• Spaces
  • Collections
  • Help
    • ×
     
     
    •  
    Server Automation Documentation

    Page tree

    The following sections discuss the database permissions that are required on the BMC Server Automation database:

    Oracle database permissions

    The following table lists the various Oracle database permissions that are required by the BLADELOGIC user account for specific BMC Server Automation tasks, such as database schema creation and upgrade. The table also lists alternatives to granting the permissions, if available.

    PrivilegeUsed duringWhy it is usedAlternative method
    GRANT RESOURCE TO BLADELOGIC

    Schema creation cleanup

    		Required to create tables and procedures in the schema. Initial schema creation, and parts of the schema cleanup will fail without this privilege.

    If your company policy does not allow you to grant the RESOURCE privilege to BLADELOGIC, revoke the RESOURCE privilege and provide the following granular privileges instead:

    CREATE TRIGGER

    CREATE SEQUENCE

    CREATE TYPE

    CREATE PROCEDURE

    CREATE CLUSTER

    CREATE OPERATOR

    CREATE INDEXTYPE

    CREATE TABLE

    GRANT CONNECT TO BLADELOGIC

     

    Connections to the database

    Product usage

    Migration

    All utilities

    		To allow the BLADELOGIC user to connect to the BLADELOGIC database; to be able to perform any action on the database.None.

    GRANT CREATE VIEW TO BLADELOGIC

     

    Install

    Upgrade process

    		During Install and upgrade, new views are created on the database supporting new code. To create a view, this privilege is required.None.
    GRANT EXECUTE ON DBMS_LOB TO BLADELOGIC

    Migration

    DB Diagnostic utility

    Used for migration procedures that are created for the DB Diagnostic utility, which uses CLOB datatypes and DBMS_LOB package calls.

    Also used while running the DB Diagnostic utility, calls are made to procedures which use DBMS_LOB package functions.

    		None.
    GRANT EXECUTE ON DBMS_LOCK TO BLADELOGIC

    Upgrade process

    Running ETL

    Required for:

    Upgrading or migrating the BMC Server Automation database

    Carrying out a handshake between BMC Server Automation database and the BMC BladeLogic Decision Support for Server Automation extract, transform, and load (ETL) during database clean up.

    None.

    GRANT UNLIMITED TABLESPACE TO BLADELOGICApplication usageRequired to have enough space to complete database operations

    If your company policy does not allow you to grant the UNLIMITED TABLESPACE privilege to BLADELOGIC, revoke the UNLIMITED TABLESPACE privilege and provide the following granular privilege on the relevant tabelspaces 
    (BLADELOGIC and BLADELOGIC_INDEX) instead:
    alter user <Username> quota unlimited on <Tablespace>

    DBMS_SQLUpgrade process

    The call creates triggers on one of the underlying tables.

    Once the triggers are created (as part of upgrade/migration), the permission can be revoked. 

    None.

    You can grant the privilege before upgrade and then revoke after upgrade.

    SELECT ANY DICTIONARY

    Upgrade of
    DB Diagnostics

    Both DB Migration and DB Diagnostics access the following dictionary table and views during the run:

    Table: DBA_USERS

    Views:

    • V$SESSION
    • V$PARAMETER
    • V$PROCESS

    None.

    You can grant the privilege before upgrade and revoke after upgrade. 

    You can grant the privilege before running DB Diagnostics and revoke after the run.

    The way the utilities use the privilege is by checking for the actual existence of the privilege, therefore breaking up the privilege is not possible.

    SQL Server database permissions

    The bladelogic user account that you set up for a SQL Server database used by BMC Server Automation must be granted access to the dbo schema and membership to the db_owner role for the BladeLogic database. For more about setting up this user account, see Setting up a SQL Server database and user for BMC Server Automation and Walkthrough: Setting up a SQL Server database.

    These permissions enable proper communication between the Application Server and the database, so that routine database tasks can be performed successfully (for example: creating tables, truncating tables, creating views, and inserting new data). In addition, these permissions are used to enable functions during database cleanup and to enable the necessary handshake between BMC Server Automation database and the BMC BladeLogic Decision Support for Server Automation ETL during database clean up.

    © Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.