Optional Operating System Users and Groups

You can create additional users and groups to divide administrative access privileges to the Oracle Grid Infrastructure installation from other administrative users and groups associated with other Oracle installations. Separating administrative access is implemented by specifying membership in different operating system groups, and separating installation privileges is implemented by using different installation owners for each Oracle installation.

The optional users and groups you can create are:

• The OSASM group (for example, asm) for Automatic Storage Management (ASM) authentication. If this option is not chosen, then dba is the default OSASM group.

• The OSDBA group for ASM (typically asmdba). Members of the OSDBA group for ASM are granted read and write access to files managed by ASM. The Oracle database software owner (typically oracle) must be a member of this group, and all users with OSDBA membership on databases that you want to have access to the files managed by ASM should be members of the OSDBA group for ASM

• The OSOPER group for Oracle Database (typically, oper). Create this group if you want a certain operating system users to have a limited set of database administrative privileges (the SYSOPER privilege). Members of the OSDBA group automatically have all privileges granted by the SYSOPER privilege.

By using different operating system groups for authenticating administrative access to each Oracle Database installation, members of the different groups have SYSDBA privileges for only one database, rather than for all the databases on the system. Also, if you configure a separate operating system group for ASM authentication, then you can have users that have SYSASM access to the ASM instances but do not have SYSDBA access to the database instances.