vCenter Server requires a database. If you decide to use an external Oracle or Microsoft SQL Server database, when you create the database, you must grant certain permissions to the database user.

Table 1. Microsoft SQL Database Permissions for vCenter Server
Permission Description
GRANT ALTER ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE Mandatory when you work with SQL Server custom schema.
GRANT REFERENCES ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE Mandatory when you work with SQL Server custom schema.
GRANT INSERT ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE Mandatory when you work with SQL Server custom schema.
GRANT CREATE TABLE TO VC_ADMIN_ROLE Necessary for creating a table.
GRANT CREATE VIEW TO VC_ADMIN_ROLE Necessary for creating a view.
GRANT CREATE PROCEDURE TO VC_ADMIN_ROLE Necessary for creating a stored procedure.
GRANT SELECT ON SCHEMA :: [VMW] TO VC_USER_ROLE Permissions that let you run SELECT, INSERT, DELETE, UPDATE operations on tables which are part of the VMW schema.
GRANT INSERT ON SCHEMA :: [VMW] TO VC_USER_ROLE
GRANT DELETE ON SCHEMA :: [VMW] TO VC_USER_ROLE
GRANT UPDATE ON SCHEMA :: [VMW] TO VC_USER_ROLE
GRANT EXECUTE ON SCHEMA :: [VMW] TO VC_USER_ROLE Necessary for running a stored procedure in the db schema.
GRANT SELECT ON msdb.dbo.syscategories TO VC_ADMIN_ROLE Necessary for deploying SQL Server jobs.

These permissions are mandatory only during installation and upgrade and not required after deployment.

GRANT SELECT ON msdb.dbo.sysjobsteps TO VC_ADMIN_ROLE
GRANT SELECT ON msdb.dbo.sysjobs TO VC_ADMIN_ROLE
GRANT SELECT ON msdb.dbo.syssessions TO VC_ADMIN_ROLE
GRANT SELECT ON msdb.dbo.sysjobactivity TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE
GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE
GRANT VIEW SERVER STATE TO [vpxuser] Provides access to SQL Server DMV views and sp_lock execution.
GRANT VIEW ANY DEFINITION TO [vpxuser] Necessary for providing the user with the privileges to see metadata for SQL Server objects.
Table 2. Oracle Database Permissions for vCenter Server
Permission Description
GRANT CONNECT TO VPXADMIN Necessary for connecting to the Oracle database.
GRANT RESOURCE TO VPXADMIN Necessary for creating a trigger, sequence, type, procedure, and so on.

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the vCenter Server database user.

GRANT CREATE VIEW TO VPXADMIN Necessary for creating a view.
GRANT CREATE SEQUENCE TO VPXADMIN Necessary for creating a sequence.
GRANT CREATE TABLE TO VPXADMIN Necessary for creating a table.
GRANT CREATE MATERIALIZED VIEW TO VPXADMIN Necessary for creating a materialized view.
GRANT EXECUTE ON dbms_lock TO VPXADMIN Necessary for guaranteeing that the vCenter Server database is used by a single vCenter Server instance.
GRANT EXECUTE ON dbms_job TO VPXADMIN Necessary during installation or upgrade for scheduling and managing the SQL jobs.

This permission is not required after deployment.

GRANT SELECT ON dba_lock TO VPXADMIN Necessary for determining existing locks on the vCenter Server database.
GRANT SELECT ON dba_tablespaces TO VPXADMIN Necessary during upgrade for determining the required disk space.

This permission is not required after deployment.

GRANT SELECT ON dba_temp_files TO VPXADMIN Necessary during upgrade for determining the required disk space.

This permission is not required after deployment.

GRANT SELECT ON dba_data_files TO VPXADMIN Necessary for monitoring the free space while vCenter Server is working.
GRANT SELECT ON v_$session TO VPXADMIN View used to determine existing locks on the vCenter Server database.
GRANT UNLIMITED TABLESPACE TO VPXADMIN Necessary for granting unlimited tablespace permissions to the vCenter Server database user.
GRANT SELECT ON v_$system_event TO VPXADMIN Necessary for checking log file switches.
GRANT SELECT ON v_$sysmetric_history TO VPXADMIN Necessary for checking the CPU utilization.
GRANT SELECT ON v_$sysstat TO VPXADMIN Necessary for determining the Buffer Cache Hit Ratio.
GRANT SELECT ON dba_data_files TO VPXADMIN Necessary for determining the tablespace utilization.
GRANT SELECT ON v_$loghist TO VPXADMIN Necessary for checking the checkpoint frequency.

The privileges on the master database are used to monitor the vCenter Server database. So that, for example, if a certain threshold is reached you can see an alert.