Symantec Access Management

Hi,

We are trying to set up Oracle Database as policy store but I am getting the following error message.

<<

smreg su command failed.

Please fix the error and reconfigure the Policy Store.

>>

I could see that tables has been created. While trying to execute smreg -tu command, I have noticed the below error message.

<<

[][2325][4097406688][08/30/2018][16:13:53][16:13:53.136][][][][Start processing SQL statement.][][][][CSmRecordset::Execute][CDb.cpp:305][][][][insert into smrootconfig5 (rootconfigoid, enableusertracking, dynamicprefs, majorversion, minorversion, smmode) values ('1c-67b3c2b0-9e28-11d3-95e7-00c04f7468ef', 0, ' ', 7, 0, 0)][][][]
[][2325][4097406688][08/30/2018][16:13:53][16:13:53.173][][][][SQL Error.][][][-1][CSmDbConnectionODBC::CheckForError][CSmDbODBC.cpp:1436][[NS][ODBC Oracle Wire Protocol driver][Oracle]ORA-01950: no privileges on tablespace 'USERS'][HY000][][][][][]
..

..

Failed to create the super user account.

>>

It is trying to create the superuser account in "USERS" table space. May I know the reason for the same as we have created dedicated table space and the tables has already been created(by the installer wizard) in the dedicated table space?

Regards,

Dhliip

Dhilip Dhi1ip

Could we have the steps how the tablespace was created and how an admin user has been assigned to the tablespace.

Ideally, I'd do the following steps in Oracle DB

1. Create a User (This is the same user which could be used in smconsole to make a connection).
2. Create a tablespace for Policy Store.
3. Assign the User from [1] to Policy Store tablespace with ownership permissions. This will make sure this user only has modify permissions to Policy Store tablespace.
4. Also assign User from [1] Permissions on temporary tablespace. I vaguely remember having to do this, but keep this optional for now.
5. Now do the ODBC as Policy Store configuration steps. Do a test connection, see if this succeeds?
6. Run XPSDDInstall and XPSImport. Does this succeed?
7. Run "smreg -su"

Reference : Validate with the first two sections (Pre-Requisite) in the link below. 

Configure an Oracle Policy Store - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

Regards

Hubert

Ensure you have checked SSO support matrix that the particular Oracle DB is on supported version.

Oracle 12c comes out with a new patch, and in that new patch, there are significant security account, right and permission changes, which may not work the same way as previous releases.

I also do not see the advantage of using Oracle DB as policy store, comparing with CA directory in term of both performance as well as difficulty level.

Regards

Hongxu

Hi Hubert and Hongxu,

@Hubert,

Thanks for providing the step by step information.

Actually, my DBA team has provided all the required privileges for new account (including quota) to the newly created table space. But, he missed to set the new table space as default table space for the account.

So, the tables are getting created in 'USERS' table space. As no space is required to create a table, it is getting created without any issue but as the space is required for inserting data into the table, it is showing the error message as "no privileges on tablespace 'USERS" (Currently, no quota is set for new user in the 'USERS' table space). 

I have asked DBA team to correct the same. Hope, I will not get any issue once they fix the same.

@HongXu,

Thanks for your response. We are already in the process of migrating to CA Directory.

Regards,

Dhilip

Dhilip, That's right. Please ask your DBA to check if the above Oracle user has the "Unlimited Tablespace" privilege granted for that tablespace.

Rgds.- Vijay

Hi Vijay,

Thanks for your support. As per our company standards, using unlimited table space is not allowed. So, I have asked our DBA team to set the SIZE as 20G. Also, I have asked them to enable AUTOEXTEND. I hope this should be sufficient. Let me know if there any concerns.

Also, currently I have successfully set up policy store & super user account using configuration wizard.

Regards,

Dhilip