Introduction to Enterprise User Security
Getting Started with Enterprise User Security 11-7
name (DN). When enterprise users log on to a database, the database authenticates
those users by using their DN.
Enterprise users are defined in the database as global users. Global users can have
their own schemas, or they can share a global schema in the databases they access.
You can create enterprise users by using the GLOBALLY clause in the CREATE USER
statement in two different ways.
You can specify a user's directory DN with an AS clause, which is shown in the
following statement:
CREATE USER username IDENTIFIED GLOBALLY AS '<DN of directory user entry>';
In this case, they have a schema allocated exclusively to them.
Alternatively, you can specify a null string with the AS clause as the following
statement shows:
CREATE USER username IDENTIFIED GLOBALLY AS '';
When you specify a null string with the AS clause, the directory maps authenticated
users to the appropriate database schema. In this case, multiple users can be
mapped to a shared schema based on the mapping information set up and stored in
Oracle Internet Directory.
When enterprise users connect over SSL to the database, they do not use a
password. Instead they use the following CONNECT command, which looks up the
wallet location based on information in the client's sqlnet.ora file:
connect /@database_service_name
Password-authenticated enterprise users use the same CONNECT statement to
connect to the database as regular database users. For example,
password-authenticated enterprise users connect to the database by using the
following syntax:
connect username/password@database_service_name
When the database receives a connection request from an enterprise user, the
database refers to the directory for user authentication and authorization (role)
information.
To Next Page