Manualshelf

Corporation Network Router User Manual

ManualsBrandsOracle ManualsNetwork RouterOracle Database B10772-01
291292293294295296297298299300
Introduction to Enterprise User Security
11-14 Oracle Database Advanced Security Administrator's Guide
An enterprise role can be assigned to one or more enterprise users. For example,
you could assign the enterprise role sales_manager to a number of enterprise
users who hold the same job. This information is protected in the directory, and
only a directory administrator can manage users and assign their roles. A user can
be granted local roles and privileges in a database in addition to enterprise roles.
Enterprise role entries are stored in enterprise domain subtrees. Each enterprise
role contains information about associated global roles on each database server and
the associated enterprise users. The Enterprise Domain Administrator creates and
manages enterprise roles by using Enterprise Security Manager.
Enterprise Domains
An enterprise domain is a group of databases and enterprise roles. An example of a
domain could be the engineering division in an enterprise or a small enterprise
itself. Figure 11–3 shows an example of an enterprise domain called Services that
resides under the OracleDBSecurity entry in an identity management realm. It is
here, at the enterprise domain level, that the Enterprise Domain Administrator,
using Enterprise Security Manager, assigns enterprise roles to users and manages
enterprise security. An enterprise domain subtree in a directory is composed of
three types of entries: enterprise role entries, user-schema mappings, and the
enterprise domain administrator's group for that domain. Enterprise domains are
used to manage information that applies to multiple databases. All user-schema
mappings entries contained in an enterprise domain apply to all databases in the
domain. If you need to apply different user-schema mappings to individual
databases, then use Database Server entries, which are discussed in the following
section.
Enterprise roles apply to specific databases in the domain, as explained in the
previous section. Enterprise roles, domain-level mappings, and the domain
administrators group are all administered by using Enterprise Security Manager.
See Also: "Administering Enterprise Roles" on page 13-27 for
information about using Enterprise Security Manager to create and
manage enterprise roles.
Note: The database obtains a user's global roles from the directory
as part of the login process. If you change a user's global roles in the
directory, then those changes do not take effect until the next time
the user logs in to the database.