scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit 5ba848dbdd (#21991)

Browse Source 
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-07-20 17:17:27 -04:00
committed by GitHub
parent 030b0af136
commit dba044da75
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
website/content/docs/secrets/databases/oracle.mdx
View File

@@ -62,6 +62,23 @@ Before running the plugin you will need to have the Oracle Instant Client
library installed. These can be downloaded from Oracle. The libraries will need to
be placed in the default library search path or defined in the ld.so.conf configuration files.
The following privileges are needed by the plugin for minimum functionality. Additional privileges may be needed
depending on the SQL configured on the database roles.
```sql
GRANT CREATE USER to vault WITH ADMIN OPTION;
GRANT ALTER USER to vault WITH ADMIN OPTION;
GRANT DROP USER to vault WITH ADMIN OPTION;
GRANT CONNECT to vault WITH ADMIN OPTION;
GRANT CREATE SESSION to vault WITH ADMIN OPTION;
GRANT SELECT on gv$session to vault;
GRANT SELECT on v_$sql to vault;
GRANT ALTER SYSTEM to vault WITH ADMIN OPTION;
```
~> Vault needs `ALTER SYSTEM` to terminate user sessions when revoking users. This may be
substituted with a stored procedure and granted to the Vault administrator user.
If you are running Vault with [mlock enabled](/vault/docs/configuration#disable_mlock),
you will need to enable ipc_lock capabilities for the plugin binary.