You can use the ALTER
DISKGROUP
SQL statement to manage file access control for Oracle ASM disk groups. These SQL statements are available for both database and Oracle ASM instances.
When administering users with SQL*Plus, the users must be existing operating system users and their user names must have corresponding operating system user IDs. However, only users in the same cluster as the Oracle ASM instance can be validated.
When modifying ownership of files, the previous owner of a file cannot be dropped while the file is still open even after the ownership of the file has changed.
The SQL statements that support disk group access control are:
ALTER
DISKGROUP
ADD
USERGROUP
WITH
MEMBER
Adds an Oracle ASM user group to a disk group. The user group name is limited to a maximum of 30 characters. The operating system users of the databases identified in the MEMBER
clause must be in the disk group, as shown by V$ASM_USER
, or the command returns an error. Any users authenticated as SYSASM
or SYSDBA
can create new user groups. For example:
SQL> SELECT group_number, os_name FROM V$ASM_USER; GROUP_NUMBER OS_NAME ------------ ---------------------------------------------------------------- 1 oracle1 1 oracle2 ... SQL> ALTER DISKGROUP data ADD USERGROUP 'test_grp1' WITH MEMBER 'oracle1','oracle2';
ALTER
DISKGROUP
DROP
USERGROUP
Drops an Oracle ASM user group from a disk group. Dropping a group might leave some files without a valid group. For those files to have a valid group, you must manually update the group associated with those files to a valid group.
SQL> ALTER DISKGROUP data DROP USERGROUP 'test_grp1';
ALTER
DISKGROUP
MODIFY
USERGROUP
ADD
MEMBER
Adds users to the specified user group. The users must be in the disk group, as shown by V$ASM_USER
, or the command returns an error. Only the creator of the group or the Oracle ASM administrator can modify group membership.
SQL> ALTER DISKGROUP data MODIFY USERGROUP 'test_grp2' ADD MEMBER 'oracle2';
ALTER
DISKGROUP
MODIFY
USERGROUP
DROP
MEMBER
Removes users from the specified user group. If a member is not in the user group, then an error is returned. Only the creator of the group or the Oracle ASM administrator can modify group membership.
SQL> ALTER DISKGROUP data MODIFY USERGROUP 'test_grp2' DROP MEMBER 'oracle2';
ALTER
DISKGROUP
ADD
USER
Adds operating system (OS) users to an Oracle ASM disk group, so that these users can have access privileges on the disk group. If a user exists in the disk group, as shown by V$ASM_USER
, then the command records an error and continues to add other users, if any.
The operating system user of a running database instance is automatically added to a disk group when the database instance accesses that disk group and creates files. However, for a database instance to read files in a disk group without creating any files, then you must use the ADD
USER
clause to add the operating system user associated with that database to the disk group. Also, you can use this clause to add the operating system user associated with a database to an existing disk group immediately after setting the Oracle ASM File Access Control disk group attributes and before creating new files.
SQL> ALTER DISKGROUP DATA ADD USER 'oracle1';
ALTER
DISKGROUP
DROP
USER
Drops operating system users from an Oracle ASM disk group. If a user is not in the disk group, then this command records an error and continues to drop other users, if any.
If the user owns any files on the same Oracle ASM disk group, then this command fails with an error, unless the CASCADE
keyword is specified. If the latter case, then the user is deleted, along with all the files that the user owns.
If any files owned by the user are currently open, then the DROP
USER
command fails, and no files are deleted.
SQL> ALTER DISKGROUP DATA DROP USER 'oracle1';
ALTER
DISKGROUP
REPLACE
USER
Replaces one operating system user with another in an Oracle ASM disk group. The replacement user must not be a user currently in the disk group user list.
If the command succeeds, all files that were previously owned by current user are now owned by the replacement user. The current user is automatically removed from the user list of the disk group. Adding the current user back to the disk group is possible, but this user does not own any files.
When changing the owner of an open file, the new owner cannot be dropped with the owner's files until all instances within a cluster are restarted.
Only an Oracle ASM administrator can run this command.
SQL> ALTER DISKGROUP disk_group REPLACE USER oracle1 WITH oracle2;
ALTER
DISKGROUP
SET
PERMISSION
Modifies permissions of an Oracle ASM file. Setting read
only
permission to a file that has read
write
permission revokes the write
permission. Only the file owner or the Oracle ASM administrator can change the permissions of a file.
SQL> ALTER DISKGROUP data SET PERMISSION OWNER=read write, GROUP=read only, OTHER=none FOR FILE '+data/controlfile.f';
ALTER
DISKGROUP
SET
OWNERSHIP
Changes the owner or group of a file to the specified user or user group name, respectively. If the specified user or user group name does not exist, this command fails with an error. Only the owner of the file or the Oracle ASM administrator can run this command, and only the Oracle ASM administrator can change the owner. Also, the user group name must exist, and the owner of the file must be a member of that group.
SQL> ALTER DISKGROUP data SET OWNERSHIP OWNER='oracle1', GROUP='test_grp1' FOR FILE '+data/controlfile.f';
The ALTER DISKGROUP
SQL statement in the Oracle Database SQL Language Reference