Multi Instances

From: Kiet Chau <kchau_at_werple.apana.org.au>
Date: 18 Oct 1994 16:57:53 +1000
Message-ID: <37vrli$apv_at_werple.apana.org.au>

Hi,

ANY IDEAS, SUGGESTIONS, QUERIES AND/OR CRITICISM ON THE FOLLOWING DISCUSSION WILL BE APPRECIATED. The scenario:

An Oracle database system (e.g. V7.0.16.6.0) running on a Unix machine. There are several projects/department using the system - each is assigned a database instance (i.e. PROJ1, PROJ2, PROJx, etc..). Thus it is an environment with multiple Oracle database instance running concurrently.

can we have different SYS + SYSTEM password for each instance, so that we can assign different DBA to maintain the database instance belongs to theirproject/application (I think YES, but need confirmation + suggestions + ...)

if YES, what are the possible arrangements + requirements? As i understand, to have Oracle DBA priviledges we need:

      (1). access to the "oracle" account, OR
      (2). a "any-user" account which belongs to the
           Oracle DBA group,  OR
      (3). others .... ????



   -  assume both case (1) and (2) are possible, what


      would be the potential security danger to the
      system? (e.g. the DBA of instance PROJ1 peeping
      into, or deleting the data in the instance PROJ2
      - not supposed to but JUST did it by ACCIDENT !!)
      I can see that:

         case (1): any person who has access to the
         "oracle" account can do anything to the Oracle
         system. We should be very restrictive to access
         to this account.

         case (2): a person who has access to the account
         belongs to Oracle DBA group will be able to
         read/write/execute file/s with Oracle DBA groups
         permission (well, i.e. most of Oracle file system).
         What would be the best setup for permission/security
         in both Unix file permission and Oracle permission
         priviledges, to minimise the risk of these user
         "crash" the Oracle system/other database instance.

         Is it possible to restrict an Oracle DBA to have
         access to a limited number of database instance/s
         only? How?

         case(x): other scenarios that you know ... ???



   -  what about backup strategies, since the Oracle DBA will


      need root access to the Unix system to perform backup (i
      believe so - YES/NO ??). The Unix system admin. is reluctant
      to give out the root access - this is understandable.



   Thanks,

Kiet Chau,
kchau_at_werple.apana.org.au Received on Tue Oct 18 1994 - 07:57:53 CET

This message: [ Message body ]
Next message: Krishnan Vaidyanathan: "Re: Multi Instances"
Previous message: Tony Jambu: "Procedures or plain SQL"
Next in thread: Krishnan Vaidyanathan: "Re: Multi Instances"
Reply: Krishnan Vaidyanathan: "Re: Multi Instances"
Reply: BARRY ROOMBERG: "Multi Instances"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message