4.2.2 Basic Steps for Using an Oracle Database for Authentication

You can follow the steps explained in this section to authenticate users to the graph server (PGX).

1. Use an Oracle Database version that is supported by Oracle Graph Server and Client: version 12.2 or later, including Autonomous Database.
2. Be sure that you have ADMIN access (or SYSDBA access for non-autonomous databases) to grant and revoke users access to the graph server (PGX).
3. Be sure that all existing users to which you plan to grant access to the graph server have at least the CREATE SESSION privilege granted.
4. Be sure that the database is accessible via JDBC from the host where the Graph Server runs.
5. As ADMIN (or SYSDBA on non-autonomous databases), run the following procedure to create the roles required by the graph server:

   Note:

   You can skip this step if you install the PL/SQL packages as part of the Oracle Graph Server and Client installation. All the roles shown in the following code are created as part of the PL/SQL installation automatically. You need to add them separately only if you are using Oracle Graph Server and Client with Autonomous Database. You can run this code using Database Actions in Oracle Cloud Infrastructure Console.

   
   DECLARE
     PRAGMA AUTONOMOUS_TRANSACTION;
     role_exists EXCEPTION;
     PRAGMA EXCEPTION_INIT(role_exists, -01921);
     TYPE graph_roles_table IS TABLE OF VARCHAR2(50);
     graph_roles graph_roles_table;
   BEGIN
     graph_roles := graph_roles_table(
       'GRAPH_DEVELOPER',
       'GRAPH_ADMINISTRATOR',
       'GRAPH_USER',
       'PGX_SESSION_CREATE',
       'PGX_SERVER_GET_INFO',
       'PGX_SERVER_MANAGE',
       'PGX_SESSION_READ_MODEL',
       'PGX_SESSION_MODIFY_MODEL',
       'PGX_SESSION_NEW_GRAPH',
       'PGX_SESSION_GET_PUBLISHED_GRAPH',
       'PGX_SESSION_COMPILE_ALGORITHM',
       'PGX_SESSION_ADD_PUBLISHED_GRAPH');
     FOR elem IN 1 .. graph_roles.count LOOP
     BEGIN
       dbms_output.put_line('create_graph_roles: ' || elem || ': CREATE ROLE ' || graph_roles(elem));
       EXECUTE IMMEDIATE 'CREATE ROLE ' || graph_roles(elem);
     EXCEPTION
       WHEN role_exists THEN
         dbms_output.put_line('create_graph_roles: role already exists. continue');
       WHEN OTHERS THEN
         RAISE;
       END;
     END LOOP;
   EXCEPTION
     when others then
       dbms_output.put_line('create_graph_roles: hit error ');
       raise;
   END;
   /

6. Assign default permissions to the roles GRAPH_DEVELOPER, GRAPH_USER and GRAPH_ADMINISTRATOR to group multiple permissions together.

   Note:

   You can skip this step if you install the PL/SQL packages as part of the Oracle Graph Server and Client installation. All the grants shown in the following code are executed as part of the PL/SQL installation automatically. You need to execute these grants separately only if you are using Oracle Graph Server and Client with Autonomous Database. You can run this code using Database Actions in Oracle Cloud Infrastructure Console.

   
   GRANT PGX_SESSION_CREATE TO GRAPH_ADMINISTRATOR;
   GRANT PGX_SERVER_GET_INFO TO GRAPH_ADMINISTRATOR;
   GRANT PGX_SERVER_MANAGE TO GRAPH_ADMINISTRATOR;
   GRANT PGX_SESSION_CREATE TO GRAPH_DEVELOPER;
   GRANT PGX_SESSION_NEW_GRAPH TO GRAPH_DEVELOPER;
   GRANT PGX_SESSION_GET_PUBLISHED_GRAPH TO GRAPH_DEVELOPER;
   GRANT PGX_SESSION_MODIFY_MODEL TO GRAPH_DEVELOPER;
   GRANT PGX_SESSION_READ_MODEL TO GRAPH_DEVELOPER;
   GRANT PGX_SESSION_CREATE TO GRAPH_USER;
   GRANT PGX_SESSION_GET_PUBLISHED_GRAPH TO GRAPH_USER;

7. Assign roles to all the database developers who should have access to the graph server (PGX). For example:

   GRANT graph_developer TO <graphuser>

   where <graphuser> is a user in the database. You can also assign individual permissions (roles prefixed with PGX_) to users directly.

8. Assign the administrator role to users who should have administrative access. For example:

   GRANT graph_administrator to <administratoruser>

   where <administratoruser> is a user in the database.