An account used to collect data on your Oracle Database must be granted the following privileges:
CREATE SESSION. Allows an account to connect to a database.
SELECT. Allows an account to retrieve data from one or more tables, views, etc.
Alternatively, you can grant the default administrator role to an account. This role has all privileges required for Netwrix Auditor to function properly:
GRANT DBA TO <> <account_name>;
The procedure below lists the step-by-step instructions on how to grant these privileges to an account.
To grant CREATE SESSION and SELECT privileges
- On the computer where your database is deployed, run the sqlplus tool.
Connect to your Oracle Database—use Oracle account with the
SYSDBAprivilege. For example:
OracleUser as sysdba
Enter your password.
CREATE SESSIONsystem privilege to an account. You can grant this privilege to an existing account or create a new one.
Create a new account
CREATE USER <account_name> IDENTIFIED BY PASSWORD;
Grant the privilege
GRANT CREATE SESSION TO <account_name>;
Depending on your Oracle Database version, grant the
SELECTprivilege on the objects below to an account. Review the following for additional information:
Oracle Database 11g
GRANT SELECT ON aud$ TO <account_name>;
GRANT SELECT ON gv_$xml_audit_trail TO <account_name>;
GRANT SELECT ON dba_stmt_audit_opts TO <account_name>;
GRANT SELECT ON gv_$instance TO <account_name>;
GRANT SELECT ON v_$parameter TO <account_name>;
GRANT SELECT ON dba_audit_mgmt_clean_events TO <account_name>;
GRANT SELECT ON dba_obj_audit_opts TO <account_name>;
GRANT SELECT ON dba_audit_policies TO <account_name>;
GRANT SELECT ON fga_log$ TO <account_name>;
Oracle Database 12c
In addition to the privileges above, grant the
SELECTprivilege on the following objects:
GRANT SELECT ON gv_$unified_audit_trail TO <account_name>;
GRANT SELECT ON
GRANT SELECT ON audit_unified_policies TO <account_name>;
GRANT SELECT ON audit_unified_enabled_policies TO <account_name>;
For Oracle Database 12c Release 2, also grant the
SELECTprivilege on the following object:
GRANT SELECT ON audsys.aud$unified TO <account_name>;
NOTE: If you are going to configure Fine Grained Auditing, grant privileges depending on your Oracle Database version and make sure that you are using Oracle Database Enterprise Edition.