Chat now with support
Chat with Support

Foglight for Oracle (Cartridge) 5.9.7.20 - Deployment Guide

Permissions for SQL Server databases

If you are using SQL Server®, ensure that these permissions are set.

 
* 
NOTE: Monitoring mirroring requires sysadmin privileges.
NOTE: A Foglight user needs to be created on every database within the instance, otherwise, it cannot be monitored. New databases created after the Foglight agent installation need to be added either by running the permission script again or manually using CREATE USER <Foglight User> under the new database.
 
Table 13. SQL Server Permissions
Instance Level
Database Level

VIEW ANY DEFINITION

VIEW SERVER STATE

ALTER TRACE

Granted for:

Tracing a Session

Deadlocks monitoring

PI Change-Tracking

Map Foglight Login to a database user*

db_datareader

db_ddladmin

CREATE USER**

Granted for:

Running DBCC commands for indexes

 

* Creation of a new user is not required if a domain group with the appropriate permissions is used.

** It's permission for Amazon RDS for SQL Server.

Grant Execute on these master database objects:

 
Table 14. Master database objects requiring Execute permission
 

xp_enumerrorlogs

xp_readerrorlog

Granted for Error log monitoring

Grant Select on these msdb database objects:

 
Table 15. MSDB database objects requiring Select permission
 

log_shipping_monitor_primary

log_shipping_monitor_secondary

log_shipping_primaries

log_shipping_secondaries

log_shipping_primary_secondaries

syscategories

sysjobactivity

sysjobs

sysjobhistory

dbm_monitor_data

dbm_monitor

sysalerts

agent_datetime

Granted for Log Shipping monitoring

 

 

 

 

 

Granted for Jobs and Replication monitoring

 

 

Granted for Mirroring monitoring

 

Granted for Agent alerts and services

 

* 
NOTE:
1. For Amazon RDS for SQL Server, msdb database fixed database role of SQLAgentUserRole is needed.
2. For Amazon RDS for SQL Server, Master user should have access to all databases in the instance.

Permissions for SAP ASE databases

If using non-sa user, ensure the following:
mon_role should be assigned to the user. sa_role should NOT be assigned.
Procedures need to be manually created on the monitored instance. This is achieved by manually downloading and running the scripts DB_Sybase_FirstRun_Scripts located under Foglight > Dashboards > Administration > Agents > Cartridges > Components for Download. Refer to the Foglight For SAP ASE Release Notes for more details.

Permissions for DB2 for LUW databases

If you are using DB2 LUW, ensure that these permissions are set.

Set Account Privileges on:
SYSMON authority

Grant Select privilege on:
SYSIBMADM.PRIVILEGES
SYSIBMADM.SNAPADM
SYSCAT.VIEWS
SYSCAT.ROUTINES

Grant Execute on:
AUTH_LIST_AUTHORITIES_FOR_AUTHID

Required Monitor Switches

 
Table 16. Required Configurations
Monitor switches for version 9.5 to 9.7
Monitoring parameters for version 9.7.0.5 or above*

UOW

STATEMENT

LOCK

SORT

TABLE

BUFFERPOOL

TIMESTAMP

MON_REQ_METRICS

MON_ACT_METRICS

MON_OBJ_METRICS

 

*Should be set to at least the base level.

Permissions
 
Table 17. Permissions — All versions
General

ADMIN_CMD

ENV_GET_PROD_INFO

DB_PARTITIONS

ENV_GET_SYS_INFO

SNAP_GET_APPL_INFO

SNAP_GET_BP

SNAP_GET_APPL

SNAP_GET_BP_PART

SNAP_GET_DBM

SNAP_GET_HADR

SNAP_GET_DBM_MEMORY_POOL

SNAP_GET_FCM_PART

SNAP_GET_STMT

SNAP_GET_LOCKWAIT

SNAP_GET_SWITCHES

SNAP_GET_STORAGE_PATHS

PD_GET_DIAG_HIST

 
Table 18. Permissions — Version-specific
9.5
9.7.0.5
10.1

SNAP_GET_DB_V91

ENV_GET_SYSTEM_RESOURCES

ENV_GET_SYSTEM_RESOURCES

SNAP_GET_TAB_V91

MON_GET_PKG_CACHE_STMT

MON_GET_PKG_CACHE_STMT

SNAP_GET_TBSP_V91

MON_FORMAT_LOCK_NAME

MON_FORMAT_LOCK_NAME

SNAP_GET_CONTAINER_V91

WLM_GET_SERVICE_CLASS_AGENTS_V97

WLM_GET_SERVICE_CLASS_AGENTS

SNAP_GET_DYN_SQL_V91

MON_GET_WORKLOAD

MON_GET_WORKLOAD

 

MON_GET_TABLESPACE

MON_GET_TABLESPACE

 

ENV_GET_DB2_SYSTEM_RESOURCES

ENV_GET_DB2_SYSTEM_RESOURCES

 

ON_GET_SERVICE_SUBCLASS_DETAILS

MON_GET_SERVICE_SUBCLASS_DETAILS

 

MON_FORMAT_XML_TIMES_BY_ROW

MON_FORMAT_XML_TIMES_BY_ROW

 

MON_GET_UNIT_OF_WORK

MON_GET_UNIT_OF_WORK

 

MON_GET_BUFFERPOOL

MON_GET_BUFFERPOOL

 

MON_GET_TABLE

MON_GET_TABLE

 

MON_GET_CONTAINER

MON_GET_CONTAINER

 

MON_GET_FCM_CONNECTION_LIST

MON_GET_FCM_CONNECTION_LIST

 

MON_GET_CONNECTION

MON_GET_CONNECTION

 

 

MON_GET_MEMORY_POOL

 

 

MON_GET_MEMORY_SET

 

SNAP_GET_TBSP_V91

SNAP_GET_TBSP

 

SNAP_GET_DB_V91

MON_GET_TRANSACTION_LOG

 

 

SNAP_GET_DB

DB2_GET_INSTANCE_INFO

ADMIN_GET_STORAGE_PATHS

 
Table 19. Permissions - 10.5 and later
10.5 and later

ENV_GET_SYSTEM_RESOURCES

MON_GET_INSTANCE

MON_FORMAT_LOCK_NAME

MON_GET_PKG_CACHE_STMT

MON_GET_AGENT

MON_GET_WORKLOAD

ENV_GET_DB2_SYSTEM_RESOURCES

MON_GET_DATABASE

ADMIN_GET_STORAGE_PATHS

DB2_GET_INSTANCE_INFO

MON_GET_TRANSACTION_LOG

MON_GET_CONNECTION

MON_GET_FCM_CONNECTION_LIST

MON_GET_CONTAINER

MON_GET_TABLE

MON_GET_BUFFERPOOL

MON_GET_UNIT_OF_WORK

MON_FORMAT_XML_TIMES_BY_ROW

MON_GET_SERVICE_SUBCLASS_DETAILS

MON_GET_TABLESPACE

MON_GET_MEMORY_POOL

MON_GET_MEMORY_SET

Grant Select on these SYSIBMADM administrative views:
DBPATHS*
REG_VARIABLES
BP_HITRATIO
DBCFG
ENV_GET_PROD_INFO
MON_LOCKWAITS*
SNAPDBM
SNAPFCM
SYSIBMADM.ENV_PROD_INFO

* For DB2 version 9.7.0.5 or later

PureScale environments

Grant Execute on to these table functions:
MON_GET_CF
MON_GET_GROUP_BUFFERPOOL
BP_HITRATIO

Grant Select on these views:
ENV_CF_SYS_RESOURCES
SNAPDB
SYSIBMADM.DB2_MEMBER

Permissions for Azure SQL Database

Foglight for Azure SQL can be used for granting permissions on several levels.

The following sections detail the permissions that can be granted to users of Azure SQL at each level, and instruct how to manually run the grant privileges script.

Granting Permissions to Azure SQL Users
Database-level Permissions

The following permissions are granted at the database level:
CREATE USER—the lowest permission level, which only allows accessing each database for reading its metadata.
* 
IMPORTANT: The CREATE USER permission does not come as part of the script, as the command is not supported as part of a batch in Azure SQL.
VIEW DATABASE STATE—required by all tiers (General Purpose, Hyperscale, and Business Critical) on the vCore model.
* 
IMPORTANT:

On the DTU model:

Basic, Standard 0, and Standard 1 tiers require server admin permission or an Azure Active Directory admin account (VIEW SERVER STATE permission).
Standard 2 and above tiers as well as Premium tiers require VIEW DATABASE STATE permission.
Running the Grant Permissions Script

The file used for granting permissions manually, SQLAzureGrantPrivilegesScript.sql, can be downloaded by clicking the link View script under the Instances table, accessible via either of the following methods:
When running the Monitor Azure SQL Database wizard, the script link is in the Insufficient Privileges dialog screen.
Figure 2. Insufficient Privileges dialog
In the Cartridges - Components for Download screen.
Figure 3. Components for Download
 
* 
IMPORTANT: Running this file requires one of the following server roles:
- Server admin
- Active Directory admin
- Member of the db_owner
To manually run the Grant Permissions script:
1
Run the CREATE USER command on a database to be monitored.
Upon successful completion of this command, the login becomes a user in the specific database, and therefore able to read the database’s metadata.
2
Open the DBSS_Azure_Permissions_User_Databases.sql file in SQL Server Management Studio (SSMS).
3
Find the Select @LoginName = ? section at the beginning of this file.
4
Replace the question mark with the login name to which the requested permissions are to be assigned.
5
Execute the script.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating