|
|
|
CA DLP needs two Oracle accounts that it can use to access the CMS database. These are the Primary User and a Search User. If required, you can also specify additional Search Users and an account for the Schema Owner.
You can specify these users when you run the CMS installation wizard. Alternatively, you can manually create a primary user and schema owner before deploying the CMS (for example, you may want to do this as part of a native DDL script CMS installation).
These users are summarized as follows:
This is the main CA DLP database account. The infrastructure uses this account to access the CMS database. By default, this user also ‘owns’ the database schema unless a Schema Owner is specified.
Note: If a separate schema owner is specified, the primary user is also sometimes known as the ‘shadow user’.
CA DLP consoles use this database account when searching the CMS database for events. This is a secure account that is subject to row level security (RLS) when searching the database for events. This ensures that reviewers cannot see events that they are not permitted to see when they run a search. If multiple database security models are enabled on your CMS, specify a separate Search User database account for each security model.
You must specify a Search User when you install the CMS. This database account is automatically associated with the default database security model, Management Group (Standard). But if you enable additional security models on your CMS, each will require its own, unique Search User.
Note: ‘Row level security’ is a reference to event records in the relevant database tables.
This optional account owns the database schema. Some organizations choose to have separate accounts for the primary user and the database owner. This is typically for security reasons, for example, to ensure that employees cannot connect to the CMS database as the primary user and delete sensitive data or drop the underlying database objects.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |