Not able to configure IAM with an external database

Document ID : KB000126236
Last Modified Date : 05/02/2019
Show Technical Document Details
Issue:
After installing DevTest 10.4, the DataSourceUpdater.exe was used to configure Identity Access Manager with SQL Server.
There were no issues while running the DataSourceUpdater, however when trying to start IAM we are getting the following exception:

ERROR [org.keycloak.connections.jpa.updater.liquibase.conn.DefaultLiquibaseConnectionProvider] (ServerService Thread Pool -- 53) Change Set META-INF/jpa-changelog-1.0.0.Final.xml::1.0.0.Final::sthorger@redhat.com failed. Error: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]: liquibase.exception.DatabaseException: The REFERENCES permission was denied on the object 'CLIENT_SESSION', database 'DevTest', schema 'dbo'. [Failed SQL: ALTER TABLE [dbo].[CLIENT_SESSION_ROLE] ADD CONSTRAINT [FK_11B7SGQW18I532811V7O2DV76] FOREIGN KEY ([CLIENT_SESSION]) REFERENCES [dbo].[CLIENT_SESSION] ([ID])]

The database user has CREATE and ALTER privileges.
Environment:
DevTest on release 10.4.
Resolution:
Using a database client application we could verify some tables were being created, but IAM was still failing to start.
We had to set the IAM DB user to have DBA privileges while starting IAM.
After this modification, the IAM service was able to create all the necessary tables and we could also start additional DevTest components.

As stated in our documentation, please ensure that the DevTest user has DBA privileges. After the schema is created, the DBA privileges from the user can be removed.
System Requirements - Database Requirements