet Directory Administrator's Guide for information

about creating a new identity management realm or modifying

an existing one, and for information about setting access

control lists on directory objects.

■ "Creating a New Enterprise Domain" on page 13-16 to create

another domain in which to put your database. Then substitute

your new domain name for OracleDefaultDomain in the

following conﬁguration steps.