Layer7 Access Management

Expand all | Collapse all

CA Single Sign-On schema and rights

Jump to Best Answer
  • 1.  CA Single Sign-On schema and rights

    Posted 09-13-2016 02:39 PM

    Hi,
    Please we are about to install SSO server over a Linux server using Oracle RAC database and we need to know what are the schemas needed as respectives permissions for each schema.

    Is there any list of schemas used and respectives permissions ?
    Tks,
    Lincoln



  • 2.  Re: CA Single Sign-On schema and rights
    Best Answer

    Posted 09-13-2016 03:27 PM

    Hi Lincoln,

     

    The sql schema file are shipped from policy server binary, but loaded onto Oracle database.

    The ODBC connection account should have full ownership of the specific database being created, so that it can read, execute, modify, write to it after setup.

     

    Installation and Upgrade GuidesPolicy Server Installation GuideConfiguring CA SiteMinder® Data Stores in a Relational DatabaseHow to Store Key Information in Oracle

     

    The documentation says "Note: We recommend that you do not create CA SiteMinder® schema with the SYS or SYSTEM users. If necessary, create an Oracle user, such as SMOWNER, and create the schema with that user.

    "

    Oracle Schema Files

    The following Oracle schema files are in the siteminder_home\db\SQL directory.

    siteminder_home

    Specifies the Policy Server installation path.

    sm_oracle_ps.sql

    Creates the schema for a policy store and key store.

    Note: If you are storing keys in a different database, this schema file creates the schema for the key store data.

    sm_oracle_logs.sql

    Creates the schema for the audit logs.

    sm_oracle_ss.sql

    Creates the schema for a session store.

    smsampleusers_oracle.sql

    Creates the schema for a sample users database and populates the database with sample users.

    The following Oracle schema file is provided in the policy_server_home\xps\db directory.

    Oracle.sql

    Creates the XPS schema for a policy store.

     

    Hope this helps.

     

    Hongxu

     



  • 3.  Re: CA Single Sign-On schema and rights

    Posted 09-13-2016 03:32 PM

    Tks a lot !

     

    De: liuho03

    Enviada em: terça-feira, 13 de setembro de 2016 16:28

    Para: Lincoln Ubirajara Gaeski Sant Anna <Lincoln.Anna@globalweb.com.br>

    Assunto: Re:  - Re: CA Single Sign-On schema and rights

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: CA Single Sign-On schema and rights

     

    reply from liuho03<https://communities.ca.com/people/liuho03?et=watches.email.thread> in CA Security - View the full discussion<https://communities.ca.com/message/241913420?commentID=241913420&et=watches.email.thread#comment-241913420>



  • 4.  Re: CA Single Sign-On schema and rights

    Posted 09-14-2016 08:20 AM

    Thanks a lot.

     

    Please, do you know if we could run those one unique schema ?

    For example, i have a user name “smadmin” in oracle, and want to upload sm_oracle_ps.sql, sm_oracle_logs.sql and xps schema under this unique user.

    Do you know if it is possible ? Or I must to create separated schemas ( with diferente names ) and upload one-by-one ?

     

    Regards,

    Lincoln

     

     

     

    De: liuho03

    Enviada em: terça-feira, 13 de setembro de 2016 16:28

    Para: Lincoln Ubirajara Gaeski Sant Anna <Lincoln.Anna@globalweb.com.br>

    Assunto: Re:  - Re: CA Single Sign-On schema and rights

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: CA Single Sign-On schema and rights

     

    reply from liuho03<https://communities.ca.com/people/liuho03?et=watches.email.thread> in CA Security - View the full discussion<https://communities.ca.com/message/241913420?commentID=241913420&et=watches.email.thread#comment-241913420>



  • 5.  Re: CA Single Sign-On schema and rights

    Posted 09-14-2016 09:50 AM

    Yes, you can run them within one Oracle Database.

    But that means you put all eggs in same basket. sm_oracle_ps.sql  and xps schema belongs to policy store, and sm_oracle_logs.sql belongs to audit logging feature.

     

    Hongxu