Granting Privileges to DBAs and Application Developers

Anyone who creates or manages dimensional objects in Oracle Database must have the necessary privileges. These privileges are different from those needed just to query the data stored in dimensional objects. The security system is discussed in "About the Security of Dimensional Data in Oracle Database".

Required Roles and Privileges

DBAs and application developers need the following roles and privileges.

To create dimensional objects in the user's own schema:

OLAP_USER role
CREATE SESSION privilege

To create dimensional objects in different schemas:

OLAP_DBA role
CREATE SESSION privilege

To administer data security:

OLAP_XS_ADMIN role

Users also need an unlimited quota on the tablespace in which the dimensional objects are stored. The tablespaces should be defined specifically for OLAP use, as described in "Creating Tablespaces for OLAP".

If the source tables are in a different schema, then the owner of the dimensional objects needs SELECT object privileges on those tables.

Creating the GLOBAL User

Suppose you want to create the GLOBAL user with full privileges to create dimensional objects in the GLOBAL schema and to manage security.

To create the GLOBAL user:

Create the GLO permanent tablespace. See "Creating a Permanent Tablespace for an Analytic Workspace".
Create the GLOTMP temporary tablespaces. See "Creating a Temporary Tablespace for an Analytic Workspace"

Create the GLOBAL user:

CREATE USER "GLOBAL" IDENTIFIED BY password
   DEFAULT TABLESPACE glo 
   TEMPORARY TABLESPACE glotmp
   QUOTA UNLIMITED ON glo
   PASSWORD EXPIRE;

GRANT CREATE SESSION TO GLOBAL;
GRANT OLAP_USER TO GLOBAL;
GRANT OLAP_XS_ADMIN TO GLOBAL;