A special mechanism of authorization of domain users who are not added in the security manager is implemented on working with the Oracle DBMS based repository. This mechanism uses domain groups with configured security levels. To enable the ability to add domain groups in the repository security manager based on Oracle DBMS, execute the following operations:
Enable role separation mode between information security administrator and application administrator.
Enable level-based access control.
Enable compatibility mode to work with domain groups in Oracle DBMS by means of the Fore language.
After that the security manager enables domain groups to be connected. After adding a domain group in the security manager, the Oracle DBMS role can be determined for it. This setting enables a group to be associated with any role created on the Oracle server. By default, the domain group name is used as the role value. When the domain user who is not in the repository security manager is connecting the check for the existence of this user in domain groups, which are connected in the security manager. If the user is included in any domain group, the correspondence of the role, set for the group to roles created on the DBMS server is checked. If the server contains the specified role, the user is connected according to the security level set for the group. Otherwise the error message appears.
See also: