Configuring a Least-Privileged User (LPU) (Oracle Database)

This topic contains the minimum Oracle Database user privileges required for creating a least-privileged user (LPU) for the management pack, as well as a script to help automate its creation.

Creating a Oracle Database Monitoring User

The following script can be used to help automate the creation of your least-privileged user. It includes the minimum Oracle Database user privileges required for the management pack.

To grant all necessary access to the LPU run the following queries.

Note:

For multitenant databases, a "common user" must be provisioned, which requires connection to the CDB root. The specified username must be prefixed with C##. The CONTAINER_DATA attribute must also be set after the user has been created, e.g.

ALTER USER c##monitoring_user SET CONTAINER_DATA=ALL CONTAINER=CURRENT;

CREATE USER LPU IDENTIFIED BY LPU_PASSWORD;
GRANT CONNECT TO LPU;
GRANT CREATE SESSION TO LPU;
GRANT SELECT ON CDB_DATA_FILES TO LPU;
GRANT SELECT ON CDB_OUTSTANDING_ALERTS TO LPU;
GRANT SELECT ON CDB_TABLESPACES TO LPU;
GRANT SELECT ON CDB_TABLESPACE_USAGE_METRICS TO LPU;
GRANT SELECT ON DBA_DATA_FILES TO LPU;
GRANT SELECT ON DBA_FREE_SPACE TO LPU;
GRANT SELECT ON DBA_OUTSTANDING_ALERTS TO LPU;
GRANT SELECT ON DBA_TABLESPACES TO LPU;
GRANT SELECT ON DBA_TABLESPACE_USAGE_METRICS TO LPU;
GRANT SELECT ON DBA_TEMP_FILES TO LPU;
GRANT SELECT ON DBA_TEMP_FREE_SPACE TO LPU;
GRANT SELECT ON DBA_UNDO_EXTENTS TO LPU;
GRANT SELECT ON DUAL TO LPU;
GRANT SELECT ON GLOBAL_NAME TO LPU;
GRANT SELECT ON GV_$ARCHIVED_LOG TO LPU;
GRANT SELECT ON GV_$ARCHIVE_DEST TO LPU;
GRANT SELECT ON GV_$ASM_DISK_STAT TO LPU;
GRANT SELECT ON GV_$CON_SYSSTAT TO LPU ;
GRANT SELECT ON GV_$CON_SYSSTAT TO LPU;
GRANT SELECT ON GV_$FILESTAT TO LPU;
GRANT SELECT ON GV_$INSTANCE TO LPU;
GRANT SELECT ON GV_$PARAMETER TO LPU;
GRANT SELECT ON GV_$PDBS TO LPU;
GRANT SELECT ON GV_$RESOURCE_LIMIT TO LPU;
GRANT SELECT ON GV_$SERVICE_STATS TO LPU;
GRANT SELECT ON GV_$SESSION TO LPU;
GRANT SELECT ON GV_$SESSION_LONGOPS TO LPU;
GRANT SELECT ON GV_$SGAINFO TO LPU;
GRANT SELECT ON GV_$SQL TO LPU;
GRANT SELECT ON GV_$SYSMETRIC TO LPU;
GRANT SELECT ON GV_$SYSSTAT TO LPU;
GRANT SELECT ON GV_$SYSTEM_EVENT TO LPU;
GRANT SELECT ON GV_$SYSTEM_WAIT_CLASS TO LPU;
GRANT SELECT ON GV_$TEMPSTAT TO LPU;
GRANT SELECT ON V_$ARCHIVE_DEST TO LPU;
GRANT SELECT ON V_$CONTROLFILE TO LPU;
GRANT SELECT ON V_$DATABASE TO LPU;
GRANT SELECT ON V_$DATAFILE TO LPU;
GRANT SELECT ON V_$DB_CACHE_ADVICE TO LPU;
GRANT SELECT ON V_$FILESTAT TO LPU;
GRANT SELECT ON V_$INSTANCE TO LPU;
GRANT SELECT ON V_$LOG TO LPU;
GRANT SELECT ON V_$LOGFILE TO LPU;
GRANT SELECT ON V_$MEMORY_TARGET_ADVICE TO LPU;
GRANT SELECT ON V_$PARAMETER TO LPU;
GRANT SELECT ON V_$PGA_TARGET_ADVICE TO LPU;
GRANT SELECT ON V_$RECOVERY_AREA_USAGE TO LPU;
GRANT SELECT ON V_$RESOURCE_LIMIT TO LPU;
GRANT SELECT ON V_$RMAN_BACKUP_JOB_DETAILS TO LPU;
GRANT SELECT ON V_$SGA_TARGET_ADVICE TO LPU;
GRANT SELECT ON V_$SHARED_POOL_ADVICE TO LPU;
GRANT SELECT ON V_$TEMPFILE TO LPU;
GRANT SELECT ON V_$VERSION TO LPU;