Can ASM File Access Control (ACL) restrict access at the ASM Disk Group Level?
(Doc ID 1596265.1)
Last updated on SEPTEMBER 16, 2021
Applies to:Oracle Database - Enterprise Edition - Version 220.127.116.11.0 and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Information in this document applies to any platform.
Enter the goal of the document. What does the customer want to accomplish?
Is there a way to apply via ASM File Access Control (ACL) an access mode of 640 to an ASM disk group so that only a specific oracle account can access it?
'oracle1' should have permissions to read/write on ORA_DG1, while 'oracle2' should not be able to write to ORA_DG1
'oracle2' should have permissions to read/write on ORA_DG2, while 'oracle1' should not be able to write to ORA_DG2
Is there something like the following to allow this?
$ asmcmd chown oracle1:oinstall +ORA_DG1
$ asmcmd chmod 640 +ORA_DG1
$ asmcmd chown oracle2:oinstall +ORA_DG2
$ asmcmd chmod 640 +ORA_DG2
What about ALTER DISKGROUP ADD MEMBER? Would this restrict usage of the disk group to only the members specified?
All written documentation on this feature, states that 'users/file owners are automatically added' as files are created even if a group has been created with members assigned.
It seems odd that one would be able to create a group with a member, such as ALTER DISKGROUP ORADG1 ADD USERGROUP WITH MEMBER oracle1, that oracle2 could just
come along a create a file on the ORADG1 disk group and automatically become a member also.
Is this really the case?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document