vCenter Server requires a database. If you decide to use an external Oracle or Microsoft SQL Server database, when you create the database, you must grant certain permissions to the database user.

Microsoft SQL Database Permissions for vCenter Server

Permission

Description

GRANT ALTER ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE

Mandatory when you work with SQL Server custom schema.

GRANT REFERENCES ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE

Mandatory when you work with SQL Server custom schema.

GRANT INSERT ON SCHEMA :: [VMW] TO VC_ADMIN_ROLE

Mandatory when you work with SQL Server custom schema.

GRANT CREATE TABLE TO VC_ADMIN_ROLE

Necessary for creating a table.

GRANT CREATE VIEW TO VC_ADMIN_ROLE

Necessary for creating a view.

GRANT CREATE PROCEDURE TO VC_ADMIN_ROLE

Necessary for creating a stored procedure.

GRANT SELECT ON SCHEMA :: [VMW] TO VC_USER_ROLE

Permissions that let you run SELECT, INSERT, DELETE, UPDATE operations on tables which are part of the VMW schema.

GRANT INSERT ON SCHEMA :: [VMW] TO VC_USER_ROLE

GRANT DELETE ON SCHEMA :: [VMW] TO VC_USER_ROLE

GRANT UPDATE ON SCHEMA :: [VMW] TO VC_USER_ROLE

GRANT EXECUTE ON SCHEMA :: [VMW] TO VC_USER_ROLE

Necessary for running a stored procedure in the db schema.

GRANT SELECT ON msdb.dbo.syscategories TO VC_ADMIN_ROLE

Necessary for deploying SQL Server jobs.

These permissions are mandatory only during installation and upgrade and not required after deployment.

GRANT SELECT ON msdb.dbo.sysjobsteps TOVC_ADMIN_ROLE

GRANT SELECT ON msdb.dbo.sysjobs TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_add_job TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_delete_job TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_add_jobstep TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_update_job TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_add_jobserver TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_add_jobschedule TO VC_ADMIN_ROLE

GRANT EXECUTE ON msdb.dbo.sp_add_category TO VC_ADMIN_ROLE

GRANT VIEW SERVER STATE TO [vpxuser]

Provides access to SQL Server DMV views and sp_lock execution.

GRANT VIEW ANY DEFINITION TO [vpxuser]

Necessary for providing the user with the privileges to see metadata for SQL Server objects.

Oracle Database Permissions for vCenter Server

Permission

Description

GRANT CONNECT TO VPXADMIN

Necessary for connecting to the Oracle database.

GRANT RESOURCE TO VPXADMIN

Necessary for creating a trigger, sequence, type, procedure, and so on.

By default, the RESOURCE role has the CREATE PROCEDURE, CREATE TABLE, and CREATE SEQUENCE privileges assigned. If the RESOURCE role lacks these privileges, grant them to the vCenter Server database user.

GRANT CREATE VIEW TO VPXADMIN

Necessary for creating a view.

GRANT CREATE SEQUENCE TO VPXADMIN

Necessary for creating a sequence.

GRANT CREATE TABLE TO VPXADMIN

Necessary for creating a table.

GRANT CREATE MATERIALIZED VIEW TO VPXADMIN

Necessary for creating a materialized view.

GRANT EXECUTE ON dbms_lock TO VPXADMIN

Necessary for guaranteeing that the vCenter Server database is used by a single vCenter Server instance.

GRANT EXECUTE ON dbms_job TO VPXADMIN

Necessary during installation or upgrade for scheduling and managing the SQL jobs.

This permission is not required after deployment.

GRANT SELECT ON dba_lock TO VPXADMIN

Necessary for determining existing locks on the vCenter Server database.

GRANT SELECT ON dba_tablespaces TO VPXADMIN

Necessary during upgrade for determining the required disk space.

This permission is not required after deployment.

GRANT SELECT ON dba_temp_files TO VPXADMIN

Necessary during upgrade for determining the required disk space.

This permission is not required after deployment.

GRANT SELECT ON dba_data_files TO VPXADMIN

Necessary for monitoring the free space while vCenter Server is working.

GRANT SELECT ON v_$session TO VPXADMIN

View used to determine existing locks on the vCenter Server database.

GRANT UNLIMITED TABLESPACE TO VPXADMIN

Necessary for granting unlimited tablespace permissions to the vCenter Server database user.

GRANT SELECT ON v_$system_event TO VPXADMIN

Necessary for checking log file switches.

GRANT SELECT ON v_$sysmetric_history TO VPXADMIN

Necessary for checking the CPU utilization.

GRANT SELECT ON v_$sysstat TO VPXADMIN

Necessary for determining the Buffer Cache Hit Ratio.

GRANT SELECT ON dba_data_files TO VPXADMIN

Necessary for determining the tablespace utilization.

GRANT SELECT ON v_$loghist TO VPXADMIN

Necessary for checking the checkpoint frequency.

The privileges on the master database are used to monitor the vCenter Server database. so that, for example, if a certain threshold is reached, you can see an alert.