Identity And Access Management - Rajiv Dewan

OPAM : Oracle Privileged Account Manager

 Privileged Account Manager: Tool  used for management of Privileged Accounts

Sometime we need  passwords for Privileged Accounts to do certain operations but if we share the password with other user(s) then there are more chances that it may not be secured for a long time. :-)  OPAM is the solution for such problems.

OPAM is an Identity Management solution to secure the passwords of Admin/Privileged Accounts like ROOT user of Unix, SYS user of Database etc. It also provides features like auditing and reporting. It provides two functions Check-in and Check-out. You can check-out the Privileged Accounts whenever you want to use it. It will generate a random password for you to use that Privileged Account.
On completion of your task, you can Check-in the Privileged Account back to OPAM. On Check-in, it again generates a random password for the same account.

OPAM provides you GUI for Check-out/Check-in or you can use command line tool for both the operations.

You may have different password policies for different target systems like Unix, Databse etc. OPAM gives you flexibility to set the password policy for different accounts. OPAM will make sure that whatever password is generated, satisfies the password policy of the target system.

OPAM can also be integrated with Oracle Identity Governance for periodic certification of access.

OPAM commes with three OOTB connectors:
  • UNIX
  • LDAP
  • Database
We can also leverage Oracle Database Vault or TDE (Transparent Data Encryption) for more secure environment.

Details: TDE

Ref: Oracle Documentations