Enterprise Users | Effective Oracle Database 10g Security by Design

Oracle Enterprise User Security (EUS) is the centralized user administration capability for Oracle databases. User authentication and authorization data, along with other user attributes, are stored centrally in the directory server. The IM benefits provided to applications and application users are precisely the same benefits that EUS provides to Oracle database administrators and database users.

For database administrators, the directory becomes a centralized place for creating, updating, and deleting users, assigning their database roles, and defining schema mappings. You will see in the upcoming “User-Schema Mappings” section how different mappings allow you to create unique or shared schemas for the users.

For database users, the directory stores their identification and authentication (I&A) credentials allowing them consistent access to all Oracle databases. EUS supports users authenticated by passwords, Kerberos, and X.509 certificates.

History

When EUS was first introduced in Oracle 8.1.5 Database, Enterprise Users had to be authenticated via an X.509 certificate using the SSL protocol; the users had to have a digital certificate installed on their computers. The certificate was used for the identification and authentication process.

The major inhibitor to its wide-scale use was in setting up the PKI infrastructure. Creating and distributing PKI credentials to every user was not something many organizations were prepared for. The configuration tasks were tedious and prone to error. While very secure, this proved somewhat impractical for many organizations that wanted the user centralization but not the management issues associated with deploying a PKI infrastructure.

With Oracle 9.0.X Database and later, EUS users can utilize a username and password for I&A. One of the most significant advantages of this support is that it’s backward compatible, allowing practically all client programs that use usernames and passwords for I&A to be supported—the only requirement is that the database version is 9.0.X or newer.