Prepare Database Instance for IFS Cloud¶
During the prepare process the following tasks are performed:
- Verify and create tablespaces To ensure that all tablespaces exist, the IFS Cloud Installer checks for the tablespaces in the database and add the ones which are missing. A prefix value for the tablespace names is defined in the define.tem file, where you also can setup individual paths for each tablespace. The default path is where the SYSTEM tablespace is found if no individual path is set. If you are using the provided Oracle DBCA template for non multitenant database to create your database, the default tablespaces for IFS Applications are set up already when the database is created.
- Set up an Oracle profile for internal users All internal IFS Applications users are connected to an own Oracle profile. The name of this profile is found in define.tem.
- Create/update application owner account Depending on you are running a fresh install or an upgrade, the application owner account is created or updated. The name of the account is fetched from define.tem. The password is requested and mandatory to enter if the account is to be created, i.e. the question has no meaning in an upgrade scenario since the account then already exists. Quotas to tablespaces are given to the account. The Oracle profile is set/updated.
- Grant DBA privileges to application owner All necessary DBA privileges the application owner needs are granted.
- Create/Update Info Owner owner account Depending on the Info Owner owner account exists since before or not, it is created or updated. The name of the account is fetched from define.tem. The password is requested and mandatory to enter if the account is to be created, i.e. if the account exists since before the question has no meaning. Quotas to tablespaces are given to the Info Owner owner account. The Oracle profile is set/updated.
- Grant DBA privileges to Info Owner owner All necessary DBA privileges the Info Owner owner needs are granted.
- Create/Update IFSSYS account Depending on the IFSSYS account exists since before or not, it is created or updated. The password is requested and mandatory to enter if the account is to be created, i.e. if the account exists since before the question has no meaning. The Oracle profile is set/updated.
- Deploy packages for installation support Packages for supporting the installation process are deployed in the application owner schema and the Info Owner schema.
- Update Oracle profile for internal users Existing internal users will be assigned to the IFS designed profile for internal users, but only of their existing profile is DEFAULT, i.e. the Oracle default profile (this step is only valid when upgrading).
\*=Or the name defined in define.tem
- Revoke grants from PUBLIC By a variable in define.tem you decide if you should revoke the more powerful packages from database server user group PUBLIC (which all users are member of). It is recommended to revoke some grants from PUBLIC for hardening the database against security attacks, which helps protect customer data, network and servers. The revoked packages are UTL_SMTP, UTL_TCP, UTL_HTTP, UTL_FILE, which are the packages most likely to be misused in attempts to access network or operating system files in a malicious manner (e.g. attack network servers, spread viruses, etc) Important: If you are using another application on the same instance as IFS Cloud, you must ensure that this application not is dependent on the grants to PUBLIC, or make the necessary grants explicitly to the application's schema. A new script, that can be used to undo the changes (grant the revoked packages back to PUBLIC ) if a problem with other applications is experienced, is automatically created during the process. The script will be called GrantToPublic.sql> and placed at same place as the logs files for the prepare database process. Note: You must run the script GrantToPublic.sql logged on as SYS but before you can use it you have to edit it manually.
- Recompile of invalid objects Any invalid objects (in any schema) in the database are recompiled.
Passwords for users created when preparing the database are set as installation parameters at the installer overview level, or in the define.tem file. It is only the users that are stored in the middle tier that can be set at the overview level. These users are the Application Owner, IFSSYS, IFSIAMSYS and IFSMONITORING. Installation parameter values are overriding values in define.tem.