1. Security Configuration Guide
  2. Configuring User Directories
  3. Configuring Relational Databases as User Directories

Configuring Relational Databases as User Directories

User and group information from the system tables of Oracle, SQL Server, and IBM DB2 relational databases can be used to support provisioning. If group information cannot be derived from the database's system schema, Oracle Hyperion Shared Services does not support the provisioning of groups from that database provider. For example, Shared Services cannot extract group information from older versions of IBM DB2, because the database uses groups defined on the operating system. Provisioning Managers can, however, add these users to groups in Native Directory and provision those groups. For supported platform information, see the Oracle Enterprise Performance Management System Certification Matrix posted on the Oracle Fusion Middleware Supported System Configurations page on Oracle Technology Network (OTN).

Note:

If you are using a DB2 database, the user name must contain at least eight characters. User names should not exceed 256 characters (Oracle and SQL Server databases), and 1000 characters (DB2).

Configure Shared Services to connect to the database as the database administrator; for example, Oracle SYSTEM user, to retrieve the list of users and groups.

Note:

Shared Services retrieves only active database users for provisioning. Inactive and locked database user accounts are ignored.

To configure database providers:

  1. Access Oracle Hyperion Shared Services Console as System Administrator. See Launching Shared Services Console.
  2. Select Administration, and then Configure User Directories.
  3. Click New.
  4. In the Directory Type screen, select Relational Database (Oracle, DB2, SQL Server).
  5. Click Next.

    Illustration of the Database Configuration tab
  6. On the Database Configuration tab, enter configuration parameters.

    Table 4-4 Database Configuration Tab

    Label Description
    Database Type The relational database provider. Shared Services supports only Oracle and SQL Server databases as database providers.

    Example: Oracle
    Name A unique configuration name for the database provider.

    Example: Oracle_DB_FINANCE
    Server The DNS name of the computer on which the database server is running.

    Example: myserver
    Port The database server port number

    Example: 1521
    Service/SID (Oracle only) The system identifier (default is orcl)

    Example: orcl
    Database (SQL Server and DB2 only) The database to which Shared Services should connect

    Example: master
    User Name The user name that Shared Services should use to access the database. This database user must have access privileges to database system tables. Oracle recommends that you use the system account for Oracle databases and the database administrator's user name for SQL Server databases.

    Example: SYSTEM
    Password The password of the user identified in the User Name.

    Example: system_password
    Trusted The check box that specifies that this provider is a trusted SSO source. SSO tokens from trusted sources do not contain the user's password.
  7. Optional: Click Next to configure the connection pool.

    The Advanced Database Configuration tab opens.


    Illustration of the Advanced Database Configuration tab
  8. On Advanced Database Configuration, enter connection pool parameters.

    Table 4-5 Advanced Database Configuration Tab

    Label Description
    Max Connections Maximum connections in the pool. Default is 50.
    Initial Size Available connections when the pool is initialized. Default is 20.
    Allowed Idle Connection Time Optional: The time after which the eviction process removes the idle connections in the pool. Default is 10 minutes.
    Evict Interval Optional: The interval for running the eviction process to clean up the pool. Eviction removes idle connections that have exceeded the Allowed Idle Connection Time. Default is five minutes.
    Grow Connections Indicates whether the connection pool can grow beyond Max Connections. By default, this option is cleared, indicating that the pool cannot grow. If you do not allow the connection pool to grow, the system returns an error if a connection is not available within the time set for Time Out.
    Enable Custom Authentication Module The check box to enable the use of a custom authentication module to authenticate users defined in this user directory. You must also enter the fully qualified Java class name of the authentication module in the Security Options screen. See Setting Security Options.

    The custom authentication module authentication is transparent to thin and thick clients. See "Using a Custom Authentication Module" in the Oracle Enterprise Performance Management System Security Configuration Guide.

  9. Click Finish.
  10. Click OK to return to the Defined User Directories screen.
  11. Test the database provider configuration. See Testing User Directory Connections.
  12. Change the search order assignment, if needed. See Managing the User Directory Search Order for details.
  13. Specify security settings, if needed. See Setting Security Options.
  14. Restart Oracle Hyperion Foundation Services and other Oracle Enterprise Performance Management System components.