Oracle Database
Overview
Oracle Database is a relational database management system (RDBMS) developed by Oracle Corporation. It enables organizations to store, manage, and retrieve data using SQL. The system provides features for maintaining data integrity, performing backups and recoveries, controlling access, and optimizing performance. Oracle Database can be deployed on-premises or in the cloud through Oracle Cloud Infrastructure (OIC).
Entitle can manage only pluggable databases (PDB), which are portable collections of schemas, schema objects, and non-schema objects that appear to an application as a separate database. The Container database (CDB) includes all the data files for the PDBs contained within it.
Entitle can manage the following resource types in pluggable databases (PDBs):
- Databases
- Roles
- Administrative privileges
- System privileges
- Tables (for visibility only)
This page will provide you with instructions on how to integrate Entitle and pluggable Oracle Database.
Types of privileges in Oracle
-
Administrative privileges - Administrative privileges are designed for commonly performed administrative tasks, such as backup and recovery operations. Oracle Database provides administrative privileges tailored to specific administrative tasks, such as the SYSKM administrative privilege for performing Transparent Data Encryption tasks.
-
System privileges - enable users to perform actions on schema objects. Examples of a system privilege are the ability to create and update tables or tablespaces.
-
Roles - group several privileges and roles, so that they can be granted to and revoked from users simultaneously. You must enable the role for a user before the user can use it.
-
Object privileges - each type of object has privileges associated with it. Objects are schema objects, such as tables or indexes.
- Table privileges (for visibility only) - enable security at the DML (data manipulation language) or DDL (data definition language) level. DML operations are
DELETE
,INSERT
,SELECT
, andUPDATE
operations on tables. DDL operations areALTER
,INDEX
, andREFERENCES
operations on tables and views.
- Table privileges (for visibility only) - enable security at the DML (data manipulation language) or DDL (data definition language) level. DML operations are
-
You can grant privileges to a user in two ways using Oracle Database:
- Grant privilege to users explicitly - for example, you can explicitly grant user
Smith
the privilege to insert records into theemployees
table. - Grant privilege to a role (a named group of privileges), and then grant the role to one or more users - for example, you can grant the privileges to select, insert, update, and delete records from the
employees
table to the role namedClerk
, which in turn you can grant to usersSmith
andRobert
.
Note:
As roles allow for easier and better management of privileges, it is recommended to grant privileges to roles rather than to specific users.
- Grant privilege to users explicitly - for example, you can explicitly grant user
Prerequisites
- The Oracle Database user you choose to integrate with Entitle must have the
SYSDBA
privilege. If the user does not have this privilege, it must at least have aDBA
(Database Administrator) role.- If a user has the
SYSDBA
privilege, this privilege will surely be used in Entitle. - Only users that have the
SYSDBA
privilege will be able to manageÂadministrative privileges
.
- If a user has the
Note:
In Oracle Database the ability to grant theÂ
SYSDBA
 privilege to other users is restricted. Only users with theÂSYSDBA
 privilege themselves can grant it to others:
- SYS users.
- Users that have been granted the
SYSDBA
privilege.
- Optional:
GRANT_ANY_PRIVILEGE
privilege. If not, the user will not be able to manage access to administrative privileges.
General guidelines
- Note: Before proceeding with this guide, you may need to install Entitle's Agent for the integration to work. Follow this guide for installation instructions.
- As mentioned earlier, Entitle integrates only with pluggable databases (PDBs) in Oracle, not with Container databases (CDBs).
- To integrate Oracle Database with Entitle, you'll need to gather the following information:
- User credentials — Username and password
- Host name
- Pluggable Database name
- Port number — If not specified, the default port 1521 will be used
Set up Oracle Database to work with Entitle
- If you need to create a service account for this integration, follow all steps in this section. Otherwise, if you already have a user with the required
SYSDBA
privilege or aDBA
role, proceed from stage 3 onwards.
Stage 1: Connect to the Oracle Database
- As mentioned earlier, connect to the database using an administrative user with
SYSDBA
privileges or the SYS user. This connection is typically established through _SQL_Plus* or another SQL client.
Stage 2: Create a user with SYSDBA
privilege or DBA
role
SYSDBA
privilege or DBA
role-
Use the
CREATE USER
statement to create a new user. Replaceusername
andpassword
with your desired values. -
Grant
SYSDBA
privilege (recommended) orDBA
role to the user:-
To grant the
SYSDBA
privilege, use theGRANT SYSDBA TO
statement: -
To grant a
DBA
role to the user, use theGRANT DBA TO
statement:
-
-
In the lower part of the screen, you will be able to see whether the user was created and if the privilege/role was granted.
-
Connecting to the database as the new user is recommended to verify everything works.
Stage 3: Fetch the user’s username and password
- Copy the user’s credentials (username and password), as you will need them later on for the configuration.
Stage 4: Extract your organization’s host (required) and port (optional)
- The Entitle configuration requires your pluggable database’s host and port.
- If you don't specify a port for Entitle, it will default to 1521.
- Keep these details, as you will need them later on for the configuration.
Creating the integration in Entitle
All that is left to do is create an integration on the Entitle application.
- Log into Entitle and navigate to the Integrations page.
- After clicking the Add Integration button, type Oracle Database in the Application field.
- Don’t forget to set the Save on field with your configuration, i.e. your own hosted agent or Entitle’s cloud.

- In the connection JSON, add the following information:
- Fill the user’s username in theÂ
user
 field. - Fill the user’s password in the
password
 field. - Paste your instance host in theÂ
host
 field. - Optional: Enter your host port in theÂ
port
 field. If not, it will be set by default to 1521. - Enter your (Pluggable) Database name in the
database_name
field.
Note: In this field, make sure that the Database name includes PDB and not CDB, as Entitle can manage PDBs only.
Example Connection JSON:{ "username": "YOUR_USERNAME", "password": "YOUR_PASSWORD", "host": "WWW.EXAMPLE.COM", "port": "PORT_NUMBER or set to default 1521", {optional, if not provided - will be set to 1521} "database_name": "YOUR_DATABASE_NAME" }
- Fill the user’s username in theÂ
- Finally, click Save.
End-user experience
-
After logging into Entitle, click the New Request button.
-
In the new pop-up window, look for the Oracle Database application. Then, choose the resource and the role you want to request access. Finally, click Next.

-
Choose the duration of your request. Then, click Next to continue.
-
Briefly explain the reason for the request. Then, click the Review Request button.
-
Review your request’s details and make adjustments if needed. Once done, click the Submit request button.
-
Your request is now submitted and will be added to the My pending requests section.
-
Once the request is approved, you will have access to the specific role.
Updated 5 days ago