cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

This product reached the end of support date on March 31, 2021.

Dynatrace Performance warehouse :: Oracle DB Privileges

narenthirab
Contributor

Hi Team,



One of our client undertakes periodic scans on the database servers to
keep a check on privileges which may have potential to
compromise security and integrity of their systems.



During their last scan on our Dynatrace DB servers, they have
raised the below privileges and have asked our confirmation on
the necessity of these privileges for the Dynatrace Performance
warehouse database to monitor applications. If necessary, we can
raise an exception for that particular privilege by providing
valid explanations, else the client will proceed to revoke the
mentioned privileges.


Please find below list of Privileges currently granted to the Dynatrace Performance warehouse schema(DTUser) :











GRANTEE GRANTED_ROLE
DTUser DBA























TAB_NAME GRANTEE PRIVILEGE
UTL_FILE ORACLE_OCM EXECUTE
UTL_INADDR PUBLIC EXECUTE
UTL_INADDR ORACLE_OCM EXECUTE




























TAB_NAME GRANTEE PRIVILEGE
DBMS_JAVA_TEST PUBLIC EXECUTE
DBMS_XMLGEN PUBLIC EXECUTE
DBMS_ADVISOR PUBLIC EXECUTE
DBMS_RANDOM PUBLIC EXECUTE













GRANTEE PRIVILEGE ADM
DTUser SELECT ANY DICTIONARY NO

Please help in this issue.

Regards

Balaji

8 REPLIES 8

peter_karlhuber
Dynatrace Pro
Dynatrace Pro

Hi Balaji,

the required permissions are discussed on this page:

https://www.dynatrace.com/support/doc/appmon/admin...

So, as far as I can tell, the permissions listed in the table above aren't needed.

Please let me know if anything remains unclear after reading this document. Thanks,

best regards,

Peter

narenthirab
Contributor

Hi Peter,

As per your suggestion, we had revoked all the privileges from the table but immediately after that we are not observing continuous plotting of chart instead of that we observe that chart is plotting for every 15 minutes only (even if we increase the granularity to 1 minutes or 10 seconds) .

Please help.

Regards

Balaji

Hi Balaji,

did you make sure that the permissions mentioned in the article I've linked to are available to the appmon db user?

narenthirab
Contributor

Hi Peter,

We had only revoked the privileges that are mentioned in the table but did not revoke any permission mentioned in the link shared by you.

Regards

Balaji

Ok, could you please re-enable them then and try to find out which one exactly breaks the db access? Tbh, they don't sound like permissions that we might need, but I'm not a DBA.

narenthirab
Contributor

Hi,

Now we have done Roll-Back of all the privileges except the DBA Role for DTUser. And we also had to give infinite tablespace right for the user. Now it’s working fine.


But we would like to know technically which of these privileges are required or not required so that we can raise an exception for them.

Regards

Balaji

peter_karlhuber
Dynatrace Pro
Dynatrace Pro

Hi Balaji,

When I create a user for our database, I create them with the following set of permissions:

ROLE: CONNECT

SELECT ANY TABLE
UPDATE ANY TABLE
DELETE ANY TABLE

ALTER ANY INDEX

ALTER ANY TABLE
CREATE ANY INDEX
CREATE ANY VIEW
CREATE PROCEDURE
CREATE SESSION
CREATE TABLE
DROP ANY INDEX
DROP ANY PROCEDURE
DROP ANY TABLE
DROP ANY VIEW

These are all part of the standard "DBA" role I believe; so if I had to choose one of the items in your list above, I'd choose the "ROLE: DBA" one.

Best regards,

Peter

narenthirab
Contributor

Hi Peter,

We had revoked all the mentioned privileges and provided unlimited tablespace rights.

Post which we are now able see the PWH charts properly.

Thanks for your suggestion.

Balaji