User's Manual
Administering Identity Management Realms
Administering Enterprise User Security 13-7
Managing Identity Management Realm Administrators
An identity management realm contains administrative groups that have varying
levels of privileges. The administrative groups for an identity management realm,
which pertain to Enterprise User Security, are defined in Table 13–2. For more
information about these groups, see "Administrative Groups" on page 11-17.
To manage identity management realm administrators:
1. Navigate to the Enterprise Security Manager Console home page. (Choose
Launch Enterprise Security Manager Console from the Operations menu and
log in by using your OracleAS Single Sign-On username and password.)
2. Choose the Users and Groups tab.
3. In the Users and Groups tabbed window, choose the Group subtab.
4. In the Group subtab window, select the administrative group you wish to edit,
and click Edit.
5. In the Edit Group window, enter group information into the appropriate fields.
You can change group owners, add users to or remove them from groups, and
view group membership.
6. Click Submit to save your changes to the directory.
Table 13–2 Enterprise User Security Identity Management Realm Administrators
Administrative Group Definition
Oracle Database Registration
Administrators
(OracleDBCreators)
Registers new databases in the realm.
Oracle Database Security
Administrators
(OracleDBSecurityAdmins)
Has all privileges on the OracleDBSecurity directory
subtree. Creates, modifies, and can read all Enterprise
User Security directory objects.
Oracle Context Administrators
(OracleContextAdmins)
Has full access to all groups and entries within its
associated realm.
User Security Administrators
(OracleUserSecurityAdmins)
Has relevant permissions necessary to administer
security aspects for enterprise users in the directory. For
example, OracleUserSecurityAdmins can modify user
passwords.