Other Permissions Needed or Not Needed for OpenText PPM Schemas Accounts

This section provides more information about other permissions needed or not needed for OpenText PPM database schema and RML database schema accounts. You can decide whether you want to have them revoked after reading this section.

PPM has not tested every access grant and its impact, because every access grant has a different impact on each customer, as every customer is using PPM differently and for different scenarios. If you are looking for specific access grant impact, you may need to test that out.

SELECT_CATALOG_ROLE

SELECT ANY DICTIONARY

If only SELECT_CATALOG_ROLE is enabled then it provides access to all SYS views only.

If only SELECT ANY DICTIONARY privilege is enabled then it provides access to SYS schema objects only.

If both SELECT ANY TABLE privilege and SELECT ANY DICTIONARY privilege are enabled then it allow access to all SYS and non-SYS objects.

OpenText PPM needs to access many SYS/DBA views and objects, thus needs SELECT_CATALOG_ROLE role and SELECT ANY DICTIONARY privilege.

To generate AWR/ADDM/ASH reports, OpenText PPM needs SELECT_CATALOG_ROLE role too.
OpenText PPM needs access to the following packages:
  • DBMS_JAVA
  • DBMS_JAVA_TEST
  • DBMS_LOB
  • DBMS_SCHEDULER
  • DBMS_SQL

OpenText PPM does not need access to the following packages:
  • UTL_FILE
  • UTL_HTTP
  • UTL_TCP

For other packages, read the information below to decide whether your OpenText PPM still needs access to them:
  • DBMS_JAVA — OpenText PPM uses a stored procedure written in Java, to generate a hash that is used as REFERENCE_CODEs for various OpenText PPM entities. Generating this hash using pure PL/SQL is cumbersome and unreliable, if not impossible. So, OpenText PPM used Java for it and the application code needs access to this package.
  • DBMS_JAVA_TEST — Allows you to test Java Stored Procedures. OpenText PPM might not need to access this package. So far there seems no harm or implications of revoking the access.
  • DBMS_LOB — OpenText PPM stores a lot of data in BLOB and CLOB columns and the application code might need to parse or modify the contents.
  • DBMS_SCHEDULER — Not needed for core OpenText PPM. This is required for Operational Reporting. If your organization does not use Operational Reporting, you may revoke access to this package.

  • DBMS_SQL — OpenText PPM generates dynamic SQL and executes it during installation and upgrade. This package is also used to create triggers as part of the application functionality.

EXECUTE ANY PROCEDURE

EXECUTE ANY PROGRAM

OpenText PPM does not need the EXECUTE ANY PROCEDURE privilege.

OpenText PPM needs the EXECUTE ANY PROGRAM privilege. The definition of EXECUTE ANY PROGRAM is: use any program in a job in the grantee's schema.

CREATE ANY VIEW, CREATE ANY TABLE, SELECT ANY TABLE

RML_USER needs these three privileges:

  • CREATE ANY TABLE — Create tables in any schema. The owner of the schema containing the table must have space quota on the tablespace to contain the table.

  • SELECT ANY TABLE — Query tables, views, or materialized views in any schema.

  • CREATE ANY VIEW — Create views in any schema.
Privileges required for RML database schema 

grant create session to &RML_USERNAME;
grant create table to &RML_USERNAME;
grant create view to &RML_USERNAME;
grant create synonym to &RML_USERNAME;
grant resource to &RML_USERNAME;

For information about other Oracle database privileges, see Oracle documentation.