Oracle Database B10772-01 User Manual

Introduction to Enterprise User Security

Getting Started with Enterprise User Security

. When enterprise users log on to a database, the database authenticates

those users by using their DN.

Enterprise users are defined in the database as global users. Global users can have
their own schemas, or they can share a global schema in the databases they access.
You can create enterprise users by using the

GLOBALLY

clause in the

CREATE USER

statement in two different ways.

You can specify a user's directory DN with an

AS

 clause, which is shown in the

following statement:

CREATE USER username IDENTIFIED GLOBALLY AS '<DN of directory user entry>';

In this case, they have a schema allocated exclusively to them.

Alternatively, you can specify a null string with the

AS

 clause as the following

statement shows:

CREATE USER username IDENTIFIED GLOBALLY AS '';

When you specify a null string with the

AS

clause, the directory maps authenticated

users to the appropriate database schema. In this case, multiple users can be
mapped to a shared schema based on the mapping information set up and stored in
Oracle Internet Directory.

When enterprise users connect over SSL to the database, they do not use a
password. Instead they use the following

CONNECT

 command, which looks up the

wallet location based on information in the client's

sqlnet.ora

 file:

connect /@database_service_name

Password-authenticated enterprise users use the same

CONNECT

 statement to

connect to the database as regular database users. For example,
password-authenticated enterprise users connect to the database by using the
following syntax:

connect username/password@database_service_name

When the database receives a connection request from an enterprise user, the
database refers to the directory for user authentication and authorization (role)
information.