Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Best Practices for Oracle on Windows

RE: Best Practices for Oracle on Windows

From: Igor Neyman <ineyman_at_perceptron.com>
Date: Thu, 3 Feb 2005 15:12:31 -0500
Message-ID: <002d01c50a2c$b14f2500$2004a8c0@development.perceptron.com> 





Well, obviously I'm not Niall :)


But, yes you can create it manually and it'll perform the same way as
when created by Universal Installer.



Igor Neyman, OCP DBA


ineyman_at_perceptron.com





-----Original Message-----


From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mohammad Rafiq
Sent: Thursday, February 03, 2005 3:04 PM
To: niall.litchfield_at_gmail.com


Cc: Sherrie.Kubis_at_swfwmd.state.fl.us; oracle-l_at_freelists.org
Subject: Re: Best Practices for Oracle on Windows



Niall,


can we create ORA_DBA group manually(if not created during
installation or removed afterward) and will it allow member of that
group to connect as SYSDBA without SYS password?
Regards


Rafiq





On Thu, 3 Feb 2005 13:27:20 +0000, Niall Litchfield
<niall.litchfield_at_gmail.com> wrote:


> On Thu, 3 Feb 2005 08:00:16 -0500, Sherrie.Kubis_at_swfwmd.state.fl.us

> <Sherrie.Kubis_at_swfwmd.state.fl.us> wrote:

> >

> >

> > I am looking for some best practice guidelines for assigning

administrator


> > privilege for Oracle on Windows.  I'm coming from a UNIX

environment, where


> > oracle binaries and datafiles and whatnot are all owned by oracle.

Root


> > things that need to be done are done from another account that is in

the


> > root wheel, and done through deliberate actions as needed.

> 

> In terms of *installing* the Oracle software, you should use an

> account with local administrator privileges for this (doesn't have to

> be a domain administrator). That doesn't mean that the dba needs to

> have administrative access to the machine (though I do on all the

> database machines in our place). Oracle installation creates an OS

> group ORA_DBA which is equivalent to the dba group on Unix. DBA

> Accounts should be placed in this group. (You can also create a group

> ORA_<SID>_DBA just to restrict them to particular databases).

> 

> I'd strongly recommend that you create a domain group (or groups

> depending on how many types of dba you have) that you place dba users

> domain accounts in. Then you can assign the domain group to the local

> dba group on relevant boxes. Then you can audit who does what since

> the dbas all should use their own accounts to do their administration.

> 

> --

> Niall Litchfield

> Oracle DBA

> http://www.niall.litchfield.dial.pipex.com

> --

> http://www.freelists.org/webpage/oracle-l

>

--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l


Received on Thu Feb 03 2005 - 15:15:41 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US