Required Permissions

The service account (user) on the target systems must have permissions for the operations it carries out.

Operation	Required Permissions
Load Accounts	Read Permissions
Provision Accounts	Write Properties Write User Objects Create User Objects
Password Management	Change Password Reset Password
Enable and Disable Accounts	Read Account Write Account
Unlock Accounts	Read Lockstatus Write Lockstatus

Additional Permissions

Update the service account for the Oracle Database source with the following permissions:

GRANT SELECT ON DBA_TABLESPACES TO ${UserName};

GRANT SELECT ON DBA_PROFILES TO ${UserName};

The Oracle administrator must have all the permissions mentioned below for performing the provisioning operations.

CREATE USER ${UserName} IDENTIFIED BY ${Password};

The following table lists the required permissions for the specific operations mentioned below in this section:

Operation	Required Permissions
Test Connection	Test Connection
Account Aggregation	Test Connection and Account Aggregation
Group Aggregation	Test Connection and Group Aggregation
CREATE Account	Test Connection, Account Aggregation and Create Account
UPDATE / MODIFY Account	Test Connection, Account Aggregation and Update Account

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Required Permissions

Documentation Feedback