migVisor provides user creation scripts to help speed up the initiation process and to provide clarity and transparency regarding the permissions and access required to run migVisor.
The scripts are provided per DB engine type and should be treated as a recommendation, reviewed, and used at the discretion of the security advisor of the organization.
Simplified the user creation script by granting SELECT_CATALOG_ROLE to c##mig_comm_user user instead of providing privileges on individual catalog views.
Modified the permissions of read-only user by adding the following grants:
pg_read_all_settings to mig_user - Reads all configuration variables, even those normally visible only to superusers.
pg_read_all_stats to mig_user - Reads all pg_stat_* views and use various statistics-related extensions, even those normally visible only to superusers.
Added error handling for read-only databases. Adjusted the script syntax to enable its interaction with SQL Server 2005 sources.
101
AP-232
Simplified the user creation script by granting VIEW SERVER STATE, VIEW ANY DEFINITION and SELECT on dbo.sysaltfiles (SQL Server 2000 only) to mig_user user instead of providing privileges on individual catalog views.