By default, users are mapped to the unconfined_u SELinux user when they're created. Users can check their security context by running:

id -Z

The output is similar to the following:

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

A system administrator can map an Oracle Linux user to an SELinux confined user to apply different levels of access. For example, to map the oracle user to the SELinux user_u user, use the semanage command:

sudo semanage login -a -s user_u oracle

When you create a user, you can specify the SELinux user mapping when you run the useradd command. For example, to add a privileged oracleadmin user that maps onto the SELinux staff_u user, run:

sudo useradd -Z staff_u oracleadmin