Enterprise User Security with Oracle Database 10g

The ability to secure data and databases is an essential skill for today's database administrator. Ensuring that users authenticate directly to the database so that the database's security engine can make proper decisions about access to data is a key part of any database security architecture. Since Oracle8i Release 8.1.7, users can be managed centrally in an LDAP repository authenticated by digital certificates. Oracle9i Database extended that functionality, allowing users to authenticate to the database using passwords. The enterprise users functionality was augmented again with Oracle Database 10g Release 1 by the addition of Kerberos to the list of supported authentication mechanisms. A licensing change introduced with Oracle Database 10g includes the use of password-authenticated enterprise users with the enterprise edition database license. The key benefits of centralized user management for database users are: centralized administration reduces costs centralized administration assists in managing security policies centrally and enforcing them locally on the database targets self service capabilities for password management bring an enterprise closer to building a compliance architecture serves as an integration point for enterprises that have to manage older application architectures and introduce new application paradigms at the same time This paper will explain the need for enterprise user security, show how enterprise users are authenticated, review the implementation steps necessary to build a test environment, show how enterprise users are maintained, and explain the licensing changes with Oracle Database 10g.