Can ASM File Access Control (ACL) restrict access at the ASM Disk Group Level? (Doc ID 1596265.1)

Last updated on APRIL 27, 2015

Applies to:

Oracle Database - Enterprise Edition - Version 11.2.0.2.0 and later
Information in this document applies to any platform.

Goal

*Goal
Enter the goal of the document. What does the customer want to accomplish?

Is there a way to apply via ASM File Access Control (ACL) an access mode of 640 to an ASM disk group so that only a specific oracle account can access it?

For example, two database owners ('oracle1' and 'oracle2')

'oracle1' should have permissions to read/write on ORA_DG1, while 'oracle2' should not be able to write to ORA_DG1
'oracle2' should have permissions to read/write on ORA_DG2, while 'oracle1' should not be able to write to ORA_DG2


Is there something like the following to allow this?
$ asmcmd chown oracle1:oinstall +ORA_DG1
$ asmcmd chmod 640 +ORA_DG1
$ asmcmd chown oracle2:oinstall +ORA_DG2
$ asmcmd chmod 640 +ORA_DG2

What about ALTER DISKGROUP ADD MEMBER? Would this restrict usage of the disk group to only the members specified?

All written documentation on this feature, states that 'users/file owners are automatically added' as files are created even if a group has been created with members assigned. 
It seems odd that one would be able to create a group with a member, such as ALTER DISKGROUP ORADG1 ADD USERGROUP WITH MEMBER oracle1, that oracle2 could just
come along a create a file on the ORADG1 disk group and automatically become a member also. 
Is this really the case?

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms