Permissions for Oracle Database Users
Permissions for Oracle Database Users
You should set up your own database user to use the database. You can create the database user with the or manually.
|
|
NOTE: The database users involved, must get their permissions directly. When the permissions are assigned through database roles it may lead to Oracle errors when data queries are executed because of permission restrictions. |
Permissions for Oracle Database Installations
The following permissions are required for an Oracle Database installation
|
Permission |
Required For |
|---|---|
|
GRANT ALTER SESSION TO <user> |
Changing own user session settings. |
|
GRANT ANALYZE ANY TO <user> |
The permissions are used to execute the procedure DBMS_STATS.FLUSH_DATABASE_MONITORING_INFO while calculating statistics , These permissions are not required if no statistics are being determined. |
|
GRANT CONNECT TO <user> |
Connecting database. |
|
GRANT CREATE JOB TO <user> |
Creating database schedules. |
|
GRANT CREATE PROCEDURE TO <user> |
Creating schema objects. |
|
GRANT CREATE SEQUENCE TO <user> |
Creating schema objects. |
|
GRANT CREATE SYNONYM TO <user> |
Creating schema objects. |
|
GRANT CREATE TABLE TO <user> |
Creating schema objects. |
|
GRANT CREATE TRIGGER TO <user> |
Creating schema objects. |
|
GRANT CREATE TYPE TO <user> |
Creating schema objects. |
|
GRANT CREATE VIEW TO <user> |
Creating schema objects. |
|
GRANT EXCEUTE ON DBMS_PIPE TO <user> |
Communication of single processing steps concurrently with the DBQueue Processor main routine. |
|
GRANT EXECUTE ON DBMS_CRYPTO TO <user> |
Access to package for general encryption routines. |
|
GRANT EXECUTE ON DBMS_LOCK TO <user> |
Uses the sleep method for relaying processing in the DBQueue Processor, for example, to wait for single processing steps to end. |
|
GRANT SELECT ON GV_$OSSTAT TO <user> |
Loading information about the current server version. |
|
GRANT SELECT ON GV_$SESSION TO <user> |
Loading data from the current session. These permissions are also required to switch the database into single-user mode. |
Setting up Permissions for Creating an HTTP Server
The One Identity Manager Service log files can be displayed through an HTTP server (http://<server name>:<port number>).
A user must have the appropriate permissions in order to open an HTTP server. The administrator must grant URL approval to the user to do this. This can be executed with the following command line call:
netsh http add urlacl url=http://*:<port number>/ user=<domain>\<user name>
If the One Identity Manager Service has to run under the Network Service (NT Authority\NetworkService) user account, explicit permissions for the internal web service must be granted under Windows Server 2008 (R2). This can be executed with the following command line call:
netsh http add urlacl url=http://<IP address>:<port number>/ user="NT AUTHORITY\NETWORKSERVICE"
The result can also be verified using the following command line call:
netsh http show urlacl
Communications Port and Firewall Configuration
One Identity Manager is made up of several components that can be executed in different network segments. In addition, One Identity Manager requires access to various network services, which can also be installed in different network segments. You must open various ports depending on which components and services you want to install behind the firewall.
The following ports are required:
| Default port | Description |
|---|---|
|
SQL Server: 1433 Oracle: 1521 |
Port for communicating with the database. |
|
1880 |
Port for the HTTP based protocol of the One Identity Manager Service. |
|
2880 |
Port for access tests with the Synchronization Editor. |
|
80 |
Port for accessing web applications. |
|
88 |
Kerberos authentication system. (if Kerberos authentication is implemented). |
| 135 | Microsoft EPMAP (End Point Mapper) (also DCE/RPC Locator Service) |
| 137 | NetBIOS Name Service |
| 139 | NetBIOS Session Service |
Other ports for connecting to target systems are also required. These ports are listed in the corresponding guides.
Installing the One Identity Manager
Installing One Identity Manager
The following steps are required to install One Identity Manager.
- Installation of One Identity Manager tools on the administrative workstation on which the One Identity Manager database schema installation will be started.
- Installation of the One Identity Manager schema with the Configuration Wizard.
- Setting up the server, which handles the SQL processes.
- This server must be entered in the database as a Job server with the server function "SQL processing server".
- A One Identity Manager Service with direct access to the One Identity Manager database must be installed and configured on the server.
NOTE: Several SQL processing servers can be set up to spread the load of SQL processes. - Setting up an update server for automatic software updating of other servers.
- This server must be entered in the database as a Job server with the server function "Update server".
- A One Identity Manager Service with direct access to the One Identity Manager database must be installed and configured on the server.
|
|
NOTE: You can proceed with setting up an SQL processing server and the update server using the Configuration Wizard. For more information, see Installing the One Identity Manager Service for the Database. |
You can also install the following:
- Install more workstations
- Install more server with One Identity Manager Service
- Install an application server
- Install the Web Portal on a Web server
- Install the Manager web application on a Web server
-
Install more Web services like SPML Web service or SOAP Web Service.
For detailed information about installing the web service, see the One Identity Manager Configuration Guide.
You can install and update One Identity Manager on the following types.
- Use the installation wizards to install One Identity Manager components on workstations for the first time.
- Use the installation wizards to install the One Identity Manager Service on servers for the first time or remote with the Server Installer.
- To update an existing installation use the auto update software.
- Use the installation wizard to manually update individual workstations and servers.
Fore more detailed information about updating the One Identity Manager, see Updating One Identity Manager.
Detailed information about this topic
- Before You Start Installing One Identity Manager
- Installing One Identity Manager Components
- Installing and Configuring a One Identity Manager Database
- Installing and Configuring the One Identity Manager Service
- Installing a One Identity Manager Application Server
- Installing the Web Portal
- Installing and Updating the Manager Web Application