How can I configure SiteMinder to use two oracle users for the Policy Store?

Article Id: 52835
Status: Published
Updated On: 14-02-2018 06:43
Legacy Id: TEC491881
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) , AXIOMATICS POLICY SERVER , CA Single Sign On SOA Security Manager (SiteMinder) , CA Single Sign-On , CA Single Sign-On
Issue/Introduction:

Description

I'm installing a new Policy Server and using Oracle as Policy Store.

I already created the policy store and imported the SiteMinder Basic Objects.

My issue is because I'm using 2 oracle users, the first oracle users is the owner of the Database Objects and the second one is for access only.

When I use the first user everything works fine, but every time I try to use the second one I'm get the following error:

Policy store failed operation 'MultipleSearch' for object type 'Root' . Table or view not found

Solution

The issue is because the second user is not able to find the SiteMinder Database Objects, as result the Policy Server throws the error "Policy store failed operation 'MultipleSearch' for object type 'Root'. Table or view not found".

In order to configure the second user to work with SiteMinder Policy Server, you may need to do the following:

  1. Grant insert, update and delete privileges on the SiteMinder database objects to the second user.

  2. Create synonyms to map the SiteMinder database objects to the second user.

For instance, let's say that you have 2 Oracle users smowner and smuser:

  1. Grant privileges to the smuser, this must be executed as smowner:

    Grant select,insert, update on smrootconfig5 to smuser;

  2. Create a synonym to map the table smrootconfig5 into smuser schema, this must be executed as smuser:

    Create synonym smrootconfig5 for smowner.smrootconfig5;

The above procedure must be done for all the objects in the policy store schema.

Environment:

Release:
Component: SMPLC