One of our client undertakes periodic scans on the database servers to
keep a check on privileges which may have potential to
compromise security and integrity of their systems.
During their last scan on our Dynatrace DB servers, they have
raised the below privileges and have asked our confirmation on
the necessity of these privileges for the Dynatrace Performance
warehouse database to monitor applications. If necessary, we can
raise an exception for that particular privilege by providing
valid explanations, else the client will proceed to revoke the
Please find below list of Privileges currently granted to the Dynatrace Performance warehouse schema(DTUser) :
|DTUser||SELECT ANY DICTIONARY||NO|
Please help in this issue.
the required permissions are discussed on this page:
So, as far as I can tell, the permissions listed in the table above aren't needed.
Please let me know if anything remains unclear after reading this document. Thanks,
As per your suggestion, we had revoked all the privileges from the table but immediately after that we are not observing continuous plotting of chart instead of that we observe that chart is plotting for every 15 minutes only (even if we increase the granularity to 1 minutes or 10 seconds) .
Now we have done Roll-Back of all the privileges except the DBA Role for DTUser. And we also had to give infinite tablespace right for the user. Now it’s working fine.
But we would like to know technically which of these privileges are required or not required so that we can raise an exception for them.
When I create a user for our database, I create them with the following set of permissions:
SELECT ANY TABLE
UPDATE ANY TABLE
DELETE ANY TABLE
ALTER ANY INDEX
ALTER ANY TABLE
CREATE ANY INDEX
CREATE ANY VIEW
DROP ANY INDEX
DROP ANY PROCEDURE
DROP ANY TABLE
DROP ANY VIEW
These are all part of the standard "DBA" role I believe; so if I had to choose one of the items in your list above, I'd choose the "ROLE: DBA" one.