During the installation process, you might have specified Generate SQL for later to configure the databases or schema after installation. Your database administrator needs to run the SQL scripts that the installation created to populate the databases. For PostgreSQL, the administrator also needs to create the roles for the Identity Governance databases. For MS SQL, the administrator also needs to create the logins, users, and roles for the Identity Governance databases. If you selected Configure Database Now during the installation, you can skip this section.
Identity Governance needs the following SQL scripts, located by default in:
Linux: /opt/netiq/idm/apps/idgov/sql
Windows: c:\netiq\idm\apps\idgov\sql
These are files for the specific database or schema:
ops-init.sql for the igops database or schema
dcs-init.sql for the igdcs database or schema
wf-init.sql for the igwf database or schema
ara-init.sql for the igara database or schema
To configure the Identity Governance and Identity Reporting databases, see the following sections:
The database administrator must create the appropriate roles in the database for Identity Governance. The database administrator or database owners must run the SQL scripts that the installation program generated. It is best practice to have the database administrator review the SQL scripts. Also, you must populate the global configuration values in the database.
NOTE:You must create the roles with the igops, igdcs, igwf, and igara database passwords rather than the database administrator password.
To populate the user schema in the database, have the database administrator run a command similar to the following:
CREATE ROLE operations_db_name LOGIN password 'password'; CREATE ROLE data_collection_db_name LOGIN password 'password'; CREATE ROLE workflow_db_name LOGIN password 'password'; CREATE ROLE analytics_db_name LOGIN password 'password'; CREATE ROLE ig_report_role NOLOGIN; CREATE DATABASE igops WITH OWNER = operations_db_name ENCODING = 'UTF8'; CREATE DATABASE igdcs WITH OWNER = data_collection_db_name ENCODING = 'UTF8'; CREATE DATABASE igwf WITH OWNER = workflow_db_name ENCODING = 'UTF8'; CREATE DATABASE igara WITH OWNER = analytics_db_name ENCODING = 'UTF8';
For example:
CREATE ROLE igops LOGIN PASSWORD 'netiq'; CREATE ROLE igdcs LOGIN PASSWORD 'netiq'; CREATE ROLE igwf LOGIN PASSWORD 'netiq'; CREATE ROLE igara LOGIN PASSWORD 'netiq'; CREATE ROLE ig_report_role NOLOGIN; CREATE DATABASE igops WITH OWNER = igops ENCODING = 'UTF8'; CREATE DATABASE igdcs WITH OWNER = igdcs ENCODING = 'UTF8'; CREATE DATABASE igwf WITH OWNER = igwf ENCODING = 'UTF8'; CREATE DATABASE igara WITH OWNER = igara ENCODING = 'UTF8';
Have the database administrator run the SQL scripts to create and configure the Identity Governance databases. These are located by default in the following directory:
Linux: /opt/netiq/idm/apps/idgov/sql
Windows: c:\netiq\idm\apps\idgov\sql
(Optional) To use non-default settings, change the owner and the database name.
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/postgresql-42.1.4.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver org.postgresql.Driver -dbUser igops -dbPassword %igops-password% -dbUrl "jdbc:postgresql://%server%:%port%/igops" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
To populate the global configuration values in the database, enter the following command:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Djava.security.egd=file:///dev/urandom -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/ojdbc.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver oracle.jdbc.OracleDriver -dbUser %igops-user% -dbPassword %password% -dbUrl "jdbc:oracle:thin:@%oracle-server%:%port%/%sid%" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
For example:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/postgresql-42.1.4.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver org.postgresql.Driver -dbUser igops -dbPassword netiq -dbUrl "jdbc:postgresql://localhost:5432/igops" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
Your database administrator must run the SQL scripts to create the tables and views. Also, you must populate the global configuration values in the database.
(Conditional) If you chose to generate SQL scripts, complete the following steps:
Locate the scripts for each schema to create the tables and views.
The scripts are located by default in the following default directory:
Linux: /opt/netiq/idm/apps/idgov/sql
Windows: c:\netiq\idm\app\idgov\sql
To run the scripts, have the database administrator copy the SQL files where they can be run directly on the database.
To populate the global configuration values in the database, enter the following command:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Djava.security.egd=file:///dev/urandom -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/ojdbc.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver oracle.jdbc.OracleDriver -dbUser %igops-user% -dbPassword %password% -dbUrl "jdbc:oracle:thin:@%oracle-server%:%port%/%sid%" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
NOTE:This commands contains the default installation path of /opt/netiq/idm/apps.
For example:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Djava.security.egd=file:///dev/urandom -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/ojdbc.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver oracle.jdbc.OracleDriver -dbUser igops -dbPassword netiq -dbUrl "jdbc:oracle:thin:@myoracle.mycompany.com:1521/mysid" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
The database administrator must create the appropriate logins, users, and roles in the database for Identity Governance. The database administrator or database owners must run the SQL scripts that the installation program generated. It is best practice to have the database administrator review the SQL scripts. Also, you must populate the global configuration values in the database.
NOTE:You must create the roles with the igops, igdcs, igwf, and igara database passwords rather than the database administrator password.
Create the appropriate logins, users, and roles in the database.
Have the database administrator run the SQL scripts to create and configure the Identity Governance databases. These are located by default in the following directory:
Linux: /opt/netiq/idm/apps/idgov/sql
Windows: c:\netiq\idm\apps\idgov\sql
To populate the global configuration values in the database, enter the following command:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/msjdbc.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver com.microsoft.sqlserver.jdbc.SQLServerDriver -dbUser igops -dbPassword %igops-password% -dbUrl "jdbc:sqlserver://%server%:%port%;databaseName=igops" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
For example:
"/opt/netiq/idm/apps/jre/bin/java" -Djava.util.logging.config.file="/opt/netiq/idm/apps/idgov/conf/logging.properties" -Dcom.netiq.ism.config="/opt/netiq/idm/apps/idgov/conf/unused.props" -classpath "/opt/netiq/idm/apps/idgov/lib/ig-configutil.jar":"/opt/netiq/idm/apps/idgov/lib/msjdbc.jar" com.netiq.iac.config.util.IacConfigUtil -dbDriver com.microsoft.sqlserver.jdbc.SQLServerDriver -dbUser igops -dbPassword netiq -dbUrl "jdbc:sqlserver://mysever.netiq.com:1433;databaseName=igops" -script "/opt/netiq/idm/apps/idgov/scripts/import-configs.script"
If you chose Generate SQL for later during installation, have the database administrator run the SQL script to configure the Identity Reporting database. The script is located by default in the following directory:
Linux: /opt/netiq/idm/apps/idrpt/sql
Windows: c:\netiq\idm\apps\idrpt\sql
If you cannot access the SQL scripts, see Manually Generating the Database Schema.