Can ASM File Access Control (ACL) restrict access at the ASM Disk Group Level?
Last updated on APRIL 27, 2015
Applies to:Oracle Database - Enterprise Edition - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
Enter the goal of the document. What does the customer want to accomplish?
Is there a way to apply via ASM File Access Control (ACL) an access mode of 640 to an ASM disk group so that only a specific oracle account can access it?
'oracle1' should have permissions to read/write on ORA_DG1, while 'oracle2' should not be able to write to ORA_DG1
'oracle2' should have permissions to read/write on ORA_DG2, while 'oracle1' should not be able to write to ORA_DG2
Is there something like the following to allow this?
$ asmcmd chown oracle1:oinstall +ORA_DG1
$ asmcmd chmod 640 +ORA_DG1
$ asmcmd chown oracle2:oinstall +ORA_DG2
$ asmcmd chmod 640 +ORA_DG2
What about ALTER DISKGROUP ADD MEMBER? Would this restrict usage of the disk group to only the members specified?
All written documentation on this feature, states that 'users/file owners are automatically added' as files are created even if a group has been created with members assigned.
It seems odd that one would be able to create a group with a member, such as ALTER DISKGROUP ORADG1 ADD USERGROUP WITH MEMBER oracle1, that oracle2 could just
come along a create a file on the ORADG1 disk group and automatically become a member also.
Is this really the case?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms