Oracle Database B10772-01 User Manual
Introduction to Enterprise User Security
Getting Started with Enterprise User Security
11-7
. When enterprise users log on to a database, the database authenticates
those users by using their DN.
Enterprise users are defined in the database as global users. Global users can have
their own schemas, or they can share a global schema in the databases they access.
You can create enterprise users by using the
their own schemas, or they can share a global schema in the databases they access.
You can create enterprise users by using the
GLOBALLY
clause in the
CREATE USER
statement in two different ways.
You can specify a user's directory DN with an
AS
clause, which is shown in the
following statement:
CREATE USER username IDENTIFIED GLOBALLY AS '<DN of directory user entry>';
In this case, they have a schema allocated exclusively to them.
Alternatively, you can specify a null string with the
AS
clause as the following
statement shows:
CREATE USER username IDENTIFIED GLOBALLY AS '';
When you specify a null string with the
AS
clause, the directory maps authenticated
users to the appropriate database schema. In this case, multiple users can be
mapped to a shared schema based on the mapping information set up and stored in
Oracle Internet Directory.
mapped to a shared schema based on the mapping information set up and stored in
Oracle Internet Directory.
When enterprise users connect over SSL to the database, they do not use a
password. Instead they use the following
password. Instead they use the following
CONNECT
command, which looks up the
wallet location based on information in the client's
sqlnet.ora
file:
connect /@database_service_name
Password-authenticated enterprise users use the same
CONNECT
statement to
connect to the database as regular database users. For example,
password-authenticated enterprise users connect to the database by using the
following syntax:
password-authenticated enterprise users connect to the database by using the
following syntax:
connect username/password@database_service_name
When the database receives a connection request from an enterprise user, the
database refers to the directory for user authentication and authorization (role)
information.
database refers to the directory for user authentication and authorization (role)
information.