User Level Security; Creating A Database With The Oracle Database Administration Assistant (Dbassist); Creating A Database With Command And Sql Files - HP StorageWorks 8000 - NAS User Manual

is established, the Oracle service for the database can execute as any user. The dbassist (and oradim
utility) will execute the service as "localsystem" unless changed.

user level security

creating a database with the Oracle Database Administration Assistant (dbassist)

If the NAS 8000 is in User/Domain level security and the Oracle server is not executing on the PDC for the
Domain (or on a PDC of a trusted Domain), it will not be possible to use the GUI (dbassist) to create a
database. When the GUI executes the oradim utility, a service for the Oracle database instance is created
on the Oracle server. When this service attempts to access the NAS 8000 for storage of any tablespace
data file(s) / control file(s) / redo logs, it will fail due to a security failure. The Windows service
implementing the Oracle instance is created and executed as the system user "localsystem", which is not a
valid member of the Domain (unless it is on the PDC). When the service attempts to connect to the NAS
8000 for allocating storage, it will be denied access and thus the database creation will fail. In this
circumstance, the dbassist GUI is best used to create a set of command and script files that can be executed
to create the database. See the section below on how to modify this sequence so that a database creation
can be successful.

creating a database with command and SQL files

For the purposes of this discussion it is important to note the following: the Oracle database instance is
implemented as a Windows service; the Windows service (the Oracle database instance) will exist before
the actual database is created. The Oracle oradim utility creates the database instance as a Windows
service. The Oracle server uses this Windows service for all database access. The Windows service is
created and owned by the system user "localsystem" regardless of the Windows user actually creating the
database. Once the service has been created, but before the actual database has been created, the
Windows service must be stopped, its owner changed to a valid Domain user, and then the Windows
service restarted. It is best to place this sequence in the command script controlling the database creation
as demonstrated below.
@ECHO OFF
@REM ************************************************************************
@REM This command script is to demonstrate how to create a
@REM database when the NAS 8000 is in User level security and
@REM the Oracle server is NOT the PDC (or a trusted PDC).
@REM ************************************************************************
@REM – First, create the 'password' file for the instance:
@C:\Oracle_home\bin\orapwd file=C:\Oracle_home\DATABASE\PWDSID.ora password=some_password entries=#
@REM – Now, create the Oracle database instance. This instance
@REM – will be used for all communication with the database itself.
@SET ORACLE_SID=SID
@\Oracle_home\bin\oradim -new -sid SID -startmode manual -pfile "C:\Some_path\initSID.ora"
@REM – Since we are not on the PDC, and oradim will create the
@REM – Oracle instance as a Windows service owned and
@REM – executed by user localsystem, we have to pause now
@REM – so that the owner of the service may be changed.
@ECHO.
@ECHO !! Pausing so that the Database service for SID can be stopped,
@ECHO have its owner changed to a valid Domain user, and restarted.
@ECHO This must be done now, or the database creation will fail.
@ECHO Please follow the following steps:
@ECHO 1) Start->Settings->Control Panel->Administrative Tools->Services.
@ECHO 2) Double click on the Service for this database,
@ECHO 3) Under the 'General' tab, STOP the service.
@ECHO 4) Under the 'Log On' tab, Log On as "This Account" (use a valid
@ECHO user account from the Domain).
@ECHO 5) Click on Apply.
@ECHO 6) Under 'General' tab, START the service.
8