Step 2: Restricting database user permissions
If Rule Execution Server data is stored in a database, the database administrator might require that you provide the specific permissions to access the database.
Connection to the Rule Execution Server database, as established in the data source credentials, and any subsequent requests to the database are handled through a database user. This database user (name and password), for example resdbUser, is defined by the database administrator and has no relation to the standard Rule Execution Server groups.
The following table gives the typical list of permissions that the database administrator must define on the Rule Execution Server database, with attention given to the type of operations. Some supported databases do not require all these permissions.
Database permission | Operation | |
---|---|---|
Browse and edit rulesets and RuleApps | Create the Rule Execution Server schema | |
CREATE INDEX | Not required | Required |
DROP INDEX | Not required | Required |
CREATE SEQUENCE | Not required | Required |
DROP SEQUENCE | Not required | Required |
SELECT SEQUENCE | Required | Not required |
CREATE TABLE | Not required | Required |
DROP TABLE | Not required | Required |
INSERT TABLE | Required | Not required |
SELECT TABLE | Required | Not required |
UPDATE TABLE | Required | Not required |
DELETE TABLE | Required | Not required |
CREATE TRIGGER | Not required | Required |
CREATE VIEW | Not required | Required |
DROP VIEW | Not required | Required |