12 Configuring Profiles
Learn how to configure client and server configuration parameters in profiles. A profile is a collection of parameters that specifies preferences for enabling and configuring Oracle Net features on the client or database server. A profile is stored and implemented through the sqlnet.ora
file.
- Overview of Profile Configuration
- Configuring the Profile During Installation
- Understanding Client Attributes for Names Resolution
- Settings for Database Access Control
- About Advanced Profile Information
- Configuring External Naming Methods
- Configuring Oracle Network Security
Parent topic: Configuration and Administration of Oracle Net Services
12.1 Overview of Profile Configuration
You can use a profile to do the following:
-
Specify the client domain to append to unqualified names
-
Prioritize naming methods
-
Enable logging and tracing features
-
Route connections through specific processes
-
Configure parameters for an external procedure
-
Configure Oracle Advanced Security
-
Use protocol-specific parameters to restrict access to the database
Parent topic: Configuring Profiles
12.2 Configuring the Profile During Installation
Oracle Universal Installer launches Oracle Net Configuration Assistant after software installation on the client and server. Oracle Net Configuration Assistant configures the order of the naming methods that the computer uses to resolve a connect identifier to a connect descriptor
Configuration with the Oracle Net Configuration Assistant during installation results in an entry in the sqlnet.ora
file similar to the following:
NAMES.DIRECTORY_PATH=(ezconnect,tnsnames)
The NAMES.DIRECTORY_PATH parameter specifies the priority order of the naming methods to use to resolve connect identifiers. If the installed configuration is not adequate, then use Oracle Net Manager to change the sqlnet.ora
configuration.
Parent topic: Configuring Profiles
12.3 Understanding Client Attributes for Names Resolution
The following sections describe available client configuration options:
- About the Default Domain for Clients
- Prioritizing Naming Methods
- Routing Connection Requests to a Process
Parent topic: Configuring Profiles
12.3.1 About the Default Domain for Clients
In environments where the client often requests names from a specific domain, it is appropriate to set a default domain in the client sqlnet.ora
file with the NAMES.DEFAULT_DOMAIN parameter. This parameter is available to the local and external naming methods.
When a default domain is set, it is automatically appended to any unqualified network service name given in the connect string, and then compared to network service names stored in a tnsnames.ora
file.
For example, if the client tnsnames.ora
file contains a network service name of sales.us.example.com
, and the default domain is us.example.com
, then the user can enter the following connect string:
CONNECT scott@sales
Enter password: password
In the preceding example, sales
gets searched as sales.us.example.com
.
If the connect string includes the domain extension, such as in CONNECT scott@sales.us.example.com
, then the domain is not appended.
If a network service name in a tnsnames.ora
file is not domain qualified and the NAMES.DEFAULT_DOMAIN parameter is set, then the network service name must be entered with a period (.
) at the end of the name. For example, if the domain is set to us.example.com
and the client tnsnames.ora
file contains a network service name of sales2
, then the user would enter the following connect string:
CONNECT scott@sales2.
Enter password: password
In the preceding example, the client would connect to sales2
, not sales2.us.example.com
.
12.3.1.1 Specifying a Default Domain
The following procedure describes how to specify a default domain:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Naming.
-
Click the Methods tab.
-
In the Default Domain field, enter the domain.
-
Select Save Network Configuration from the File menu.
The
sqlnet.ora
file should contain an entry that looks similar to the following:NAMES.DEFAULT_DOMAIN=us.example.com
Parent topic: About the Default Domain for Clients
12.3.2 Prioritizing Naming Methods
After naming methods are configured, as described in Configuring Naming Methods, they must be prioritized. Naming methods to resolve a connect identifier are tried in the order they appear in the list. If the first naming method in the list cannot resolve the connect identifier, then the second method in the list is used, and so on.
The following procedure describes how to specify the order of naming methods:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Naming.
-
Click the Methods tab.
Table 12-1 describes the naming method values listed in the Methods tab.
Table 12-1 Naming Method Values
Naming Method Value Description Resolve a network service name through the
tnsnames.ora
file on the client.See Also: "Configuring the Local Naming Method"
Resolve a database service name, network service name, or network service alias through a directory server.
See Also: "Configuring the Directory Naming Method"
Enable clients to use a TCP/IP connect identifier, consisting of a host name and optional port and service name, or resolve a host name alias through an existing names resolution service or centrally maintained set of
/etc/hosts
files.See Also: "Understanding the Easy Connect Naming Method"
Resolve service information through an existing network information service (NIS).
-
Select naming methods from the Available Methods list, and then click the right-arrow button.
The selected naming methods move to the Selected Methods list.
-
Order the naming methods according to the order in which you want Oracle Net to try to resolve the network service name or database service name. Select a naming method in the Selected Methods list, and then click Promote or Demote to move the selection up or down in the list.
-
Select Save Network Configuration from the File menu.
The
sqlnet.ora
file updates with the NAMES.DIRECTORY_PATH parameter, such as the following:NAMES.DIRECTORY_PATH=(ldap, tnsnames)
Parent topic: Understanding Client Attributes for Names Resolution
12.3.3 Routing Connection Requests to a Process
Clients and servers can be configured so connection requests are directed to a specific process. The following procedure describes how to route connection requests to a process:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Routing tab.
-
Select the preferred way for routing connections.
Note:
To configure all connections to use a particular server, you select the Always Use Dedicated Server option in Oracle Net Manager. This sets the USE_DEDICATED_SERVER parameter in the
sqlnet.ora
file to force the listener to spawn a dedicated server for all network sessions from the client. The result is a dedicated server connection, even if a shared server is configured. -
Choose Save Network Configuration from the File menu.
See Also:
Table 12-3 for a description of the fields and options
Parent topic: Understanding Client Attributes for Names Resolution
12.4 Settings for Database Access Control
You can configure the sqlnet.ora
file to allow access to some clients and deny access to others. Table 12-2 describes the available settings.
Table 12-2 Access Control Settings in sqlnet.ora
Oracle Net Manager Field/Option | sqlnet.ora File Parameter | Description |
---|---|---|
Specify whether to screen access to the database. If this field is selected, then Oracle Net Manager checks the parameters TCP.EXCLUDED_NODES and TCP.INVITED_NODES to determine which clients to allow access to the database. If this field is deselected, then Oracle Net Manager does not screen clients. |
||
Specify which clients using the TCP/IP protocol are excluded access to the database. |
||
Specify which clients using the TCP/IP protocol are allowed access to the database. |
If the TCP.INVITED_NODES parameter does not include the listener node, then the Listener Control utility cannot connect to the listener. This will prevent start, stop and administration commands from being performed on the listener.
If there are invalid host names or IP addresses listed in the TCP.INVITED_NODES parameter or the TCP.EXCLUDED_NODES parameter, then the Listener Control utility cannot contact the listener.
Parent topic: Configuring Profiles
12.4.1 Configuring Database Access Control
The following procedure describes how to configure database access control:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Access Rights tab.
-
Select the Check TCP/IP client access rights option.
-
In the Clients allowed to access fields and Clients excluded from access field, enter either a host name or an IP address for a client that you want to include or exclude, using commas to delimit entries placed on the same line.
Parent topic: Settings for Database Access Control
12.5 About Advanced Profile Information
Table 12-3 describes the advanced sqlnet.ora
file settings that you can set.
Table 12-3 Advanced Settings in sqlnet.ora
See Also:
-
"Limiting Resource Consumption by Unauthorized Users" for complete information about configuring the SQLNET.INBOUND_CONNECT_TIMEOUT setting
-
"Configuring I/O Buffer Space " for complete information about configuring the SEND_BUF_SIZE and RECV_BUF_SIZE settings
-
Oracle Database Security Guide for additional information about the SQLNET.ALLOWED_LOGON_VERSION_CLIENT and SQLNET.ALLOWED_LOGON_VERSION_SERVER settings
-
Oracle Database Net Services Reference for additional information about the SQLNET.ALLOWED_LOGON_VERSION_CLIENT and SQLNET.ALLOWED_LOGON_VERSION_SERVER settings
-
Oracle operating system-specific documentation to determine if the protocol supports urgent data requests. TCP/IP is an example of a protocol that supports this feature.
Parent topic: Configuring Profiles
12.5.1 Setting the Advanced Features in the sqlnet.ora File Using Oracle Net Services
The following procedure describes how to set advanced features in the sqlnet.ora
file:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select General.
-
Click the Advanced tab.
-
Enter the values for the fields or options you want to set.
-
Select Save Network Configuration from the File menu.
Parent topic: About Advanced Profile Information
12.6 Configuring External Naming Methods
The sqlnet.ora
file is used to configure required client parameters needed for Network Information Service (NIS) external naming. The following procedure describes how to configure the NIS parameter in the sqlnet.ora
file:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the File menu.
-
From the list in the right pane, select Naming.
-
Click the External tab.
-
Enter
NAMES.NIS.META_MAP
in the Meta Map field. -
Select Save Network Configuration from the File menu.
Parent topic: Configuring Profiles
12.7 Configuring Oracle Network Security
Oracle network security features enable data encryption and integrity checking, enhanced authentication, and single sign-on. The features also provide centralized user management on LDAP-compliant directory servers and certificate-based single sign-on. This functionality relies on the Secure Sockets Layer (SSL).
The following procedure describes how to configure a client or server to use Oracle network security features:
-
Start Oracle Net Manager.
-
In the navigator pane, select Profile from the Local menu.
-
From the list in the right pane, select Network Security.
Each Network Security tab page enables you to configure a separate set of parameters. The tab pages are as follows:
-
Authentication: For configuration of available authentication methods, such as KERBEROS5 and RADIUS.
-
Other Params: For configuration of the authentication service.
-
Integrity: For configuration of the type of integrity, checksum level and available methods.
-
Encryption: For configuration of the encryption type and method.
-
SSL: For setting the use of SSL.
-
-
Select or edit options as applicable.
-
Select Save Network Configuration from the File menu.
See Also:
-
The help button on the particular tab page
-
Network security topics in the Oracle Net Manager online help. To access these topics in the online help, select Network Security, and then select the How To option
-
Oracle Database Security Guide for additional information about configuration
Parent topic: Configuring Profiles