1. Security Guide
  2. Authorization in TimesTen
  3. Privileges for Cache Groups

Privileges for Cache Groups

Cache groups require certain users and privileges.

About Cache Group Users and Privileges

There are system and object privileges for cache groups. In order for a user to perform operations involving any cache group, the user must have the appropriate cache group privileges.

In addition, there are administrative users, namely the Oracle cache administration user and the TimesTen cache administration user, who require special privileges. See Cache Group Users.

For a complete list of system and object privileges for cache group operations, see Privileges in Oracle TimesTen In-Memory Database SQL Reference.

Note:

Passthrough does not require any cache group privileges, because privileges are checked by the Oracle database with the user credentials.

Oracle Cache Administration User Privilege

To grant the Oracle cache administration user the minimum set of privileges required to perform cache operations: On Oracle Database, run the SQL*Plus script grantCacheAdminPrivileges.sql in the timesten_home/install/oraclescripts directory as the SYS user.

See Grant Privileges to the Oracle Database Users in Oracle TimesTen In-Memory Database Cache Guide.

TimesTen Cache Administration User Privilege

The required privilege for the TimesTen cache administration user is the CACHE_MANAGER system privilege, enabling the user to perform necessary cache group operations.

A TimesTen cache administration user must have the CACHE_MANAGER privilege to perform the initial load of a read-only cache group or to change the state of autorefresh on a read-only cache group. (The initial load implicitly alters the state of the cache group autorefresh from paused to on.)

For a complete list of individual cache group operation privileges, see Required Privileges for Cache Operations in Oracle TimesTen In-Memory Database Cache Guide.

This grants the CACHE_MANAGER privilege to pat: 

Command> GRANT CACHE_MANAGER TO pat;

Note:

An asynchronous writethrough (AWT) cache group combines both cache groups and replication. The CACHE_MANAGER privilege provides all of the privileges needed for creating AWT cache groups.

Privileges for Other Cache Users

Certain cache group privileges are requires for other users (non-administrative users).

Non-Administrative Cache Users

Operations on a cache group or a cache table, such as loading a cache group or updating a cache table, can be performed by any TimesTen user who has sufficient privileges.

Note that for these users, there must also be a corresponding Oracle Database user with the same name who has privilege to select from and update the cached Oracle Database tables.

See Create the TimesTen Users and Grant Privileges to the TimesTen Users in Oracle TimesTen In-Memory Database Cache Guide.

Cache Group System Privileges

Cache group system privileges enable a user to operate on cache group objects across the database.

  • To create a cache group, a user must be granted either the CREATE CACHE GROUP or CREATE ANY CACHE GROUP system privilege. In addition, the user must be granted either the CREATE ANY TABLE or CREATE TABLE privilege to create any underlying cache tables, depending on whether the table is owned by the user.

  • To drop or alter a cache group that is not owned by the user, the user must be granted the DROP ANY CACHE GROUP or ALTER ANY CACHE GROUP privilege as applicable. In addition, the user must be granted the DROP ANY TABLE privilege to drop any underlying cache tables if the tables are not owned by the user.

For example, the following confers the privilege for a user to alter any cache group in the database:

Command> GRANT ALTER ANY CACHE GROUP TO pat;

These cache group system privileges are for operations on objects not owned by the user:

  • FLUSH ANY CACHE GROUP

  • LOAD ANY CACHE GROUP

  • UNLOAD ANY CACHE GROUP

  • REFRESH ANY CACHE GROUP

Cache Group Object Privileges

Object privileges for cache group operations enable a user to perform a particular operation on a particular cache group that the user does not own.

These are the available cache group object privileges:

  • FLUSH

  • LOAD

  • UNLOAD

  • REFRESH

This example grants pat the cache group object privilege to perform a FLUSH on the cache group cachegrp that is owned by terry: 

Command> GRANT FLUSH ON terry.cachegrp TO pat;

See Methods for Transmitting Changes Between TimesTen and Oracle Databases in Oracle TimesTen In-Memory Database Cache Guide.