I have a customer that is going to setup to use Oracle as the database for their Quality Center (QC) installation. The DBA is balking at a couple of the permissions that need to be in place for the TDMANAGER User that needs to be created prior to installation. Specifically, he does not want any part of the GRANT ALTER USER TO TDMANAGER and GRANT DROP USER TO TDMANAGER. They feel that this is a security risk. So he created the user TDMANAGER without those two permissions being in place. Based on my conversation with Mercury CSO, this will fail. They told me that the reason that these permissions must be in place is becuase when QC creates an Oracle project, it first creates a user ("DomainName_ProjectName_db") and logs in as that user to create the Oracle database. That user is the owner of all the objects (tables and indexes) for the project. Not having these permissions will not allow the tool to work.
So my question to everyone out there is this: Is there a work around for this? The DBA is not wanting to budge from is stance on this matter. He insists that there must be a way to get the tool to work correcctly, without having to give those permissions. They cannot believe that other customers have not had to work around this issue. Is there a way that he can create a role, and then assign permissions to the role, or is he forced to comply with Mercury on this.
This smells of a Sarbanes-Oxley compliance issue and as long as they interpret SOX to mandate it, they probably won't change. On the other-hand Mercury should be responsive to the customers needs, especially when complying with Federal mandates. In actuality there are only 2 paragraphs which speak to IT in the basic SOX document, but the interpretations such as COBIT further refines and dictates the details such as the press does after a Presidential speech by putting a spin on what was said. I don't believe there is a work-a-round other that having your Boss talk the DBA's Boss. The politics of the workplace can be used to get things done usually. Other alternatives are Access or some other DB. Access is alright unless you plan on having a lot of users.
Best of luck and drop me an e-mail at richard.wagner@catalinamarketing if I can help further.