Chat now with support
Chat with Support

Identity Manager 8.0 - Data Archiving Administration Guide

Database Users under Oracle Database

Database Users under Oracle Database

You should set up your own database user to use the database. You can create the database user with the Configuration Wizard or manually.

NOTE: The database users involved, must get their permissions directly. When the permissions are assigned through database roles it may lead to Oracle errors when data queries are executed because of permission restrictions.

Permissions for Oracle Database Installations

The following permissions are required for an Oracle Database installation to use One Identity Manager functionality in full.

Table 2: Permissions for Database Users

Permission

Required For

GRANT ALTER SESSION TO <user>

Changing own user session settings.

GRANT ANALYZE ANY TO <user>

The permissions are used to execute the procedure DBMS_STATS.FLUSH_DATABASE_MONITORING_INFO while calculating statistics , These permissions are not required if no statistics are being determined.

GRANT CONNECT TO <user>

Connecting database.

GRANT CREATE JOB TO <user>

Creating database schedules.

GRANT CREATE PROCEDURE TO <user>

Creating schema objects.

GRANT CREATE SEQUENCE TO <user>

Creating schema objects.

GRANT CREATE SYNONYM TO <user>

Creating schema objects.

GRANT CREATE TABLE TO <user>

Creating schema objects.

GRANT CREATE TRIGGER TO <user>

Creating schema objects.

GRANT CREATE TYPE TO <user>

Creating schema objects.

GRANT CREATE VIEW TO <user>

Creating schema objects.

GRANT EXCEUTE ON DBMS_PIPE TO <user>

Communication of single processing steps concurrently with the DBQueue Processor main routine.

GRANT EXECUTE ON DBMS_CRYPTO TO <user>

Access to package for general encryption routines.

GRANT EXECUTE ON DBMS_LOCK TO <user>

Uses the sleep method for relaying processing in the DBQueue Processor, for example, to wait for single processing steps to end.

GRANT SELECT ON GV_$OSSTAT TO <user>

Loading information about the current server version.

GRANT SELECT ON GV_$SESSION TO <user>

Loading data from the current session. These permissions are also required to switch the database into single-user mode.

Additional Permissions for Data Transfer

Use the database user under which the One Identity Manager History Database runs to carry out the data transfer. This database user requires additional access to the One Identity Manager database through a database link. The database link should be made available by a database administrator. The database link has to be created uniquely.

Installing and Configuring a One Identity Manager History Database

Installing and Configuring a One Identity Manager History Database

Installation and configuration of the database is carried out by the Configuration Wizard. The sequence is described in the One Identity Manager Installation Guide.

The following prerequisites have to be implemented on the workstation, from which the schema installation starts:

  • Installation of the "Configuration Wizard" program

    Use the install wizard to install the program. To do this, select the installation type "Workstation" and the installation package "Configuration" in the install wizard.

  • Access to installation sources

    NOTE: If you copy the installation files to a repository, you must ensure the directory tree remains intact.

NOTE: Update the One Identity Manager History Database tools on this workstation with the installation wizard and not by automatic software update.

Installing and Configuring a Server

Installing and Configuring a Server

The "One Identity Manager History Service" ensures data transfer from the One Identity Manager database in the One Identity Manager History Database.

The system prerequisites for installing the One Identity Manager History Service tools on an administrative workstation and the permissions required are listed in the One Identity Manager Installation Guide.

Use the installation wizards to install the One Identity Manager History Service on the server for the first time. Installation and configuration of the One Identity Manager History Service is analog to One Identity Manager Service. The sequence is described in the One Identity Manager Installation Guide.

Archiving Procedure Setup

All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25%. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.

The following methods are provided for regularly removing data recorded from the One Identity Manager database:

  • The data can be transferred directly form the One Identity Manager database into a One Identity Manager History Database. This is the default procedure for data archiving. Select this method if the servers on which the One Identity Manager database and the One Identity Manager History Database are located have network connectivity.
  • The data can be exported in XML files. These can be loaded into the One Identity Manager History Database on a scheduled basis. Use this method if the One Identity Manager database and the One Identity Manager History Database are not in the same network segment. Alternatively you can load the XML files into another archiving system provided by the company.
  • The data is deleted from the One Identity Manager database after a certain amount of time without being archived.

Figure 2: Transferring Records to the One Identity Manager History Database

All records in the One Identity Manager database that are triggered by an action are grouped together into a process group based on an ID number, the GenProcID for direct transfer to a History Database or for exporting to XML files. The exported process groups along with the associated records are delete from the One Identity Manager database once the export has been successfully completed.

The following conditions have to be met to facilitate direct transfer to a One Identity Manager History Database or to export XML files:

  • The subsection of records is configured for export.
  • The retention period for all records that belong to a process group has ended, not taking into account whether the section of record is labeled for export or not.
  • There are no processes enabled with the process group GenProcID in the DBQueue, Job queue or as planned operations.
  • There is at least one record in the subsection of records for the triggered action that should exported.

Both databases for archiving records in a One Identity Manager History Database - the One Identity Manager database and the One Identity Manager History Database - have to be configured.

Related Documents