# Creating and configuring the destination database user

This is the Oracle user that connects to the destination database. This user cannot be the same user as the output schema of the data.

To create and configure the destination database user, you can use the following set of steps:

1. [Create the destination database user](#oracle-destination-user-create)
2. [Grant basic privileges to the user](#oracle-destination-user-basic-privs)
3. [Grant access to system catalog views](#oracle-destination-user-catalog-views)
4. [Grant additional privileges required for the destination user](#oracle-destination-user-additional-privs)
5. [Grant access to packages](#granting-destination-database-user-access-to-packages)
6. [Grant SELECT access to other database objects](#granting-select-access-to-other-database-objects)

## Creating the destination database user <a href="#oracle-destination-user-create" id="oracle-destination-user-create"></a>

To create the destination user:

```
CREATE USER tonic IDENTIFIED BY "<tonic password>";
```

## Granting basic privileges to the destination user <a href="#oracle-destination-user-basic-privs" id="oracle-destination-user-basic-privs"></a>

To grant basic privileges to the destination user:

```
GRANT CREATE SESSION TO tonic;
```

## Granting destination user access to system catalog views <a href="#oracle-destination-user-catalog-views" id="oracle-destination-user-catalog-views"></a>

For information on options for granting access to system catalog views, go to [oracle-database-user-sys-catalog](https://docs.tonic.ai/app/setting-up-your-database/oracle/oracle-before-workspace-creation/oracle-database-users/oracle-database-user-sys-catalog "mention").

## Granting additional privileges to the destination user <a href="#oracle-destination-user-additional-privs" id="oracle-destination-user-additional-privs"></a>

Because the destination database user actually writes to the destination database, it requires a higher level of privileges than the source database user.

And because the database objects are not created until the data generation runs, the destination user requires the "ANY" privileges. It is not possible to grant privileges for specific objects.

The required privileges are slightly different based on [whether Structural creates the destination database schema](#oracle-config-skip-db-creation).

### Determining the objects used in the source database schema <a href="#oracle-determine-source-schema-objects" id="oracle-determine-source-schema-objects"></a>

The required privileges also depend on the types of objects that the source schema contains.

For example, if the source schema contains views, then the destination database user requires `CREATE ANY VIEW` and `DROP ANY VIEW`. If the source schema does not contain any views, then the destination database user does not require those privileges.

To identify the types of objects that are present in the source schema, run the following:

{% code overflow="wrap" %}

```
SELECT object_type FROM dba_objects WHERE owner = '<source-schema>' ORDER BY object_type;
```

{% endcode %}

### Required destination database user privileges

The following tables list the required privileges for the destination user, based on whether Structural creates the destination schema and whether the schema contains specific object types.

#### **Table privileges**

The following privileges are required to manage tables:

<table><thead><tr><th width="219.171875">Privilege</th><th>Structural creates schema</th><th>You create schema</th></tr></thead><tbody><tr><td>ALTER ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>COMMENT ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>CREATE ANY TABLE</td><td>✔️</td><td></td></tr><tr><td>CREATE SESSION</td><td>✔️</td><td>✔️</td></tr><tr><td>DELETE ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>DROP ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>INSERT ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>LOCK ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>SELECT ANY TABLE</td><td>✔️</td><td>✔️</td></tr><tr><td>UPDATE ANY TABLE</td><td>✔️</td><td>✔️</td></tr></tbody></table>

#### **Index and index partition privileges**

The following privileges are required when the source schema contains indexes or index partitions:

| Privilege        | Structural creates schema | You create schema |
| ---------------- | ------------------------- | ----------------- |
| ALTER ANY INDEX  | ✔️                        | ✔️                |
| CREATE ANY INDEX | ✔️                        |                   |

#### **Indextype privileges**

The following privileges are required when the source schema contains indextypes:

| Privilege            | Structural creates schema | You create schema |
| -------------------- | ------------------------- | ----------------- |
| CREATE ANY INDEXTYPE | ✔️                        |                   |
| DROP ANY INDEXTYPE   | ✔️                        |                   |

#### **Sequence privileges**

The following privileges are required when the source schema contains sequences:

| Privilege           | Structural creates schema | You create schema |
| ------------------- | ------------------------- | ----------------- |
| ALTER ANY SEQUENCE  | ✔️                        | ✔️                |
| CREATE ANY SEQUENCE | ✔️                        |                   |
| DROP ANY SEQUENCE   | ✔️                        |                   |
| SELECT ANY SEQUENCE | ✔️                        | ✔️                |

#### **Trigger privileges**

The following privileges are required if the source schema contains triggers:

| Privilege          | Structural creates schema | You create schema |
| ------------------ | ------------------------- | ----------------- |
| ALTER ANY TRIGGER  | ✔️                        | ✔️                |
| CREATE ANY TRIGGER | ✔️                        |                   |
| DROP ANY TRIGGER   | ✔️                        |                   |

#### **Scheduler object privileges**

The following privileges are required if the source schema contains scheduler objects such as jobs, programs, or job classes:

| Privilege      | Structural creates schema | You create schema |
| -------------- | ------------------------- | ----------------- |
| CREATE ANY JOB | ✔️                        |                   |

#### **Materialized view privileges**

The following privileges are required if the source schema contains materialized views:

| Privilege                    | Structural creates schema | You create schema |
| ---------------------------- | ------------------------- | ----------------- |
| CREATE ANY MATERIALIZED VIEW | ✔️                        |                   |
| DROP ANY MATERIALIZED VIEW   | ✔️                        |                   |

#### **Synonym privileges**

The following privileges are required if the source schema contains synonyms:

| Privilege          | Structural creates schema | You create schema |
| ------------------ | ------------------------- | ----------------- |
| CREATE ANY SYNONYM | ✔️                        |                   |
| DROP ANY SYNONYM   | ✔️                        |                   |

#### **Type privileges**

The following privileges are required if the source schema contains types:

| Privilege        | Structural creates schema | You create schema |
| ---------------- | ------------------------- | ----------------- |
| CREATE ANY TYPE  | ✔️                        |                   |
| EXECUTE ANY TYPE | ✔️                        | ✔️                |

#### **View privileges**

The following privileges are required if the source schema contains views:

| Privilege       | Structural creates schema | You create schema |
| --------------- | ------------------------- | ----------------- |
| CREATE ANY VIEW | ✔️                        |                   |
| DROP ANY VIEW   | ✔️                        |                   |

#### **Advanced queues privileges**

The following privileges are required if the source schema contains advanced queues:

| Privilege                   | Structural creates schema | You create schema |
| --------------------------- | ------------------------- | ----------------- |
| DROP ANY EVALUATION CONTEXT | ✔️                        |                   |
| MANAGE ANY QUEUE            | ✔️                        | ✔️                |

#### **Procedures and functions privileges**

The following privileges are required if the source schema contains procedures or functions:

<table><thead><tr><th width="246.9453125">Privilege</th><th width="255.51171875">Structural creates schema</th><th width="245.734375">You create schema</th></tr></thead><tbody><tr><td>CREATE ANY PROCEDURE</td><td>✔️</td><td></td></tr><tr><td>DROP ANY PROCEDURE</td><td>✔️</td><td></td></tr></tbody></table>

## Granting destination database user access to packages

Depending on the object types that the source schema includes, the destination database user must have `EXECUTE ON` privileges for the following packages:

<table><thead><tr><th width="233.33984375" valign="top">Package</th><th valign="top">Object types that require it</th></tr></thead><tbody><tr><td valign="top"><code>DBMS_JAVA</code></td><td valign="top">JAVA CLASS<br>JAVA CLASS<br>JAVA RESOURCE<br>JAVA SOURCE</td></tr><tr><td valign="top"><code>DBMS_SCHEDULER</code></td><td valign="top">JOB<br>JOB CLASS<br>PROGRAM</td></tr><tr><td valign="top"><code>DBMS_MVIEW</code></td><td valign="top">MATERIALIZED VIEW</td></tr><tr><td valign="top"><code>DBMS_AQADM</code></td><td valign="top">QUEUE</td></tr></tbody></table>

To identify the types of objects that are present in the source schema, run the following:

{% code overflow="wrap" %}

```
SELECT object_type FROM dba_objects WHERE owner = '<source-schema>' ORDER BY object_type;
```

{% endcode %}

This access might already be in place for the `PUBLIC` user. If it is not, then to grant the access:

```
GRANT EXECUTE ON DBMS_JAVA TO tonic;
GRANT EXECUTE ON DBMS_SCHEDULER TO tonic;
GRANT EXECUTE ON DBMS_MVIEW TO tonic;
GRANT EXECUTE ON DBMS_AQADM TO tonic;
```

## Granting SELECT access to other database objects

The following types of source database objects might depend on schemas other than the source schema:

* Views
* Materialized views
* Procedures
* Functions
* Packages

The destination database user must be granted at least `SELECT` access to all of these types of objects that are present in the source database.

If the destination database user does not have `SELECT` access for a source database object, then when Structural attempts to create the object in the destination database, an error is returned.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/app/setting-up-your-database/oracle/oracle-before-workspace-creation/oracle-database-users/oracle-destination-user-create-config.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.