It’s suspiciously like something has changed at Blackboard …

Okay, you may think this is a stretch, but this is a true story from which I am deriving HOPE. I’d like to think that you, Gentle Reader, might have hope too.

Yesterday I set about upgrading our Bb Vista 8.0.0 development environment to 8.0.1 … The goal being to get to 8.0.2 HF 1 in production by mid-June.

So… up start the error messages. But I know it’s not me and I know its not Bb’s 8.0.1 install package or how I’m running it. I know these errors are the result of Oracle database hardening our DBA group has been doing. It’s been rumored, but we Application Admins haven’t been told, what changes were made, only that if we have problems, to come talk to them. (SqueakyWheel Security Management). They have taken away every permission from every database user that they can possibly dream of (SYS, SYSTEM, CTXSYS and WEBCT in this case). Which is exactly what Oracle Best Practices recommends.

A couple of example errors which popped up:

UTL_FILE grants to PUBLIC by Default but not here

Script wants to CREATE VIEW but can't

So…

Following my standard practice, I get screen grabs, find the relative portion of the InstallLog in the installation directory, copy and paste these to the DBA who did the pre-work for me (reviewed and changed tablespace sizes, confirmed no jobs running) AND opened a case with Blackboard Support.

I open the case with Blackboard Support even though my DBA will probably come through for me, because our DBAs always want to know what the vendor says. This time she wanted to know what GRANTS she should set. And she stopped to wait for the vendor.

My day was about to be shot. I mean, you can just see it, can’t you? You keep the install running, one set of permissions is granted relative to the current error, you backup and go forward ’til you reach the next error, you add to your Bb Support case, you tell your DBA (Got SYSDBA? Ha! What do you think?), they add more privileges, you back up go forward and finally one day finish the install.

But no. Not this time. This time when I asked Blackboard for what permissions the WEBCT user needs, I got them. The list.

I’m telling you, something fundamental, something of polity, of ‘openness’ has changed at Blackboard. And even more, I asked for and was easily given permission to post this.

This is what is needed to upgrade Bb CE/Vista (Oracle syntax here):

 

GRANT CREATE SESSION, ALTER SESSION to webct /

GRANT CREATE SEQUENCE, CREATE SYNONYM, CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE TRIGGER, CREATE TYPE TO webct /

GRANT CREATE CLUSTER, CREATE DATABASE LINK, CREATE OPERATOR, CREATE INDEXTYPE TO webct /

GRANT rewrite, unlimited tablespace to webct /

GRANT EXECUTE on ctxsys.ctx_doc to webct /

GRANT EXECUTE on ctxsys.ctx_ddl to webct /

GRANT EXECUTE ON ctxsys.webct_clob_search TO webct /

GRANT EXECUTE ON ctxsys.webct_blob_search TO webct /

GRANT EXECUTE ON ctxsys.webct_clob_search TO webct$PF /

GRANT EXECUTE ON ctxsys.webct_blob_search TO webct$PF /

 

Save the customer. Save the world.

Advertisements

One response to “It’s suspiciously like something has changed at Blackboard …

  1. Editing my own post. There are a couple of EXECUTES the SYS user needs:
    GRANT EXECUTE ON webct_clob_search TO SYS WITH GRANT OPTION;
    GRANT EXECUTE ON webct_blob_search TO SYS WITH GRANT OPTION;
    There. That does it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s