Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Best Practices for Oracle on Windows

Re: Best Practices for Oracle on Windows

From: Paul Drake <bdbafh_at_gmail.com>
Date: Thu, 3 Feb 2005 15:29:42 -0500
Message-ID: <910046b405020312296f8faf4a@mail.gmail.com> 





It depends :).


the setting in the %ORACLE_HOME%\network\admin\sqlnet.ora



sqlnet.authentication_service=(NTS)



it will authenticate using the OS.



sqlnet.authentication_service=(NONE)



it will authenticate using a supplied password.






On Thu, 3 Feb 2005 15:03:35 -0500, Mohammad Rafiq <rafiq9857_at_gmail.com> wrote:


> Niall,

> can we create ORA_DBA group manually(if not created during

> installation or removed afterward) and will it allow member of that

> group to connect as SYSDBA without SYS password?

> Regards

> Rafiq

> 

> On Thu, 3 Feb 2005 13:27:20 +0000, Niall Litchfield

> <niall.litchfield_at_gmail.com> wrote:

> > On Thu, 3 Feb 2005 08:00:16 -0500, Sherrie.Kubis_at_swfwmd.state.fl.us

> > <Sherrie.Kubis_at_swfwmd.state.fl.us> wrote:

> > >

> > >

> > > I am looking for some best practice guidelines for assigning administrator

> > > privilege for Oracle on Windows.  I'm coming from a UNIX environment, where

> > > oracle binaries and datafiles and whatnot are all owned by oracle.  Root

> > > things that need to be done are done from another account that is in the

> > > root wheel, and done through deliberate actions as needed.

> >

> > In terms of *installing* the Oracle software, you should use an

> > account with local administrator privileges for this (doesn't have to

> > be a domain administrator). That doesn't mean that the dba needs to

> > have administrative access to the machine (though I do on all the

> > database machines in our place). Oracle installation creates an OS

> > group ORA_DBA which is equivalent to the dba group on Unix. DBA

> > Accounts should be placed in this group. (You can also create a group

> > ORA_<SID>_DBA just to restrict them to particular databases).

> >

> > I'd strongly recommend that you create a domain group (or groups

> > depending on how many types of dba you have) that you place dba users

> > domain accounts in. Then you can assign the domain group to the local

> > dba group on relevant boxes. Then you can audit who does what since

> > the dbas all should use their own accounts to do their administration.

> >

> > --

> > Niall Litchfield

> > Oracle DBA

> > http://www.niall.litchfield.dial.pipex.com

> > --

> > http://www.freelists.org/webpage/oracle-l

> >

> --

> http://www.freelists.org/webpage/oracle-l

>

--
http://www.freelists.org/webpage/oracle-l


Received on Thu Feb 03 2005 - 15:33:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US