About Using Current User Database Links for Enterprise User Security
Getting Started with Enterprise User Security
11-23
About Using Current User Database Links for Enterprise User Security
Oracle Database supports current user database links over an SSL-authenticated
network connection. Current user database links let you connect to a second
database as yourself, or as another user when used from within a stored procedure
owned by that user. Such access is limited to the scope of the procedure. The
security advantage of current user database links is that the other user's credentials
are not stored in the database link definition, and are not sent across the network
connection between databases. Instead, security of these links is based on mutual
trust, mutual authentication, and a secure network connection between the
databases themselves.
For example, a current user database link lets Harriet, a user of the Finance
database, procedurally access the Accounts Payable database by connecting as the
enterprise user Scott.
For Harriet to access a current user database link to connect to the schema Scott,
Scott must be a global schema (created as
IDENTIFIED GLOBALLY
) in both
databases. Harriet, however, can be a user identified in one of three ways:
■
By a password
■
GLOBALLY
■
EXTERNALLY
To create Scott as a global user in the first database, Finance, you must enter
CREATE USER Scott IDENTIFIED GLOBALLY as 'CN=Scott,O=nmt'
so that Scott has an exclusive schema. Then Scott can map to a shared schema in the
second database, Accounts Payable. In order for the current user database link to
work, the schema created for Scott in the first database cannot be shared with other
users.
Current user database links operate only between trusted databases within a single
enterprise domain—databases within the domain trust each other to authenticate
users. You specify an enterprise domain as trusted by using Enterprise Security
Manager. When you use Enterprise Security Manager to enable current user
database links for a domain, they will work for all databases within that domain.
However, each database in the domain must have its own PKI credentials and use
See Also:
"Task 1: Create Global Schemas and Global Roles in the
Database"
on page 12-12 for detailed information about how to
create shared schemas for enterprise users.
Summary of Contents for Database Advanced Security 10g Release 1
Page 17: ...xvii ...
Page 20: ...xx ...
Page 24: ...xxiv ...
Page 42: ...xlii ...
Page 44: ......
Page 102: ......
Page 124: ......
Page 246: ...Managing Certificates 8 28 Oracle Database Advanced Security Administrator s Guide ...
Page 284: ......
Page 384: ......
Page 414: ...Physical Security D 6 Oracle Database Advanced Security Administrator s Guide ...
Page 518: ...Index 10 ...