This topic contains the minimum Oracle Database user privileges required for creating a least-privileged user (LPU) for the management pack, as well as a script to help automate its creation.
Creating a Oracle Database Monitoring User
The following script can be used to help automate the creation of your least-privileged user. It includes the minimum Oracle Database user privileges required for the management pack.
To grant all necessary access to the LPU run the following queries.
For multitenant databases, a "common user" must be provisioned, which requires connection to the CDB root. The specified username must be prefixed with C##
. The CONTAINER_DATA
attribute must also be set after the user has been created, e.g.
ALTER USER c##monitoring_user SET CONTAINER_DATA=ALL CONTAINER=CURRENT;
CREATE USER LPU IDENTIFIED BY LPU_PASSWORD; GRANT CONNECT TO LPU; GRANT CREATE SESSION TO LPU; GRANT SELECT ON CDB_DATA_FILES TO LPU; GRANT SELECT ON CDB_OUTSTANDING_ALERTS TO LPU; GRANT SELECT ON CDB_TABLESPACES TO LPU; GRANT SELECT ON CDB_TABLESPACE_USAGE_METRICS TO LPU; GRANT SELECT ON DBA_DATA_FILES TO LPU; GRANT SELECT ON DBA_FREE_SPACE TO LPU; GRANT SELECT ON DBA_OUTSTANDING_ALERTS TO LPU; GRANT SELECT ON DBA_TABLESPACES TO LPU; GRANT SELECT ON DBA_TABLESPACE_USAGE_METRICS TO LPU; GRANT SELECT ON DBA_TEMP_FILES TO LPU; GRANT SELECT ON DBA_TEMP_FREE_SPACE TO LPU; GRANT SELECT ON DBA_UNDO_EXTENTS TO LPU; GRANT SELECT ON DUAL TO LPU; GRANT SELECT ON GLOBAL_NAME TO LPU; GRANT SELECT ON GV_$ARCHIVED_LOG TO LPU; GRANT SELECT ON GV_$ARCHIVE_DEST TO LPU; GRANT SELECT ON GV_$ASM_DISK_STAT TO LPU; GRANT SELECT ON GV_$CON_SYSSTAT TO LPU ; GRANT SELECT ON GV_$CON_SYSSTAT TO LPU; GRANT SELECT ON GV_$FILESTAT TO LPU; GRANT SELECT ON GV_$INSTANCE TO LPU; GRANT SELECT ON GV_$PARAMETER TO LPU; GRANT SELECT ON GV_$PDBS TO LPU; GRANT SELECT ON GV_$RESOURCE_LIMIT TO LPU; GRANT SELECT ON GV_$SERVICE_STATS TO LPU; GRANT SELECT ON GV_$SESSION TO LPU; GRANT SELECT ON GV_$SESSION_LONGOPS TO LPU; GRANT SELECT ON GV_$SGAINFO TO LPU; GRANT SELECT ON GV_$SQL TO LPU; GRANT SELECT ON GV_$SYSMETRIC TO LPU; GRANT SELECT ON GV_$SYSSTAT TO LPU; GRANT SELECT ON GV_$SYSTEM_EVENT TO LPU; GRANT SELECT ON GV_$SYSTEM_WAIT_CLASS TO LPU; GRANT SELECT ON GV_$TEMPSTAT TO LPU; GRANT SELECT ON V_$ARCHIVE_DEST TO LPU; GRANT SELECT ON V_$CONTROLFILE TO LPU; GRANT SELECT ON V_$DATABASE TO LPU; GRANT SELECT ON V_$DATAFILE TO LPU; GRANT SELECT ON V_$DB_CACHE_ADVICE TO LPU; GRANT SELECT ON V_$FILESTAT TO LPU; GRANT SELECT ON V_$INSTANCE TO LPU; GRANT SELECT ON V_$LOG TO LPU; GRANT SELECT ON V_$LOGFILE TO LPU; GRANT SELECT ON V_$MEMORY_TARGET_ADVICE TO LPU; GRANT SELECT ON V_$PARAMETER TO LPU; GRANT SELECT ON V_$PGA_TARGET_ADVICE TO LPU; GRANT SELECT ON V_$RECOVERY_AREA_USAGE TO LPU; GRANT SELECT ON V_$RESOURCE_LIMIT TO LPU; GRANT SELECT ON V_$RMAN_BACKUP_JOB_DETAILS TO LPU; GRANT SELECT ON V_$SGA_TARGET_ADVICE TO LPU; GRANT SELECT ON V_$SHARED_POOL_ADVICE TO LPU; GRANT SELECT ON V_$TEMPFILE TO LPU; GRANT SELECT ON V_$VERSION TO LPU;