Appendix

Download this manual as a PDF file

This appendix describes the minimum user permissions for Oracle: Database and why they are needed.

If your user is “oracle”, the default Oracle OS user, you should already have all the required permissions.

Oracle: Database Minimum Permissions Needed

At a minimum, SL1 needs the following:

  • To be able to retrieve lsnrctl status output: This is used to check instance status, to determine if the instance is up or down. The output is also used to model child devices.
  • To be able to retrieve tnsnames.ora info: SL1matches any provided credentials with the contents of tnsnames.ora to verify whether the credentials are correct. The file information is also used to monitor PDBs.

To get that information, the Oracle: Database user permissions listed below are needed.

Folder path through lsnrctl, tnsnames.ora

This permission is needed to access lsnrctl and tnsnames.ora. Every folder to reach those files must have "read" and "execute" permissions. For example:

If ORACLE_HOME is /u01/app/oracle/product/21.0.0/dbhome_1

  • give “read” & “execute” to /u01

  • give “read” & “execute” to app

  • give “read” & “execute” to oracle

  • give “read” & “execute” to product

  • give “read” & “execute” to 21.0.0

  • give “read” & “execute” to dbhome_1

If you are not using “oracle” in your SSH credential, and want to give permissions to a user outside the “orainstall” group, the commands should use o= where o= stands for “other” and rx stands for “read & execute”.

chmod o=rx /u01

chmod o=rx /u01/app

chmod o=rx /u01/app/oracle

chmod o=rx /u01/app/oracle/product

chmod o=rx /u01/app/oracle/product/21.0.0

chmod o=rx $ORACLE_HOME

To give permissions to bin and lib folders:

chmod o=rx $ORACLE_HOME/bin

chmod o=rx $ORACLE_HOME/lib

Execute permission to run lsnrctl

This permission is needed to run the lsnrctl command to check instance status.

chmod o=x $ORACLE_HOME/bin/lsnrctl

Read permission to read libclntsh.so.21.1, libclntshcore.so.21.1, libnnz21.so

This permission is needed because lsnrctl depends on them.

chmod o=r $ORACLE_HOME/lib/libclntsh.so.21.1

chmod o=r $ORACLE_HOME/lib/libclntshcore.so.21.1

chmod o=r $ORACLE_HOME/lib/libnnz21.so

Folder path to read tnsnames.ora and mesg folder

This permission is needed because SL1 reads tnsnames.ora to verify if provided credentials match with tnsnames.ora, and because lsnrctl depends on mesg files.

chmod o=rx $ORACLE_HOME/network

chmod o=rx $ORACLE_HOME/network/admin

chmod o=rx $ORACLE_HOME/network/mesg

chmod o=r $ORACLE_HOME/network/admin/tnsnames.ora

chmod -R o=r $ORACLE_HOME/network/mesg/

Read permission for oratab

This permission is needed because SL1 gets ORACLE_HOME from oratb.

chmod o=r /etc/oratab

ORACLE_HOME is needed to properly run lsnrctl and read tnsnames.ora.