Permissions Required to Monitor External Database Systems

To monitor External Database Systems using Database Management, you must belong to a user group in your tenancy with the required permissions on the following Database Management resource-types:

dbmgmt-external-dbsystems: This resource-type allows a user group to perform tasks such as monitoring the External Database System, viewing the details of the components, and updating or deleting the External Database System.
dbmgmt-work-requests: This resource-type allows a user group to monitor the work requests associated with the External Database System and its components.
dbmgmt-family: This aggregate resource-type includes the individual Database Management resource-types and allows a user group to discover and monitor the External Database System. In addition, you can use this resource-type to grant the permissions required to perform the tasks pertaining to Oracle Databases and Exadata Infrastructure.

Here are a few examples of the individual policies that grant a user group the permissions required to use Database Management for External Database Systems:

To grant the DB-MGMT-EXTDBSYSTEM-USER user group the permission to perform tasks such as deleting the External Database Systems and moving the External Database Systems in the tenancy:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to manage dbmgmt-external-dbsystems in tenancy
```
To grant the DB-MGMT-EXTDBSYSTEM-USER user group the permission to perform tasks such as updating the External Database System and its components in the tenancy:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to use dbmgmt-external-dbsystems in tenancy
```
To grant the DB-MGMT-EXTDBSYSTEM-USER user group the permission to perform tasks such as monitoring the External Database System and its components in the tenancy:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to read dbmgmt-external-dbsystems in tenancy
```
To grant the DB-MGMT-EXTDBSYSTEM-USER user group the permission to monitor the work requests associated with the External Database System and its components in the tenancy:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to read dbmgmt-work-requests in tenancy
```

Alternatively, a single policy using the Database Management aggregate resource-type grants the DB-MGMT-EXTDBSYSTEM-USER user group the same permissions detailed in the preceding list as well as the permissions required to discover the External Database System and monitor its components:

Allow group DB-MGMT-EXTDBSYSTEM-USER to manage dbmgmt-family in tenancy

Additional Permissions Required to Monitor External Database Systems

In addition to Database Management permissions, the following Oracle Cloud Infrastructure service permissions are required to monitor External Database Systems.

Dynamic Group Policy for Management Agent

A dynamic group that contains the Management Agent is required to post metrics to the Oracle Cloud Infrastructure Monitoring service. To allow the Management Agent to do so, perform the following steps:

Create a dynamic group (agent-dynamic-group) that contains the Management Agent and enter the following matching rule to define the dynamic group:
```
ALL {resource.type='managementagent', resource.compartment.id='<AGENT_COMPARTMENT_OCID>'}
```
For information on how to create a dynamic group, see To create a dynamic group.
Create a policy with the dynamic group (agent-dynamic-group) to post metrics to the Monitoring service. In this example, agent-dynamic-group posts the metrics emitted in the oracle_oci_database_cluster namespace for the External Database System components that reside in compartment ABC.
```
Allow dynamic-group agent-dynamic-group to use metrics in compartment ABC where target.metrics.namespace = 'oracle_oci_database_cluster'
```

Monitoring Service Permissions

Monitoring service permissions are required to:

View the metrics for the External Database System components in Database Management.
View the open alarms for the External Database System components in Database Management.

Here's information on the policies that provide the permissions required to perform the tasks given in the preceding list:

To view the metrics for the External Database System components in Database Management, a policy with the read verb for the metrics resource-type must be created. Here's an example:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to read metrics in compartment ABC
```
To view the open alarms for the External Database System components in Database Management and on the Alarm Status and Alarm Definitions pages of the Monitoring service, a policy with the read verb for the alarms resource-type must be created (in addition to a policy with the read verb for the metrics resource-type). Here's an example:
```
Allow group DB-MGMT-EXTDBSYSTEM-USER to read alarms in compartment ABC
```

To build queries and create alarms for External Database System metrics using the Monitoring service, other permissions are required. For information on:

Monitoring service resource-types and permissions, see Details for Monitoring.
Common Monitoring service policies, see Common Policies.

Oracle Cloud Infrastructure Documentation

Additional Permissions Required to Monitor External Database Systems