(In part, it depends on whether you enforce individual OS userid for all
admins from which they perform their normal work, or you allow everyone
to access the software owner. I've worked in, and seen, many shops
which let all admins - mainly, but not restricted to, DBAs - simply log
in as user oracle to do basic stuff like startup/shutdown, backup,
recovery, key management, etc.)
Patching & other s/w manipulation needs access to the inventory, and
often needs to be done as the s/w owner, so su'ing to "oracle" is pretty
normal for that operation.
Patching and upgrading GI often requires a different thought process and
has different potential outages than patching db server. Personally
I've appreciated keeping the GI and DB owners separate as I become more
conscious of which mode I'm in, potentially reducing risk. Example: Get
interrupted, return to task - is the PATH correct? Single user for all
allows a potential for having the database bin in the PATH instead of
the GI bin, so need to get in the habit of double-checking. But I have
generally not found having a single owner more 'complicated'.
/Hans
On 2017-03-21 7:38 AM, Chris Taylor wrote:
Out of curiosity, in regard to patches, is either setup more intuitive or more complicated? I could see how one user that owns everything could be more intuitive OR more confusing so I'm curious what you guys think.
Chris Taylor
On Mar 21, 2017 7:41 AM, "Niall Litchfield" <niall.litchfield@xxxxxxxxx <mailto:niall.litchfield@xxxxxxxxx>> wrote:
That's my experience as well.
On Tue, Mar 21, 2017 at 1:53 AM, Andrew Kerber
<andrew.kerber@xxxxxxxxx <mailto:andrew.kerber@xxxxxxxxx>> wrote:
Having worked in both types of environments, I have found no
advantage to separating them. Typically the server is entirely
devoted to oracle, and even when a separation of duties is
intended, the DBA usually takes over where root access is no
longer required, which pretty well eliminates the whole point
of the separation.
Sent from my iPad
On Mar 20, 2017, at 7:46 PM, Chris Grabowy <cgrabowy@xxxxxxxxx
<mailto:cgrabowy@xxxxxxxxx>> wrote:
A DBA is pushing to eliminate the grid account from future
installs.
So the Oracle database software and the Oracle Grid software
would be installed under the oracle account.
The justification is that we shouldn’t have to switch between
the oracle and grid accounts to do whatever commands needed. We can simply execute a script to “switch the environment”.
I came across the Oracle recommendation in the documentation
which is to have an oracle account and a grid account.
I am wondering if anyone is aware of any technical limitation?
TIA
Oracle 12.1.0.2
RHEL 7.3
Chris Grabowy
-- Niall Litchfield
Oracle DBA
http://www.orawin.info