Before installing, you need an Oracle JDBC file for the application server and an existing database for Identity Governance to use. You can create existing schemas if you do not want the installation program to create these. The installation program will create the schemas, tables, views, and other artifacts in the database unless you select Generate SQL for later in the Database details section of the installation program. The program needs the name of the database, user tablespace (USERS by default), temporary tablespace (TEMP by default), and the user schemas to represent the operations, data collection, provisioning workflow, and analytics tables for Identity Governance.
IMPORTANT:You must turn on the SQL Tuning Advisor to optimize queries in the Oracle database.
However, your database administrator might prefer to create the schemas, as well as the database artifacts, rather than allowing the installation process to do so. Your database administrator can choose to complete the following actions before you install Identity Governance:
After you install Identity Governance, the database administrator might need to update the schemas and global configuration values. For more information, see Section 7.0, Completing the Installation Process.
To run queries against the databases, you must add an Oracle JDBC file to the Tomcat library.
Download the ojdbc7.jar file from the Oracle website.
Copy the file to a temporary directory on the tomcat_install server.
The installation process then places the file in the:
Linux: /opt/netiq/idm/apps/tomcat/lib directory
Windows: c:\netiq\idm\apps\tomcat\lib directory
NOTE:Ensure that you do not have an older version of the Oracle JDBC file in the directory or the installation fails.
Your database administrator can choose to create the schemas in the Identity Governance database before you run the installation. Otherwise, the installation program can generate the schemas.
This procedure assumes that you will use the default names for the schemas:
Identity Governance: igops, igdcs, igwf, and igara
Identity Reporting: idm_rpt_cfg
To create the schemas:
Install a supported version of Oracle.
For more information, see Database Server System Requirements.
Create or identify the database that you want Identity Governance to use.
In the database, create the schema for igops, igdcs, igwf, and igara with the following privileges:
select_catalog_role
Create session
Create table
Create view
Create sequence
Create procedure
Create trigger
Analyze any (igops only)
Create public synonym (igops only)
Drop public synonym (igops only)
Specify the same password for all schemas.
NOTE:The installation process for Identity Governance requires you to specify one password that applies to all schemas. After installing Identity Governance, you can modify the passwords to be unique for each schema.
Issue the following commands:
NOTE:If you use the default values of users and temp, skip the following commands:
alter user dbName default tablespace users; alter user dbName temporary tablespace temp;
alter user igops default tablespace users; alter user igops temporary tablespace temp; alter user igops quota unlimited on users; alter user igdcs default tablespace users; alter user igdcs temporary tablespace temp; alter user igdcs quota unlimited on users; alter user igwf default tablespace users; alter user igwf temporary tablespace temp; alter user igwf quota unlimited on users; alter user igara default tablespace users; alter user igara temporary tablespace temp; alter user igara quota unlimited on users; CREATE USER idm_rpt_cfg IDENTIFIED BY "<password>"; GRANT CREATE SESSION, CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE TO idm_rpt_cfg; create role ig_report_role not identified; grant EXECUTE ON igops.max_risk_level to igrptuser; grant EXECUTE ON igops.min_risk_level to igrptuser; grant EXECUTE ON igops.risk_value to igrptuser;
Create the reporting user igrptuser.
CREATE USER igrptuser IDENTIFIED BY "igrptuser_password";
Grant the reporting role to the reporting user plus additional privileges.
GRANT IG_REPORT_ROLE TO igrptuser; GRANT CREATE SESSION TO igrptuser; ALTER USER igrptuser DEFAULT TABLESPACE USERS; ALTER USER igrptuser TEMPORARY TABLESPACE TEMP;
When installing Identity Governance, specify one of the following settings:
Configure database now > Update, if you want the installation program to generate or update the schemas, tables, and views when you migrate from Identity Governance 2.5 to 3.0
Configure database now > Use only existing, if your database is already set up correctly with all schemas, roles, and users
Generate SQL for later, if your database administrator wants to generate the schemas, tables, and views
No database configuration, for using two or more nodes in clustered environment
For more information about using SQL statements after installation, see Configuring the Databases after Installation.
The installation process requires the password for an administrator account in Oracle that can create tables, views, and other artifacts in the databases. You can avoid specifying the password for the Oracle system account by creating a temporary administrator for the installation process to use.
The temporary account must have the CONNECT role and the following system privileges:
Alter user
Create public synonym
Create user
Drop public synonym
Drop user
Grant any object privilege
Grant any privilege
Grant any role
During installation, you can also select Generate SQL for later, which prevents the installation program from creating the tables, views, and artifacts in the Identity Governance or Identity Reporting database. Instead, the program generates a SQL file for each schema, which your database administrator can run to update the database. For more information about using the SQL files, see Configuring the Databases after Installation.