CA DataMinder needs two Oracle accounts that it can use to access the CMS database. These are the Primary User and a Search User. If required, you can also specify additional Search Users and an account for the Schema Owner.
You can specify these users when you run the CMS installation wizard. Alternatively, you can manually create a primary user and schema owner before deploying the CMS (for example, you may want to do this as part of a native DDL script CMS installation).
These users are summarized as follows:
This optional account owns the database schema. Some organizations choose to have separate accounts for the primary user and the database owner. This is typically for security reasons, for example, to ensure that employees cannot connect to the CMS database as the primary user and delete sensitive data or drop the underlying database objects.
This is the main CA DataMinder database account. The infrastructure uses this account to access the CMS database. By default, this user also ‘owns’ the database schema unless a Schema Owner is specified.
Note: If a separate schema owner is specified, the primary user is also sometimes known as the ‘shadow user’.
CA DataMinder consoles use this database account when searching the CMS database for events. This is a secure account that is subject to row level security (RLS) when searching the database for events. This ensures that reviewers cannot see events that they are not permitted to see when they run a search. If multiple database security models are enabled on your CMS, specify a separate Search User database account for each security model.
You must specify a Search User when you install the CMS. This database account is automatically associated with the default database security model, Management Group (Standard). But if you enable additional security models on your CMS, each will require its own, unique Search User.
Note: ‘Row level security’ is a reference to event records in the relevant database tables.
This database account corresponds to the 'Unrestricted' security model. CA DataMinder consoles and external reporting tools can use this database account when searching the CA DataMinder Data Warehouse and CMS database for events. Unlike normal Search User database accounts, the Unrestricted Search User is not subject to row level security (RLS) when searching the database. If a reviewer has 'Unrestricted' security model, the reviewer can see any events when they run a search or report. Search results or reports are not restricted by policy class or the reviewer’s management group.
You specify the Unrestricted Search User if you enable data warehousing when installing a CMS.
External reporting applications (such as BusinessObjects Enterprise) use this database account to connect to the Data Warehouse and CMS database.
You specify the Reporting User if you enable data warehousing when installing a CMS.
|
Copyright © 2014 CA.
All rights reserved.
|
|