Managing Identity Management Realm Administrators

An identity management realm contains administrative groups that have varying levels of privileges. The administrative groups for an identity management realm, which pertain to Enterprise User Security, are defined in Table 5-2. For more information about these groups, see "Administrative Groups".


Table 5-2 Enterprise User Security Identity Management Realm Administrators

Administrative Group Definition

Oracle Database Registration Administrators

(OracleDBCreators)

Registers new databases in the realm.

Oracle Database Security Administrators

(OracleDBSecurityAdmins)

Has all privileges on the OracleDBSecurity directory subtree. Creates, modifies, and can read all Enterprise User Security directory objects.

Oracle Context Administrators

(OracleContextAdmins)

Has full access to all groups and entries within its associated realm.

User Security Administrators

(OracleUserSecurityAdmins)

Has relevant permissions necessary to administer security aspects for enterprise users in the directory. For example, OracleUserSecurityAdmins can modify user passwords.


To manage identity management realm administrators:

  1. Log in to Enterprise Manager Cloud Control, as an administrative user.

  2. To navigate to your database, select Databases from the Targets menu.

  3. Click the database name in the list that appears. The database page appears.

  4. Under the Administration menu, select Security, Enterprise User Security. The Oracle Internet Directory Login page appears.

  5. Enter the distinguished name (DN) of a directory user who can administer enterprise users in the User field. Enter the user password in the Password field. Click Login.

    The Enterprise User Security page appears.

  6. Click OID Realm Administration.

    The OID Realm Administration page appears. This page lists the Enterprise User Security related administrative groups in the identity management realm.

  7. Select the administrative group that you wish to edit. Click Edit.

    The Edit page appears. It lists the directory users that are currently members of the group selected in the OID Realm Administration page.

  8. To add a directory user to the group, click Add.

    The Select Users window appears.

  9. Select the Search Base. The Search Base is the directory subtree that you wish to search for locating the user. Click Go.

  10. Select the user that you wish to add as an administrator. Click Select.

    The user is added in the Edit page.

  11. Click OK.