Database user account permissions

OpenText strongly recommends that you create accounts for users who perform the following tasks on the Application Security database:

  • Perform runtime tasks

    A user who performs runtime tasks requires permission to do the following:

    • Perform Data Manipulation Language (DML) operations to SELECT, UPDATE, INSERT, and DELETE data in all the database tables and views
    • Execute stored procedures

  • Execute migration scripts

     OpenText strongly recommends that you create a separate user account for executing migration scripts.

    A user who executes migration scripts requires permission to do the following:

    • Perform Data Manipulation Language (DML) operations to SELECT, UPDATE, INSERT, and DELETE data in all the database tables and views
    • Execute stored procedures

    • Perform Data Definition Language (DDL) operations to CREATE, ALTER, and DROP database tables, views, and indexes

    • For Oracle databases, permission to enable sequences

  • Create and manage the database

    OpenText strongly recommends that you create a separate user account to create and manage the database.

    A user who creates and manages the database requires permission to do the following:

    • Perform all the tasks for which the user who executes migration scripts has permission
    • Create a Application Security database in a dedicated instance
    • Back up and then update the existing Application Security dedicated database instance
    • Bind a Application Security user account to the dedicated database instance

    • Assign a Application Security user account the read‑write permission required to create, initialize, and manage the Application Security database

      At a minimum, this user must have a database account that enables the web application to connect to the database.

  • Create and generate reports

    To add an extra measure of security to reporting, create a database user account with read-only access to the Application Security database, and then use the account credentials to configure security for your BIRT reports (see Configuring Security for BIRT Reporting).