User's Manual
Administering Enterprise Roles
Administering Enterprise User Security 13-29
Figure 13–12 Enterprise Security Manager: Database Global Roles Tab
When populating an enterprise role with different database roles it is only possible
to reference roles on databases that are configured to be global roles on those
databases. A global role on a database is identical to a normal role, except that the
Database Administrator has defined it to be authorized only through the directory.
(Global roles are created with the syntax, CREATE ROLE <role_name>
IDENTIFIED GLOBALLY ' ';) A Database Administrator cannot locally grant
and revoke global roles to users of the database.
To add a global role to an enterprise role:
1. ChooseAdd... (Figure 13–12). The Add Global DatabaseRoles window appears.
This window lists all of the databases in the enterprise domain—from which
global roles can be selected to add to an enterprise role.
2. Select a database from which to obtain global roles. A window appears and
prompts you for logon details to authenticate to the database (and fetch global
roles). Typically, this is a DBA logon to that database.
Note that the name of the database appears in the Service field by default. You
can use this name to connect to the database if your Oracle home has LDAP