C.1 About Windows Services for Oracle Database
Starting with Oracle Database 12c Release 1 (12.1), ORADIM creates Oracle Database service, Oracle VSS Writer service, and Oracle Scheduler service to run under the Oracle Home User account.
Oracle Home User is the standard Windows User Account (not an Administrator), specified during installation, that runs most of the Windows services required by Oracle for Oracle home.
If this Oracle Home User is a Windows Local User Account or a Windows Domain User Account, then ORADIM prompts for a password for that account and accepts the same through stdin.
All Oracle administration tools that create Windows services have been modified to prompt for the password of Oracle Home User when the Oracle Home User is a Windows Local User Account or a Windows Domain User Account, and the password for Oracle Home User is not stored in the Oracle Wallet.
Topics:
- About Running Windows Services in Oracle Home
Depending on the type of database installation and user account used as the Oracle Home User, Windows services run under low-privileged, non-administrative accounts such as a LocalService, or an authenticated Windows User Account, or as a high-privileged Local System Account (LSA) in Oracle home. - Additional Privileges Required by Oracle Database Services
Certain functions performed by the Oracle Database service require additional privileges. - Granting Additional Operating System Privileges Manually
To grant an operating system privilege to a specific user, perform the following steps:
C.1.1 About Running Windows Services in Oracle Home
Depending on the type of database installation and user account used as the Oracle Home User, Windows services run under low-privileged, non-administrative accounts such as a LocalService, or an authenticated Windows User Account, or as a high-privileged Local System Account (LSA) in Oracle home.
Table C-1 Running Windows Services
| Type of Installation | Oracle Home User | Windows Service User for the Services |
|---|---|---|
|
Oracle Database Server |
Windows User Account |
Windows User Account |
|
Oracle Database Server |
Built-in Account |
Local System Account |
|
Oracle Database Client |
Windows User Account |
Windows User Account |
|
Oracle Database Client |
Built-in Account |
LocalService |
|
Oracle Grid Infrastructure (with the Grid Infrastructure Management Repository) |
Windows User Account |
Grid Listeners using LocalService Database services using Windows User Account Foot 1Clusterware services using Local System Account |
|
Oracle Grid Infrastructure (without the Grid Infrastructure Management Repository) |
Built-in Account |
Grid Listeners using LocalService Clusterware services using Local System Account |
Footnote 1
Clusterware requires administrative privileges so it always uses Local System Account to run Windows services.
C.1.2 Additional Privileges Required by Oracle Database Services
Certain functions performed by the Oracle Database service require additional privileges.
Oracle Universal Installer and other Oracle tools automatically grant the following privileges to the Windows services SID of the respective services during the creation of these services:
-
SeIncreaseBasePriorityPrivilege: A process requires this privilege to change the priority of its threads. This privilege is granted to Windows serviceSIDs of Oracle Automatic Storage Management (Oracle ASM) or Oracle Database services. -
SeBackupPrivilege: This privilege is required to perform backup operations. It is granted to the Windows serviceSIDs of Oracle VSS Writer service. -
SeBatchLogonRight: This privilege is required for an account to log on using the batch logon type. It is granted to the Windows serviceSIDs of Oracle Scheduler service.
To enable Oracle Database to use Large Pages or working set features, the following additional operating system privileges must be manually granted by the operating system administrator to either the Oracle Home User or to the Windows service SIDs of the specified Oracle Database service during the creation of these services.
Oracle recommends granting privileges to the Windows service SID of Oracle Database service instead of the Oracle Home User. The Windows service SID of the database service follows this syntax, NT AUTHORITY\OracleServiceSID.
-
SeLockMemoryPrivilege: This privilege is required to lock pages in memory. Oracle Database requires this privilege to use Large Pages. -
SeIncreaseQuotaPrivilege: This privilege is required to change the memory quota for a process. This is needed while setting themaxandminworking set sizes for the database.
Related Topics
C.1.3 Granting Additional Operating System Privileges Manually
To grant an operating system privilege to a specific user, perform the following steps:
- From the Start menu, select Control Panel.
- Double-click Administrative Tools.
- Double-click Local Security Policy.
- In the left pane of the Local Security Policy window, expand Local Policies and select User Rights Assignment.
- In the right pane of the Local Security Policy window, double-click the relevant user privilege. For example, select Adjust memory quotas for a process to change the memory quota for a process or select Lock pages in memory to use Large Pages.
- Click Add User or Group.
- Enter the Oracle Home User name in Enter the object names to select field and click Check Names.
- Click OK to close the Select Users, Computers, Service Accounts, or Groups dialog box.
- Click OK to close the Properties window for the privilege.