1/237

Contents

Title and Copyright Information

Preface

• Intended Audience
• Documentation Accessibility
• Related Documents
• Conventions

Changes in This Release for Oracle Database Enterprise User Security Administrator's Guide

• Changes in Oracle Database 12c Release 1 (12.1)
  • New Features

1 Introducing Enterprise User Security

• Introduction to Enterprise User Security
  • The Challenges of User Management
  • Enterprise User Security: The Big Picture
  • About Enterprise User Security Directory Entries
• About Using Shared Schemas for Enterprise User Security
  • Overview of Shared Schemas Used in Enterprise User Security
  • How Shared Schemas Are Configured for Enterprise Users
  • How Enterprise Users Are Mapped to Schemas
• Enterprise User Proxy
• About Using Current User Database Links for Enterprise User Security
• Enterprise User Security Deployment Considerations
  • Security Aspects of Centralizing Security Credentials
  • Security of Password-Authenticated Enterprise User Database Login Information
  • Considerations for Defining Database Membership in Enterprise Domains
  • Choosing Authentication Types between Clients, Databases, and Directories for Enterprise User Security

2 Getting Started with Enterprise User Security

• Configuring Your Database to Use the Directory
• Registering Your Database with the Directory
• Creating a Shared Schema in the Database
• Mapping Enterprise Users to the Shared Schema
• Connecting to the Database as an Enterprise User
• Using Enterprise Roles
• Using Proxy Permissions
• Using Pluggable Databases
  • Wallet Location for Pluggable Databases
  • Default Database DN Format
  • Plugging and Unplugging PDBs
  • Switching Containers

3 Configuration and Administration Tools Overview

• Enterprise User Security Tools Overview
• Oracle Internet Directory Self-Service Console
• Oracle Net Configuration Assistant
  • Starting Oracle Net Configuration Assistant
• Database Configuration Assistant
  • Starting Database Configuration Assistant
• Oracle Wallet Manager
  • Starting Oracle Wallet Manager
  • The orapki Command-Line Utility
• Oracle Enterprise Manager
• User Migration Utility
• Duties of an Enterprise User Security Administrator/DBA

4 Enterprise User Security Configuration Tasks and Troubleshooting

• Enterprise User Security Configuration Overview
• Enterprise User Security Configuration Roadmap
• Preparing the Directory for Enterprise User Security (Phase One)
  • About the Database Wallet and Password
• Configuring Enterprise User Security Objects in the Database and the Directory (Phase Two)
• Configure Enterprise User Security for the Authentication Method You Require (Phase Three)
  • Configuring Enterprise User Security for Password Authentication
  • Configuring Enterprise User Security for Kerberos Authentication
  • Configuring Enterprise User Security for SSL Authentication
• Enabling Current User Database Links
• Troubleshooting Enterprise User Security
  • ORA-# Errors for Password-Authenticated Enterprise Users
  • ORA-# Errors for Kerberos-Authenticated Enterprise Users
  • ORA-# Errors for SSL-Authenticated Enterprise Users
  • NO-GLOBAL-ROLES Checklist
  • USER-SCHEMA ERROR Checklist
  • DOMAIN-READ-ERROR Checklist

5 Administering Enterprise User Security

• Administering Identity Management Realms
  • Identity Management Realm Versions
  • Setting Properties of an Identity Management Realm
  • Setting the Default Database-to-Directory Authentication Type for an Identity Management Realm
  • Managing Identity Management Realm Administrators
• Administering Enterprise Users
  • Creating New Enterprise Users
  • Setting Enterprise User Passwords
  • Granting Enterprise Roles to Enterprise Users
  • Granting Proxy Permissions to Enterprise Users
  • Creating User-Schema Mappings for Enterprise Users
  • Creating Label Authorizations for Enterprise Users
• Configuring User-Defined Enterprise Groups
  • Granting Enterprise Roles to User-Defined Enterprise Groups
• Configuring Databases for Enterprise User Security
  • Creating User-Schema Mappings for a Database
  • Adding Administrators to Manage Database Schema Mappings
• Administering Enterprise Domains
  • Creating an Enterprise Domain
  • Adding Databases to an Enterprise Domain
  • Creating User-Schema Mappings for an Enterprise Domain
  • Configuring Enterprise Roles
  • Configuring Proxy Permissions
  • Configuring User Authentication Types and Enabling Current User Database Links
  • Configuring Domain Administrators

6 Using Oracle Wallet Manager

• About Oracle Wallet Manager
  • What Is Oracle Wallet Manager?
  • Wallet Password Management
  • Strong Wallet Encryption
  • Microsoft Windows Registry Wallet Storage
  • ACL Settings Needed for Wallet Files Created Using Wallet Manager
  • Backward Compatibility
  • Public-Key Cryptography Standards (PKCS) Support
  • Multiple Certificate Support
  • LDAP Directory Support
• Starting Oracle Wallet Manager
• General Process for Creating an Oracle Wallet
• Managing Oracle Wallets
  • Required Guidelines for Creating Oracle Wallet Passwords
  • Creating a New Oracle Wallet
  • Opening an Existing Oracle Wallet
  • Closing an Oracle Wallet
  • Exporting an Oracle Wallet to a Third-Party Environment
  • Exporting an Oracle Wallet to a Tools That Does Not Support PKCS #12
  • Uploading an Oracle Wallet to an LDAP Directory
  • Downloading an Oracle Wallet from an LDAP Directory
  • Saving Changes to an Oracle Wallet
  • Saving the Open Wallet to a New Location
  • Saving an Oracle Wallet to the System Default Directory Location
  • Deleting an Oracle Wallet
  • Changing the Oracle Wallet Password
  • Using Auto Login for Oracle Wallets to Enable Access Without Human Intervention
• Managing Certificates for Oracle Wallets
  • About Managing Certificates for Oracle Wallets
  • Managing User Certificates for Oracle Wallets
  • Managing Trusted Certificates for Oracle Wallets

A Using the User Migration Utility

• Benefits of Migrating Local or External Users to Enterprise Users
• Introduction to the User Migration Utility
  • Bulk User Migration Process Overview
  • About the ORCL_GLOBAL_USR_MIGRATION_DATA Table
  • Migration Effects on Users' Old Database Schemas
  • Migration Process
• Prerequisites for Performing Migration
  • Required Database Privileges
  • Required Directory Privileges
  • Required Setup to Run the User Migration Utility
• User Migration Utility Command-Line Syntax
• Accessing Help for the User Migration Utility
• User Migration Utility Parameters
  • Keyword: HELP
  • Keyword: PHASE
  • Keyword: DBLOCATION
  • Keyword: DIRLOCATION
  • Keyword: DBADMIN
  • Keyword: ENTADMIN
  • Keyword: USERS
  • Keyword: USERSLIST
  • Keyword: USERSFILE
  • Keyword: KREALM
  • Keyword: MAPSCHEMA
  • Keyword: MAPTYPE
  • Keyword: CASCADE
  • Keyword: CONTEXT
  • Keyword: LOGFILE
  • Keyword: PARFILE
• User Migration Utility Usage Examples
  • Migrating Users While Retaining Their Own Schemas
  • Migrating Users and Mapping to a Shared Schema
  • Migrating Users Using the PARFILE, USERSFILE, and LOGFILE Parameters
• Troubleshooting Using the User Migration Utility
  • Common User Migration Utility Error Messages
  • Common User Migration Utility Log Messages
  • Summary of User Migration Utility Error and Log Messages

B SSL External Users Conversion Script

• Using the SSL External Users Conversion Script
• Converting Global Users into External Users

C Integrating Enterprise User Security with Microsoft Active Directory

• Set Up Synchronization Between Active Directory and Oracle Internet Directory
• Set Up a Windows 2000 Domain Controller to Interoperate with Oracle Client
• Set Up Oracle Database to Interoperate with a Windows 2000 Domain Controller
• Set Up Oracle Database Client to Interoperate with a Windows 2000 KDC
• Obtain an Initial Ticket for the Client
• Configure Enterprise User Security for Kerberos Authentication

D Upgrading from Oracle9i to Oracle Database 12c Release 1 (12.1)

• Upgrading Oracle Internet Directory from Release 9.2 to Release 9.0.4
• Upgrading Oracle Database from Release 9.2.0.8 to Oracle Database 12c Release 1 (12.1)
• Upgrading Oracle Database from Release 10g (10.1) and Higher to Oracle Database 12c Release 1 (12.1)

Glossary

Index