How to remove all user data stored in the RSA Identity Governance and Lifecycle application database
Originally Published: 2014-10-21
Article Number
Applies To
RSA Version/Condition: 6.x, 7.x
Issue
For a Local Database
For a hardware or software appliance using a local database, the $AVEKSA_HOME/database/createSchema.sh script may be run which essentially erases all existing data. For that reason, it is recommended that a database backup is created before following this process.For a Remote Database
Remote database environments such as Enterprise Software users using WebSphere or WebLogic, or software appliances using a remote database have a slightly different process. The createSchema.sh script cannot be used when the database is remote. For that scenario, the Oracle application user, AVUSER, has to be manually dropped and recreated. Refer to the RSA Identity Governance & Lifecycle Database Setup and Management Guide for your RSA Identity Governance & Lifecycle version for specifics on how to do this for a remote database.NOTE: If AFX is used, AFX data may need to be re-enabled after the database is completely refreshed. This RSA Knowledge Base Article covers RSA Identity Governance & Lifecycle only.
Resolution
Login as the linux oracle user and perform the following tasks:
- Take a backup of the database (a database export).
It is good policy to make sure that a backup of the existing database is created in the event it needs to be restored at some future point in time.
- Export metadata for collectors, workflows etc., i. e., anything that will be reused in the new fresh or clean database. Workflow metadata may be exported by going to Admin > Import/Export > Workflow tab > Export(all).) All other metadata may be exported by going to Admin > Import/Export > General tab > Export. Refer to the RSA Identity Governance & Lifecycle Administrator's Guide for your RSA Identity Governance & Lifecycle version or to the on-line help for more information on performing the metadata export. Keep in mind that metadata imports are only supported from the same version and patch level to the same version and patch level. You will need the metadata exports if you need to recreate collectors, workflows and other objects in the refreshed database.
- Stop the RSA Identity Governance & Lifecycle application:
$ acm stop
or
$ service aveksa_server stop
- Stop and restart the database:
$ acm stopdb $ acm startdb
or
$ service aveksa_server stopdb $ service aveksa_server startdb
- Change directories to /home/oracle/database ($AVEKSA_HOME/database):
$ cd /home/oracle/database
- Run the create schema script:
$ ./createSchema.sh
The createSchema.sh script should take between 15 and 35 minutes to run depending on the class of machine. The script drops and recreates the application use, AVUSER. Note that the default password for this user will be restored If this password had been changed, it will need to be updated again manually by logging into the database as sysdba and updating the password.
After this script completes, the database will be in the same state as a new installation.
- Install any required patches, which may have been applied.
- Start the RSA Identity Governance & Lifecycle application:
$ acm start
or
$ service aveksa_server start
- Import metadata and run collections to collect and process all new fresh data.
Notes
When the createSchema.sh script is run, the output on the terminal session will look similar to this:
$ ./createSchema.sh Executing sys statements . . . [0:00:02 1%] executing Create Scripts/Drop_User.sql [0:02:40 1%] executing Create Scripts/Drop_Reports_User.sql [0:02:43 1%] executing Create Scripts/Drop_Public_User.sql [0:02:45 1%] executing Create Scripts/Drop_ExportImport_Directory.sql [0:02:45 1%] executing Create Scripts/Drop_Data_Directory.sql [0:02:45 1%] executing Create Scripts/Drop_Reports_Directory.sql [0:02:45 1%] executing Create Scripts/Create_TableSpaces_ASM.sql [0:03:17 1%] executing Create Scripts/Create_ExportImport_Directory.sql [0:03:17 1%] executing Create Scripts/Create_User_Profile.sql [0:03:17 1%] executing Create Scripts/Create_System_Profile.sql [0:03:17 1%] executing Create Scripts/Create_User.sql [0:03:18 2%] executing Create Scripts/Create_User_Grants.sql [0:03:18 2%] executing Create Scripts/Create_Reports_User.sql [0:03:18 2%] executing Create Scripts/Create_Public_User.sql [0:03:18 2%] executing migration/loadDatabaseUpdates.sql . . . Executing public schema statements . . . [0:08:43 100%] executing packages/As_Public_Schema_User.pks [0:08:43 100%] executing packages/As_Public_Schema_User.pkb [0:08:43 100%] executing Create Scripts/Create_Synonyms_Public_Schema.sql The log is available at: /home/oracle/database/log/create.log
Related Articles
How to remove entitlements of a decommissioned application from user access in RSA Via Lifecycle and Governance Number of Views How to cancel/remove pending emails waiting in the queue in RSA Identity Governance & Lifecycle Number of Views Unable to remove privileges for an RSA Via Governance and Lifecycle user Number of Views How to remove the Edit Users button from Account Review Results in RSA Identity Governance & Lifecycle Number of Views Workaround to remove duplicate identities resulted to mapping of account to a terminated account instead of the active one Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
