This overlaps some of the Oracle trigger discussion... but what we'd like to do is have our Oracle and UNIX users created when the Baan user is created in Baan. We were thinking about a trigger in Oracle when a record is inserted, updated or deleted from ttaad200 that would call an add oracle/ora8_maint6.1 and useradd programs to add the user to Oracle and UNIX. We don't want to run a script every half hour to add the users but add them when they are added to Baan. I haven't been able to find the source to Maintain User Data yet :)

A question on that one. Are you creating a unique user Id in Oracle corresponding to each user ID in Baan? A lot of users just have one oracle ID ("BaanUSER") and map all their Baan user ID's to that one user. It saves a lot of Oracle effort and keeps us from having security inconsistencies between the two systems (we let Baan handle all security).

Yes we are. Looking at it a little more carefully, I see what you're talking about. In the $BSE/lib/ora/ora_users file, is the first field the Baan id and the second Oracle? It'd still be nice to have Baan or Oracle trigger a script to run to add the ora_users entry and the UNIX id. Thanks for responding! :)

> the $BSE/lib/ora/ora_users file, is the first field the Baan id and the second Oracle?

The format of that file entries are:
<Baan_user>:<Oracle_user>:<encrypted_password>:<DB_group>

You can build a script that adds the UNIX user and updates the ora_users that accepts as parameters the user_name/password and then it's called from within Baan?
You can add it to the menu just below Maintain User Data, and make sure that when you enter any Baan user, you also run that "session".

OR the best is to do the opposite: create a script that must be run as root that:
- adds the user at UNIX level
- adds the user in oracle
- creates the entry in ora_users
- set's the correct .profile of user, etc. and then
- at the end, runs ttaad2100m000 as bsp so that the user is added.

You can even build this in a loop, so you can do all tasks at once and then only run ttaad2100m000 at the very end to add several users in one bunch.

Originally posted by chadwickh
Yes we are. Looking at it a little more carefully, I see what you're talking about. In the $BSE/lib/ora/ora_users file, is the first field the Baan id and the second Oracle? It'd still be nice to have Baan or Oracle trigger a script to run to add the ora_users entry and the UNIX id. Thanks for responding! :)

Yes. The first entry is user Id and the second is Oracle. This simplifies the Oracle maintenance in that there are not as many ID's there.

I prefer the one-to-one relationship for a user login on OS-DB-Baan level as it makes troublehshooting and tracing easier. It does of course mean more maintenance where user management is concerned.

The one-to-one does preserve the information in Oracle of who updated or added the records, something that is lost with the "BaanUser" ID. It's a matter of balance of workload vs. tracing needs.