Identity Manager can use one of the following drivers to communicate with the Oracle adapter:
JDBC thin driver
JDBC OCI driver
Since the Oracle Application stored procedures require unencrypted passwords to be passed to some of the stored procedures used for provisioning, you should implement encrypted communications between Identity Manager and the Oracle application resource.
Please read the Oracle publication Oracle Advanced Security Administrators Guide and your JDBC driver’s documentation to validate the level of support for encryption that your specific version of Oracle RDBMS and driver provides.
Oracle E-Business Suite requires access to the following tables and stored procedures.
The administrator must be able to run the select command for all tables. In addition, the administrator must be able to update the apps.fnd_user table.
The adapter might access additional tables and stored procedures. Refer to the Oracle E-business Suite documentation for additional information.
Oracle states that the Oracle EBS system, including the fnd_user_pkg stored procedures, were designed to be used to administer the ORACLE EBS system as the APPS user. Oracle does NOT recommend creating an alternate administrative user. However, if you need to manage Oracle EBS with a user other than APPS, contact Oracle for guidance.
The alternate administrative user must be granted the same access as the APPS user has to all Oracle data, including tables, views, and stored procedures.
The user will also need synonyms set up so the user will have access to the tables that the APPS user has access to. If a different user is used and the appropriate grants and synonyms have not been created for the user, the following error might be encountered:
Error: ORA-00942: table or view does not exist
Add the appropriate grants and synonyms to correct the error. A sample SQL*Plus script is located in the following directory:
You can modify this script as necessary and use it to create an alternative Oracle EBS Admin user. Usage instructions are documented in the comments at the beginning of the script.
create or replace function wavesetValidateFunc1 (username IN varchar2, password IN varchar2) RETURN varchar2 IS ret_val boolean; BEGIN ret_val := apps.FND_USER_PKG.ValidateLogin(username, password); IF ret_val = TRUE THEN RETURN ’valid’; ELSE RETURN NULL; END IF; END wavesetValidateFunc1;