To monitor the primary database, you can use the default DBSNMP monitoring user. Alternatively, starting with Enterprise Manager 13.5 Release Update 4, you can use a different user for monitoring credentials.

If your standby database is in read-only mode (Active Data Guard), you can use regular monitoring credentials (e.g., DBSNMP). Otherwise, grant the monitoring user for the standby database either SYSDBA role or SYSDG privilege.

The SYSDG privilege is the administrative privilege that allows users to perform Data Guard operations. Granting SYSDG privileges to database users or monitoring users aligns with the principle of least privilege, a security best practice that limits user access to the minimum amount of resources and data needed to perform a task. Any SYSDG database monitoring user can discover and monitor both primary and standby databases.

The choice of using SYSDG versus SYSDBA also depends on how the monitoring user (e.g., DBSNMP) is used:

• If the monitoring user is used to monitor only Oracle databases, grant it SYSDG (recommended) or SYSDBA
• If the monitoring user is used to monitor Oracle databases and application data (e.g. via metric extensions), grant it SYSDBA

In either case, you can use this same user (DBSNMP with SYSDG or SYSDBA) to monitor both Primary and Standby databases.

For more details, see Database Monitoring User Access.