beautypg.com

Oracle A423961 User Manual

Page 94

background image

4 – 10

Oracle7 Server Getting Started for Windows NT

ORA_ORCL_RESOURCE_D
(predefined ROLE; active even if OS ROLES is false)

In this example, when a database user connects to the Oracle7 Server
using an automatic authenticated account whose user id is also included
in the above NT Groups (ORA_ORCL_CONNECT_DA and
ORA_ORCL_RESOURCE_D are the default roles)

ORA_ORCL_UPDATEUSERS_A and ORA_ORCL_VIEWUSERS are
available for use by the user through the SET ROLE command.
Additionally, users can grant ORA_ORCL_UPDATEUSER_A and
ORA_ORCL_CONNECT_DA to other roles.

Note:

All privileges for these roles are active when the user

connects. When using operating system roles, all roles are
granted and managed through the operating system. You
cannot use both operating system roles and Oracle roles at the
same time.

When OS_ROLES is set to TRUE in the INITsid.ORA file, it is important
to understand how roles, and the privileges granted to these roles are
obtained by Oracle users whose IDs are not defined externally.

For example, if an authenticated connection exists between a client’s
workstation and a Windows NT machine running Oracle7, and the user
connects over SQL*Net V2 with the Oracle username scott/tiger, the
roles applied to the Oracle username SCOTT consist of all roles defined
for the Windows NT user NTUSER. All roles available under an
authenticated connection are determined by the Windows NT user id
and the groups available to the user.

Administration group

CONNECT / as sysdba

CONNECT / as sysoper

CONNECT INTERNAL

Database administrators who use CONNECT INTERNAL from a client
workstation may belong to the ORA_OPER, ORA_DBA,
ORA_%SID%_DBA or ORA_%SID_OPER groups.

The SYSDBA and SYSOPER roles are mapped s follows:

SYSDBA> ORA_%SID%_DBA, ORA_DBA

SYSOPER> ORA_%SID%_OPER, ORA_OPER

For example:

If an authenticated connection exists between a client workstation and a
Windows NT machine running Oracle7 (with the authenticated