The following sections discuss the database permissions that are required on the BMC Server Automation database:
The following table lists the various Oracle database permissions that are required by the BLADELOGIC user account for specific BMC Server Automation tasks, such as database schema creation and upgrade. The table also lists alternatives to granting the permissions, if available.
Privilege | Used during | Why it is used | Alternative method |
---|---|---|---|
GRANT RESOURCE TO BLADELOGIC | Schema creation cleanup | Required to create tables and procedures in the schema. Initial schema creation, and parts of the schema cleanup will fail without this privilege. | If your company policy does not allow you to grant the RESOURCE privilege to BLADELOGIC, revoke the RESOURCE privilege and provide the following granular privileges instead: CREATE TRIGGER CREATE SEQUENCE CREATE TYPE CREATE PROCEDURE CREATE CLUSTER CREATE OPERATOR CREATE INDEXTYPE CREATE TABLE |
GRANT CONNECT TO BLADELOGIC
| Connections to the database Product usage Migration All utilities | To allow the BLADELOGIC user to connect to the BLADELOGIC database; to be able to perform any action on the database. | None. |
GRANT CREATE VIEW TO BLADELOGIC
| Install Upgrade process | During Install and upgrade, new views are created on the database supporting new code. To create a view, this privilege is required. | None. |
GRANT EXECUTE ON DBMS_LOB TO BLADELOGIC | Migration DB Diagnostic utility | Used for migration procedures that are created for the DB Diagnostic utility, which uses CLOB datatypes and DBMS_LOB package calls. Also used while running the DB Diagnostic utility, calls are made to procedures which use DBMS_LOB package functions. | None. |
GRANT EXECUTE ON DBMS_LOCK TO BLADELOGIC | Upgrade process Running ETL | Required for: Upgrading or migrating the BMC Server Automation database Carrying out a handshake between BMC Server Automation database and the BMC BladeLogic Decision Support for Server Automation extract, transform, and load (ETL) during database clean up. | None. |
GRANT UNLIMITED TABLESPACE TO BLADELOGIC | Application usage | Required to have enough space to complete database operations | If your company policy does not allow you to grant the UNLIMITED TABLESPACE privilege to BLADELOGIC, revoke the UNLIMITED TABLESPACE privilege and provide the following granular privilege on the relevant tabelspaces |
DBMS_SQL | Upgrade process | The call creates triggers on one of the underlying tables. Once the triggers are created (as part of upgrade/migration), the permission can be revoked. | None. You can grant the privilege before upgrade and then revoke after upgrade. |
SELECT ANY DICTIONARY | Upgrade of | Both DB Migration and DB Diagnostics access the following dictionary table and views during the run: Table: DBA_USERS Views:
| None. You can grant the privilege before upgrade and revoke after upgrade. You can grant the privilege before running DB Diagnostics and revoke after the run. The way the utilities use the privilege is by checking for the actual existence of the privilege, therefore breaking up the privilege is not possible. |
The bladelogic user account that you set up for a SQL Server database used by BMC Server Automation must be granted access to the dbo schema and membership to the db_owner role for the BladeLogic database. For more about setting up this user account, see Setting up a SQL Server database and user for BMC Server Automation and Walkthrough: Setting up a SQL Server database.
These permissions enable proper communication between the Application Server and the database, so that routine database tasks can be performed successfully (for example: creating tables, truncating tables, creating views, and inserting new data). In addition, these permissions are used to enable functions during database cleanup and to enable the necessary handshake between BMC Server Automation database and the BMC BladeLogic Decision Support for Server Automation ETL during database clean up.