Oracle 参数 PDB_OS_CREDENTIAL 官方解释,作用,如何配置最优化建议
本站中文解释
_CONFIGURATION:
PDB_OS_CREDENTIAL_CONFIGURATION参数用于控制Oracle是否自动设置并管理数据库容器中的操作系统凭据,以便对该服务器上的其他操作系统帐户进行身份验证。
参数的可选值为BY_TRUSTED_OS_LINKS和UNRESTRICTED:
(1)BY_TRUSTED_OS_LINKS:指定Oracle只读取受信任的服务器上的操作系统联接。
(2)UNRESTRICTED:可以从受信任的和不受信任的服务器上读取操作系统联接。
正确设置:
更改参数PDB_OS_CREDENTIAL_CONFIGURATION的值时,需要以SYSDBA身份登录到控制文件并切换到PDB。然后,可以使用ALTER SYSTEM命令根据业务需求永久更改PDB_OS_CREDENTIAL_CONFIGURATION参数的值。
ALTER SYSTEM SET PDB_OS_CREDENTIAL_CONFIGURATION=‘BY_TRUSTED_OS_LINKS’ SCOPE=SPFILE;
–或
ALTER SYSTEM SET PDB_OS_CREDENTIAL_CONFIGURATION=‘UNRESTRICTED’ SCOPE=SPFILE;
最后重新启动数据库使配置生效。
官方英文解释
PDB_OS_CREDENTIAL determines the identity of the operating system user (OS user) employed when interacting with the operating system from a PDB.
| Property | Description |
|---|---|
|
Parameter type |
String |
|
Syntax |
|
|
Default value |
None |
|
Modifiable |
No |
|
Modifiable in a PDB |
Yes |
|
Basic |
No |
|
Oracle RAC |
The same value should be used for all instances |
Note:
The Oracle OS user will continue to be used when interacting with the operating system from the root.
The Oracle OS user is usually a highly privileged user, and using the same user for operating system interactions for every PDB is not recommended. Also, using the same OS user for operating system interactions from different PDBs may compromise data belonging to a given PDB.
In contrast, using an OS user described by a credential whose name is specified as a value of the PDB_OS_CREDENTIAL parameter helps ensure that operating system interactions are performed as a less powerful user and provides the ability to protect data belonging to one PDB from being accessed by users connected to another PDB. A credential is an object that is created using the CREATE_CREDENTIAL procedure for the DBMS_CREDENTIAL package.
The operating system interactions that are done as the OS user name specified in the credential include:
-
External jobs that do not already have an operating system credential specified
-
External table pre-processors
-
PL/SQL library executions
This parameter can be specified for all the PDBs in a CDB but the CDB-wide value can be overridden for a specific PDB and can be modified only by a common administrative user with the EXECUTE privilege for the DBMS_CREDENTIAL PL/SQL package and the ALTER SYSTEM system privilege.
If a value is not set for this parameter for a given PDB, the Oracle OS User will continue to be used when interacting with the operating system from that PDB.
See Also:
-
Oracle Database Security
Guide for an example of setting an OS user for a PDB using this parameter -
Oracle Multitenant
Administrator’s Guide for conceptual information about CDBs and PDBs -
Oracle Multitenant
Administrator’s Guide for information about managing CDBs and PDBs -
Oracle Database PL/SQL
Packages and Types Reference for information about creating a credential using theDBMS_CREDENTIAL.CREATE_CREDENTIALprocedure
