Securing the COGNOSCS database in Oracle

IBM® Cognos® BI requires additional grants to create tables for internal use. After the first successful startup of the IBM Cognos BI server, you can revoke the additional privileges required for table creation for the database user in the IBM Cognos BI content store database.

Procedure

Use the following commands to revoke the additional privileges required for IBM Cognos BI schema creation and allow IBM Cognos BI to operate in a runtime mode with reduced privileges: 
REVOKE CREATE USER FROM @SCHEMA@;
REVOKE ALTER USER FROM @SCHEMA@;
REVOKE DROP USER FROM @SCHEMA@;

REVOKE CREATE ANY TABLE FROM @SCHEMA@;
REVOKE ALTER ANY TABLE FROM @SCHEMA@;
REVOKE DROP ANY TABLE FROM @SCHEMA@;

REVOKE CREATE ANY SEQUENCE FROM @SCHEMA@;
REVOKE ALTER ANY SEQUENCE FROM @SCHEMA@;
REVOKE DROP ANY SEQUENCE FROM @SCHEMA@;

REVOKE CREATE ANY PROCEDURE FROM @SCHEMA@;
REVOKE ALTER ANY PROCEDURE FROM @SCHEMA@;
REVOKE DROP ANY PROCEDURE FROM @SCHEMA@;

REVOKE CREATE ANY VIEW FROM @SCHEMA@;
REVOKE DROP ANY VIEW FROM @SCHEMA@;

REVOKE CREATE ANY TRIGGER FROM @SCHEMA@;
REVOKE ALTER ANY TRIGGER FROM @SCHEMA@;
REVOKE DROP ANY TRIGGER FROM @SCHEMA@;

REVOKE CREATE ANY INDEX FROM @SCHEMA@;
REVOKE DROP ANY INDEX FROM @SCHEMA@;

REVOKE LOCK ANY TABLE FROM @SCHEMA@;

For more information about database configuration for IBM Cognos BI on Oracle, see Suggested Settings for Creating the Content Store in Oracle.

Parent topic: Configuring database security in Oracle