Oracle8i Server and Tools Administrator's Guide
Release 3 (8.1.7) for Alpha OpenVMS
Part Number A86712-01

Library
Contents
Index

Go to previous page Go to next page

2
Setting Up Oracle8i Users

This chapter assumes that you have installed Oracle8i and have created a database and started an instance. This chapter describes how to set up Oracle8i users, as well as how to set up certain application development tools. Only those tools having special requirements are described.

The following topics are presented:

Granting Access to Oracle8i Users

When the Oracle8i Enterprise Edition is installed with the Group option, all Oracle8i users must belong to the same group that includes the Oracle8i account. Otherwise, the Oracle8i Enterprise Edition can be accessed by users in any UIC group.

To grant users access to Oracle8i, complete the following steps:

  1. Include the following line in each user's LOGIN.COM file to identify that user's default instance and database: 

    $ @<device>:[<directory>]ORAUSER_<dbname>  <sid>  - 
  <setup_node>

device 

Disk device or logical name where the ORACLE account resides 

directory 

Directory path to the database-specific directory where the appropriate ORAUSER_<dbname>.COM file resides 

dbname 

Name of the database 

sid 

SID of the Oracle8i instance that this user should access. This is a qualifier that is optional depending on the circumstances of the instance setup. 

setup_node 

Node where the instance was set up. This qualifier is optional depending on the circumstances of the instance setup.  

For example: 

$ @DISK$MIS:[ORACLE.V8.DB_MIS]ORAUSER_MIS MKT1 HARPO

Instead of completing step 1, you can define a symbol in the system-wide login procedure (typically, SYLOGIN.COM) that executes a particular ORAUSER_<dbname>.COM file. This method might be more useful if users access multiple instances, and therefore need to execute a database-specific ORAUSER file with the proper parameters.

For example: 

$ HARPO == - 

"@DISK$MIS:[ORACLE.V8.DB_MIS]ORAUSER_MIS MKT1 HARPO"

  1. Ensure that each user's OpenVMS account meets at least the minimum requirements for ASTLM, BYTLM, ENQLM, WSDEFAULT, WSEXTENT, WSQUOTA, and PGFLQUO.

    For more information about account quotas, see the "Setting Up the Oracle Accounts" chapter of the Oracle8i for Alpha OpenVMS Installation Guide.

  1. Create the Oracle8i user accounts with the CREATE USER and ALTER USER commands. Use the GRANT command to grant the appropriate database privileges or roles as documented in the Oracle8i Server Administrator's Guide.

  2. If you have a user who uses the SVRMGRL utility to start up or shut down an Oracle8 instance, use the OpenVMS utility AUTHORIZE to add an ORA_<sid>_DBA or ORA_DBA process rights identifier to the user's OpenVMS account from the OpenVMS rights database. For more information, see Chapter 2 in the Oracle8i for Alpha OpenVMS Installation Guide.

Using the Oracle8i Password Utility

On Alpha OpenVMS, you do not create a password file as part of the Oracle8i installation procedure. Instead, you must use the Oracle password utility.

With the password utility, you still need an OpenVMS account for each OSOPER and OSDBA Oracle8i account, but with version 7.1 and later, OpenVMS passwords are no longer used for connections.

To use the password utility, use the following steps:

  1. Set default to ORA_DB

  2. Invoke ORAPWD using the following syntax: 

    $ ORAPWD FILE=<file> PASSWORD=<password> ENTRIES=<users>

where

file 

You must enter the name of the password file. 

password 

You must enter a password for SYS and INTERNAL. The Oracle8i Enterprise Edition uses this password to authenticate a statement such as "CONNECT INTERNAL/<password> AS SYSDBA" or "CONNECT SYS/<password> AS SYSDBA". To log in as SYS into the user schema, use "CONNECT SYS/CHANGE_ON_INSTALL" (or your present setting for the SYS password), since the password in the file can be different from the password already assigned to the SYS account. However, once you bring up the database with the password file in private mode (exclusive), then changing the password of SYS will make the one in the file the same as the one in the database. If you want to authorize local connects or remote connects with secure protocols you don't need to use the password file (if you have the appropriate OS role). Since TCP/IP is not truly a secure protocol, Oracle Corporation strongly recommends that you make use of the password utility for these protocols. 

users 

The maximum number of OSDBA or OSOPER users that will be allowed to use the database. Since the password file can NOT be expanded, make sure that you take into account any accounts that you will have to create-now or in the future. 

  1. Define an executive-mode logical name that identifies the password file using the following syntax: 

    $ DEFINE/SYSTEM/EXEC  ORA_<sid>_PWFILE  <location>:<name>

Note:

In system startup and shutdown, this logical name needs to be redefined prior to starting Oracle. 

For example: 
$ DEFINE/SYSTEM/EXEC ORA_PAYROL_PWFILE -
DISK$MIS3:[ORACLE.DB_FIN]FIN_PWD_FILE.PWD

Note:

Define the logical name in the startup script for each instance of the database, and not in
ORA_DB:ORA_DB_<dbname>.COM or
ORA_DB:ORAUSER_<dbname>.COM. 

  1. Cycle your database, restarting it in exclusive mode.

    Refer to the Oracle8i Server Administrator's Guide for information on how to define the passwords for the OSDBA and OSOPER accounts.

  2. Once all passwords have been assigned, restart your database in the appropriate mode (EXCLUSIVE).

    All non-secure local or remote connections will now use the passwords for the OSDBA and OSOPER accounts as defined in the ORACLE password file. For more information, refer to the Oracle8i Server Administrator's Guide.

Ending a User's Session

You can end a user's Oracle8i session as follows:

Go to previous page Go to next page
Oracle
Copyright © 2000 Oracle Corporation.
All Rights Reserved.

Library
Contents
Index