About Using Current User Database Links for Enterprise User Security
Getting Started with Enterprise User Security
11-23
About Using Current User Database Links for Enterprise User Security
Oracle Database supports current user database links over an SSL-authenticated
network connection. Current user database links let you connect to a second
database as yourself, or as another user when used from within a stored procedure
owned by that user. Such access is limited to the scope of the procedure. The
security advantage of current user database links is that the other user's credentials
are not stored in the database link definition, and are not sent across the network
connection between databases. Instead, security of these links is based on mutual
trust, mutual authentication, and a secure network connection between the
databases themselves.
For example, a current user database link lets Harriet, a user of the Finance
database, procedurally access the Accounts Payable database by connecting as the
enterprise user Scott.
For Harriet to access a current user database link to connect to the schema Scott,
Scott must be a global schema (created as
IDENTIFIED GLOBALLY
) in both
databases. Harriet, however, can be a user identified in one of three ways:
■
By a password
■
GLOBALLY
■
EXTERNALLY
To create Scott as a global user in the first database, Finance, you must enter
CREATE USER Scott IDENTIFIED GLOBALLY as 'CN=Scott,O=nmt'
so that Scott has an exclusive schema. Then Scott can map to a shared schema in the
second database, Accounts Payable. In order for the current user database link to
work, the schema created for Scott in the first database cannot be shared with other
users.
Current user database links operate only between trusted databases within a single
enterprise domain—databases within the domain trust each other to authenticate
users. You specify an enterprise domain as trusted by using Enterprise Security
Manager. When you use Enterprise Security Manager to enable current user
database links for a domain, they will work for all databases within that domain.
However, each database in the domain must have its own PKI credentials and use
See Also:
"Task 1: Create Global Schemas and Global Roles in the
Database"
on page 12-12 for detailed information about how to
create shared schemas for enterprise users.
Содержание Database Advanced Security 10g Release 1
Страница 17: ...xvii ...
Страница 20: ...xx ...
Страница 24: ...xxiv ...
Страница 42: ...xlii ...
Страница 44: ......
Страница 62: ...Oracle Advanced Security Restrictions 1 18 Oracle Database Advanced Security Administrator s Guide ...
Страница 100: ...Duties of an Enterprise User Security Administrator DBA 2 38 Oracle Database Advanced Security Administrator s Guide ...
Страница 102: ......
Страница 116: ...How To Configure Data Encryption and Integrity 3 14 Oracle Database Advanced Security Administrator s Guide ...
Страница 124: ......
Страница 148: ...RSA ACE Server Configuration Checklist 5 24 Oracle Database Advanced Security Administrator s Guide ...
Страница 246: ...Managing Certificates 8 28 Oracle Database Advanced Security Administrator s Guide ...
Страница 254: ...Configuring Oracle Database for External Authentication 9 8 Oracle Database Advanced Security Administrator s Guide ...
Страница 284: ......
Страница 350: ...Troubleshooting Enterprise User Security 12 38 Oracle Database Advanced Security Administrator s Guide ...
Страница 384: ......
Страница 394: ...Data Encryption and Integrity Parameters A 10 Oracle Database Advanced Security Administrator s Guide ...
Страница 414: ...Physical Security D 6 Oracle Database Advanced Security Administrator s Guide ...
Страница 518: ...Index 10 ...