Introduction / FirstSpirit Server configuration / Database connection / Permissions for database user accounts

Required permissions for database user accounts

Depending on the used database specific permissions are necessary. These are described in the following sections.

Oracle databases

For DBA layers:

CREATE USER <dbuser> IDENTIFIED BY "<password>";
GRANT DBA TO <dbuser>;

For standard layers:

CREATE USER <dbuser> IDENTIFIED BY "<password>";
GRANT CONNECT TO <dbuser>;
GRANT RESOURCE TO <dbuser>;

MySQL databases

For DBA layers:

# mysqladmin --default-character-set=utf8 create <dbname>
# mysql
mysql> CREATE USER <dbuser> IDENTIFIED BY "<password>";
mysql> GRANT ALL PRIVILEGES ON *.* TO <dbuser>;
mysql> GRANT GRANT OPTION ON *.* TO <dbuser>;

For standard layers:

# mysqladmin --default-character-set=utf8 create <dbname>
# mysql
mysql> CREATE USER <dbuser> IDENTIFIED BY "<password>";
mysql> GRANT ALL PRIVILEGES ON <dbname>.* TO <dbuser>;

Specifying UTF-8 character coding does not make sense until MySQL Version 5 and higher.

The InnoDB storage engine must be enabled on the MySQL server!

Advisable MySQL server parameter values for production systems:

[mysqld]
set-variable=max_allowed_packet=4M
key_buffer_size=20M
sort_buffer_size=1M
query_cache_size=14M
innodb_buffer_pool_size=128M

PostgreSQL

For DBA layers:

createdb -E UTF8 myDBname "my DB description text"
createuser -D -A -P -E myDBuser
psql -d myDBname -c "grant create on database myDBname to myDBuser;"

For default layers:

createdb -E UTF8 myDBname "my DB description text"
createuser –D –A -P -E myDBuser

All createuser queries can be answered with "No" as, apart from those assigned to DBA layers via grant create, extended user privileges are not necessary either for DBA layers or for default layers.

The password authentication (type MD5) must then be entered in the /etc/postgres/pg_hba.conf file for the given user on the database used. The following must be called to make the change known to the database server:

pg_ctl reload

IBM DB2

Creating the database (DBA layers and default layers):

db2 create database myDB using codeset utf-8 territory us pagesize 32 k

db2 update db cfg for myDB using applheapsz 1024

db2 connect to myDB

db2 create schema myUser

The last line is only necessary if the default schema “myUser” of the database “myDB” is not yet available.

“myUser” is the JDBC user name which in the case of DB2 is equal to the name of the instance, i.e. for example "db2inst1". If necessary, a different schema name can be used.

The following permissions are necessary for the DB2 user account:

  • For DBA layers: DBADM
  • For default layers: CONNECT, CREATETAB, BINDADD, IMPLICITSCHEMA

MS SQL server

If no SCHEMA was defined in the layer definition, then the DB user will require not only the “public” and “db_owner” permissions in the database set under “jdbc.URL”, but also the server role “System Administrators”. With these permissions, the DB user can create new table owners (same SCHEMA), e.g., when importing projects.

(see configuration example; specific parameters).

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.10 | Data privacy