7 Working with User Privileges in Oracle Communications Data Model

This chapter provides information about managing user privileges in Oracle Communications Data Model

• Accounts Created for Oracle Communications Data Model
  Installing the Oracle Communications Data Model component creates the account: ocdm_sys and other accounts. Installing the Oracle Communications Data Model sample reports creates the ocdm_sample account. Ensure that you unlock these accounts and set new passwords following the postinstallation steps.
• When You Must Consider User Privileges in an Oracle Communications Data Model
  The installation process grants the necessary privileges required for users of the default accounts (ocdm_sys and ocdm_sample).

Accounts Created for Oracle Communications Data Model

Installing the Oracle Communications Data Model component creates the account: ocdm_sys and other accounts. Installing the Oracle Communications Data Model sample reports creates the ocdm_sample account. Ensure that you unlock these accounts and set new passwords following the postinstallation steps.

Oracle Communications Data Model includes the following:

• ocdm_sys is the main schema for Oracle Communications Data Model. This schema contains all the relational and OLAP components of Oracle Communications Data Model. This schema is the owner of Oracle Communications Data Model database objects.

  The Oracle Communications Data Model data mining tables are also in this schema.

• ocdm_sample is schema owner of Oracle Communications Data Model database objects with sample data.

• ocdm_user a database user to invoke Intra-ETL packages and for OLAP data loading.

• ocdm_report database user for OBIEE services to query data from ocdm_sys schema and return query results back to OBIEE services.

When You Must Consider User Privileges in an Oracle Communications Data Model

The installation process grants the necessary privileges required for users of the default accounts (ocdm_sys and ocdm_sample).

After installing the product, you only need to consider user privileges for the following:

• The intra-ETL programs run inside the ocdm_sys schema, therefore, these programs require the full access to the ocdm_sys schema. By default, the PL/SQL intra-ETL packages for Oracle Communications Data Model connect to the ocdm_sys schema for intra-ETL execution. For security reasons, you may want to grant different privileges, for different purposes, to users of the ocdm_sys schema.

• By default, the Oracle Communications Data Model sample reports connect to the ocdm_sys schema directly. For security reasons, you may want to grant only select privileges to users of the sample reports.

• By default, you connect as ocdm in OBIEE to access the reports. For security reasons, you may want to create different users in OBIEE for different purposes.

• Granting Only Required Privileges to Database Users of OCDM_SYS
  Describes the steps to grant only select privileges to users of the ocdm_sys schema.
• Granting Only Select Privileges to Database Users of the Sample Reports
  Describes the steps to perform to grant only select privileges to users of the sample reports.
• Granting Permission Privileges for OBIEE Reports to BI Users and Roles
  Describes the steps to perform to grant permission privileges to users of the OBIEE reports,

Granting Only Required Privileges to Database Users of OCDM_SYS

Describes the steps to grant only select privileges to users of the ocdm_sys schema.

• Create another role for a different purpose (for example, OCDM_developer for Oracle Communications Data Model customization for a developer who can execute packages and perform dml/ddl operations. Create OCDM_Viewer for a report viewer who wants to view data but cannot modify and object or data. Then create the user and grant proper roles.).

• Grant required privilege to different roles (For example, OCDM_developer needs execute privilege on etl packages but ocdm_viewer does not).

• Create users and grant required roles.

• Create a view (or synonym) in user schema that points to the ocdm_sys tables.

Table 7-1 Default Privileges Granted to OCDM_SYS

Privilege	Justification
create materialized view	To create materialized view in OCDM_SYS.
create procedure	To create procedure in OCDM_SYS.
create sequence	To create sequence in OCDM_SYS.
create session	To create session to execute SQL,PL/SQL scripts as OCDM_SYS user.
create synonym	Synonyms are used as alternative table names.
create table	To create tables in OCDM_SYS.
create tablespace	To create tablespace in OCDM_SYS schema.
create type	To create type in OCDM_SYS schema.
create view	To create view in OCDM_SYS schema.
create mining model	To create mining model in OCDM_SYS schema.
execute on ctxsys.ctx_ddl	To use Oracle Text for customer sentiment analysis in OCDM_SYS schemas.
olap_user	To create Analytic Workspace, cubes, and cube dimensions in OCDM_SYS schemas.
create dimension	To create dimensions in OCDM_SYS schema.
create job	Available for ocdm_user to run olap packages.

Table 7-2 Default Privileges Granted to OCDM_USER

Privilege	Justification
create session	To create session to invoke Intra-ETL packages and OLAP data loading.
execute on	Privilege to invoke Intra-ETL packages and OLAP package owned by OCDM_SYS schema.

Table 7-3 Default Privileges Granted to OCDM_REPORT

Privilege	Justification
create session	To create session to query data from OCDM_SYS schema.
select on	Select privilege on OCDM_SYS tables, views, cubes, and cube dimensions.

Granting Only Select Privileges to Database Users of the Sample Reports

Describes the steps to perform to grant only select privileges to users of the sample reports.

1. Create a dedicated reporting user (for example, OCDM_Report).
2. Grant select privilege for all Oracle Communications Data Model tables required for reporting to OCDM_Report. (The easiest way to select privileges for these tables is to grant all Oracle Communications Data Model tables that start with a prefix of DWA_, DWB_, DWD_, DWR_, or DWL_.)
3. Create a view (or synonym) in OCDM_Report schema that points to the ocdm_sys tables.
4. In the Oracle Business Intelligence Suite Extended Edition repository for Oracle Communications Data Model, change the connection information to point to the new schema.

Table 7-4 Default Privileges for OCDM_SAMPLE

Privilege	Justification
create materialized view	To create materialized view in OCDM_SAMPLE schema.
create procedure	To create procedures in OCDM_SAMPLE schema.
create sequence	To create sequence in OCDM_SAMPLE schema.
create session	To create session to execute SQL,PL/SQL scripts as OCDM_SAMPLE user.
create synonym	Synonyms are used as alternative table names.
create table	To create table in OCDM_SAMPLE schema.
create tablespace	To create tablespace is OCDM_SAMPLE schema.
create type	To create type in OCDM_SAMPLE schema.
create view	To create view in OCDM_SAMPLE schema.
create mining model	To create mining model in OCDM_SAMPLE schema.
execute on ctxsys.ctx_ddl	To use Oracle Text for customer sentiment analysis in OCDM_SAMPLE schema.
olap_user	To create Analytic Workspace, cubes, and cube dimensions in OCDM_SAMPLE schema.
create dimension	To create dimension in OCDM_SAMPLE schemas.
create job	Allows for ocdm_user to run olap packages.

Granting Permission Privileges for OBIEE Reports to BI Users and Roles

Describes the steps to perform to grant permission privileges to users of the OBIEE reports,

1. Create a dedicated report user (for example, market_manager).
2. Grant required group membership for user market_manager.
3. Create a role or manage the existing roles and add the user market_manager in referenced roles.
4. Configure permission privileges of the related reports or dashboards to user market_manager or the referenced roles.
5. Apply and refresh the OBIEE server.

Table 7-5 Default Privileges Granted to OCDM_REPORT

Privilege	Justification
create session	To create session to query data from OCDM_SYS schema.
select on	Select privilege on OCDM_SYS tables, views, cubes, and cube dimensions.