Check Test Connection Oracle DBA Access (#15764)

ingestion/src/metadata/ingestion/source/database/oracle/connection.py

@@ -38,6 +38,7 @@ from metadata.ingestion.connections.builders import (
 )
 from metadata.ingestion.connections.test_connections import test_connection_db_common
 from metadata.ingestion.ometa.ometa_api import OpenMetadata
+from metadata.ingestion.source.database.oracle.queries import CHECK_ACCESS_TO_DBA
 from metadata.utils.logger import ingestion_logger
 
 CX_ORACLE_LIB_VERSION = "8.3.0"
@@ -136,9 +137,13 @@ def test_connection(
     Test connection. This can be executed either as part
     of a metadata workflow or during an Automation Workflow
     """
+
+    test_conn_queries = {"CheckAccess": CHECK_ACCESS_TO_DBA}
+
     test_connection_db_common(
         metadata=metadata,
         engine=engine,
         service_connection=service_connection,
         automation_workflow=automation_workflow,
+        queries=test_conn_queries,
     )

ingestion/src/metadata/ingestion/source/database/oracle/queries.py

@@ -88,7 +88,7 @@ WHERE
     type = 'PROCEDURE' and owner = '{schema}'
 """
 )
-
+CHECK_ACCESS_TO_DBA = "SELECT table_name FROM DBA_TABLES where ROWNUM < 2"
 ORACLE_GET_STORED_PROCEDURE_QUERIES = textwrap.dedent(
     """
 WITH SP_HISTORY AS (SELECT

openmetadata-docs/content/v1.1.x/connectors/database/oracle/index.md

@@ -57,6 +57,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.1.x/connectors/database/oracle/yaml.md

@@ -61,8 +61,11 @@ CREATE ROLE new_role;
 -- GRANT ROLE TO USER 
 GRANT new_role TO user_name;
 
--- GRANT CREATE SESSION PRIVILEGE TO USER
+-- GRANT CREATE SESSION PRIVILEGE TO ROLE / USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.2.x/connectors/database/oracle/index.md

@@ -59,6 +59,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.2.x/connectors/database/oracle/yaml.md

@@ -65,6 +65,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.3.x/connectors/database/oracle/index.md

@@ -42,6 +42,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.3.x/connectors/database/oracle/yaml.md

@@ -42,6 +42,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/index.md

@@ -42,6 +42,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-docs/content/v1.4.x-SNAPSHOT/connectors/database/oracle/yaml.md

@@ -42,6 +42,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 With just these permissions, your user should be able to ingest the schemas, but not the tables inside them. To get

openmetadata-ui/src/main/resources/ui/public/locales/en-US/Database/Oracle.md

@@ -23,6 +23,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 - `GRANT SELECT` on the relevant tables which are to be ingested into OpenMetadata to the user

openmetadata-ui/src/main/resources/ui/public/locales/fr-FR/Database/Oracle.md

@@ -17,6 +17,9 @@ GRANT new_role TO user_name;
 
 -- GRANT CREATE SESSION PRIVILEGE TO USER
 GRANT CREATE SESSION TO new_role;
+
+-- GRANT SELECT CATALOG ROLE PRIVILEGE TO FETCH METADATA TO ROLE / USER
+GRANT SELECT_CATALOG_ROLE TO new_role;
 ```
 
 **Important:** OpenMetadata utilise `python-oracledb` qui supoorte seulement les version 12c, 18c, 19c, et 21c d'Oracle.