Restrict database user permissions for runtime operations
When the databases are operational, we can decide to create a database user with restricted privileges for the administration and runtime components. The user credentials appear in the application server configuration.
The database administrator may require specific permissions for run time access. Runtime connections are made through using data source credentials. Any subsequent requests to the databases, are handled through a single database user or one distinct user per database. We can improve security by having different users who can access only one kind of database. Especially separating the databases of the MobileFirst runtime environment from the database of the MobileFirst administration component.
These database users have no relation to the standard MobileFirst Server groups. The following table shows the minimal permissions that the database administrator must define on the MobileFirst Server databases for these users:
Database permission MobileFirst Server operation ALTER TABLE Not required CREATE INDEX Not required CREATE ROLE Not required CREATE SEQUENCE Not required CREATE TABLE Not required CREATE VIEW Not required DROP INDEX Not required DROP SEQUENCE Not required DROP TABLE Not required DROP VIEW Not required SELECT TABLE Required INSERT TABLE Required UPDATE TABLE Required DELETE TABLE Required SELECT SEQUENCE Required These minimal permissions also apply to the database user of the (optional) Application Center database.
Parent topic: MobileFirst databases