Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide
-
1
Introducing Enterprise User Security
-
1.1
Introduction to Enterprise User Security
- 1.1.1 The Challenges of User Management
- 1.1.2 Enterprise User Security: The Big Picture
- 1.1.3 About Enterprise User Security Directory Entries
- 1.2 About Using Shared Schemas for Enterprise User Security
- 1.3 Enterprise User Proxy
- 1.4 About Using Current User Database Links for Enterprise User Security
-
1.5
Enterprise User Security Deployment Considerations
- 1.5.1 Security Aspects of Centralizing Security Credentials
- 1.5.2 Security of Password-Authenticated Enterprise User Database Login Information
- 1.5.3 Considerations for Defining Database Membership in Enterprise Domains
- 1.5.4 Choosing Authentication Types between Clients, Databases, and Directories for Enterprise User Security
-
1.1
Introduction to Enterprise User Security
-
2
Getting Started with Enterprise User Security
- 2.1 Configuring Your Database to Use the Directory
- 2.2 Registering Your Database with the Directory
- 2.3 Registering an Oracle RAC Database with the Directory
- 2.4 Creating a Shared Schema in the Database
- 2.5 Mapping Enterprise Users to the Shared Schema
- 2.6 Connecting to the Database as an Enterprise User
- 2.7 Using Enterprise Roles
- 2.8 Using Proxy Permissions
- 2.9 Using Pluggable Databases
-
3
Configuration and Administration Tools Overview
- 3.1 Enterprise User Security Tools Overview
- 3.2 Oracle Internet Directory Self-Service Console
- 3.3 Oracle Net Configuration Assistant
- 3.4 Database Configuration Assistant
- 3.5 Oracle Wallet Manager
- 3.6 Oracle Enterprise Manager
- 3.7 User Migration Utility
- 3.8 Duties of an Enterprise User Security Administrator/DBA
-
4
Enterprise User Security Configuration Tasks and Troubleshooting
- 4.1 Enterprise User Security Configuration Overview
- 4.2 Enterprise User Security Configuration Roadmap
- 4.3 Preparing the Directory for Enterprise User Security (Phase One)
- 4.4 Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)
- 4.5 Configure Enterprise User Security for the Authentication Method You Require (Phase Three)
- 4.6 Enabling Current User Database Links
- 4.7 Troubleshooting Enterprise User Security
-
5
Administering Enterprise User Security
- 5.1 Administering Identity Management Realms
- 5.2 Administering Enterprise Users
- 5.3 Configuring User-Defined Enterprise Groups
- 5.4 Configuring Databases for Enterprise User Security
-
5.5
Administering Enterprise Domains
- 5.5.1 Creating an Enterprise Domain
- 5.5.2 Adding Databases to an Enterprise Domain
- 5.5.3 Creating User-Schema Mappings for an Enterprise Domain
- 5.5.4 Configuring Enterprise Roles
- 5.5.5 Configuring Proxy Permissions
- 5.5.6 Configuring User Authentication Types and Enabling Current User Database Links
- 5.5.7 Configuring Domain Administrators
-
6
Using Oracle Wallet Manager
-
6.1
About Oracle Wallet Manager
- 6.1.1 What Is Oracle Wallet Manager?
- 6.1.2 Wallet Password Management
- 6.1.3 Strong Wallet Encryption
- 6.1.4 Microsoft Windows Registry Wallet Storage
- 6.1.5 ACL Settings Needed for Wallet Files Created Using Wallet Manager
- 6.1.6 Backward Compatibility
- 6.1.7 Public-Key Cryptography Standards (PKCS) Support
- 6.1.8 Multiple Certificate Support
- 6.1.9 LDAP Directory Support
- 6.2 Starting Oracle Wallet Manager
- 6.3 General Process for Creating an Oracle Wallet
-
6.4
Managing Oracle Wallets
- 6.4.1 Required Guidelines for Creating Oracle Wallet Passwords
- 6.4.2 Creating a New Oracle Wallet
- 6.4.3 Opening an Existing Oracle Wallet
- 6.4.4 Closing an Oracle Wallet
- 6.4.5 Exporting an Oracle Wallet to a Third-Party Environment
- 6.4.6 Exporting an Oracle Wallet to a Tools That Does Not Support PKCS #12
- 6.4.7 Uploading an Oracle Wallet to an LDAP Directory
- 6.4.8 Downloading an Oracle Wallet from an LDAP Directory
- 6.4.9 Saving Changes to an Oracle Wallet
- 6.4.10 Saving the Open Wallet to a New Location
- 6.4.11 Saving an Oracle Wallet to the System Default Directory Location
- 6.4.12 Deleting an Oracle Wallet
- 6.4.13 Changing the Oracle Wallet Password
- 6.4.14 Using Auto Login for Oracle Wallets to Enable Access Without Human Intervention
-
6.5
Managing Certificates for Oracle Wallets
- 6.5.1 About Managing Certificates for Oracle Wallets
-
6.5.2
Managing User Certificates for Oracle Wallets
- 6.5.2.1 About Managing User Certificates
- 6.5.2.2 Adding a Certificate Request
- 6.5.2.3 Importing the User Certificate into an Oracle Wallet
- 6.5.2.4 Importing Certificates and Wallets Created by Third Parties
- 6.5.2.5 Removing a User Certificate from an Oracle Wallet
- 6.5.2.6 Removing a Certificate Request
- 6.5.2.7 Exporting a User Certificate
- 6.5.2.8 Exporting a User Certificate Request
- 6.5.3 Managing Trusted Certificates for Oracle Wallets
-
6.1
About Oracle Wallet Manager
-
7
Enterprise User Security Manager (EUSM) Command Reference
- 7.1 About Using a Secure External Password Store
- 7.2 About SSL Port Connectivity through EUSM to OID
-
7.3
Enterprise User Security Manager (EUSM) Command Summary
- 7.3.1 createDomain
- 7.3.2 deleteDomain
- 7.3.3 listDomains
- 7.3.4 listDomainInfo
- 7.3.5 addDomainAdmin
- 7.3.6 removeDomainAdmin
- 7.3.7 listDomainAdmins
- 7.3.8 addDatabase
- 7.3.9 removeDatabase
- 7.3.10 addDBAdmin
- 7.3.11 listDBAdmins
- 7.3.12 listDBInfo
- 7.3.13 removeDBAdmin
- 7.3.14 createMapping
- 7.3.15 deleteMapping
- 7.3.16 listMappings
- 7.3.17 setCulinkStatus
- 7.3.18 setAuthTypes
- 7.3.19 createRole
- 7.3.20 deleteRole
- 7.3.21 addGlobalRole
- 7.3.22 removeGlobalRole
- 7.3.23 grantRole
- 7.3.24 revokeRole
- 7.3.25 listEnterpriseRoles
- 7.3.26 listEnterpriseRolesOfUser
- 7.3.27 listEnterpriseRoleInfo
- 7.3.28 listGlobalRolesInDB
- 7.3.29 listSharedSchemasInDB
- 7.3.30 createProxyPerm
- 7.3.31 deleteProxyPerm
- 7.3.32 addTargetUser
- 7.3.33 removeTargetUser
- 7.3.34 grantProxyPerm
- 7.3.35 revokeProxyPerm
- 7.3.36 listProxyPermissions
- 7.3.37 listProxyPermissionsOfUser
- 7.3.38 listProxyPermissionInfo
- 7.3.39 listTargetUsersInDB
- 7.3.40 setDBOIDAuth
- 7.3.41 listDBOIDAuth
- 7.3.42 addToPwdAccessibleDomains
- 7.3.43 removeFromPwdAccessibleDomains
- 7.3.44 listPwdAccessibleDomains
- 7.3.45 listRealmCommonAttr
- 7.3.46 createAppCtxNamespace
- 7.3.47 deleteAppCtxNamespace
- 7.3.48 listAppCtxNamespaces
- 7.3.49 createAppCtxAttribute
- 7.3.50 deleteAppCtxAttribute
- 7.3.51 listAppCtxAttributes
- 7.3.52 createAppCtxAttributeValue
- 7.3.53 deleteAppCtxAttributeValue
- 7.3.54 listAppCtxAttributeValues
- 7.3.55 createAppCtxUsers
- 7.3.56 deleteAppCtxUsers
- 7.3.57 listAppCtxUsers
-
A
Using the User Migration Utility
- A.1 Benefits of Migrating Local or External Users to Enterprise Users
- A.2 Introduction to the User Migration Utility
- A.3 Prerequisites for Performing Migration
- A.4 User Migration Utility Command-Line Syntax
- A.5 Accessing Help for the User Migration Utility
-
A.6
User Migration Utility Parameters
- A.6.1 Keyword: HELP
- A.6.2 Keyword: PHASE
- A.6.3 Keyword: DBLOCATION
- A.6.4 Keyword: DIRLOCATION
- A.6.5 Keyword: DBADMIN
- A.6.6 Keyword: ENTADMIN
- A.6.7 Keyword: USERS
- A.6.8 Keyword: USERSLIST
- A.6.9 Keyword: USERSFILE
- A.6.10 Keyword: KREALM
- A.6.11 Keyword: MAPSCHEMA
- A.6.12 Keyword: MAPTYPE
- A.6.13 Keyword: CASCADE
- A.6.14 Keyword: CONTEXT
- A.6.15 Keyword: LOGFILE
- A.6.16 Keyword: PARFILE
- A.6.17 Keyword: DBALIAS
- A.6.18 Keyword: ENTALIAS
- A.6.19 Keyword: WALLETLOCATION
- A.6.20 Keyword: KEYALIAS
- A.6.21 Keyword: KEYSTORE
-
A.7
User Migration Utility Usage Examples
- A.7.1 Migrating Users While Retaining Their Own Schemas
- A.7.2 Migrating Users and Mapping to a Shared Schema
- A.7.3 Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters
- A.8 Troubleshooting Using the User Migration Utility
- B SSL External Users Conversion Script
-
C
Integrating Enterprise User Security with Microsoft Active Directory
- C.1 About Direct Integration with Microsoft Active Directory
- C.2 Set Up Synchronization Between Active Directory and Oracle Internet Directory
- C.3 Set Up Active Directory to Interoperate with Oracle Client
- C.4 Set Up Oracle Database to Interoperate with Microsoft Active Directory
- C.5 Set Up Oracle Database Client to Interoperate with Microsoft Active Directory
- C.6 Obtain an Initial Ticket for the Client
- C.7 Configure Enterprise User Security for Kerberos Authentication
- D Upgrading from Oracle9i to Oracle Database Release 18c Version 18.1
- Glossary
- Index