Duties of an Enterprise User Security Administrator/DBA

Enterprise User Security administrators plan, implement, and administer enterprise users. Table 3-3 lists the primary tasks of Enterprise User Security administrators, the tools used to perform the tasks, and the links to where the tasks are documented.

Table 3-3 Common Enterprise User Security Administrator Configuration and Administrative Tasks

Task	Tools Used	See Also
Create an identity management realm in Oracle Internet Directory	Oracle Internet Directory Self-Service Console (Delegated Administration Service)	Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory for information about how to perform this task
Upgrade an identity management realm in Oracle Internet Directory	Oracle Internet Directory Configuration Assistant	Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory and the online Help for this tool
Set up DNS to enable automatic discovery of Oracle Internet Directory over the network. Note that this is the recommended configuration.	Oracle Internet Directory Configuration Assistant	Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory (Domain Name System server discovery) and the online Help for this tool
Create an `ldap.ora` file to enable directory access	Oracle Net Configuration Assistant	"Task 5: (Optional) Configure your Oracle home for directory usage"
Register a database in the directory	Database Configuration Assistant	"Task 6: Register the database in the directory"
Configure password authentication for Enterprise User Security	Oracle Enterprise Manager	"Configuring Enterprise User Security for Password Authentication"
Configure Kerberos authentication for Enterprise User Security	Oracle Internet Directory Self-Service Console (Delegated Administration Service) Oracle Enterprise Manager	"Configuring Enterprise User Security for Kerberos Authentication"
Configure SSL authentication for Enterprise User Security	Oracle Net Manager Oracle Enterprise Manager Oracle Wallet Manager	"Configuring Enterprise User Security for SSL Authentication"
Create or modify user entries and Oracle administrative groups in the directory	Oracle Internet Directory Self-Service Console (Delegated Administration Service)	"Administering Identity Management Realms" "Administering Enterprise Users"
Create or modify enterprise roles and domains in the directory	Oracle Enterprise Manager	"Administering Enterprise Domains" "Configuring Enterprise Roles"
Create or modify wallets for directory, databases, and clients	Oracle Wallet Manager orapki command line utility	"Managing Oracle Wallets" Oracle Database Security Guide for information about orapki Utility
Change a user's database or directory password	Oracle Internet Directory Self-Service Console (Delegated Administration Service)	"Setting Enterprise User Passwords"
Change a database's directory password	Database Configuration Assistant	"To change the database's directory password:"
Manage user wallets on the local system or update database and directory wallet passwords	Oracle Wallet Manager	"Managing Oracle Wallets"
Request initial Kerberos ticket when KDC is not part of the operating system, such as Kerberos V5 from MIT	`okinit` utility	Oracle Database Security Guide for information about using the `okinit` utility to get an initial Kerberos ticket
Migrate large numbers of local or external database users to the directory for Enterprise User Security	User Migration Utility	Using the User Migration Utility