This chapter provides information about managing user roles and privileges in Oracle Utilities Data Model.
oudm_sys, oudm_user, and oudm_report. Installing the Oracle Utilities Data Model sample reports creates the oudm_sample account. Oracle Utilities Data Model installation creates database accounts with UNLOCK and PASSWORD EXPIRE. Ensure that you unlock these accounts and set new passwords following the post-installation steps.oudm_sys and oudm_sample).Installing the Oracle Utilities Data Model component creates the accounts: oudm_sys, oudm_user, and oudm_report. Installing the Oracle Utilities Data Model sample reports creates the oudm_sample account. Oracle Utilities Data Model installation creates database accounts with UNLOCK and PASSWORD EXPIRE. Ensure that you unlock these accounts and set new passwords following the post-installation steps.
Oracle Utilities Data Model includes the following:
oudm_sys is the main schema for Oracle Utilities Data Model. This schema contains all the relational and OLAP components of Oracle Utilities Data Model. This schema is the owner of Oracle Utilities Data Model database objects.
The Oracle Utilities Data Model data mining tables are also in this schema.
oudm_sample is schema owner of Oracle Utilities Data Model database objects with sample data.
oudm_user a database user to invoke Intra-ETL packages and for OLAP data loading and for Data Mining models building.
oudm_report database user for OBIEE services to query data from oudm_sys schema and return query results back to OBIEE services.
The installation process grants the necessary roles and privileges required for users of the default accounts.
Table 7-1 Default Privileges Granted to OUDM_SYS and OUDM_SAMPLE
| Privilege | Justification |
|---|---|
|
create materialized view |
To create materialized view in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create procedure |
To create procedure in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create sequence |
To create sequence in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create session |
To create session to execute SQL,PL/SQL scripts as OUDM_SYS and OUDM_SAMPLE users. |
|
create synonym |
Synonyms are used as alternative table names. |
|
create table |
To create tables in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create type |
To create type in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create view |
To create view in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create mining model |
To create mining model in OUDM_SYS and OUDM_SAMPLE schemas. |
|
execute on ctxsys.ctx_ddl |
To use Oracle Text for customer sentiment analysis in OUDM_SYS and OUDM_SAMPLE schemas. |
|
olap_user |
To create Analytic Workspace, cubes, and cube dimensions in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create dimension |
To create dimensions in OUDM_SYS and OUDM_SAMPLE schemas. |
|
create job |
Available for oudm_user to run olap packages. |
Table 7-2 Default Privileges Granted to OUDM_USER
| Privilege | Justification |
|---|---|
|
create session |
To create session to invoke Intra-ETL packages and OLAP data loading. |
|
execute on |
Privilege to invoke Intra-ETL packages and OLAP package owned by |
|
read, update, delete |
READ, UPDATE, and DELETE on intra-ETL OUDM configuration tables to run different loads. |
Table 7-3 Default Privileges Granted to OUDM_REPORT
| Privilege | Justification |
|---|---|
|
create session |
To create session to query data from |
|
read |
READ privilege on |
|
select |
SELECT privilege on |
The installation process grants the necessary privileges required for users of the default accounts (oudm_sys and oudm_sample).
After installing the product, you only need to consider user privileges for the following:
The intra-ETL programs run inside the oudm_sys schema, therefore, these programs require the full access to the oudm_sys schema. By default, the PL/SQL intra-ETL packages for Oracle Utilities Data Model connect to the oudm_sys schema for intra-ETL execution. For security reasons, you may want to grant different privileges, for different purposes, to users of the oudm_sys schema.
By default, the Oracle Utilities Data Model sample reports connect to the oudm_sys schema directly. For security reasons, you may want to grant only select privileges to users of the sample reports.
By default, you connect as oudm in OBIEE to access the reports. For security reasons, you may want to create different users in OBIEE for different purposes.
oudm_sys schema.Describes the steps to grant only select privileges to users of the oudm_sys schema.
Create another role for a different purpose (for example, OUDM_developer for Oracle Utilities Data Model customization for a developer who can execute packages and perform dml/ddl operations. Create OUDM_Viewer for a report viewer who wants to view data but cannot modify and object or data. Then create the user and grant proper roles.).
Grant required privilege to different roles (For example, OUDM_developer needs execute privilege on etl packages but oudm_viewer does not).
Create users and grant required roles.
Create a view (or synonym) in user schema that points to the oudm_sys tables.
Describes the steps to perform to grant permission privileges to users of the Oracle Business Intelligence Suite Extended Edition reports,
Create a dedicated report user (for example, market_manager).
Grant required group membership for user market_manager.
Create a role or manage the existing roles and add the user market_manager in referenced roles.
Configure permission privileges of the related reports or dashboards to user market_manager or the referenced roles.
Apply and refresh the Oracle Business Intelligence Suite Extended Edition server.