DPA roles and privileges
When you add user accounts in DPA, you assign each user a role. The role determines the user's privileges.
By default, administrators have access to all DPA functionality, including all setup, administration, and support options. You have the option of removing user administration privileges from the Administrator role in order to limit user management to the User Manager role.
DPA requires at least one Administrator account, which is created during installation.
Only administrators can perform certain actions, such as:
- Register and unregister database instances and VMs
- Allocate licenses
- Run advanced support utilities
- Edit system-wide Advanced Options
- Start and stop all monitors
- Create, edit, and delete report schedules
- Create, edit, and delete alert groups
- Create, edit, and delete email templates for alert notifications
- Configure the mail server
- Create and manage contacts and contact groups
- Create and manage custom properties
- View logs
Accounts with the User Manager role have privileges to create and manage DPA user accounts, but they cannot view data collected by DPA or perform any other DPA tasks.
By default, accounts with the Administrator role also have privileges to create and manage DPA user accounts. To enforce a strict separation of duties, you can remove user account management privileges from the Administrator role.
The Repository Owner always retains user account management privileges.
Read Only on All Instances role
Users with the Read Only role can perform the following actions for all database instances:
- View performance data and metrics
- Run reports and view existing report groups
- View existing alerts
- View annotations
Custom Privileges role
The Custom Privileges role specifies which privileges a user has, and which database instances these privileges apply to. Use this role to:
- Prevent users from seeing data about certain database instances
- Give users privileges to manage monitoring options, alerts, and reports without granting them full administrative privileges
When you assign this role to a user, you can grant any of the following privileges. Privileges can apply to all database instances or only selected instances.
|Privilege||Actions allowed against selected database instances|
|Manage Reports||Create, edit, and delete report groups|
|View Alerts||View existing alerts|
Users with Manage Monitoring permissions cannot see the charts at the top of the DPA home page.