Project and Portfolio Management Practitioners Forum
cancel
Showing results for 
Search instead for 
Did you mean: 

Deployment User

Highlighted
Derek Giedd
Frequent Visitor

Deployment User

We have a set of PPM 9.21 environments (Dev, QA, Prod).   As a developer, I create the Package.  Our DBA executes the package.  When I create the package I enter my password for each line.  When the DBA executes the package, he has to change the password on every line. 

 

Is there a way for one person to be able to enter a line and another execute it without having to change the password on each line?  I cannot use a single account to both create and execute the line because I need to be able to log who executed the package lines.

-- Remember to give Kudos to answers! (click the KUDOS star)
3 REPLIES
Jason Nichols K
Honored Contributor

Re: Deployment User

This is how the PPM migrator operates.  The commands that perform the export and import function require a valid PPM userid and password.  The OOTB object types use the current user that executes the step in the workflow to validate they have permissions to migrate Kintana Objects (access grant check).  This means that the password for the current user must be entered into each package line so that this verification can be done.  Any attempts to change this behavior may compromise the security of the system.

bzdafro
Collector

Re: Deployment User

Agree with above. The OOTB migrator behaves the same way. Your only option is to use a dedicated non human id to run the scripts so the person doesnt have to enter his/her password for each line. Something like sqlplus -s [ENV="xxxx".DB_USERNAME]/'[ENV="xxx".DB_PASSWORD]'@[P.DB_NAME] \@$driver

PPM records who created the package and submits each line. Even using the non human id to run the script, PPM will still show in the line transaction history who executed each workflow step and when.
Derek Giedd
Frequent Visitor

Re: Deployment User

Thanks to both of you for the feedback.  We decided to create a deployment user account.  In dev, I have the password for this user and create the package from this account.  At the time of deployment, our DBA will temporarily change the password in the next higher environment to match the password in dev.  Then when the deployment is complete, the password is changed back.  It is not ideal, but it is much easier than changing the password on every line of the package.

-- Remember to give Kudos to answers! (click the KUDOS star)
//Add this to "OnDomLoad" event