CA Identity Manager Connector Guides › Connectors Guide › Connecting to Endpoints › Oracle Connector

Oracle Connector

The Oracle Connector lets you administer accounts and groups on Oracle systems and provides a single point for all user administration by letting you do the following:

• Register endpoints, explore them for objects to manage, and correlate their accounts with global users
• Create and manage Oracle accounts using Oracle‑specific account templates
• Change account passwords and account activations in one place
• Synchronize global users with their provisioning roles or synchronize global users' accounts with their account templates
• Assign an Oracle account template to each of your Oracle endpoints
• Use the default Oracle Policy to create accounts with the minimum security level needed to access an Oracle endpoint
• Create and manage Oracle profiles and roles
• Generate and print reports about Oracle accounts
• Assign Oracle packages and procedures to Oracle accounts

Oracle Configuration

The Oracle connector is managed by CA IAM Connector Server.

Communication between the Provisioning Server and the Oracle server relies on a JDBC connection. A URL specifies connection details to each server, as illustrated in the following example:

jdbc:oracle:thin:@hostname:port:servicename

hostname

The hostname or IP address of the Oracle Server

port

The port number of the Oracle service. Default: 1521.

servicename

Oracle Service Name to connect to.

Example URL

The following URL connects to an Oracle instance named ORACLE running on the default port on the server named oracle_server_host:

jdbc:oracle:thin:@oracle_server_host:1521:ORACLE

For more information, search for JDBC on the Oracle site.

Required Oracle Administrator Account Privileges

The Oracle administrator account that you use with CA Identity Manager is the account name that you enter in the System Logon field of the Endpoint tab of the Oracle Endpoint property sheet.

Give this account at least the following privileges:

System privileges

Alter Profile
Alter Any Role
Alter User
Create Profile
Create Role
Create Session
Create User
Drop Profile
Drop User
Drop Any Role
Grant Any Privilege
Grant Any Role

SELECT object privilege on the following views in the SYS schema

DBA_OBJECTS
DBA_PROFILES
DBA_ROLES
DBA_ROLE_PRIVS
DBA_TABLESPACES
DBA_TAB_PRIVS
DBA_TS_QUOTAS
DBA_USERS

Sufficient privileges to Oracle accounts for packages and procedures

Grant these privileges in ONE of the following ways:

• The account is the owner of these packages and procedures.
• The account has execute privileges with the Admin Option for these packages and procedures.

Oracle Migration Steps

To migrate from the C++ Oracle connector to the Java Oracle connector, you must do the following:

• Install the Oracle Java connector using the CA IAM Connector Server installation
• Add the URL as defined in Oracle Configuration to each existing Oracle endpoint. To do this, edit the endpoint and supply the URL in the JDBC URL field.
• You can remove your DSN if it is not being used for another other purpose

Once this has been done, all types of operations can be executed against the existing Oracle endpoints seamlessly.

Oracle Support for FIPS and IPv6

For this release of CA Identity Manager, the Oracle Connector does not support FIPs or IPv6.

Limitations

Connector Cannot Manage Some Privileges

You cannot use the Oracle connector manage the following operations:

• Manage system privileges or object privileges that apply to Oracle accounts
• Manage system privileges or object privileges that apply to Oracle roles

Instead, use native Oracle administrative tools to work with these privileges.