Tuning Oracle Database 24-3 24-4 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager Table 24–1 Role Grants for Database Applications Role Name Description Usage Specific to Oracle Identity Manager If Revoked CREATE TABLE Enables a user to create, modify, and delete tables in the users schema. Although this is part of grant resource, this is explicitly required because the grant resource does not allow to create a table through a procedure. User will not be able to create any new tables programmatically. You can revoke this grant when the Oracle Identity Manager deployment is stable, which means all the components and connectors are imported and working as expected. This is because each connector creates its own schema object. This grant is needed for initial run of any archival utility because the archival utilities create tables programmatically. CONNECT Provides the create session privileges To create sessions for users This can be replaced with create session after installation. You can do this when the Oracle Identity Manager deployment is stable, which means all the components and connectors are imported and working as expected. This is because each connector creates its own schema object. Tuning Oracle Database 24-5 RESOURCE Enables a user to create, modify, and delete certain types of schema objects in the schema associated with that user. Grant this role only to developers and to other users that must create schema objects. This role grants a subset of the create object system privileges. For example, it grants the CREATE TABLE system privilege, but does not grant the CREATE VIEW system privilege. It grants the following privileges: ■ CREATE CLUSTER ■ CREATE INDEXTYPE ■ CREATE OPERATOR ■ CREATE PROCEDURE ■ CREATE SEQUENCE ■ CREATE TABLE ■ CREATE TRIGGER ■ CREATE TYPE In addition, this role grants the UNLIMITED TABLESPACE system privilege, which effectively assigns a space usage quota of UNLIMITED on all tablespaces in which the user creates schema objects. To create sequences, indexes, procedures, triggers, and packages User will not be able to create any database objects. Only SYS user will be able to do so. You can revoke this grant when the Oracle Identity Manager deployment is stable, which means all the components and connectors are imported and working as expected. This is because each connector creates its own schema object. Specify the quota for tablespaces correctly. CREATE VIEW Enables a user to create, modify, and delete views in the users schema To create SDP_VISIBLE_V, SDP_REQUIRED_V, SDP_LOOKUPCODE_V, and SDP_RECURSIVE_V views in Oracle Identity Manager The user will not be able to create any views. Only SYS user will be able to do so. DBMS_SHARED_ POOL Fits a database object in a shared pool memory Used for pinning all the procedures and functions used in Oracle Identity Manager in shared memory It can be revoked after installation but may impact performance because some of the procedures and functions may not be pinned explicitly. The pin_obj procedure is created only for Oracle Identity Manager. It is used to explicitly pin database objects into shared memory. Before revoking this role, make sure that the database-level trigger cache_seq is dropped, if already created. Table 24–1 Cont. Role Grants for Database Applications Role Name Description Usage Specific to Oracle Identity Manager If Revoked 24-6 Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager

24.2 Sample Instance Configuration Parameters

Table 24–2 provides information on some important performance-related database initialization parameters for Oracle 11g database. SYS.DBMS_SYSTE M Enables an XA Resource Manager and sets privileges so that the XA Resource Manager can manage the interaction between the Oracle database and the applications. Note: Each database connection is enlisted with the transaction manager as a transactional resource. The transaction manager obtains an XA Resource for each connection participating in a global transaction. The transaction manager uses the start method to associate the global transaction with the resource, and it uses the end method to disassociate the transaction from the resource. The resource manager associates the global transaction to all work performed on its data between the start and end method invocations. For XA resource and database transactions On Oracle Database version 10.2.0.4 onwards, it can be removed safely. Oracle has redeemed themselves by moving the DIST_TXN_SYNC procedure to a new package called DBMS_XA that is available to the public. Therefore, XA clients do not require execute privilege on DBMS_SYSTEM for later oracle versions. SYS.DBMS_FLAS HBACK Enables self-service repair. If you accidentally delete rows from a table, then you can recover the deleted rows. For any failure during reconciliation, you can roll back the changes by using this. This is required for new reconciliation engine in Oracle Identity Manager 11g Release 1 11.1.1 for error handling. CREATE_MATER IALIZED_VIEW Creates a materialized view in the grantees schema To create the OIM_RECON_CHANGES_ BY_RES_MV materialized view User will not be able to create any materialized view. Only SYS user will be able to do so. This materialized view is required for reporting purpose only. SELECT ON VXATRANS SELECT ON PENDING_TRAN S SELECT ON DBA_2PC_PENDI NG SELECT ON DBA_PENDING_ TRANSACTIONS Enables an XA Resource Manager and sets privileges so that the XA Resource Manager can manage the interaction between the Oracle database and the applications. NA Not recommended to remove. Required for XA support. ADMINISTER DATABASE TRIGGER Allows the creation of database-level triggers. To create DDL trigger named ddl_trigger in Oracle Identity Manager Users will not be able to create new DDL triggers. It can be removed after schema creation. Table 24–1 Cont. Role Grants for Database Applications Role Name Description Usage Specific to Oracle Identity Manager If Revoked