Understanding Operating System Privileges Groups
Review this information for system privileges required for Oracle Database or Oracle Automatic Storage Management (Oracle ASM) administration.
As an administrator, you often perform special operations such as shutting down or starting up a database, or configuring storage. Because only an administrator responsible for these administration decisions must perform these operations, system privileges for Oracle Database or Oracle Automatic Storage Management (Oracle ASM) administration require a secure authentication scheme.
Membership in special operating system groups enables administrators to authenticate to Oracle Database or Oracle ASM through the operating system rather than with a user name and password. This is known as operating system authentication. Each Oracle Database in a cluster can have its own operating system privileges groups, so that operating system authentication can be separated for each Oracle Database on a cluster. Because there can be only one Oracle Grid Infrastructure installation on a cluster, there can be only one set of operating system privileges groups for Oracle ASM.
During installation of Oracle Grid Infrastructure and Oracle Database, you provide the group names of operating system groups. These operating system groups are designated with the logical role of granting operating system group authentication for administration system privilege for Oracle Database and Oracle ASM.
In an Oracle RAC cluster, the group ID number (GID) for system privileges groups must be identical on each cluster member node. One operating system group can be designated the logical group whose members are granted all system privileges for Oracle Database and Oracle ASM, including the OINSTALL
system privileges for installation owners. You can also delegate logical system privileges to two or more actual operating system groups. Oracle recommends that you designate separate operating system groups for each logical system privilege. This enables you to grant one or more subsets of administrator system privileges to database administrators. These database administrators can then perform standard database administration tasks without requiring the SYSDBA
system privileges.
System privileges groups are listed in the following table:
Table 6-1 Role-Allocated Oracle System Privileges Operating System Groups
Logical Operating System Group Name | Default Actual UNIX or Linux Group Name | System Privileges Authenticated By Group Membership |
---|---|---|
OINSTALL |
|
Install system privileges for installation owners, which includes privileges to write to the central |
OSDBA |
|
|
OSOPER |
|
|
OSBACKUPDBA |
|
|
OSDGDBA |
|
|
OSKMDBA |
|
|
OSASM |
|
|
OSOPER for ASM |
|
|
OSDBA for ASM |
|
|
OSRACDBA |
|
|
See Also:
-
Oracle Database Administrator's Guide for more information about operating system groups and Oracle Database system privileges
-
Oracle Automatic Storage Management Administrator's Guide for more information about operating system groups and Oracle ASM system privileges
Parent topic: Understanding the Oracle RAC Installed Configuration