Table of Contents
Advertisement
multiple enterprise users (shared schema). The mapping between a single
enterprise user and his or her exclusive schema is stored in the database as an
association between the user DN and the schema name. The mapping between
enterprise users and a shared schema is done in the directory by means of one or
more mapping objects. A mapping object is used to map the
(DN)
of a user to a database schema that the user will access. You create a mapping
object by using Enterprise Security Manager. This mapping can be one of the
following:
Entry-level (full DN) mapping
This method associates the DN of a single directory user with a particular
schema on a database. It results in one mapping entry for each user.
Subtree-level (partial DN) mapping
This method lets multiple enterprise users share part of their DN to access the
same shared schema. This method is useful if multiple enterprise users are
already grouped under some common root in the directory tree. The subtree
that these users share can be mapped to a shared schema on a database. For
example, you can map all enterprise users in the subtree for the engineering
division to one shared schema, BUG_APP_USER, on the bug database. Note
that the root of the subtree is not mapped to the specified schema.
When an enterprise user connects to a database, the database retrieves a DN for
the user, either from the network (in the case of SSL) or from the directory (in
the case of password- and Kerberos-authenticated enterprise users).
When determining which schema to connect the user to, the database uses the
user DN and the following precedence rules:
It looks for an exclusive schema locally (in the database).
1.
If it does not find an exclusive schema locally, then it searches the directory.
2.
Within the directory, it looks under the server entry, first for an entry-level
mapping, then for a subtree-level mapping.
If it does not find a mapping entry under the server entry, then it looks
3.
under the enterprise domain entry, first for an entry-level mapping, then for
a subtree-level mapping.
If it does not find an exclusive schema locally, or an applicable mapping
4.
entry in the database, then the database refuses the connection. Otherwise,
the database connects the user to the appropriate schema.
About Using Shared Schemas for Enterprise User Security
Getting Started with Enterprise User Security 11-21
distinguished name
Advertisement
Chapters
Table of Contents
Troubleshooting
Need help?
Do you have a question about the Oracle Database B10772-01 and is the answer not in the manual?