Oracle Administration, minimum permissions

book

Article ID: 195456

calendar_today

Updated On:

Products

CA Harvest Software Change Manager CA Harvest Software Change Manager - OpenMake Meister

Issue/Introduction

Our CA SCM is currently using Oracle and the Oracle instance is running on a central Oracle cluster.
The corporate security stance is to only provide the minimum set of permissions to perform the required tasks.

Please let us know the minimum set of permissions for the Oracle Admin account ( -ausr account in HDBSetup options CR & UR)
Can the permission be restricted to the schema?

Environment

Release : 13.0.3

Component : CA Harvest Software Change Manager

Resolution

The answer is yes.

To see what permissions are granted by default to the Harvest schema owner user, you can look in a file within your Harvest installation folder at %CA_SCM_HOME%\Database\creatusr.sql. In that file you will see a lot of “grant” statements. Most of these are required when you’re using hdbsetup to create a new Harvest database, and can be revoked once the database has been created. The exceptions are:

Required for Harvest to connect to the Oracle database and create a session.
grant connect to &NEWNAME;
grant resource to &NEWNAME;
grant alter session to &NEWNAME;

Only required if you want to set up a new custom form type (after the form type has been successfully created this permission can also be revoked):
grant create table to &NEWNAME;

These would be the minimum permissions required for Harvest to work with the Oracle database.