rem $Header: /v65/datamodel/release/oracle/grantusr.

sql 1 7/13/00 4:44p Vchan

$
rem
rem NAME
rem grantusr.sql
rem
rem Description
rem This script creates the Oracle database roles and users for
rem the Siebel Sales Enterprise.
rem There are two types of Oracle users:
rem 1. Table Owner (default SIEBEL) which owns all the
rem database objects for the Siebel Sales Enterprise.
rem This account must have resource privilege on a tablespace.
rem 2. User Account. These are the accounts that SSE users
rem login to. This account has select, insert, update privileges
rem on the tables in the SIEBEL table owner. The user accounts
rem access the database objects in the SIEBEL table owner via
rem the sse_role.
rem
rem NOTES (Please Read The Following First Before Executing This Script):
rem 1. This script must be run by an Oracle DBA Account
rem 2. You must run this script in SQL*Plus because it will prompt you
rem for the name of the siebel_tablespace. Alternatively, you can
rem edit this script to replace the &siebel_tablespace so you can run
rem the script in SQL*DBA.
rem 3. We assume there is only one tablespace (siebel_tablespace) hosting both
Siebel tables
rem and indices. If you have additional tablespaces then you need to add the
grant and
rem alter commands in the script below for each and every tablespace you
create for your
rem Siebel implementation.
rem 4. In v7.7, we have removed the line <grant resource to SIEBEL> from this
script.
rem The past versions of this script had the grant resource privilege command
and
rem this allowed the SIEBEL user to create objects on any tablespace
including
rem the system tablespace, potentially causing problems. However we added
<grant connect
rem to SIEBEL> to make up necessary privledge.
rem 5. In v8.0, individual table owner grants have been replaced by a role
called tblo_role.
rem It is easier to manage this role rather than individual grants, plus
easier to create
rem and grant additional table owners (useful when having oltp and olap in
one instance,
rem for example). Also the new grants are to support Oracle 10gR2.
rem

rem =============================================
rem Create db account and roles for Siebel table owner
rem

rem Create Role sse_role

create role sse_role;
grant create session to sse_role;
rem Create Role tblo_role
create role tblo_role;
grant ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE INDEXTYPE,
CREATE OPERATOR, CREATE PROCEDURE, CREATE SEQUENCE, CREATE SESSION,
CREATE SYNONYM, CREATE TABLE, CREATE TRIGGER, CREATE TYPE, CREATE VIEW,
SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, ADVISOR, CREATE DIMENSION,
CREATE MATERIALIZED VIEW, QUERY REWRITE, ON COMMIT REFRESH,
CREATE ANY SYNONYM
to tblo_role;

rem Create SIEBEL user

create user SIEBEL identified by SIEBEL;
grant tblo_role to SIEBEL;
alter user SIEBEL quota 0 on SYSTEM;
alter user SIEBEL default tablespace &&siebel_tablespace;
alter user SIEBEL temporary tablespace &temp_tablespace;
alter user SIEBEL quota unlimited on &siebel_tablespace;

rem =============================================
rem Create db accounts for Siebel users
rem

create user SADMIN identified by SADMIN;

grant sse_role to SADMIN;
alter user SADMIN default tablespace &&siebel_tablespace;
alter user SADMIN temporary tablespace &temp_tablespace;

create user LDAPUSER identified by LDAPUSER;

grant sse_role to LDAPUSER;
alter user LDAPUSER default tablespace &&siebel_tablespace;
alter user LDAPUSER temporary tablespace &temp_tablespace;