Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountGrant Create Session and Select Privileges to Account

Grant Create Session and Select Privileges to Account

An account used to collect data on your Oracle Database must be granted the following privileges:

  • CREATE SESSION. Allows an account to connect to a database.
  • SELECT. Allows an account to retrieve data from one or more tables, views, etc.

Alternatively, you can grant the default administrator role to an account. This role has all privileges required for Netwrix Auditor to function properly:

GRANT DBA TO <> <account_name>;

The procedure below lists the step-by-step instructions on how to grant these privileges to an account.

To grant CREATE SESSION and SELECT privileges

  1. On the computer where your database is deployed, run the sqlplus tool.
  2. Connect to your Oracle Database—use Oracle account with the SYSDBA privilege. For example:

    OracleUser as sysdba

    Enter your password.

  1. Grant the CREATE SESSION system privilege to an account. You can grant this privilege to an existing account or create a new one.

    To... Execute...

    Create a new account

    CREATE USER <account_name> IDENTIFIED BY PASSWORD;

    Grant the privilege

    GRANT CREATE SESSION TO <account_name>;

  2. Depending on your Oracle Database version, grant the SELECT privilege on the objects below to an account. Review the following for additional information:

    For... Execute...

    Oracle Database 11g

    • GRANT SELECT ON aud$ TO <account_name>;
    • GRANT SELECT ON gv_$xml_audit_trail TO <account_name>;
    • GRANT SELECT ON dba_stmt_audit_opts TO <account_name>;
    • GRANT SELECT ON gv_$instance TO <account_name>;
    • GRANT SELECT ON v_$parameter TO <account_name>;
    • GRANT SELECT ON dba_audit_mgmt_clean_events TO <account_name>;

    • GRANT SELECT ON dba_obj_audit_opts TO <account_name>;
    • GRANT SELECT ON dba_audit_policies TO <account_name>;
    • GRANT SELECT ON fga_log$ TO <account_name>;
    Oracle Database 12c

    In addition to the privileges above, grant the SELECT privilege on the following objects:

    • GRANT SELECT ON gv_$unified_audit_trail TO <account_name>;
    • GRANT SELECT ON all_unified_audit_actions TO <account_name>;
    • GRANT SELECT ON audit_unified_policies TO <account_name>;
    • GRANT SELECT ON audit_unified_enabled_policies TO <account_name>;

    NOTE: If you are going to configure Fine Grained Auditing, grant privileges, depending on your Oracle Database version, and make sure that you use Oracle Database Enterprise Edition.

Go Up