Documentation forDatabase Performance Analyzer

DPA roles and privileges

When you add user accounts in DPA, you assign each user a role. The role determines the user's privileges.

Administrator role

By default, administrators have access to all DPA functionality, including all setup, administration, and support options. You have the option of removing user administration privileges from the Administrator role in order to limit user management to the User Manager role.

DPA requires at least one Administrator account, which is created during installation.

Only administrators can perform certain actions, such as:

  • Register and unregister database instances and VMs
  • Allocate licenses
  • Run advanced support utilities
  • Edit system-wide Advanced Options
  • Start and stop all monitors
  • Create, edit, and delete report schedules
  • Create, edit, and delete alert groups
  • Create, edit, and delete email templates for alert notifications
  • Configure the mail server
  • Administer contacts and contact groups

User Manager role

Accounts with the User Manager role have privileges to create and manage DPA user accounts, but they cannot view data collected by DPA or perform any other DPA tasks.

By default, accounts with the Administrator role also have privileges to create and manage DPA user accounts. To enforce a strict separation of duties, you can remove user account management privileges from the Administrator role.

The Repository Owner always retains user account management privileges.

Read Only on All Instances role

Users with the Read Only role can perform the following actions for all database instances:

  • View performance data and metrics
  • Run reports and view existing report groups
  • View existing alerts
  • View logs

Custom Privileges role

The Custom Privileges role specifies which privileges a user has, and which database instances these privileges apply to. Use this role to:

  • Prevent users from seeing data about certain database instances
  • Give users privileges to manage monitoring options, alerts, and reports without granting them full administrative privileges

When you assign this role to a user, you can grant any of the following privileges. Privileges can apply to all database instances or only selected instances.

Privilege Actions allowed against selected database instances
View Data
  • View performance data and metrics
  • Run reports and view existing report groups
  • View logs
Manage Reports Create, edit, and delete report groups
View Alerts View existing alerts
Manage Alerts
  • Create, edit, and delete alerts
  • View existing alert groups
Manage Monitoring
  • Create, edit, and delete blackout periods for monitoring
  • Manage I/O configuration
  • Update Advanced Options for a specific database instance
  • Add annotations
  • Exclude SQL statements from trend charts
  • Start and stop individual monitors

Users with Manage Monitoring permissions cannot see the charts at the top of the DPA homepage.