Before installing, you need an MS SQL Server JDBC file for the application server and an existing database for Identity Governance to use. You can install MS SQL Server and create the databases for Identity Governance if you do not want the installation program to create these. The installation program can create the databases, tables, views, and other artifacts in the databases. The program needs the name of the databases to represent the operations, data collection, provisioning workflow, and analytics databases for Identity Governance.
However, your database administrator might prefer to create the schemas, as well as the database artifacts, rather than allowing the installation process to do so. Your database administrator can choose to complete the following actions before you install Identity Governance:
To run queries against the database, add the JDBC file to the application server.
Ensure that you do not have an older version of the JDBC file in the:
Linux: /opt/netiq/idm/apps/tomcat/lib directory
Windows: c:\netiq\idm\apps\tomcat\lib directory
When you install Identity Governance, the installation program places the correct JDBC file in the directory.
Your database administrator can choose to create the databases for Identity Governance before you run the installation. Otherwise, the installation program can generate the databases.
Install a supported version of SQL Server. For more information, see Database Server System Requirements.
Create the databases, logins, users, and roles using the following commands:
USE [master]; CREATE DATABASE [igops]; CREATE DATABASE [igdcs]; CREATE DATABASE [igwf]; CREATE DATABASE [igara]; ALTER DATABASE [igops] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT; ALTER DATABASE [igdcs] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT; ALTER DATABASE [igwf] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT; ALTER DATABASE [igara] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT; CREATE LOGIN [igops] WITH PASSWORD = 'password'; CREATE LOGIN [igdcs] WITH PASSWORD = 'password'; CREATE LOGIN [igwf] WITH PASSWORD = 'password'; CREATE LOGIN [igara] WITH PASSWORD = 'password'; GO USE [igops]; CREATE USER [igops] FOR LOGIN [igops]; ALTER ROLE [db_owner] ADD MEMBER [igops]; CREATE ROLE [IG_REPORT_ROLE]; CREATE LOGIN [igrptuser] WITH PASSWORD = 'password'; CREATE USER [igrptuser] FOR LOGIN [igrptuser]; ALTER ROLE [IG_REPORT_ROLE] ADD MEMBER [igrptuser]; GO USE [igdcs]; CREATE USER [igdcs] FOR LOGIN [igdcs]; ALTER ROLE [db_owner] ADD MEMBER [igdcs]; GO USE [igwf]; CREATE USER [igwf] FOR LOGIN [igwf]; ALTER ROLE [db_owner] ADD MEMBER [igwf]; GO USE [igara]; CREATE USER [igara] FOR LOGIN [igara]; ALTER ROLE [db_owner] ADD MEMBER [igara]; GO
(Optional) If you are installing Identity Reporting, also use the following commands:
USE [master];
CREATE DATABASE [reports];
ALTER DATABASE [reports] SET READ_COMMITTED_SNAPSHOT ON WITH NO_WAIT;
CREATE LOGIN [idm_rpt_cfg] WITH PASSWORD = 'password';
GO
USE [reports];
CREATE USER [idm_rpt_cfg] FOR LOGIN [idm_rpt_cfg];
GO
USE [reports];
GRANT EXECUTE ON [igops.max_risk_level] TO [IG_REPORT_ROLE];
GRANT EXECUTE ON [igops.min_risk_level] TO [IG_REPORT_ROLE];
GRANT EXECUTE ON [igops.risk_value] TO [IG_REPORT_ROLE];
GO
Then log into [reports] database directly and execute the following commands:
CREATE SCHEMA [idm_rpt_cfg] AUTHORIZATION [idm_rpt_cfg]; GO ALTER AUTHORIZATION ON SCHEMA::[idm_rpt_cfg] TO [idm_rpt_cfg]; GO
Specify the same password for all databases.
NOTE:The installation process for Identity Governance requires you to specify one password that applies to all databases. After installing Identity Governance, you can modify the passwords to be unique for each database.
Create the reporting user igrptuser.
USE [igops]; CREATE LOGIN [igrptuser] WITH PASSWORD = 'igrptuser_password'; CREATE USER [igrptuser] FOR LOGIN [igrptuser];
Grant the reporting role to the reporting user.
USE [igops]; ALTER ROLE [IG_REPORT_ROLE] ADD MEMBER [igrptuser];
When installing Identity Governance, specify one of the following settings:
Configure database now > Update, if you want the installation program to generate or update the schemas, tables, and views when you migrate from Identity Governance 2.5 to 3.0
Configure database now > Use only existing, if your database is already set up correctly with all schemas, roles, and users
Generate SQL for later, if your database administrator wants to generate the schemas, tables, and views
No database configuration, for using two or more nodes in clustered environment
For more information about using SQL statements after installation, see Configuring the Databases after Installation.
The installation process requires the password for an administrator account in MS SQL Server that can create databases, tables, views, and other artifacts in the databases. You can avoid specifying the password for the admin account by creating a temporary administrator for the installation process to use.
The temporary account must have the following properties:
Create any database
Alter any login
Alter any user
Create role
During installation, you can also select Generate SQL for later, which prevents the installation program from creating the tables, views, and artifacts in the Identity Governance or Identity Reporting database. Instead, the program generates a SQL file for each schema, which your database administrator can run to update the database. For more information about using the SQL files, see Configuring the Databases after Installation.