10 Creating Database Accounts
You must have the LSH System Admininstrator functional role to do all the tasks described in this section.
This chapter contains the following topics:
- About Database Accounts
You must create an Oracle Life Sciences Data Hub database account for users who need access to the Oracle LSH database through an external system or remote database. - Creating Database Accounts
To create a database account for a Definer, do the following: - Managing Database Account Privileges for Generic Visualization Business Areas
Your company can use the Generic Visualization adapter to integrate an external data visualization tool with Oracle Life Sciences Data Hub see the Oracle Life Sciences Data Hub Adapter Toolkit Guide. - Setting Up TMS Security for Users
Users who will run Oracle Life Sciences Data Hub APIs that insert, delete, or modify Oracle LSHclassification hierarchies and terms (LSH Classification Admin tasks) need security access for their Oracle LSH database account to the Oracle Thesaurus Management System (TMS) instance that is installed as part of Oracle LSH. - Resetting the Password
You can reset the password for any account as necessary; for example, if a user forgets his or her password. - Removing a Database Account
You can delete an Oracle Life Sciences Data Hub database account and its underlying database account; for example, when the user associated with the account leaves the company.
About Database Accounts
You must create an Oracle Life Sciences Data Hub database account for users who need access to the Oracle LSH database through an external system or remote database.
This section contains the following topics:
- Database Accounts for Use in Definition
You must create an Oracle Life Sciences Data Hub database account for Definers who need to use an integrated development environment (IDE) that requires logging back into the Oracle LSH database to view Oracle LSH data. - Database Accounts for Message-Based Submissions
It is possible to trigger the execution of a job in Oracle Life Sciences Data Hub by sending an XML message from an external system on a remote database.
Parent topic: Creating Database Accounts
Database Accounts for Use in Definition
You must create an Oracle Life Sciences Data Hub database account for Definers who need to use an integrated development environment (IDE) that requires logging back into the Oracle LSH database to view Oracle LSH data.
You must create an Oracle LSH database account for Definers who need to use an integrated development environment (IDE) that requires logging back into the Oracle LSH database to view Oracle LSH data. These IDEs include:
- SAS in Connected mode (read-only access)
- Oracle Reports (read-only access)
- SQL*Plus (read and write access)
- Informatica (read-only access)
- Oracle Business Intelligence (read-only access)
When the Definer launches the IDE, he or she is typically prompted to enter an Oracle LSH database account username and password.
Oracle LSH database accounts maintain a mapping between a Definer's regular Oracle LSH application user account and his or her database account. If the Definer enters the same database account information that is mapped to his or her Oracle LSH user account, the system grants access to the data required by the Program the Definer is working on.
Note:
A database account is not required to use Oracle Business Intelligence Enterprise Edition to create visualizations of Oracle LSH data.
Parent topic: About Database Accounts
Database Accounts for Message-Based Submissions
It is possible to trigger the execution of a job in Oracle Life Sciences Data Hub by sending an XML message from an external system on a remote database.
To set this up, do the following:
- Create an Oracle LSH user account and database account
- Create a database link on the remote database to the Oracle LSH database using the Oracle LSH database account ID and password
- In the XML messages, embed the Oracle LSH user account ID in the appropriate place in the XML message. See "XML Message Requirements" in the Oracle Life Sciences Data Hub Application Developer's Guide for information on the required XML schema for these messages.
An Oracle LSH API called CDR_EXE_MSG_API with the procedure Submit Message is available for use in enqueuing messages. See "Using Message-Triggered Submission from External Systems" in the Oracle Life Sciences Data Hub Application Developer's Guide for further information.
For general information about enqueuing messages, see the Oracle® Streams Advanced Queuing User's Guide and Reference at
http://download.oracle.com/docs/cd/B19306_01/server.102/b14257.pdf
.
Parent topic: About Database Accounts
Creating Database Accounts
To create a database account for a Definer, do the following:
Parent topic: Creating Database Accounts
Managing Database Account Privileges for Generic Visualization Business Areas
Your company can use the Generic Visualization adapter to integrate an external data visualization tool with Oracle Life Sciences Data Hub see the Oracle Life Sciences Data Hub Adapter Toolkit Guide.
After integration, Definers must create Generic Visualization Business Area instances to allow access to specified sets of data through the visualization tool.
Unlike other Business Areas, which are installed in their Work Area's schema, Oracle LSH installs each Generic Visualization Business Area instance in its own schema outside the Work Area schema. There are simplified security requirements for data in this schema.
Users can log in to the integrated visualization tool using an Oracle LSH database account. The system checks if there is an Oracle LSH user account linked to the database account. If there is a linked user account, the system uses it to determine the user's privileges. If there is no linked user account, the system uses the database account itself to determine the user's privileges.
The database account can have one or two privileges assigned:
- Read Data. This privilege allows the user to view data that was never blinded and dummy data in Table instances that are currently blinded. All database accounts that should have access to the Business Area instance data should have this privilege.
- Read Unblind. This privilege allows the user to view data that has been permanently unblinded.
If a user should be able to view currently blinded data, he or she must have an Oracle LSH user account with all the required Blind Break privileges and a linked database account.
You can grant (and revoke) Read Data and Read Unblind privileges to database accounts for specific Business Area instances. Oracle LSH audits all changes to these permissions.
Parent topic: Creating Database Accounts
Setting Up TMS Security for Users
Users who will run Oracle Life Sciences Data Hub APIs that insert, delete, or modify Oracle LSHclassification hierarchies and terms (LSH Classification Admin tasks) need security access for their Oracle LSH database account to the Oracle Thesaurus Management System (TMS) instance that is installed as part of Oracle LSH.
Use the script tmsadduser.sql
to add users to the TMS_ACCOUNTS and OPA_ACCOUNTS tables with TMS superuser privileges:
Parent topic: Creating Database Accounts
Resetting the Password
You can reset the password for any account as necessary; for example, if a user forgets his or her password.
To reset a password for a database account, do the following:
Parent topic: Creating Database Accounts
Removing a Database Account
You can delete an Oracle Life Sciences Data Hub database account and its underlying database account; for example, when the user associated with the account leaves the company.
To delete one or more database accounts, do the following:
- Select the checkbox in the Select column for each account you want to delete.
- Click the Remove button. A confirmation message appears.
- Click Yes to continue with the deletion. The system deletes the account and the underlying database account/user schema.
Parent topic: Creating Database Accounts