This section contains the following topics:
You must have the LSH System Admin functional role to do all the tasks described in this section.
You must create an Oracle Life Sciences Data Hub (Oracle LSH) database account for users who need access to the Oracle LSH database through an external system or remote database, including:
You must create an Oracle Life Sciences Data Hub (Oracle LSH) database account for Definers who need to use an integrated development environment (IDE) that requires logging back into the Oracle LSH database to view Oracle LSH data. These IDEs include:
SAS in Connected mode (read-only access)
Oracle Reports (read-only access)
SQL*Plus (read and write access)
Informatica (read-only access)
Oracle Business Intelligence (read-only access)
When the Definer launches the IDE, he or she is typically prompted to enter an Oracle LSH database account username and password.
Oracle LSH database accounts maintain a mapping between a Definer's regular Oracle LSH application user account and his or her database account. If the Definer enters the same database account information that is mapped to his or her Oracle LSH user account, the system grants access to the data required by the Program the Definer is working on.
Note:
A database account is not required to use Oracle Business Intelligence Enterprise Edition to create visualizations of Oracle LSH data.It is possible to trigger the execution of a job in Oracle LSH by sending an XML message from an external system on a remote database. To set this up, do the following:
Create an Oracle LSH user account and database account
Create a database link on the remote database to the Oracle LSH database using the Oracle LSH database account ID and password
In the XML messages, embed the Oracle LSH user account ID in the appropriate place in the XML message. See "XML Message Requirements" in the Oracle Life Sciences Data Hub Application Developer's Guide for information on the required XML schema for these messages.
An Oracle LSH API called CDR_EXE_MSG_API with the procedure Submit Message is available for use in enqueuing messages. See "Using Message-Triggered Submission from External Systems" in the Oracle Life Sciences Data Hub Application Developer's Guide for further information.
For general information about enqueuing messages, see the Oracle® Streams Advanced Queuing User's Guide and Reference at http://download.oracle.com/docs/cd/B19306_01/server.102/b14257.pdf.
To create a database account for a Definer, do the following:
Click the Database Account subtab under the Administration tab. The Database Account screen opens.
Click Create. The Create Database Account screen opens.
Enter values in the following fields:
User Name. Click the Search icon and enter search criteria for the Oracle LSH user for whom you are creating a database account.
Database Account Name. Enter a username for the database account. The text you enter is stored in uppercase.
Password. Enter a password of 8 characters or more for the Definer to use with the database account.
Confirm Password. Reenter the password.
Note:
For security reasons, the user should reset the password in his or her Preferences screen.Click Apply. The system returns you to the Database Account screen.
Your company can use the Generic Visualization adapter to integrate an external data visualization tool with Oracle LSH; see the Oracle Life Sciences Data Hub Adapter Toolkit Guide. After integration, Definers must create Generic Visualization Business Area instances to allow access to specified sets of data through the visualization tool.
Unlike other Business Areas, which are installed in their Work Area's schema, Oracle LSH installs each Generic Visualization Business Area instance in its own schema outside the Work Area schema. There are simplified security requirements for data in this schema.
Users can log in to the integrated visualization tool using an Oracle LSH database account. The system checks if there is an Oracle LSH user account linked to the database account. If there is a linked user account, the system uses it to determine the user's privileges. If there is no linked user account, the system uses the database account itself to determine the user's privileges.
The database account can have one or two privileges assigned:
Read Data. This privilege allows the user to view data that was never blinded and dummy data in Table instances that are currently blinded. All database accounts that should have access to the Business Area instance data should have this privilege.
Read Unblind. This privilege allows the user to view data that has been permanently unblinded.
If a user should be able to view currently blinded data, he or she must have an Oracle LSH user account with all the required Blind Break privileges and a linked database account.
You can grant (and revoke) Read Data and Read Unblind privileges to database accounts for specific Business Area instances. Oracle LSH audits all changes to these permissions.
From the Security tab, select the BA DB Privilege Access subtab.
Enter the Business Area Instance and click Go. You can also use the Search tool to find those Generic Visualization Business Area instances to which you have "Manage GVA BA Database Access" privileges and select one.
For the selected Business Area instance, you can expand the node for Read Access or Read Unblind Access to view the database accounts currently assigned that privilege.
To change assignments, select the plus (+) icon in the Manage column for either Read Access or Read Unblind Access. A screen opens displaying accounts available for assignment and those already selected for the privilege.
Double-click or use the arrow icons to grant or revoke the selected privilege to one or more accounts:
To grant an account the privilege you selected, move it from Available Users to Selected Users.
To revoke the privilege, move the account from Selected Users to Available Users.
Click Apply.
Users who will run Oracle LSH APIs that insert, delete, or modify Oracle LSH classification hierarchies and terms (LSH Classification Admin tasks) need security access for their Oracle LSH database account to the Oracle Thesaurus Management System (TMS) instance that is installed as part of Oracle LSH.
Use the script tmsadduser.sql to add users to the TMS_ACCOUNTS and OPA_ACCOUNTS tables with TMS superuser privileges:
Open a command window on the TMS Middle tier server.
Set local=database
Change directory to the install directory of the TMS 4.6 installation.
Log on to your LSH database in SQL*Plus as the system account.
Run the script to add TMS superusers:
start tmsadduser
The system prompts you for the following information:
User ID. Enter the user's LSH database account ID.
User Password. Enter the user's LSH database account password.
First Name. Enter the user's given name.
Last Name. Enter the user's family name.
TMS Password. Use the password you entered in when you installed the TMS database; see "Installing Oracle Thesaurus Management System" in the Oracle Life Sciences Data Hub Installation Guide.
Repeat Step 3 for each user.
You can reset the password for any account as necessary; for example, if a user forgets his or her password.
To reset a password for a database account, do the following:
Click the icon in the Reset Password column for the account.
In the Password field, enter the new password at least 8 characters long.
In the Confirm Password, enter the new password again.
Click Apply.
Note:
For security reasons, the user should reset the password in his or her Preferences screen.You can delete an Oracle LSH database account and its underlying database account; for example, when the user associated with the account leaves the company.
To delete one or more database accounts, do the following:
Select the checkbox in the Select column for each account you want to delete.
Click the Remove button. A confirmation message appears.
Click Yes to continue with the deletion. The system deletes the account and the underlying database account/user schema.