Dear experts,

I have just set up Baan 4 with Oracle 9i on windows 2003

during setup, the users baan and baandb is created in oracle.

there is also two roles r_baan and r_baandb.

the permission for r_baan is connect, resource and dba
the permission for r_baandb is connect and resource

baan user now has roles connect, resource,r_baan and r_baandb.


I have created new users and also assigned these 4 roles for the new users. But my oracle administrator says that all users should not have dba permissions.

So i removed dba permission from r_baan. Once i do that my users are unable to login.

What is the permission that I should set for r_baan?? is there a document to explain that?

Thanks and regards,

Are you sure you are describing Baan 4?

Under Unix in Baan IV there is only one role r_baan.

This role has select/insert/delete/insert privileges to all Baan tables and gets these privileges automatically assigned, whenever a table is created.
A r_baandb does not exist.

In windows it is basically the same, only that the tables are not in schema baan, but in schema baandb by default. So the role is most likely called r_baandb.

The users need recource, connect and the r_* role.

DBA is never required neither for user baan nor for the ordinary ones. Your admin is right.

Regards

Hi,

I am on windows platform. After baan installation, i get

1) owner of schema is baandb
2) r_baandb is created

After installation
3) the admin then created r_baan to follow the old oracle in unix
4) then he copied over the schema from old oracle to new oracle
5) in the old oracle, the baan tables are separated already to different tablespaces, eg glddat and slsdat. So he did not want to create all these again, he copied these settings to new oracle.

6) now i see for baan and individual users, r_baan and r_baandb is there.
r_baandb only have connect and resource
r_baan have connect, resource and dba

if i remove r_baan, user cannot login
if i leave r_baan there and remove dba role, the user also cannot login.

what should i do?

thanks and regards

As markus says, you do not need to grant dba to either users or roles for Baan operation. You only need to give resource and connect privileges.

for the problem you are facing..

Check the group name in %BSE%\lib\ora\ora_users. This group should exist in %BSE%\lib\ora\ora_groups

Oracle role r_<group name> and user <group name> must exists in oracle.

Check the table owner of the baan tables in the oracle. The owner should be equal to the group name. (assuming private tables for users are not specified in %BSE%\lib\ora_storage).

You can find owner by this sql statement. In the example below I am quering on the maintain user data table of baan.

select owner from dba_segments where segment_name = 'TTTAAD200000';

The owner should be same as the group name.

Please also check the event viewer messages when you are not able to login. You can post the messages here for others to analyze.

OK, your first mistake was to migrate from Unix to Windows!!!

Just kidding!!

Anyway, I think with the above tips you will figure it out. If your DBA imported the tables from schema baan into schema baan, then you just have to change the entry in ora_groups and ora_users accordingly.

To avoid confusion I would later remove the non needed user and role and also revoke the DBA from the user.

Regards