The dialog when configuring the ASMLIB driver under Linux requires to specify owner and group:
[root@vm5020 /]# /etc/init.d/oracleasm configure
Configuring the Oracle ASM library driver.
This will configure the on-boot properties of the Oracle ASM library
driver. The following questions will determine whether the driver is
loaded on boot and what permissions it will have. The current values
will be shown in brackets ('[]'). Hitting <ENTER> without typing an
answer will keep that current value. Ctrl-C will abort.
Default user to own the driver interface []: oracle
Default group to own the driver interface []:
Several examples and documents I could find suggest to use "oracle" as owner and "dba" as group, or "grid" as owner and "asmadmin" as group. I can see where "oracle" and "dba" stem from, which I think is fine when no role separation between "dba" and "oinstall" is required. But why should this ever be "grid" and "asmadmin"?
From what I understand, ASM does not interfere with the I/O of the Oracle database. Therefore, the Oracle database needs to have direct access to the data files and underlying devices. Since the process that runs the Oracle database is "oracle", I think it makes absolute sense to set "oracle" as the owner for ASM devices.
Setting "grid" as device owner, means access to database files by the Oracle server processes can only be obtained through group or world privileges, which pretty much boils down to group since it would be foolish to give world write access.
I conclude that it would be best to use "oracle" as owner and "oinstall" as group. Any DBA beside "oracle" will simply need to be part of the "oinstall" group to have physical access to oracle database files. The same applies to the "grid" user, who simply needs to be part of the OS "oinstall" group to have the necessary access.
Any thoughts?