This preface describes new and deprecated features of Oracle Database and provides pointers to additional information.
The following are changes in Oracle Database Platform Guide for Oracle Database 12c Release 1 (12.1).
The following features are new in this release:
Support of Oracle Home User on Windows
Starting with Oracle Database 12c Release 1 (12.1), Oracle Database supports the use of Oracle Home User, specified at the time of installation. Oracle Home User is used to run Windows services for the Oracle home. Oracle Home User is associated with an Oracle home and cannot be changed post installation. On a system, different Oracle homes can share the same Oracle Home User or use different Oracle Home User names.
Oracle Home User can be a Windows built-in account or a Windows User Account. For enhanced security, Oracle recommends that the standard Windows User Account be chosen as the Oracle Home User for Oracle Database installations. The primary purpose of Oracle Home User is to run Windows services with Windows User Account. This user account (Oracle Home User) must be a standard Windows user account (not an Administrator). Windows User Account can be a Local User, a Domain User, or a Managed Services Account.
Note:
See the Microsoft documentation for more information on different types of Windows user accounts.This release has also introduced a new Windows utility called the Oracle Home User Control. This is a command-line tool that displays the Oracle Home User name associated with the current Oracle home and updates the password for the Windows User Account (used as Oracle Home User).
See Also:
"Overview of Database Creation on Windows Using Oracle Database Configuration Assistant"
"About Administering an Oracle Database Instance Using ORADIM"
"Overview of Operating System Authentication Enabled at Installation"
"Recommended File System" in Oracle Database Installation Guide for Microsoft Windows
"Configuring Environment Variables for the Software Installation Owner" in Oracle Database Installation Guide for Microsoft Windows
"Managing User Accounts with User Account Control" in Oracle Database Installation Guide for Microsoft Windows
"Operating System Groups Created During Oracle Database Installation" in Oracle Database Installation Guide for Microsoft Windows
The "Specify Oracle Home User" screen in "Table 5-1 Oracle Universal Installer Windows" in Oracle Database Installation Guide for Microsoft Windows
"Set Up the Environment to Support the Standby Database" in Oracle Data Guard Concepts and Administration
"Step 5: (Windows Only) Create an Instance" and "Step 14: (Optional) Enable Automatic Instance Startup" in Oracle Database Administrator's Guide
Oracle ASM File Access Control on Windows
Oracle Automatic Storage Management (Oracle ASM) File Access Control restricts the access of files to specific Oracle ASM clients that connect as SYSDBA. An Oracle ASM client is typically a database, which is identified as the user that owns the database instance home.
Starting with Oracle Database 12c Release 1 (12.1), Oracle supports the use of standard Windows User Account instead of Local System Account to run Oracle Database services that lets you use separate users for different Oracle databases. This release also supports Oracle ASM disk group file-level access control and privilege separation.
The Oracle ASM File Access Control feature helps to replace the current user with a new user and allows the user to change ownership, group membership, and permissions of a file while the file is open by one or more Oracle ASM clients. This release onwards, the Windows User Accounts used as Oracle Home Users are restricted from directly accessing Oracle ASM storage devices and can be accessed through the Oracle Database services that have sufficient privileges to run that service.
Oracle ASM disk group users now manage ASM disk group user replacement with new ASMCMD commands and SQL statements.
See Also:
"ORA-15252 to ORA-15266: User Replacement Failure on Windows"
"ORA-15301 to ORA-15302: Failure to Modify Ownership, Group, and Permission of Opened Files"
"Managing Oracle ASM File Access Control for Disk Groups" in Oracle Automatic Storage Management Administrator's Guide
"Preparing Disks for Oracle Automatic Storage Management" in Oracle Database Installation Guide for Microsoft Windows
Oracle Enterprise Manager Database Express 12c
Oracle Database 12c introduces Oracle Enterprise Manager Database Express 12c, a web-based management tool built into Oracle Database without any need for special installation or management. Using Oracle Enterprise Manager Database Express 12c, you can perform basic administrative tasks such as user, performance, memory, and space management. You can also view performance and status information about your database.
See Also:
"Introduction to Oracle Enterprise Manager Database Express" in Oracle Database 2 Day DBA
"Features Provided by Oracle Enterprise Manager Database Express 12c" in Oracle Database Installation Guide
"Getting Started with Oracle Database" in Oracle Database Installation Guide
"Installing the Oracle Database Software" in Oracle Database Installation Guide
Support of Oracle Home User for Oracle Net Services
Oracle Database 12c supports Oracle Net services such as Oracle Listener, CMADMIN, and CMAN Proxy Listener to run under Oracle Home User account specified during Oracle Database installation. In earlier releases, Oracle Net services ran under the high-privileged, Windows built-in Local System Account (LSA).
See Also:
"User Accounts and Security" in Oracle Database Net Services Administrator's Guide
"START" in Oracle Database Net Services Reference
Securing External Procedures
Starting with Oracle Database 12c Release 1 (12.1), a LIBRARY object can be defined using either an explicit path or a DIRECTORY object. You can also use the CREDENTIAL clause to specify the operating system user.
See Also:
"Configuring Authentication for External Procedures" in Oracle Database Security Guide
"Overview of Commonality in a CDB" in Oracle Database Concepts
Support for Separation of Database Administration Duties
Oracle Database 12c provides support for separation of database administration duties for Oracle Database by introducing task-specific and least-privileged administrative privileges that do not require the SYSDBA administrative privilege. These new privileges are: SYSBACKUP for backup and recovery, SYSDG for Oracle Data Guard, and SYSKM for encryption key management.
See Also:
"Extended Oracle Database Groups for Job Role Separation" in Oracle Database Installation Guide
"About Job Role Separation Operating System Privileges Groups and Users" in Oracle Database Installation Guide
"Creating Job Role Separation Operating System Privileges Groups and Users" in Oracle Grid Infrastructure Installation Guide
"Database Administrator Authentication" in Oracle Database Administrator's Guide
"Managing Administrative Privileges" in Oracle Database Security Guide
The following feature is deprecated in this release, and might be desupported in a future release:
Windows NTS Authentication Using the NTLM Protocol
The NTS authentication adapter no longer supports the use of the NT LAN Manager (NTLM) protocol to authenticate Windows domain users. Thus the NTS adapter cannot be used to authenticate users in old Windows NT domains or domains with old Windows NT domain controllers. However, local connections and Oracle Database services running as a Windows Local User continues to be authenticated using NTLM. A new client-side sqlnet.ora boolean parameter, no_ntlm (default value is FALSE) allows you to control if NTLM can be used in NTS authentication. When the parameter is set to TRUE, NTLM cannot be used in NTS authentication.
See Also:
"About Windows Authentication Protocols"The following features previously described in this guide are no longer supported by Oracle. See Oracle Database Upgrade Guide for a list of desupported features.
Oracle Enterprise Manager Database Control
Oracle COM Automation
Oracle Objects for OLE
Oracle Counters for Windows Performance Monitor
Raw Devices