Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles
 New Oracle Articles


 Oracle Training
 Oracle Tips
 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security
 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote support
 Remote plans
 Remote services
 Application Server
 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support
 Remote Support  
 Development  
 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


  Oracle Posters
 Oracle Books
  Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 
 

 

 

SYSASM Role in Oracle 11g

Oracle 11g New Features Tips by Donald BurlesonJune 29, 2015

Oracle 11g New Features Tips

The Oracle release 11gR1 is the last version which supports logon to an ASM instance with sysdba privileges. In coming future releases, sysasm privileges will need to be used in order to logon to an ASM instance using operation system authentication. This is a security enhancement which is used to cleanly separate ASM storage administrators from database administrators.

In 10gR2, Oracle had introduced the asmcmd tool to provide a storage administrator with an interface for managing ASM storage.

In the first 11g release, it is still possible to logon as sysdba as well as sysasm. This will definitely be changed with the next coming release 11gR2. When Oracle 11g is installed, a question will come up about the operating system group which is allowed to logon to an ASM instance without needing a password in addition to the OS groups for logon as sysdba respectively as sysoper. The access to remote ASM instances is managed through the password file of the ASM instance. This password is case sensitive as all passwords are in an 11g database. For more information on secure passwords, refer to chapter 8.

There is a new column in v$pwfile_users for the sysasm privilege:

SYS AS SYSDBA @ orcl11 SQL> select * from v$pwfile_users; 

USERNAME                       SYSDB SYSOP SYSAS
------------------------------ ----- ----- -----
SYS                            TRUE  TRUE  FALSE

% Add a user to the password file by granting sysasm privileges.

Oracle Enterprise Manager for 11g also provides an interface which allows creating and managing ASM users. This functionality can only be accessed when the user is logged on to OEM with sysasm privileges.

Figure 1:  Creating and Managing ASM-Users

To separate storage management responsibilities from database administration duties is a very good idea. There should not be a need to explain what the difference between a database instance and an ASM instance is to the storage administrators and how to logon to it. Also, DBAs might not really be interested in how a database works and what a tablespace is.
All a DBA wants from the storage administration side are enough LUNs in place in time.

On the other side, the storage administrator might only be interested if there is still enough free disk space left in the ASM disk groups. This is possible now. With asmcmd, a storage administrator can use UNIX look and feel like commands to find out about the space utilization in the ASM storage. And by using the sysasm operating system privileges, it is possible to limit the access to instances without needing a password for logon only to ASM instances.

 

This is an excerpt from the new book Oracle 11g New Features: Expert Guide to the Important New Features by John Garmany, Steve Karam, Lutz Hartmann, V. J. Jain, Brian Carr.

You can buy it direct from the publisher for 30% off.

 
 
��  
 
 
Oracle Training at Sea
 
 
 
 
oracle dba poster
 

 
Follow us on Twitter 
 
Oracle performance tuning software 
 
Oracle Linux poster
 
 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.