Grant 'Create Session' and 'Select' Privileges to Access Oracle Database

When creating a monitoring plan for your Oracle Database, you should specify the account that has sufficient privileges to collect data from the database. At least, the following privileges are required:

  • CREATE SESSION — allows an account to connect to a database.
  • SELECT — allows an account to retrieve data from one or more tables, views, etc.

NOTE: Alternatively, you can assign the default administrator role to that account.

You can grant the required privileges to the existing account, or create a new one. Follow the procedure described below.

To grant CREATE SESSION and SELECT privileges to the account:

  1. On the computer where your database is deployed, run the sqlplus tool.
  2. Connect to your Oracle Database — use Oracle account with the SYSDBA privilege, for example:

    OracleUser as sysdba

    Enter account password.

  3. Decide on the account that will be used to access this database for audit data collection. You can:

    • Use the account that already exists

      - OR -

    • Create a new account — for that, execute:
      CREATE USER <account_name> IDENTIFIED BY PASSWORD;
  4. Grant CREATE SESSION system privilege to that account. For that, execute:
    GRANT CREATE SESSION TO <account_name>;
  5. Grant SELECT privilege on the required object to that account. (See For Oracle Database Auditing for detailed object list). For that, execute: GRANT SELECT ON <object> TO <account_name>;

    For example:
    GRANT SELECT ON aud$ TO OracleUser;

Alternatively, you can grant the default administrator role to that account. For that, execute:
GRANT DBA TO <account_name>;