Databases Reference
In-Depth Information
Chapter 12
Security
When you install your Exadata Database Machine, there are a number of security-related configurations performed.
In your configuration worksheet, you specified an Oracle RDBMS software owner and Grid Infrastructure software
owner. By default, Oracle ACS typically installs a single Grid Infrastructure and a single, separate Oracle RDBMS
Oracle Home on each compute node, each owned by the Linux account specified in the configuration worksheet.
The operating system account that owns the Grid Infrastructure binaries can be the same account as the Oracle
RDBMS software owner, but, in most cases, organizations elect to use separate accounts.
Oracle does allow you, however, to secure your Oracle software, database, and storage entities at a more granular
level to ensure that your environment is secured according to your organization's policies. For example, you can choose
to install multiple Oracle RDBMS Homes with different operating system accounts, secure access to your Oracle ASM
storage to restrict access for Exadata grid disks to specific clusters on your compute node (ASM-scoped security), and
limit a database's access to specific sets of Exadata grid disks in an ASM disk group (Database-scoped security).
In this chapter, you will learn how to configure multiple software owners on your Exadata Compute Nodes,
install multiple Oracle RDBMS Homes on your compute nodes, configure ASM-scoped security, and configure
Database-scoped security on Exadata.
12-1. Configuring Multiple Oracle Software Owners on
Exadata Compute Nodes
Problem
You wish to create multiple Oracle software owners and segregate management responsibilities for databases
consolidated on your Exadata Database Machine. In other words, you wish to configure role-separated authentication
on Exadata with unique Oracle software owners for different databases on Exadata.
Solution
In this recipe, you will learn the differences between standard OS authentication and role-separated authentication
on Exadata and build on this knowledge to create a custom, role-separated Oracle RDBMS software deployment with
different operating system accounts for different Oracle RDBMS Home software installations. You will specifically
learn how to create operating system groups and users, configure limits, enable
sudo
access from non-DBA accounts,
and restrict SSH logins from your Oracle software owners.
■
Please refer to Recipe 12-2 for additional information about how to install multiple Oracle RDBMS Homes
on Exadata.
Note
Search WWH ::
Custom Search