ASM Access Control Lists

Provide optional protection for ASM files.  It set permissions at ASM file level

0:  None
4:  Read
6:  Read-Write

Requirement:
Job role sepeartion at the OS level
Diskgroup attributes must be set
·         COMPATIBLE.ASM to 11.2 or higher
·         ACCESS-TROL.ENABLED=TRUE


SQL> alter diskgroup DG_DBA_DF501 set ATTRIBUTE 'compatible.asm' = '11.2';
Diskgroup altered.

SQL> alter diskgroup DG_DBA_DF501 set ATTRIBUTE 'compatible.rdbms' = '11.2';
Diskgroup altered.

SQL> alter diskgroup DG_DBA_DF501 SET ATTRIBUTE 'access_control.enabled' = 'true';
Diskgroup altered.

SQL> alter diskgroup DG_DBA_DF501 SET ATTRIBUTE 'access_control.umask' = '026';
Diskgroup altered. 

This means permission of 640 (read-write for owner, read for group, and no access for all other users)
Posted by
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)