E-INSTALL: What are the Minimum RDMS Privileges of the PSADMIN Role? (Doc ID 1140413.1)

Last updated on FEBRUARY 01, 2017

Applies to:

PeopleSoft Enterprise PT PeopleTools - Version 8.50 and later
Information in this document applies to any platform.

Goal

Still have questions after reading this document? Please post a question to our community: PeopleTools Community



The PeopleTools 8.5 media contains the file psroles.sql, the contents of which is below (minus the copyright). The PSADMIN role is then granted to the schema that houses the PeopleSoft objects (by default SYSADM).

REMARK -- These are the minimum privileges required to run PeopleSoft
REMARK -- applications. If you plan to run SQL<>Secure, you will need to
REMARK -- grant "execute any procedure" to PSUSER and PSADMIN.

set echo on
spool psroles.log

DROP ROLE PSUSER;
DROP ROLE PSADMIN;

CREATE ROLE PSUSER;
GRANT CREATE SESSION TO PSUSER;

CREATE ROLE PSADMIN;
GRANT
ANALYZE ANY,
ALTER SESSION, ALTER TABLESPACE, ALTER ROLLBACK SEGMENT,
CREATE CLUSTER, CREATE DATABASE LINK, CREATE PUBLIC DATABASE LINK,
CREATE PUBLIC SYNONYM, CREATE SEQUENCE, CREATE SNAPSHOT,
CREATE SESSION, CREATE SYNONYM, CREATE TABLE, CREATE VIEW,
CREATE PROCEDURE, CREATE TRIGGER, CREATE TABLESPACE, CREATE USER,
CREATE ROLLBACK SEGMENT,
DROP PUBLIC DATABASE LINK, DROP PUBLIC SYNONYM, DROP ROLLBACK SEGMENT,
DROP TABLESPACE, DROP USER, MANAGE TABLESPACE, RESOURCE,
EXP_FULL_DATABASE, IMP_FULL_DATABASE,
GRANT ANY ROLE, ALTER USER, BECOME USER
TO PSADMIN WITH ADMIN OPTION;

spool off



The privileges that are not acceptable are preceded with "*"

* analyze any,
alter session,
* alter tablespace,
* alter rollback segment,
create cluster,
create database link, --we can grant temporarily during migration
* create public database link,
* create public synonym,
create sequence,
create snapshot,
create session, --granted via osg_connect
create synonym,
create table,
create view,
create procedure,
create trigger,
* create tablespace,
* create user,
* create rollback segment,
* drop public database link,
* drop public synonym,
* drop rollback segment,
* drop tablespace,
* drop user,
* manage tablespace,
resource, --granted via osg_resource
* exp_full_database,
* imp_full_database,
* grant any role,
* alter user,
* become user

Can the privileges marked be removed?



Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms