Not able to configure IAM with an external database

book

Article ID: 126236

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction

After installing DevTest 10.4, the DataSourceUpdater.exe was used to configure Identity Access Manager with SQL Server.
There were no issues while running the DataSourceUpdater, however when trying to start IAM we are getting the following exception:

ERROR [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 53) Change Set META-INF/jpa-changelog-1.0.0.Final.xml::1.0.0.Final::[email protected] failed. Error: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]: liquibase.exception.DatabaseException: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]

The database user has CREATE and ALTER privileges.

Environment

DevTest on release 10.4.

Resolution

Using a database client application we could verify some tables were being created, but IAM was still failing to start.
We had to set the IAM DB user to have DBA privileges while starting IAM.
After this modification, the IAM service was able to create all the necessary tables and we could also start additional DevTest components.

As stated in our documentation, please ensure that the DevTest user has DBA privileges. After the schema is created, the DBA privileges from the user can be removed.
System Requirements - Database Requirements