We were installing our Pega app in Production today and there were some concerns raised by our Information Security Team regarding the grants for Production Database users. Some of them have elevated grants which are not according to the standard in Production.

These were created as per the installation guide and what we did in lower regions.

We have to remove/revoke what is not needed post installation as per Security Team

We need your input on the grants below which can be removed or revoked for the following users.

Please let us know.

GRANT DROP ANY TABLE TO PEGAADMIN;

GRANT ALTER ANY TRIGGER TO PEGAADMIN;

GRANT CREATE ANY VIEW TO PEGAADMIN;

GRANT EXECUTE ANY PROCEDURE TO PEGAADMIN;

GRANT CREATE ANY INDEX TO PEGAADMIN;

GRANT INSERT ANY TABLE TO PEGAADMIN WITH ADMIN OPTION;

GRANT UPDATE ANY TABLE TO PEGAADMIN;

GRANT DROP ANY INDEX TO PEGAADMIN;

GRANT SELECT ANY TABLE TO PEGAADMIN;

GRANT DROP ANY VIEW TO PEGAADMIN;

GRANT CREATE ANY PROCEDURE TO PEGAADMIN;

GRANT ANALYZE ANY TO PEGAADMIN;

GRANT CREATE ANY TYPE TO PEGAADMIN;

GRANT GRANT ANY OBJECT PRIVILEGE TO PEGAADMIN;

GRANT CREATE SESSION TO PEGAADMIN;

GRANT DROP ANY TRIGGER TO PEGAADMIN;

GRANT CREATE ANY TABLE TO PEGAADMIN;

GRANT ALTER ANY TABLE TO PEGAADMIN;

GRANT CREATE ANY TRIGGER TO PEGAADMIN;

GRANT ANALYZE ANY DICTIONARY TO PEGAADMIN;

GRANT UNLIMITED TABLESPACE TO PEGAADMIN;

GRANT DROP ANY PROCEDURE TO PEGAADMIN;

GRANT DELETE ANY TABLE TO PEGAADMIN;

GRANT CREATE ANY TABLE TO PEGABASE;

GRANT CREATE ANY INDEX TO PEGABASE;

GRANT CREATE ANY VIEW TO PEGABASE;

GRANT UNLIMITED TABLESPACE TO PEGABASE;

GRANT CREATE ANY PROCEDURE TO PEGABASE;

GRANT SELECT ANY TABLE TO PEGABASE;

GRANT CREATE ANY TRIGGER TO PEGABASE;

GRANT ANALYZE ANY TO PEGABASE;

GRANT CREATE ANY TYPE TO PEGABASE;

GRANT ALTER ANY TABLE TO PEGABASE;

GRANT UPDATE ANY TABLE TO PEGABASE;

GRANT ALTER ANY TRIGGER TO PEGABASE;

GRANT GRANT ANY OBJECT PRIVILEGE TO PEGABASE;

GRANT CREATE SESSION TO PEGABASE;

GRANT EXECUTE ANY PROCEDURE TO PEGABASE;

GRANT ANALYZE ANY DICTIONARY TO PEGABASE;

GRANT ANALYZE ANY DICTIONARY TO PEGADATA;

GRANT CREATE ANY VIEW TO PEGADATA;

GRANT EXECUTE ANY PROCEDURE TO PEGADATA;

GRANT CREATE ANY TRIGGER TO PEGADATA;

GRANT SELECT ANY TABLE TO PEGADATA;

GRANT CREATE ANY INDEX TO PEGADATA;

GRANT ALTER ANY TABLE TO PEGADATA;

GRANT UPDATE ANY TABLE TO PEGADATA;

GRANT ANALYZE ANY TO PEGADATA;

GRANT UNLIMITED TABLESPACE TO PEGADATA;

GRANT CREATE ANY TABLE TO PEGADATA;

GRANT GRANT ANY OBJECT PRIVILEGE TO PEGADATA;

GRANT CREATE ANY TYPE TO PEGADATA;

GRANT CREATE ANY PROCEDURE TO PEGADATA;

GRANT CREATE SESSION TO PEGADATA;

GRANT ALTER ANY TRIGGER TO PEGADATA;

GRANT CREATE ANY INDEX TO PEGADEPLOYMENT;

GRANT UPDATE ANY TABLE TO PEGADEPLOYMENT;

GRANT ANALYZE ANY TO PEGADEPLOYMENT;

GRANT CREATE ANY TYPE TO PEGADEPLOYMENT;

GRANT UNLIMITED TABLESPACE TO PEGADEPLOYMENT;

GRANT ALTER ANY TRIGGER TO PEGADEPLOYMENT;

GRANT CREATE ANY TABLE TO PEGADEPLOYMENT;

GRANT DROP ANY TRIGGER TO PEGADEPLOYMENT;

GRANT DROP ANY VIEW TO PEGADEPLOYMENT;

GRANT SELECT ANY TABLE TO PEGADEPLOYMENT;

GRANT DROP ANY PROCEDURE TO PEGADEPLOYMENT;

GRANT DROP ANY INDEX TO PEGADEPLOYMENT;

GRANT GRANT ANY OBJECT PRIVILEGE TO PEGADEPLOYMENT;

GRANT EXECUTE ANY PROCEDURE TO PEGADEPLOYMENT;

GRANT INSERT ANY TABLE TO PEGADEPLOYMENT WITH ADMIN OPTION;

GRANT ALTER ANY TABLE TO PEGADEPLOYMENT;

GRANT CREATE SESSION TO PEGADEPLOYMENT;

GRANT ANALYZE ANY DICTIONARY TO PEGADEPLOYMENT;

GRANT CREATE ANY PROCEDURE TO PEGADEPLOYMENT;

GRANT CREATE ANY TRIGGER TO PEGADEPLOYMENT;

GRANT CREATE ANY VIEW TO PEGADEPLOYMENT;

GRANT DELETE ANY TABLE TO PEGADEPLOYMENT;

GRANT DROP ANY TABLE TO PEGADEPLOYMENT;

GRANT CREATE SESSION TO PEGARULES;

GRANT SELECT ANY TABLE TO PEGARULES;

GRANT UNLIMITED TABLESPACE TO PEGARULES;

***Edited by Moderator: Pallavi to update platform capability tags***