Corporation Network Router User Manual

Configuring Oracle Database and Oracle Net Services for Oracle DCE Integration

10-12 Oracle Database Advanced Security Administrator's Guide

If connecting to the database across multiple cells, specify both the cell_name and

the server_principal, as illustrated in the following:

SQL> CREATE USER "CELL_NAME/SERVER_PRINCIPAL" IDENTIFIED EXTERNALLY;

SQL> GRANT CREATE SESSION TO "CELL_NAME/SERVER_PRINCIPAL";

You must enclose the externally-identiﬁed account name in double quotation

marks, because the slash is areserved character. Also, if theaccount (user) name

is double-quoted, it must be capitalized.

For example:

SQL> CREATE USER "CELL1/ORACLE" IDENTIFIED EXTERNALLY;

SQL> GRANT CREATE SESSION TO "CELL1/ORACLE";

When using this format, set the following parameter in the protocol.ora

conﬁguration ﬁle to FALSE:

dce.local_cell_usernames=false

References to an Oracle account created in this manner must include the

schema/account in the correct format. Consider requests for access to tables

from another account. When a user references the tables in another account

created within a local cell, the command might appear as follows:

SQL> SELECT * FROM oracle.emp

If a user wants to access tables in another account created for connections across

cells, the command might appear as follows:

SQL> SELECT * FROM "CELL1/ORACLE" .emp

Task 3: Set up DCE Integration External Roles

To set up external roles for DCE Integration, and enable connection to an Oracle

database as SYSOPER or SYSDBA with DCE credentials, do the following:

1. Set the following parameter in the initialization parameter ﬁle:

OS_ROLES=TRUE

2. Restart the database.

See Also: Oracle Database Heterogeneous Connectivity

Administrator's Guide, for more information about external

authentication