Default Permissions for PPM Schemas

By default, the PPM database schema and RML database schema accounts (PPM_USER and RML_USER) are granted Oracle database privileges from an overall PPM perspective, which works for all customer scenarios and environments. Some of these privileges are required, but some are not, and can be revoked without affecting the PPM system.

The PPM database schema account is granted Oracle CONNECT role privileges. If this presents a problem for your organization, you can have your DBA revoke the CONNECT role privilege for the PPM database schema account.

Although revoking the CONNECT role privilege does not affect the PPM system, the PPM schema does require the following grants:

  • grant create session

  • grant create database link

  • grant create procedure

  • grant create sequence

  • grant create synonym

  • grant create table

  • grant create view

  • grant create trigger

  • grant create job

  • grant execute on ctxsys.ctx_ddl

The RML database schema account is granted Oracle RESOURCE role privileges. Because the RML schema requires the RESOURCE role privilege, it cannot be revoked. You can, however, revoke the following privileges, which are also granted to the RML database schema account:

  • CREATE CLUSTER

  • CREATE INDEXTYPE

  • CREATE OPERATOR