Chinaunix首页 | 论坛 | 博客
  • 博客访问: 301349
  • 博文数量: 19
  • 博客积分: 2588
  • 博客等级: 少校
  • 技术积分: 730
  • 用 户 组: 普通用户
  • 注册时间: 2006-06-12 13:11
文章分类

全部博文(19)

文章存档

2022年(11)

2013年(3)

2012年(1)

2011年(2)

2008年(2)

我的朋友

分类: Oracle

2022-11-28 14:52:10



1、Windows  System Groups Names
Operating System Group Names Database Privileges Description

ORA_ASMADMIN

SYSASM system privileges for Oracle ASM administration

The OSASM group for the Oracle ASM instance.

Using this group and the SYSASM system privileges enables the separation of SYSDBA database administration privileges from Oracle ASM storage administration privileges. Members of the OSASM group are authorized to connect using the SYSASM privilege and have full access to Oracle ASM, including administrative access to all disk groups that the Oracle ASM instance manages.

ORA_ASMDBA

SYSDBA system privileges on the Oracle ASM instance

The OSDBA group for the Oracle ASM instance.

This group grants access for the database to connect to Oracle ASM. During installation, the Oracle Installation Users are configured as members of this group. After you create an Oracle Database, this groups contains the Oracle Home Users of those database homes.

ORA_ASMOPER

SYSOPER for Oracle ASM system privileges

The OSOPER group for the Oracle ASM instance.

Members of this group are granted SYSOPER system privileges on the Oracle ASM instance, which permits a user to perform operations such as startup, shutdown, mount, dismount, and check disk group. This group has a subset of the privileges of the OSASM group.

Similar to the ORA_HOMENAME_OPER group, this group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_GRIDHM_DBA

SYSDBA system privileges for the Oracle Grid Infrastructure Management Repository database

Members of this group are granted the SYSDBA system privileges for managing the Oracle Grid Infrastructure Management Repository database, where GRIDHM is the name of the Oracle Grid Infrastructure home.

The default home name is OraGrid12Home1, so the default group name is ORA_OraGrid12Home1_DBA.

ORA_GRIDHM_OPER

SYSOPER system privileges for the Oracle Grid Infrastructure Management Repository database

Members of this group are granted the SYSOPER system privileges for managing the Oracle Grid Infrastructure Management Repository database, where GRIDHM is the name of the Oracle Grid Infrastructure home.

If you use the default Grid home name of OraGrid12Home1,then the default operating system group name is ORA_OraGrid12Home1_OPER.

ORA_DBA

SYSDBA system privileges for all Oracle Database installations on the server

A special OSDBA group for the Windows operating system.

Members of this group are granted SYSDBA system privileges for all Oracle Databases installed on the server.

ORA_OPER

SYSOPER system privileges for all Oracle databases installed on the server

A special OSOPER group for the Windows operating system.

Members of this group are granted SYSOPER system privileges all Oracle Databases installed on the server. This group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_HOMENAME_DBA

SYSDBA system privileges for all database instances that run from the Oracle home with the name HOMENAME

An OSDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group can use operating system authentication to gain SYSDBA system privileges for any database that runs from the specific Oracle home. If you specified an Oracle Home User during installation, the user is added to this group during installation.

ORA_HOMENAME_OPER

SYSOPER system privileges for all database instances that run from the Oracle home with the name HOMENAME

An OSDBA group for the Oracle Home with a name of HOMENAME.

Members of this group can use operating system authentication to gain SYSOPER system privileges for any database that runs from the specific Oracle home. This group does not have any members after installation, but you can manually add users to this group after the installation completes.

ORA_HOMENAME_SYSBACKUP

SYSBACKUP system privileges for all database instances that run from the Oracle home with a name of HOMENAME

OSBACKUPDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing database backup and recovery tasks on all database instances that run from the specified Oracle Home directory.

ORA_HOMENAME_SYSDG

SYSDG system privileges for all database instances that run from the Oracle home with a name of HOMENAME

OSDGDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing Data Guard administrative tasks on all database instances that run from the specified Oracle Home directory.

ORA_HOMENAME_SYSKM

SYSKM system privileges for all database instances that run from the Oracle home with a name of HOMENAME.

OSKMDBA group for a specific Oracle Home with a name of HOMENAME.

Members of this group have privileges necessary for performing encryption key management tasks on all database instances that run from the specified Oracle Home directory.

ORA_CRS_USERS

None

Members of this group have privileges necessary for file system permissions on the Grid Infrastructure Oracle Base directory.

When you configure a CRS wallet of type OSUSER, for a user using the crsctl add wallet command, that user is automatically added to this group. This process enables CRS to start user-defined resources as the user that was added to this group.

Refer to the  for details about adding users to a wallet.

ORA_RAC

SYSRAC privileges for all Oracle Database installations on the server.

The OSRACDBA group for the Windows Operating System. Members of this group have SYSRAC privileges for all Oracle Databases installed on the server.

ORA_CLIENT_LISTENERS

None

This group is created with service-specific SIDs for Listeners in the Client home.

ORA_HOMENAME_SVCSIDS

None

This group is created with service-specific SIDs for all Services in the DB Client home.

ORA_GRID_LISTENERS

None

This group is created with Service specific SIDs for all Grid Home Listeners on the system.

ORA_INSTALL

None

This group is created with Oracle Home Users for all Oracle homes on the system .

Virtual accounts for databases and listeners for all virtual account-based homes are added to this group.



2、After installing the Oracle software, you have the following groups and users:
Operating System Group Name Type of Group Members

ORA_DBA

OSDBA group

oracle, RACDOMAIN\grid, and the Local System built-in Windows account

ORA_OraRAC21c_home1_DBA

OSDBA group for the Oracle RAC home directory

RACDOMAIN\oradba1

ORA_OraDB21c_home1_DBA

OSDBA group for the Oracle Database home directory

oradba2

ORA_OPER

OSOPER group

none

ORA_OraRAC21c_home1_OPER

OSOPER group for the Oracle RAC home directory

none

ORA_OraDB21c_home1_OPER

OSOPER group for the Oracle Database home directory

none

ORA_ASMADMIN

OSASM group

RACDOMAIN\grid and the Local System built-in Windows account, and the database service IDs

ORA_ASMOPER

OSOPER for ASM group

none

ORA_ASMDBA

OSDBA for ASM group for Oracle ASM clients

RACDOMAIN\grid, oracle, the Local System built-in Windows account, and Oracle Home Users of database homes

ORA_RAC21c_home1_SYSBACKUP,ORA_RAC21c_home1_SYSDG, andORA_RAC21c_home1_SYSKM

Specialized role groups that authorize users with the SYSBACKUP, SYSDG, and SYSKM system privileges.

none

ORA_DB21c_home1_SYSBACKUP, ORA_DB21c_home1_SYSDG, and ORA_DB21c_home1_SYSKM

Specialized role groups that authorize users with the SYSBACKUP, SYSDG, and SYSKM system privileges.

none


3、Win10一个命令查看全部用户账户信息(win7同样适用)       
      wmic useraccount list full

4、Windows的权限(用户、组和访问控制)
    https://blog.csdn.net/xiaochenXIHUA/article/details/122781781

5、注册表、

   C:\Users\hgc>where oracle
   D:\tools\ora19software\bin\oracle.exe
   
   C:\Users\hgc>type D:\tools\ora19software\bin\oracle.key
   SOFTWARE\ORACLE\KEY_OraDB19Home1
C:\Users\hgc>reg query HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraDB19Home1


HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraDB19Home1
    ORACLE_HOME    REG_SZ    D:\tools\ora19software
    ORACLE_HOME_NAME    REG_SZ    OraDB19Home1
    ORACLE_GROUP_NAME    REG_SZ    Oracle - OraDB19Home1
    ORACLE_BUNDLE_NAME    REG_SZ    Enterprise
    NLS_LANG    REG_SZ    SIMPLIFIED CHINESE_CHINA.ZHS16GBK
    OLEDBOLAP    REG_SZ    D:\tools\ora19software\oledbolap\mesg
    OLEDB    REG_SZ    D:\tools\ora19software\oledb\mesg
    ORACLE_HOME_READONLY    REG_SZ    N
    ORACLE_HOME_TYPE    REG_SZ    1
    ORACLE_SVCUSER    REG_SZ    ORA_OraDB19Home1_SVCACCTS
    ORACLE_SVCUSER_TYPE    REG_SZ    V
    ORACLE_SVCUSER_PWDREQ    REG_SZ    0
    ORACLE_BASE    REG_SZ    D:\tools\app\hgc
    ORACLE_HOME_KEY    REG_SZ    SOFTWARE\ORACLE\KEY_OraDB19Home1
    SQLPATH    REG_SZ    D:\tools\ora19software\dbs
    MSHELP_TOOLS    REG_SZ    D:\tools\ora19software\MSHELP
    RDBMS_CONTROL    REG_SZ    D:\tools\ora19software\DATABASE
    RDBMS_ARCHIVE    REG_SZ    D:\tools\ora19software\DATABASE\ARCHIVE
    ORA_ORCL_AUTOSTART    REG_EXPAND_SZ    TRUE
    ORA_ORCL_SHUTDOWN    REG_EXPAND_SZ    TRUE
    ORA_ORCL_SHUTDOWNTYPE    REG_EXPAND_SZ    immediate
    ORA_ORCL_SHUTDOWN_TIMEOUT    REG_EXPAND_SZ    90
    ORACLE_SID    REG_SZ    orcl


HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraDB19Home1\ODE
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraDB19Home1\OLEDB
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraDB19Home1\OLEDBOLAP

  https://www.dbi-services.com/blog/oracle-12cr2-on-windows-virtual-accounts/

ORACLE_SVCUSER记录着Oracle Home User的名字。
ORACLE_SVCUSER中的SVC,应该是Service的意思,那么,ORACLE_SVCUSER也就是Oracle服务用户的意思。
C:\Users\hgc>orahomeuserctl list
当前 Oracle 主目录为: D:\tools\ora19software
当前 Oracle 主目录的 Oracle 主目录用户为 虚拟帐户



6、Virtual Accounts
Windows 2008 R2 has introduced two new local service users: Managed Service Accounts (MSA) and Virtual Accounts.

Managed Service Accounts are created by the administrator in the Active Directory (using New-ADServiceAccount). And you can use them in 12c by mentioning the name in ‘Use Existing Windows User’.

Virtual Accounts are enabled by default in Windows. In 12.2 you can use this feature for Oracle Home account. It is the first option, the default one, and the one recommended if you have no reason to use another user:

Here ORACLE_SVCUSER_TYPE is new with value ‘V’ which means that the ORACLE_SVCUSER is a Virtual Account. ORACLE_SVCUSER_PWDREQ mentions that no password has to be provided for the instances services.

Note that the old method, the ‘built-in account’ had the following, mentioning the internal SYSTEM, and without a TYPE:


阅读(356) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~