Configuring Proxy Permissions

Proxy permissions are created at the enterprise domain level. Proxy permissions allow an enterprise user to proxy a local database user, which means that the enterprise user can log in to the database as the local database user. You can grant proxy permissions to individual enterprise users or groups. Proxy permissions are especially useful for middle tier applications that operate across multiple databases as enterprise users.

To create a proxy permission for an enterprise domain:

  1. Log in to Enterprise Manager Cloud Control, as an administrative user.

  2. To navigate to your database, select Databases from the Targets menu.

  3. Click the database name in the list that appears. The database page appears.

  4. Under the Administration menu, select Security, Enterprise User Security. The Oracle Internet Directory Login page appears.

  5. Enter the distinguished name (DN) of a directory user who can administer enterprise users in the User field. Enter the user password in the Password field. Click Login.

    The Enterprise User Security page appears.

  6. Click Manage Enterprise Domains.

    The Manage Enterprise Domains page appears. This page lists the enterprise domains in the identity management realm.

  7. Select the enterprise domain that you wish to configure. Click Configure.

    The Configure Domain page appears.

  8. Click the Proxy Permissions tab.

  9. Click Create to create a new proxy permission.

    The Create Proxy Permission page appears.

  10. Enter the name for the proxy permission in the Name field. Click Continue.

    The proxy permission appears in the Configure Domain page.

Next, you need to add target database users for the permission. You also need to grant the permission to enterprise users or groups, who can then proxy the target database users.

To add target database users for the proxy permission:

  1. Select the proxy permission that you just created in the Configure Domain page. Click Edit.

    The Edit Proxy Permissions page appears.

  2. Ensure that the Target DB Users tab is selected. Click Add.

    The Search and Select window appears. A list of all database users that have been altered to allow enterprise user proxy is displayed.

  3. Select the target database users that you wish to proxy. Click Select.

You can now grant the proxy permission to enterprise users or groups.

To grant the proxy permission to an enterprise user or group:

  1. Click the Grantees tab in the Edit Proxy Permission page.

  2. Click Add.

    The Select Users or Groups window appears.

  3. Select the Search Base or the subtree that contains the user or group. Select User under View if you are granting the proxy permission to a user. Select Group under View, if you are granting the proxy permission to a group. Optionally, enter the common name of the user or group in the Name field. Click Go.

  4. Select the Users or Groups to grant them the proxy permission. Click Select.

  5. Click Continue in the Edit Proxy Permission page.

  6. Click OK in the Configure Domain page.