This document covers information about database object creation, privilege/grant creation and requirements, and encryption security for Spotlight Enterprise. The Security and Encryption section identifies changes to Spotlight Enterprise that could affect your security auditing process for both client and server.
Edit me

User Privileges and Roles

Not applicable.

Database Objects Created

Not applicable.

Spotlight Statistics Repository User Privileges and Roles

The user must have the appropriate privileges required to update the tables of the Spotlight Statistics Repository.

Spotlight Statistics Repository Objects Created

The following repository objects are created by Spotlight Enterprise in the Spotlight Statistics Repository:

spotlight_daily_ssr_maintenance

spotlight_get_datasources

spotlight_get_domains

spotlight_get_monitored_objects

spotlight_get_table_columns

spotlight_get_table_data_instance

spotlight_get_table_keys

spotlight_get_table_range

spotlight_get_table_span

spotlight_get_tables

spotlight_get_technologies

spotlight_rep_alarms

spotlight_rep_alarms2

spotlight_rep_cache_hit_ratios

spotlight_rep_cpu_utilization

spotlight_rep_disk_growth

spotlight_rep_disk_statistics

spotlight_rep_growth_data_files

spotlight_rep_growth_data_files2

spotlight_rep_sql_batches_rate

spotlight_rep_top_sql

spotlight_rep_top_sql_summary

spotlight_rt_get_aggregated_workload_analysis

spotlight_rt_get_allsqlagentjobs

spotlight_rt_get_batch_data

spotlight_rt_get_batch_data2

spotlight_rt_get_custom_counter

spotlight_rt_get_failedsqlagentjobs

spotlight_rt_get_fileio_stats

spotlight_rt_get_mostcommonblock

spotlight_rt_get_point_data

spotlight_rt_get_point_data_top

spotlight_rt_get_sqlblockedmost

spotlight_rt_get_sqlblockingmost

spotlight_rt_get_waitstats

spotlight_sqlanalysis_results

spotlight_ssr_upgrade_info

spotlight_ssr_version

Procedure Objects

spotlight_daily_ssr_maintenance

spotlight_get_datasources

spotlight_get_domains

spotlight_get_monitored_objects

spotlight_get_table_columns

spotlight_get_table_data_instance

spotlight_get_table_keys

spotlight_get_table_range

spotlight_get_table_span

spotlight_get_tables

spotlight_get_technologies

spotlight_rep_alarms

spotlight_rep_cache_hit_ratios

spotlight_rep_cpu_utilization

spotlight_rep_disk_growth

spotlight_rep_disk_statistics

spotlight_rep_growth_data_files

spotlight_rep_sql_batches_rate

spotlight_rep_top_sql

spotlight_rep_top_sql_summary

spotlight_rt_get_aggregated_workload_analysis

spotlight_rt_get_allsqlagentjobs

spotlight_rt_get_batch_data

spotlight_rt_get_custom_counter

spotlight_rt_get_failedsqlagentjobs

spotlight_rt_get_fileio_stats

spotlight_rt_get_mostcommonblock

spotlight_rt_get_point_data

spotlight_rt_get_point_data_top

spotlight_rt_get_sqlblockedmost

spotlight_rt_get_sqlblockingmost

spotlight_rt_get_waitstats

spotlight_sqlanalysis_results

spotlight_ssr_upgrade_info

spotlight_ssr_version

Table Objects

spotlight_datasources

spotlight_domains

spotlight_monitored_objects

spotlight_perfdata

spotlight_stat_classes

spotlight_stat_keys

spotlight_stat_names

spotlight_technologies

spotlight_timestamps

Playback Database User Privileges and Roles

The user must have the appropriate privileges required to update the table of the playback database.

Playback Database Objects Created

The following repository objects are created by Spotlight Enterprise in the playback database:

Procedure Objects

spotlight_daily_pb_maintenance

spotlight_playback_version

Table Objects

spotlight_playback_alarms

spotlight_playback_data

spotlight_playback_states

Privileges / Grants Created

Not applicable.

Privilege / Grant Requirements

Each SQL Server connection from the Diagnostic Server must have access to a SQL Server account that is a member of the sysadmin server role. This can be a SQL Server login (such as ‘sa’), or the Diagnostic Server can be installed to run under a Windows account that is trusted by SQL Server.

The Spotlight user requires the following:

  • PUBLIC access to all databases on the monitored instance.
  • DATAREADER database role on the msdb database.
  • To be granted VIEW SERVER STATE privilege.
  • Execute permission on the following extended stored procedures: xp_enumerrorlogs , xp_readerrorlog, and xp_servicecontrol.
  • To be granted VIEW DEFINITION privilege on all databases on the monitored instance.

Spotlight Enterprise Security and Encryption

The following statement provides security and encryption information for Spotlight Enterprise.

Encryption is used by the product to encrypt the credentials that are used to connect to monitored connections and to store licensing configuration.