Creating users for Oracle databases

Edit online

You must create the users for Oracle databases before you install IBM® Business Automation Workflow. Create the cell-scoped user, the Process database user, the Performance Data Warehouse user, and the three users for the Content database: design object store user, target object store user, and IBM Content Navigator user. The Process, Performance Data Warehouse, and Content database users are not needed for an AdvancedOnly deployment environment.

Note: If you are using a custom installation and configuration path, follow the instructions in the topic Creating users for Oracle databases in a network deployment environment on Windows.

Before you begin

For simplicity, the instructions on this page assign more than the minimum required privileges to an IBM Business Automation Workflow database user. The minimum required privileges are listed in the Oracle database privileges topic. If you want to specify a more fine-grained list of privileges, change the instructions of this page according to the privileges listed in the Oracle database privileges topic.

Before you create any users for Oracle databases, see the topic Configuring XA transactions for Oracle in a network environment on Windows.

Before you install your system in Oracle database, ensure that the minimum initial settings in the following table are met for Business Automation Workflow database schema users:
Table 1. Minimum initial settings for Business Automation Workflow database schema users
Tuning item Minimum memory for initial settings (MB)
Buffer cache 2048
Shared pool size 1024
Note: You might want to enlarge the memory for the preceding settings depending on the capacity of your system. For more tuning details, consult your database administrator.

Recommendations for database table space settings:

On Oracle, IBM Business Automation Workflow stores large objects (LOBs) with the SECUREFILE option. For SECUREFILE, it is recommended to use a table space with the AUTOALLOCATE option. If you use UNIFORM SIZE extents, ensure that the UNIFORM SIZE is big enough. Given the default block size of 8K, specify a UNIFORM SIZE of at least 120K. Business Automation Workflow does not explicitly prescribe the table space options; it relies on the default Oracle settings (such as AUTOALLOCATE) to automatically manage extents.

For new Business Automation Workflow installations, create table spaces with the AUTOALLOCATE option.

For migrations, if you use table spaces with a UNIFORM SIZE less than 120K, create new table spaces with the AUTOALLOCATE option and make it the default table space for Business Automation Workflow database schema users.

About this task

The default database names are BPMDB for the Process database, PDWDB for the Performance Data Warehouse database, CMNDB for the Common database, and CPEDB for the Content database. In the case of an Advanced deployment environment or AdvancedOnly deployment environment, the Common database has two parts: one is scoped to the cell and the other is scoped to the deployment environment. Both parts can be defined to use CMNDB (which is the default) or they can use separate databases. For details about databases and schemas, see Planning the number of databases.

You can use a single instance of Oracle for configuring IBM Business Automation Workflow. The Oracle instance must exist and be available for access. Consult the Oracle documentation to create an Oracle instance. If you use a single Oracle instance, make sure that you use different user IDs for the Process database, Performance Data Warehouse database, and Common database. You also need three different users for the Content database schemas:
  • Design object store (DOS)
  • Target object store (TOS)
  • IBM Content Navigator (ICN)

For simplicity, the instructions on this page assign more than the minimum required privileges to an IBM Business Automation Workflow database user. The minimum required privileges are listed in the Oracle database privileges topic. If you want to specify a more fine-grained list of privileges, change the instructions of this page according to the privileges listed in the Oracle database privileges topic.

Procedure

For all databases except the Content database, use one of the following methods to create each database user that you require. Then see the third bullet to create the Content database.

  • Create and run the createUser.sql file as described in the following substeps:
    1. Save the following SQL statements into a file named createUser.sql: 
      -- create a new user
CREATE USER @DB_USER@ IDENTIFIED BY @DB_PASSWD@;

-- allow the user to connect to the database
grant connect to @DB_USER@;

-- provide quota on all table spaces with BPM tables
grant unlimited tablespace to @DB_USER@;

-- grant privileges to create database objects:
grant resource to @DB_USER@;
grant create view to @DB_USER@;

-- grant access rights to resolve lock issues
grant execute on dbms_lock to @DB_USER@;

-- grant access rights to resolve XA related issues:
grant select on pending_trans$ to @DB_USER@;
grant select on dba_2pc_pending to @DB_USER@;
grant select on dba_pending_transactions to @DB_USER@;
-- If using Oracle 10.2.0.3 or lower JDBC driver, un-comment the following statement:
-- grant execute on dbms_system to @DB_USER@;
-- If not using Oracle 10.2.0.4 or higher JDBC driver, comment the following statement:
grant execute on dbms_xa to @DB_USER@;
      For information about recovering Oracle database transactions, see the topic Configuring XA transactions for Oracle in a network environment on Windows.
    2. In the SQL statements, replace @DB_USER@ with the user name that you want to use for the database and replace @DB_PASSWD@ with the password for that user.
    3. Run the following command to create the database user: 
      sqlplus oracle_user_ID/oracle_password@db_name @createUser.sql
  • Run SQL statements in a command editor as described in the following substeps:
    1. Copy the following SQL statements into a command editor: 
      -- create a new user
CREATE USER @DB_USER@ IDENTIFIED BY @DB_PASSWD@;

-- allow the user to connect to the database
grant connect to @DB_USER@;

-- provide quota on all table spaces with BPM tables
grant unlimited tablespace to @DB_USER@;

-- grant privileges to create database objects:
grant resource to @DB_USER@;
grant create view to @DB_USER@;

-- grant access rights to resolve lock issues
grant execute on dbms_lock to @DB_USER@;

-- grant access rights to resolve XA related issues:
grant select on pending_trans$ to @DB_USER@;
grant select on dba_2pc_pending to @DB_USER@;
grant select on dba_pending_transactions to @DB_USER@;
-- If using Oracle 10.2.0.3 or lower JDBC driver, un-comment the following statement:
-- grant execute on dbms_system to @DB_USER@;
-- If not using Oracle 10.2.0.4 or higher JDBC driver, comment the following statement:
grant execute on dbms_xa to @DB_USER@;
    2. In the SQL statements, replace @DB_USER@ with the user name that you want to use for the database and replace @DB_PASSWD@ with the password for that user.
    3. Run the SQL statements in the command editor.
  • Create the content database (CPEDB) and the users for the design object store (DOS), target object store (TOS), and IBM Content Navigator (ICN):
    1. Save the following SQL statements into a file named createDatabase_ECM.sql: 
      
CREATE SMALLFILE TABLESPACE @ECM_DATA_TS@ DATAFILE '@DB_DIR@/@DB_NAME@/@ECM_DATA_TS@.dbf' SIZE 100M REUSE AUTOEXTEND ON NEXT 51200K MAXSIZE 32767M LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;

CREATE USER @DB_USER@ PROFILE DEFAULT IDENTIFIED BY @DB_PASSWD@ DEFAULT TABLESPACE @ECM_DATA_TS@ TEMPORARY TABLESPACE TEMP ACCOUNT UNLOCK;
GRANT CREATE TABLESPACE TO @DB_USER@;
GRANT UNLIMITED TABLESPACE TO @DB_USER@;
GRANT CONNECT TO @DB_USER@;
GRANT RESOURCE TO @DB_USER@;
grant create view to @DB_USER@;
grant execute on dbms_lock to @DB_USER@;
grant select on pending_trans$ to @DB_USER@;
grant select on dba_2pc_pending to @DB_USER@;
grant select on dba_pending_transactions to @DB_USER@;
grant execute on dbms_xa to @DB_USER@;
    2. Update and run the file to create the target object schema (TOS) user. Replace @DB_DIR@ with the data directory of your database, which you must create before running the SQL files. Replace @DB_NAME@ with the Oracle instance name, for example, orcl, @DB_USER@ with the schema name, and @DB_PASSWD@ with the password for the user. Replace @ECM_DATA_TS@ with TOSSA_DATA_TS.
      Remember the names you choose for users. You will enter them in the launchpad.
    3. Update and run the file again to create the design object schema (DOS) user. Replace @ECM_DATA_TS@ with DOSSA_DATA_TS.
      Remember the names you choose for users. You will enter them in the launchpad.
    4. Update and run the createUser.sql file you created in an earlier step to create one user for the Content database.
    5. Save the following SQL statements into a file named createTablespaceICN.sql: 
      
-- Create table spaces

CREATE TABLESPACE @ECMClient_TBLSPACE@
    DATAFILE '@DB_DIR@/@DB_NAME@/@ECMClient_TBLSPACE@.dbf' SIZE 200M REUSE
    AUTOEXTEND ON NEXT 20M
    EXTENT MANAGEMENT LOCAL
    SEGMENT SPACE MANAGEMENT AUTO
    ONLINE
    PERMANENT
;

CREATE TEMPORARY TABLESPACE @ECMClient_TBLSPACE@TEMP
    TEMPFILE '@DB_DIR@/@DB_NAME@/@ECMClient_TBLSPACE@TEMP.dbf' SIZE 200M REUSE
    AUTOEXTEND ON NEXT 20M
    EXTENT MANAGEMENT LOCAL
;


-- Alter existing schema

ALTER USER @ECMClient_SCHEMA@
    DEFAULT TABLESPACE @ECMClient_TBLSPACE@ 
    TEMPORARY TABLESPACE @ECMClient_TBLSPACE@TEMP;

GRANT CONNECT, RESOURCE to @ECMClient_SCHEMA@;
GRANT UNLIMITED TABLESPACE TO @ECMClient_SCHEMA@;
    6. Update and run the file to create the IBM Content Navigator (ICN) user. Replace @ECMClient_SCHEMA@ with the user you created in createUser.sql. Replace @DB_USER@ with the user name that you want to use and replace @DB_PASSWD@ with the password for that user. Replace the table space name @ECMClient_TBLSPACE@ with WFICNTS.