Advanced Security And OID To Create A Database SSO Environment
January 24, 2004
"I am in
the process of implementing oid and security in datawarehosuing
environemnt very similar to whatever i have read in ur fantastic
paper. i have asked and queried a few oracle gururs who come up with
answers that everything is possible with oid w/o really understanding
the shortfalls in the product. ur paper was very helpful and i though
i could ask you a few clarifications on this.
this is the scenario i am dealing with now. we have a few databases
with a big set of user comunity. i would like to store the userids
and passwords for all these users in a single oid instance so that
it gives a single-sign on effect when users access these databases.
so when they have access to tools like sqlplus can this be achieved?
and i understand that u can have the 9i database use the oid to
store userid and password and u talk about syncing up the userids
and passwords. here is my question
have database A,database B having a common user C. when C is created
in database A can his password and privileges be linked to database
B too. that is the syncing you are talking about is it two-way from
database to oid and oid to database too.
please tell me whether you have any other documentation on setting up
oid and the usual gotchas that one has to keep in mind when testing
It looks like
what you're looking for is the
'Advanced Security Option' for the Oracle 9i database. The
"Oracle 9i Advanced Security Release 2 Factsheet" on OTN gives a
good overview of this Oracle 9i option.
particular, Advanced Security can be used to set up global users,
roles and accounts that can be used across a set of Oracle Database
applications, with full details of how these are set up given in the
"Oracle Advanced Security 9i: Enterprise User Security"
what Advanced Security does, you wouldn't need to sync the OID to the
database users and roles, as Advanced Security would do this for you.
Also, you wouldn't need to sync individual OIDs with each other, as
there's just one OID instance per enterprise. The only time you'd need
to sync OID instances is if you want to synchronise the 9i Database
OID with the 9iAS OID instance (or indeed sync either with the Oracle
Apps 11i OID instance) to achieve single sign-on across the complete
Oracle technology stack.
In terms of
Gotchas - well, first of all, bear in mind that Advanced Security is a
pay-extra option for the database. Also, be prepared to spend a bit of
time getting it all set up. In addition, whilst setting up Advanced
Security on your database is a fairly well-trodden path, synchronising
it with 9iAS or Oracle Apps is a far more complex task (and with no
clear 'best practice' in this area published by Oracle), although I've
been told by Oracle support that this whole area is much simpler to
set up with Oracle Application Server 10g. Haven't tried it myself
You can find
out more details on Oracle Advanced Security on OTN's
Advanced Security product page.
Oracle Tuning Support?
Burleson Consulting now offers a one-day performance review for your
Oracle database. Working with top experts who tune hundreds of
databases each year, you can get fast expert tuning advice to hypercharge
your Oracle database.
We also provide expert upgrades to Oracle9i and Oracle10g, and our DBAs
can quickly show you how to implement the important new features of new
Call me at 800-766-1884 to schedule remote Oracle support.
Kittrell, NC, USA, 27544