This discussion is archived
4 Replies Latest reply: Jan 31, 2013 10:54 PM by Sebastian Solbach (DBA Community) RSS

configuring ASM disk on AIX

926398 Newbie
Currently Being Moderated
IN THE Oracle® Database Installation Guide
11g Release 2 (11.2) for IBM AIX on POWER Systems (64-Bit)
Part Number E24332-02

IN this document under the section.
3.6.4 Step 3: Configuring Disks for Oracle Automatic Storage Management

It states the following...
6.Enter commands similar to the following to change the owner, group, and permissions on the character file for each disk that you want to add to the disk group:
# chown oracle:dba /dev/rhdiskn
# chmod 660 /dev/rhdiskn

My question is? Since the user "grid" is not in the dba group but is in the oinstall group why should we create permissions as oracle:dba? This goes against the job role seperation duties of having the grid user and the sysasm privs?
Is this a mistake in the doc?
Thanks.
  • 1. Re: configuring ASM disk on AIX
    P.Forstmann Guru
    Currently Being Moderated
    The "grid" user account is recommended in some cases http://docs.oracle.com/cd/E11882_01/install.112/e24614/preaix.htm#BABJJEFF but it is not really mandatory.
  • 2. Re: configuring ASM disk on AIX
    savantsa Newbie
    Currently Being Moderated
    There are two ways to set up Oracle 11gR2 cluster ware and RAC installations. These have to do with what is called role separation. The idea is to separate grid infrastructure activities from Oracle database activities from an OS user point of view. Important thing to know is that this is a choice to make and is not mandatory.
    Technically there are two sets of logical accounts:
    GRIDOWNER: Grid Infrastructure admin User. Normally called "grid".
    ORACLEOWNER: Database Admin User. Normally called "oracle".
    Thee are also the followign groups involved.
    OINSTALL Group: The group that will own the installation and inventory of the oracle installation.. Typically called oinstall.
    ASMADMIN Group: The Oracle ASM Admin Group. This group has SYSASM privileges. Typically called asmadmin.
    ASMDBA Group: The Oracle ASM DBA group. This groups has SYSDBA privileges. Typically this would asmdba.
    ASMOPER Group: The Oracle ASM DB Operator Administrator group. Typically this would asmoper.
    OSDBA group: The Oracle database administrator group. This groups has SYSDBA privileges. Typically set to dba.
    OSPER Group: The group associated with operational tasks for database administration. Typically oper.

    However, The group membership is as follows:
    ORACLEOWNER belongs to OINSTALL / OSDBA / ASMDBA, with OINSTALL being the primary group..
    GRIDOWNER belongs to OINSTALL / ASADMIN.
    RAW DEVICES used as ASM disks for ASM Disk Griups are set permission of 660, with owner=GRIDOWNER and group=ASMDBA

    This way the ORACLEOWNER and GRIDOWNER can both see and write to the disks.

    When setting up for role separation, each user and group is called out separately.
    If not looking at setting up role separation, then
    GRIDOWNER=ORACLEONWNER= oracle ( most often).
    ASMADMIN=ASMDBA=OSDBA=dba
    ASMOPER=OSOPER=oper.


    Hope that helps.
  • 3. Re: configuring ASM disk on AIX
    onedbguru Pro
    Currently Being Moderated
    923395 wrote:
    IN THE Oracle® Database Installation Guide
    11g Release 2 (11.2) for IBM AIX on POWER Systems (64-Bit)
    Part Number E24332-02
    My question is? Since the user "grid" is not in the dba group but is in the oinstall group why should we create permissions as oracle:dba? This goes against the job role seperation duties of having the grid user and the sysasm privs?
    Is this a mistake in the doc?
    Thanks.
    Job role separation is really stupid when the DBA handles both "roles". What exactly does management think they gain by making it difficult (more annoying than anything...) for us to do our job.

    I believe the correct uid:gid should be grid:dba Both grid AND oracle must be able to READ and WRITE to these devices. Permissions should be 660. With AIX and Solaris make sure you are using a partition that excludes the first 2 cylinders (0,1) and starts at cylinder 2. eg: /dev/rhdiskn is partition 2-nnnnnnn
  • 4. Re: configuring ASM disk on AIX
    Sebastian Solbach (DBA Community) Guru
    Currently Being Moderated
    Hi,

    while I agree that role separation does not make a lot of sense if the DBA does both roles, having 2 users still makes sense.

    The GI user could have set the environment directly to the GI Home, and the DB User to the database home.
    This avoids errors where your system has the wrong OH or Path set, and increases the visibility vs. just setting it in the environment via. scripts.

    However I would put both users in the same groups, to not have to hassle with role separation.
    That beeing said, the main group for both users should be oinstall, not DBA. Otherwise you might have an issue if you wan't to grant another DBA the rights to manage the DB, but don't access the GI, e.g. a trainee ;)

    Regards
    Sebastian

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points