The metadata server enforces the following identity-related
constraints:
-
You cannot create a user definition
that has the same name as an existing user definition. The display
names don't have to be unique.
Tip
We recommend that you avoid
using spaces or special characters in the name of a user, group, or
role. Not all components support spaces and special characters in
identity names.
-
You cannot create a group or role
definition that has the same name as an existing group or role definition.
The display names don't have to be unique.
-
You cannot
assign the same external account ID to two different identities. All
of the logins that include a particular ID must be owned by the same
identity. This requirement enables the metadata server to resolve
each ID to a single identity.
-
This requirement is case-insensitive.
For example, you cannot assign a login with an ID of
smith to
one user and a login with an ID of
SMITH to
another user.
-
This requirement applies to the
fully qualified form of the ID. For example, you can assign a login
with an ID of
winDEV\brown to
one user and a login with an ID of
winPROD\brown to
another user. In this example,
winDEV and
winPROD are
Windows domain names, which are incorporated into the fully qualified
form of an external account ID.
-
This requirement cannot be mitigated
by associating the logins with different SAS authentication domains.
For example, assume that one user has a login with an ID of
smith that
is associated with a SAS authentication domain named
DefaultAuth.
In that case, you cannot give any other user a login with the ID
smith,
even if you plan to assign the login to a different SAS authentication
domain.
Tip
To enable multiple users to
share an account, store the credentials for that account in a login
as part of a group definition. Then add the users who will share the
account as members of that group definition.
-
If you give a user two logins that contain the same
ID, the logins must be associated with different authentication domains.
Within an authentication domain, each ID must be unique. For example,
if you give the person
Tara O'Toole two
logins that both have an ID of
tara,
then you cannot associate both of those logins with the
OraAuth authentication
domain.
Note: Like the previous requirement,
this requirement is case-insensitive and is applied to the fully qualified
form of the external account ID.
-
A user can have multiple locations,
e-mail addresses, and telephone numbers. However, each user can have
only one item of a given type. For example, a user can have one
home e-mail
address and one
work e-mail
address, but not two
work e-mail
addresses.