Operating System Groups Created During Oracle Database Installation
During installation, the user groups listed in the following table are created, if they do not already exist.
The HOMENAME
variable refers to the generated
HOMENAME
for a software installation, which is of the
form
Ora
product
majorVersion
Home
number
.
For example, OraDB19cHome1
.
Table 4-1 User Groups Created During Oracle Database Installation
Operating System Group Name | Related System Privilege | Description |
---|---|---|
|
SYSDBA system privileges for all Oracle Database installations on the server |
A special OSDBA group for the Windows operating system. Members of this group are granted SYSDBA system privileges for all Oracle Databases installed on the server. |
|
SYSOPER system privileges for all Oracle databases installed on the server |
A special OSOPER group for the Windows operating system. Members of this group are granted SYSOPER system privileges all Oracle Databases installed on the server. This group does not have any members after installation, but you can manually add users to this group after the installation completes. |
|
SYSASM system privileges for Oracle ASM administration |
The OSASM group for the Oracle ASM instance. Using this group and the SYSASM system privileges enables the separation of SYSDBA database administration privileges from Oracle ASM storage administration privileges. Members of the OSASM group are authorized to connect using the SYSASM privilege and have full access to Oracle ASM, including administrative access to all disk groups that the Oracle ASM instance manages. |
|
SYSDBA system privileges on the Oracle ASM instance |
The OSDBA group for the Oracle ASM instance. This group grants access for the database to connect to Oracle ASM. During installation, the Oracle Installation Users are configured as members of this group. After you create an Oracle Database, this group contains the Oracle Home Users of those database homes. |
|
SYSOPER for ASM system privileges |
The OSOPER group for the Oracle ASM instance. Members of this group are granted SYSOPER system privileges on the Oracle ASM instance, which permits a user to perform operations such as startup, shutdown, mount, dismount, and check disk group. This group has a subset of the privileges of the OSASM group. Similar to the |
|
SYSDBA system privileges for all instances that run from the Oracle home with the name |
An OSDBA group for a specific Oracle home with a name of Members of this group can use operating system authentication to gain SYSDBA system privileges for any database that runs from the specific Oracle home. If you specified an Oracle Home User during installation, the user is added to this group during installation. |
|
SYSOPER system privileges for all instances that run from the Oracle home with a name |
An OSDBA group for the Oracle home with a name of Members of this group can use operating system authentication to gain SYSOPER system privileges for any database that runs from the specific Oracle home. This group does not have any members after installation, but you can manually add users to this group after the installation completes. |
|
SYSBACKUP system privileges for all instances that run from the Oracle home with a name of |
OSBACKUPDBA group for a specific Oracle home with a name of Members of this group have privileges necessary for performing database backup and recovery tasks on all database instances that run from the specified Oracle home directory. |
|
SYSDG system privileges for all instances that run from the Oracle home with a name of |
OSDGDBA group for a specific Oracle home with a name of Members of this group have privileges necessary for performing Data Guard administrative tasks on all database instances that run from the specified Oracle home directory. |
|
SYSKM system privileges for all instances that run from the Oracle home with a name of |
OSKMDBA group for a specific Oracle home with a name of Members of this group have privileges necessary for performing encryption key management tasks on all database instances that run from the specified Oracle home directory. |
|
SYSRAC system privileges for all instances that run from the Oracle home with a name of |
OSRACDBA group for a specific Oracle home with a name of Members of this group have privileges necessary for performing a limited set of Oracle Real Application Clusters administrative tasks to create a separate group of operating system users. |
|
Contains Virtual Accounts for all Oracle Database Windows Services that run from Oracle home with a name of HOMENAME .
|
SVCACCTS group specific to a Oracle home. It contains virtual accounts for all the services running under that virtual account based |
|
Contains Virtual Accounts for all Oracle Database Windows Services that run for all Virtual Accounts based Oracle homes. |
DBSVCACCTS system-wide group that contains virtual accounts for all the database services for all Virtual Accounts based Oracle homes. |
During the installation of Oracle Database, all groups mentioned in the table are populated for proper operation of Oracle products. You must not remove any group member populated by Oracle. However, if you want to assign specific database privileges to new Windows operating system users, then you can manually add users to these groups after the installation completes.
Oracle creates other groups, such as, ORA_INSTALL
, ORA_CLIENT_LISTENERS
, ORA_GRID_LISTENERS
, ORA_
HOMENAME
_SVCSIDS
, ORA_HOMENAME_SVCACCTS
, and ORA_DBSVCACCTS
during installation and you must not change these groups, memberships, and ACLs associated with various Oracle created groups.