Re: Best Practices for Oracle on Windows
- From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
- To: Sherrie.Kubis@xxxxxxxxxxxxxxxxxx
- Date: Thu, 3 Feb 2005 13:27:20 +0000
On Thu, 3 Feb 2005 08:00:16 -0500, Sherrie.Kubis@xxxxxxxxxxxxxxxxxx
<Sherrie.Kubis@xxxxxxxxxxxxxxxxxx> wrote:
>
>
> I am looking for some best practice guidelines for assigning administrator
> privilege for Oracle on Windows. I'm coming from a UNIX environment, where
> oracle binaries and datafiles and whatnot are all owned by oracle. Root
> things that need to be done are done from another account that is in the
> root wheel, and done through deliberate actions as needed.
In terms of *installing* the Oracle software, you should use an
account with local administrator privileges for this (doesn't have to
be a domain administrator). That doesn't mean that the dba needs to
have administrative access to the machine (though I do on all the
database machines in our place). Oracle installation creates an OS
group ORA_DBA which is equivalent to the dba group on Unix. DBA
Accounts should be placed in this group. (You can also create a group
ORA_<SID>_DBA just to restrict them to particular databases).
I'd strongly recommend that you create a domain group (or groups
depending on how many types of dba you have) that you place dba users
domain accounts in. Then you can assign the domain group to the local
dba group on relevant boxes. Then you can audit who does what since
the dbas all should use their own accounts to do their administration.
--
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
--
//www.freelists.org/webpage/oracle-l
Other related posts:
