Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Question About Oracle Users

Re: Question About Oracle Users

From: Giorgos Tsiamitas <gtsiam_at_gmx.net>
Date: Mon, 11 Jun 2001 17:13:25 GMT
Message-ID: <V_6V6.312$gR1.9674@nreader1.kpnqwest.net> 






"Dino Hsu" <dino1_nospam_at_ms1.hinet.net> wrote in message
news:v368itk2odivi5vh1fvk9gepfq8tms165b_at_4ax.com...


> On Sun, 10 Jun 2001 12:56:27 GMT, "Giorgos Tsiamitas" <gtsiam_at_gmx.net>

> wrote:

>

> >"Dino Hsu" <dino1_at_ms1.hinet.net> wrote in message

> >news:dvj4itceo2iddpqbcvrbq7scust6v6bsmb_at_4ax.com...

> >> Dear all,

> >>

> >> Please allow me to interrupt here. If we've created 50,000 Oracle user

> >> accounts in the database, isn't it better to integrate them with the

> >> OS user accounts? Otherwise, we will have one more set of 50,000

> >> accounts in the IT virtual community, in addition to Windows NT

> >> domain, Lotus Notes, Unix's, etc..

> >

> >Yes, using OS authentication for Oracle users would improve

 manageability.


> >

> >> However, if we do integrate them

> >> with the OS user accounts, can we integrate the OS user groups as

> >> well? Imagin there are 100 branches worldwide, 10 departments per

> >> branch, and 50 employees per department. Just curious how you are

> >> doing this? Any headaches you are suffering from?

> >

> >It's not clear to me why should you need this kind of integration. Could

 you


> >provide an example?

> >

> >Regards,

> >Giorgos

> >

>

> In a company, users are usually grouped by departments, taskforces,

> sponsors, etc.. this kind of groupings are integrated into most of the

> authentication systems because they are the way the business works.

> Typically, Windows NT domain and Lotus Notes applications are among

> them, Oracle applications will probably need these groupings too.




Yes, probably will need some kind of grouping, but not necessarily the same
as the OS groups. The context of OS groups is different than Oracle
"groups" - unless your database references the filesystem (e.g. through
BFILEs, but then Oracle iFS may be a good option).



>

> For example, if the Oracle adopts Windows NT domain authentication, it

> inherits the user-id's and passwords of Windows NT domain.  If some

> application functions are specific to marketing users, and the

> grouping already exists in Windows NT domain, we cannot adopt that

> grouping, but have to assign the marketing users role to individual

> users. 50,000 users can mean hundreds of groupings, this can become a

> big job, let alone the synchronization between Windows NT domain and

> Oracle groupings/role-granted users.




Agree. That's why such a company will need a group of
administrators/operators, the right tools and a lot of automation to manage
the complexity. See http://www.oracle.com/features/woc/woc.pdf for some
ideas on the topic from a more broad perspective.



> I am not advocating any good

> solutions here, just to raise the issue and hope to see helpful

> advices.




I hope for this too.



>

> Dino

>




Regards,


Giorgos
Received on Mon Jun 11 2001 - 12:13:25 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US