4.8 Database Monitoring Using Database User Credentials
AHF now supports database monitoring using a configured username and password, eliminating the need for SYSDBA privileges.
Note:
It is preferred to utilize the default database connectivity (/ as sysdba) method for running SQL by AHF. Utilizing a common user for AHF will limit the diagnostic capabilities when performing database diagnostic collections as many of the SQL statements that are run require access to internal database structures.
- Create a database user for AHF to connect to the database. If the database is multitenant, the user will need to be created within the container database (CDB).
Multitenant example:
SQL> create user C##AHFUSER identified by <password>;Non-mulitenant example:SQL> create user AHFUSER identified by <password>; - Grant the AHF User the following roles and privileges:
SELECT ANY DICTIONARYALTER SESSIONALTER SESSION SET CONTAINER(only required for a multitenant database)CREATE SESSIONSELECT_CATALOG_ROLE
Multitenant example:SQL> grant SELECT ANY DICTIONARY to C##AHFUSER container=any; SQL> grant ALTER SESSION to C##AHFUSER container=any; SQL> grant ALTER SESSION SET CONTAINER to C##AHFUSER container=any; SQL> grant CREATE SESSION to C##AHFUSER container=any; SQL> grant SELECT_CATALOG_ROLE to C##AHFUSER container=any;Non-mulitenant example:SQL> grant SELECT ANY DICTIONARY to AHFUSER; SQL> grant ALTER SESSION to AHFUSER; SQL> grant CREATE SESSION to AHFUSER; SQL> grant SELECT_CATALOG_ROLE to AHFUSER; - As the Oracle Database software owner, add the database login credentials to the AHF Wallet.
Note:
The database unique name (DB_UNIQUE_NAME) MUST be used when storing the credentials in the wallet as this will ensure the uniqueness of the database on the given system.$ ahfctl setpassword -db <db_unique_name> -user <username>
Parent topic: Collect Diagnostic Data