Home Learn the Basics View Content Add Content Create Pages Build Portlets Administer Page Groups Administer the Portal Try the Hands-On Exercises
Home
Home
Previous PageGo to page 1 of 8Go to page 2 of 8Go to page 3 of 8Go to page 4 of 8Go to page 5 of 8Current page 6 of 8Go to page 7 of 8Go to page 8 of 8Next Page
 

 

Create an "Enterprise Role" in OID and map it to a database role

Now we will drop the user "guest" from the database and recreate the user "guest". Only this time we will create an Enterprise Role and map this role to a particular user in OID.

Example:

# sqlplus /as sysdba

SQL> drop user guest cascade;

Now create this user again as follows:

SQL> create user guest identified globally;

Now we will create a new database role called "mydbaccess".

SQL> create role mydbaccess identified globally;

Now we will give this new role create session permissions.

SQL> grant create session to mydbaccess;

 

Now we will map this new role to a particular user in the OID user realm.

Start the Enterprise Security Manager.

Example

# esm

At the login screen enter the super user name (cn=orcladmin), password, FQDN and port number for the OID server.

On the ESM screen, drill down through "Realms -> <your domain name> -> Enterprise Domain -> OracleDefualtDomain"

From the "Operations" menu, select "Create Enterprise Role".

In the "Role Name" field enter a name for your new Enterprise Role. In our example we will give this role the name of "dbaccessentrole". Click "OK" to continue.

Back at the ESM screen, drill down from the tree as follows. "OracleDefaultDomain -> Enterprise Roles.

Highlight the new enterprise role name. Select the "Database Global Role" tab and then click the "Add" button.

On the screen that follows, double click on the database name. This will make a database login screen appear. Login to the database as the "system" user.

You should now see a list of database roles including the name of the new role we created at the beginning of this section.

Highlight this role and click "OK".

Back at the ESM screen click the "Apply" button.

Now select the "Users" tab.

Now click on the "Add" button.

On the screen that follows drill down to your "Users" container. With the "Users" container highlighted the "Selection" field should automatically be filled in with the complete DN of your "Users" container.

In the "Search Criteria" field, check the box for "Include Subtrees".

In the "Show Names Containing" field, enter the name of a user you want to grant access to this new Enterprise Role and then click the "Search Now" button. In our example we will search for the name "Paul Needham".

This user "Paul Needham" will be the only user who can access this new Enterprise Role.

If the user exists in this realm then the search result should show up in the bottom of this form.

Highlight the user and click the "OK" button.

Back at the ESM screen click "Apply".

On the next page we will test our new Enterprise Role Mappings.

Watch a viewlet to see how its done.
Oracle Logo Next Page