Oracle Database Protector

The Oracle Database Protector can be installed by the user with sudoer permissions and the Oracle admin user. This section discusses the installation with a user having the sudoer permissions. Wherever possible, the oracle commands for Oracle admin user would be provided.

To use the Oracle Database Protector, update the environment variables in Oracle.

User Privileges

The Oracle Database Protector installation can be broadly divided into installing the RPAgent and installing the UDFs. The RPAgent installation establishes the connection between the ESA and the Database Protector, while the UDFs use the policies to enforce protection on the data.

User for retrieving users from Oracle Database

For policies to be defined in the ESA, users can be imported from any of the multiple sources such as Active Directory (AD), file, or an Oracle database. To pull users from an Oracle database, a membersource must be created. The following information applies if the users must be pulled from an Oracle database.

To retrieve users from the Member Source Server:

  1. Either create a functional database user with create session permissions
    or
    Use an existing user with create session permissions
  2. Grant the following two specific grants:
    • Grant select on sys.dba_roles to protegrity
    • Grant select on sys.dba_role_privs to protegrity

Where, protegrity is the functional user created.

User for installing and dropping the UDFs

After the RPAgent is installed, the UDFs can be installed on the Oracle Database server. Create a functional database user with the following privilege rights:

  • CREATE USER <user_name> IDENTIFIED BY <user_password>;
  • GRANT UNLIMITED TABLESPACE to <user_name>;
  • GRANT CREATE SESSION to <user_name>;
  • GRANT SELECT ANY TABLE to <user_name>;
  • GRANT CREATE LIBRARY to <user_name>;
  • GRANT CREATE PROCEDURE to <user_name>;
  • GRANT DROP PUBLIC SYNONYM to <user_name>;
  • GRANT CREATE PUBLIC SYNONYM to <user_name>;
  • GRANT CREATE TABLE to <user_name>;
  • GRANT CREATE VIEW to <user_name>;
  • GRANT CREATE TYPE TO <user_name>;
  • GRANT DROP ANY VIEW TO <user_name>;
  • GRANT DROP ANY PROCEDURE TO <user_name>;
  • GRANT DROP ANY LIBRARY TO <user_name>;
  • GRANT DROP ANY TYPE TO <user_name>;
  • GRANT DROP PUBLIC SYNONYM TO <user_name>;

Where, <user_name> is the functional user created.

Important: Protegrity manages permissions that are configured within the Protegrity system. Any custom permissions outside of Protegrity’s configuration are not handled by the software.

Understanding the Architecture

System Requirements

Preparing the Environment

Installing Oracle Database Protector

Configuring the Oracle Database Protector

Upgrading the Oracle Database Protector

Uninstalling the Oracle Database Protector


Last modified : January 05, 2026