Derek Giedd Honored Contributor.
Honored Contributor.
540 views

Deployment User

We have a set of PPM 9.21 environments (Dev, QA, Prod).   As a developer, I create the Package.  Our DBA executes the package.  When I create the package I enter my password for each line.  When the DBA executes the package, he has to change the password on every line. 

 

Is there a way for one person to be able to enter a line and another execute it without having to change the password on each line?  I cannot use a single account to both create and execute the line because I need to be able to log who executed the package lines.

-- Remember to give Kudos to answers! (click the KUDOS star)
0 Likes
3 Replies
Jason Nichols K Absent Member.
Absent Member.

Re: Deployment User

This is how the PPM migrator operates.  The commands that perform the export and import function require a valid PPM userid and password.  The OOTB object types use the current user that executes the step in the workflow to validate they have permissions to migrate Kintana Objects (access grant check).  This means that the password for the current user must be entered into each package line so that this verification can be done.  Any attempts to change this behavior may compromise the security of the system.

Absent Member.. bzdafro Absent Member..
Absent Member..

Re: Deployment User

Agree with above. The OOTB migrator behaves the same way. Your only option is to use a dedicated non human id to run the scripts so the person doesnt have to enter his/her password for each line. Something like sqlplus -s [ENV="xxxx".DB_USERNAME]/'[ENV="xxx".DB_PASSWORD]'@[P.DB_NAME] \@$driver

PPM records who created the package and submits each line. Even using the non human id to run the script, PPM will still show in the line transaction history who executed each workflow step and when.
Derek Giedd Honored Contributor.
Honored Contributor.

Re: Deployment User

Thanks to both of you for the feedback.  We decided to create a deployment user account.  In dev, I have the password for this user and create the package from this account.  At the time of deployment, our DBA will temporarily change the password in the next higher environment to match the password in dev.  Then when the deployment is complete, the password is changed back.  It is not ideal, but it is much easier than changing the password on every line of the package.

-- Remember to give Kudos to answers! (click the KUDOS star)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.