Chatee ahora con Soporte
Chat con el soporte

Foglight for Oracle (Cartridge) 5.9.5.10 - Deployment Guide

Permissions for DB2 for LUW databases

If you are using DB2 LUW, ensure that these permissions are set.

Set Account Privileges on:
SYSMON authority

Grant Select privilege on:
SYSIBMADM.PRIVILEGES
SYSIBMADM.SNAPADM
SYSCAT.VIEWS
SYSCAT.ROUTINES

Grant Execute on:
AUTH_LIST_AUTHORITIES_FOR_AUTHID

Required Monitor Switches

 
Table 14. Required Configurations
Monitor switches for version 9.5 to 9.7
Monitoring parameters for version 9.7.0.1 or above*

UOW

STATEMENT

LOCK

SORT

TABLE

BUFFERPOOL

TIMESTAMP

MON_REQ_METRICS

MON_ACT_METRICS

MON_OBJ_METRICS

 

*Should be set to at least the base level.

Permissions
 
Table 15. Permissions — All versions
General

ADMIN_CMD

ENV_GET_PROD_INFO

DB_PARTITIONS

ENV_GET_SYS_INFO

SNAP_GET_APPL_INFO

SNAP_GET_BP

SNAP_GET_APPL

SNAP_GET_BP_PART

SNAP_GET_DBM

SNAP_GET_HADR

SNAP_GET_DBM_MEMORY_POOL

SNAP_GET_FCM_PART

SNAP_GET_STMT

SNAP_GET_LOCKWAIT

SNAP_GET_SWITCHES

SNAP_GET_STORAGE_PATHS

PD_GET_DIAG_HIST

 
Table 16. Permissions — Version-specific
9.5
9.7.0.1
10.1

SNAP_GET_DB_V91

ENV_GET_SYSTEM_RESOURCES

ENV_GET_SYSTEM_RESOURCES

SNAP_GET_TAB_V91

MON_GET_PKG_CACHE_STMT

MON_GET_PKG_CACHE_STMT

SNAP_GET_TBSP_V91

MON_FORMAT_LOCK_NAME

MON_FORMAT_LOCK_NAME

SNAP_GET_CONTAINER_V91

WLM_GET_SERVICE_CLASS_AGENTS_V97

WLM_GET_SERVICE_CLASS_AGENTS

SNAP_GET_DYN_SQL_V91

MON_GET_WORKLOAD

MON_GET_WORKLOAD

 

MON_GET_TABLESPACE

MON_GET_TABLESPACE

 

ENV_GET_DB2_SYSTEM_RESOURCES

ENV_GET_DB2_SYSTEM_RESOURCES

 

ON_GET_SERVICE_SUBCLASS_DETAILS

MON_GET_SERVICE_SUBCLASS_DETAILS

 

MON_FORMAT_XML_TIMES_BY_ROW

MON_FORMAT_XML_TIMES_BY_ROW

 

MON_GET_UNIT_OF_WORK

MON_GET_UNIT_OF_WORK

 

MON_GET_BUFFERPOOL

MON_GET_BUFFERPOOL

 

MON_GET_TABLE

MON_GET_TABLE

 

MON_GET_CONTAINER

MON_GET_CONTAINER

 

MON_GET_FCM_CONNECTION_LIST

MON_GET_FCM_CONNECTION_LIST

 

MON_GET_CONNECTION

MON_GET_CONNECTION

 

 

MON_GET_MEMORY_POOL

 

 

MON_GET_MEMORY_SET

 

SNAP_GET_TBSP_V91

SNAP_GET_TBSP

 

SNAP_GET_DB_V91

MON_GET_TRANSACTION_LOG

 

 

SNAP_GET_DB

DB2_GET_INSTANCE_INFO

ADMIN_GET_STORAGE_PATHS

 
Table 17. Permissions - 10.5 and later
10.5 and later

ENV_GET_SYSTEM_RESOURCES

MON_GET_INSTANCE

MON_FORMAT_LOCK_NAME

MON_GET_PKG_CACHE_STMT

MON_GET_AGENT

MON_GET_WORKLOAD

ENV_GET_DB2_SYSTEM_RESOURCES

MON_GET_DATABASE

ADMIN_GET_STORAGE_PATHS

DB2_GET_INSTANCE_INFO

MON_GET_TRANSACTION_LOG

MON_GET_CONNECTION

MON_GET_FCM_CONNECTION_LIST

MON_GET_CONTAINER

MON_GET_TABLE

MON_GET_BUFFERPOOL

MON_GET_UNIT_OF_WORK

MON_FORMAT_XML_TIMES_BY_ROW

MON_GET_SERVICE_SUBCLASS_DETAILS

MON_GET_TABLESPACE

MON_GET_MEMORY_POOL

MON_GET_MEMORY_SET

Grant Select on these SYSIBMADM administrative views:
DBPATHS*
REG_VARIABLES
BP_HITRATIO
DBCFG
ENV_GET_PROD_INFO
MON_LOCKWAITS*
SNAPDBM
SNAPFCM
SYSIBMADM.ENV_PROD_INFO

* For DB2 version 9.7.0.1 or later

PureScale environments

Grant Execute on to these table functions:
MON_GET_CF
MON_GET_GROUP_BUFFERPOOL
BP_HITRATIO

Grant Select on these views:
ENV_CF_SYS_RESOURCES
SNAPDB
SYSIBMADM.DB2_MEMBER

Permissions for Azure SQL Database

Foglight for Azure SQL can be used for granting permissions on several levels.

The following sections detail the permissions that can be granted to users of Azure SQL at each level, and instruct how to manually run the grant privileges script.

Granting Permissions to Azure SQL Users
Database-level Permissions

The following permissions are granted at the database level:
CREATE USER—the lowest permission level, which only allows accessing each database for reading its metadata.
* 
IMPORTANT: The CREATE USER permission does not come as part of the script, as the command is not supported as part of a batch in Azure SQL.
VIEW DATABASE STATE—required for reading metadata information.
db_datareader—allows creating user-defined SQL queries for monitoring purposes, via the User-defined Collections global administration screen.
Running the Grant Permissions Script

The file used for granting permissions manually, SQLAzureGrantPrivilegesScript.sql, can be downloaded by clicking the link View script under the Instances table, accessible via either of the following methods:
When running the Monitor Azure SQL Database wizard, the script link is in the Insufficient Privileges dialog screen.
Figure 2. Insufficient Privileges dialog
In the Cartridges - Components for Download screen.
Figure 3. Components for Download
 
* 
IMPORTANT: Running this file requires one of the following server roles:
- Server admin
- Active Directory admin
- Member of the db_owner
To manually run the Grant Permissions script:
1
Run the CREATE USER command on a database to be monitored.
Upon successful completion of this command, the login becomes a user in the specific database, and therefore able to read the database’s metadata.
2
Open the DBSS_Azure_Permissions_User_Databases.sql file in SQL Server Management Studio (SSMS).
3
Find the Select@LoginName = ? section at the beginning of this file.
4
Replace the question mark with the login name to which the requested permissions are to be assigned.
5
Execute the script.

Permissions for monitored operating systems

For details, see the following topics:
General Unix requirements
VMware permissions
Windows permissions
General Unix requirements

The OS user account for each agent requires:
Silent log-in — in particular, there must be no user-input required and no special login banners displayed
For connections using SSH, the sshd daemon must be installed and running.

In addition to these general UNIX® system requirements, each agent user account requires additional privileges depending on the operating system, as specified in the following table.

 
* 
NOTE: When monitoring DB2, SYSMON role and privileges for OS user is not required but is recommended to allow the installation to provide more information when discovering DB2 databases.
Linux/UNIX permissions
 
Table 18. Linux/UNIX Permissions
Permission
Linux®
Solaris®
AIX®
HP-UX

Execute

awk

df

free

getconf

head

hostname

iostat

lsnrctl

netstat

ps

sed

tail

sysstat

uname

uptime

vmstat

/proc/

awk

db2ptree

df

head

hostname

iostat

lsnrctl

mpstat

uptime

netstat

pagesize

ps

psrinfo

tail

uname

vmstat

/usr/sbin/prtconf

awk

df

head

hostname

iostat

lsattr

lsdev

lsnrctl

netstat

oslevel

pagesize

ps

tail

uname

uptime

vmstat

awk

bdf

bindprocessor

getconf

head

hostname

ioscan

iostat

lsattr

lsdev

lsnrctl

netstat

oslevel

pagesize

ps

sar

tail

uname

uptime

vmstat

/usr/sbin/

Read

cpuinfo

free*

getconf

sysstat package*

/proc

/proc/cpuinfo*

/proc/net/dev

/proc/stat

/proc/vmstat on Linux >= 2.6

 

 

/var/adm/syslog/syslog.log

VMware permissions

To monitor VMware®, users must have read only access to the virtual center.

Windows permissions

Foglight support monitoring Windows® operating system in one of two ways: WinRM and WMI. The preferred method is WinRM when no WinRM connection WMI connection is used.

WinRM (default) - Based on Kerberos authentication or Basic authentication uses standard HTTP headers. For more information, see http://support.quest.com/technical-documents/foglight-agent-manager/5.9.5/foglight-agent-manager-guide/advanced-system-configuration-and-troubleshooting/configuring-windows-remote-management-winrm.

WMI (fallback) — Permission to access both DCOM and WMI. For more information, see

http://support.quest.com/technical-documents/foglight-agent-manager/5.9.5/foglight-agent-manager-guide/advanced-system-configuration-and-troubleshooting/configuring-windows-management-instrumentation-wmi.

 

Install the DB cartridge and DB agent

This section includes details about the following topics:
Install the DB cartridge
Install a single DB agent
Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación