Hi Roland,
during configuration of monitoring DB2 with Instana we used these settings to monitor the Database:
b2 "grant execute on FUNCTION SYSPROC.MON_GET_CONTAINER to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_TRANSACTION_LOG to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_DATABASE to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_TABLESPACE to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_PKG_CACHE_STMT to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_AGENT to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_HADR to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_CONNECTION to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_PKG_CACHE_STMT to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_UTILITY to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_WORKLOAD to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_UNIT_OF_WORK to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.MON_GET_INSTANCE to USER mig_ro"
db2 "grant select on table SYSIBMADM.MON_TRANSACTION_LOG_UTILIZATION to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.PD_GET_DIAG_HIST to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.PD_GET_LOG_MSGS to USER mig_ro"
db2 "grant select on TABLE SYSCAT.INDEXES to USER mig_ro"
db2 "grant select on TABLE SYSCAT.TABLES to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.MON_CURRENT_SQL to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.DB_HISTORY to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.DBCFG to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.MON_CONNECTION_SUMMARY to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.MON_DB_SUMMARY to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.MON_LOCKWAITS to USER mig_ro"
db2 "grant select on TABLE SYSIBMADM.SNAPTAB_REORG to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.DB_GET_CFG to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.DBM_GET_CFG to USER mig_ro"
db2 "grant execute on FUNCTION SYSPROC.ENV_GET_INST_INFO to USER mig_ro"
I hope you'll find this information helpful, although it's quite a while since you've asked :-)
best regards
Frank
------------------------------
Frank Trila
------------------------------
Original Message:
Sent: Mon April 26, 2021 09:47 AM
From: Roland Schock
Subject: DMC 3.1.4: Access rights and priviledges needed in database to monitor
Hi,
in a more tight customer scenario we try the get DMC 3.1.4 running.
According to this Minimum database privileges required for Db2 KC page, I started with these permissions, but I still get
errors in the DMC which return errors ('Can't display data' Click on refresh to continue, which doesn't help)
GRANT CONNECT, SQLADM, IMPLICIT_SCHEMA ON DATABASE TO USER DMCMON ;
GRANT CREATETAB ON DATABASE TO USER DMCMON ;
GRANT USAGE ON WORKLOAD SYSDEFAULTUSERWORKLOAD TO USER DMCMON ;
GRANT EXECUTE ON PACKAGE NULLID.SYSSH200 TO USER DMCMON ;
GRANT EXECUTE ON PACKAGE NULLID.SYSSH100 TO USER DMCMON ;
GRANT EXECUTE ON PACKAGE NULLID.SYSSN200 TO USER DMCMON ;
GRANT EXECUTE ON FUNCTION SYSPROC.* to user DMCMON;
GRANT EXECUTE ON PROCEDURE SYSIBM.SQLCAMESSAGECCSID to user DMCMON;
GRANT SELECT ON sysibm.sysdummy1 to USER DMCMON ;
GRANT SELECT ON sysibm.sysversions to USER DMCMON ;
GRANT SELECT ON SYSIBM.SYSUSERAUTH TO USER DMCMON ;
Of course DBADM with DATAACCESS could fix it all, but that is not allowed in this environment.
What are the minimal privileges and permissions on the database to monitor are needed to get basic monitoring
or advanced monitoring running?
Kind regards
------------------------------
Roland Schock
Distinguished Engineer
ARS Computer und Consulting GmbH
------------------------------
#Db2