Oracle A423961 User Manual

4 – 9

Getting the Most out of Integration with Windows NT

One INITsid.ORA parameter must be properly set before Windows NT
groups can be used to grant a database role:

OS_ROLES must be set to TRUE.

The default setting for this parameter is FALSE. Unless set to TRUE,
Windows NT groups cannot be used to grant a database role.

1.

Set the INITsid.ORA parameter OS_ROLES to be TRUE

2.

Start or restart the database instance

3.

Create and add users using the Windows NT USER MANAGER.
Include the ORA_%SID%_ROLENAME format as described :

ORA_%SID%_ROLENAME[_[D][A]]

where %SID% indicates the database instance.

ROLENAME identifies the role assigned to database users during the
session.

D indicates the role as the default role

A indicates the role includes the ADMIN OPTION. This option allows
the user to grant the role to other roles only. Roles cannot be granted to
users if the operating system is used to manage roles.

Note:

Oracle will convert the group name to UPPERCASE.

Note:

Both the [D] and [A] characters are optional. If either the

D or A characters are specified, they must be preceded by an
underscore.

For example, a database instance of ORCL would have the following
names if the role was identified by USERS:

•

ORA_ORCL_USERS

•

ORA_ORCL_USERS_D

•

ORA_ORCL_USERS_A

•

ORA_ORCL_USERS_DA

In the following example the Groups user are:

•

ORA_ORCL_VIEWUSERS
(created using CREATE ROLE)

•

ORA_ORCL_UPDATEUSERS_A
(created using CREATE ROLE)

•

ORA_ORCL_CONNECT_DA
(predefined ROLE; active even if OS ROLES is false)