Associating computers and role assignments

You can use zones to associate a set of users with a particular role assignment to a particular set of computers. This association of a group of computers with a particular role assignment is called a computer role. For example, you might have several computers that are dedicated to a specific function, such as hosting Oracle databases, or to a functional area, such as payroll. Some groups of users who access these computers might require a specific set of rights. For example, the database administrators who access the computers hosting Oracle databases need different rights than users who are updating payroll records in the databases being hosted.

A computer role enables you to link the privileges associated with the database administrator role assignment, such as permission to backup and restore or create new tables, with the computers that host the Oracle databases. You can configure a separate computer role for the rights required by the users processing payroll on the same set of computers. The computer role creates the link between users with a specific role assignment, database administrator or payroll department, and the computers where that role assignment applies.

If you add an Oracle database server, you add it to the computer group. If new users are assigned the database administrator role, they automatically receive the appropriate access rights on the computers hosting Oracle databases.

You can also use computer roles to specify whether you want session-level auditing for a group of computers.