JDBC Database Access Rights
In general, IDM requires minimal access rights to the JDBC repository for daily operation. This section lists the minimum permissions required, and suggests a strategy for restricting database access in your deployment.
The JDBC repository used by IDM requires only one relevant user—the service account that is used to create the tables. Generally, the details of this account are configured in the repository connection file (datasource.jdbc-default.json
). By default, the username and password for this account are openidm
and openidm
, regardless of the database type.
All other users are created by the db/database-type/scripts/openidm.sql
script. The openidm
user account must have SELECT, UPDATE, INSERT, and DELETE permissions on all the openidm tables that are created by this script, by the scripts that create the tables specific to the Flowable workflow engine, and by the script that sets up the audit tables if you are using the repository audit event handler.