10.2 RAC to 11.2 RAC user and user group changes:
- In a 10.2 RAC deployment, only one user (Oracle) and one user group (DBA) are required. Database, Clusterware are installed with Oracle users.
- In the deployment of 11.2 RAC, two users (Oracle,grid) and 6 user groups (Oinstall,asmadmin,asmdba,dba,asmoper,oper) were created. The grid is installed with a grid and the database is installed by the Oracle user.
- The 10.2 RAC ASM is run as an Oracle user for maintenance
- The 11.2 RAC ASM is run as a grid user, i.e. grid (Clusterware + ASM database)
User group Oinstall:
- The machine may have a bunch of Oracle software, or a different version of the software. Oracle records what software and versions are installed on the machine, which is the Oracle product list.
- Oinstall's group members have write permission to Oracle's product list (orainventory).
- Product Inventory File
[Email protected] oracle]# More/etc/orainst.loc #查看清单文件目录
The Inventory_loc=/u01/app/orainventory #真正的清单文件 is in this directory./contentsxml/inventory.xml
Inst_group=oinstall
[Email protected] oracle]#
User Group DBA:
- Users who belong to this user group can install database software and subsequent database administration tasks.
- Users belonging to this user group can connect to an Oracle DB instance as SYSDBA via Sqlplus after authentication through the operating system
Description: Do not confuse SYSDBA system permissions with database role DBA. The DBA role does not include SYSDBA and Sysoper system permissions. That is, even if you are a member of the DBA group, you should explicitly indicate that you want to log on with SYSDBA permissions to get SYSDBA permissions. such as: [[email protected] ~]$ sqlplus '/as sysdba '
User group Oper:
This user is an optional group. This group is also associated with the Oracle Operating system authentication feature, where members of this group can use Sqlplus to connect to an Oracle instance with Sysoper identity through operating system authentication, and members have certain database administrative privileges.
User group Asmadmin:
- Users belonging to this user group can connect to an ASM DB instance as sysasm via Sqlplus after authentication through the operating system
- Sysasm is a privilege that appears in Oracle 11g R1, to 11g R2, which is completely detached from the SYSDBA.
- The management and maintenance of ASM by replacing SYSDBA with Sysasm is mainly to strip the system permissions of the storage layer, so that the management of ASM and the management of database have clear responsibility division.
- Grid users belong to the Asmadmin user group, which is the maintenance scope of the Grid = Clusterware + ASM
How do I close ASM instances properly?
- In 10g, ASM stores only the files of the Oracle database, that is, ASM has only one client, which is the Oracle database. Shutdown Order: Close Database-"Close asm--" close CRS
- In 11g R2, ASM storage not only hosts Oracle data files, but also the cluster's OCR and voting file. That is, the role of the database and the cluster player ASM client exists. Therefore, to stop the ASM instance, it can only be stopped with CRS. i.e.: Crsctl Stop CRS
User group Admdba:
- This group member has read and write access to the files managed by ASM.
- The installer for the grid software, the owner (grid user), and the owner of the database software (Oracle user) must be members of that group.
- Grid users and Oracle users must belong to this group.
User group Asmoper:
- This group is an optional group. Members of this group have partial administrative privileges on ASM instances.
Official manuals give examples of user groups, users, directory creation
1 #用户组:2# groupadd-g +Oinstall3# groupadd-g1020Asmadmin4# groupadd-g1021ASMDBA5# groupadd-g1031DBA16# groupadd-g1041Dba27# groupadd-g1022Asmoper8 9 #用户:Ten# Useradd-u1100-G Oinstall-G asmadmin,asmdba Grid One# Useradd-u1101-G Oinstall-G dba1,asmdba oracle1 A# Useradd-u1102-G Oinstall-G dba2,asmdba oracle2 - - #目录及权限: the#mkdir-p/u01/app/11.2.0/Grid -#mkdir-p/u01/app/Grid -#Chown-R Grid:oinstall/u01 -#mkdir-p/u01/app/Oracle1 +#Chownoracle1:oinstall/u01/app/Oracle1 -#mkdir-p/u01/app/Oracle2 +#Chownoracle2:oinstall/u01/app/Oracle2 A#chmod-R775/u01
11g RAC R2 Architecture---Users and user groups
