Go Up
You are here: DeploymentConfigure Netwrix Auditor Service AccountsData Collecting AccountGrant 'Create Session' and 'Select' Privileges to Access Oracle Database

Grant 'Create Session' and 'Select' Privileges to Access Oracle Database

When creating a monitoring plan for your Oracle Database, you should specify the account that has sufficient privileges to collect data from the database. At least, the following privileges are required:

  • CREATE SESSION – allows an account to connect to a database.
  • SELECT – allows an account to retrieve data from one or more tables, views, etc.

Alternatively, you can assign the default administrator role to that account.

You can grant the required privileges to the existing account, or create a new one. Follow the procedure described below.

To grant CREATE SESSION and SELECT privileges to the account:

  1. On the computer where your database is deployed, run the sqlplus tool.
  2. Connect to your Oracle Database — use Oracle account with the SYSDBA privilege, for example:

    OracleUser as sysdba

    Enter your password.

  3. Decide on the account that will be used to access this database for audit data collection. You can:

    • Use the account that already exists

      - OR -

    • Create a new account – for that, execute:
      CREATE USER <account_name> IDENTIFIED BY PASSWORD;
  4. Grant CREATE SESSION system privilege to that account. For that, execute:
    GRANT CREATE SESSION TO <account_name>;
  5. Depending on your Oracle Database version, grant SELECT privilege on the objects listed in the table below:
    For...Execute...

    Oracle Database 11g

    • GRANT SELECT ON aud$ TO <account_name>;
    • GRANT SELECT ON gv_$xml_audit_trail TO <account_name>;
    • GRANT SELECT ON dba_stmt_audit_opts TO <account_name>;
    • GRANT SELECT ON gv_$instance TO <account_name>;
    • GRANT SELECT ON v_$parameter TO <account_name>;
    • GRANT SELECT ON dba_audit_mgmt_clean_events TO <account_name>;

    • GRANT SELECT ON dba_obj_audit_opts TO <account_name>;
    • GRANT SELECT ON dba_audit_policies TO <account_name>;
    • GRANT SELECT ON fga_log$ TO <account_name>;
    Oracle Database 12c

    In addition to the privileges above, grant the SELECT privilege on the following objects:

    • GRANT SELECT ON gv_$unified_audit_trail TO <account_name>;
    • GRANT SELECT ON all_unified_audit_actions TO <account_name>;
    • GRANT SELECT ON audit_unified_policies TO <account_name>;
    • GRANT SELECT ON audit_unified_enabled_policies TO <account_name>;

    For Oracle Database 12c Release 2, also grant the SELECT privilege on the following object:

    GRANT SELECT ON audsys.aud$unified TO <account_name>;

    NOTE: If you are going to configure Fine Grained Auditing, grant privileges depending on your Oracle Database version and make sure that you are using Oracle Database Enterprise Edition.

Alternatively, you can grant the default administrator role to that account. For that, execute:

GRANT DBA TO <> <account_name>;

Go Up