The purpose of this article is to list the permissions that are required to run a zero touch inventory against an Oracle database.
Prerequisites #/ affected products
Product | Version |
RayVentory Portal | 11.3 or later |
RayVentory Scan Engine | 12.0 or later |
Change log
Date | Change |
2020-07-29 |
- fix problem with unlock user and special characters - fix issue with OracleDB 9i/10i - update script templates to version 1.5.4.7 |
2024-04-09 |
- changed create_user_1.5.6.sql to create_user_1.5.8.sql |
Required Permissions
The service account requires the following read permissions:
Option | Description |
CONTENT.ODM_DOCUMENT | Feature usage statistics |
DMSYS.DM$MODEL | Feature usage statistics |
DMSYS.DM$OBJECT | Feature usage statistics |
DMSYS.DM$P_MODEL | Feature usage statistics |
DVSYS.DBA_DV_REALM | Feature usage statistics |
LBACSYS.LBAC$POLT | Feature usage statistics |
MDSYS.ALL_SDO_GEOM_METADATA | Feature usage statistics |
MDSYS.SDO_GEOM_METADATA_TABLE | Feature usage statistics |
ODM.ODM_MINING_MODEL | Feature usage statistics |
ODM.ODM_RECORD | Feature usage statistics |
OLAPSYS.DBA§OLAP_CUBES | Feature usage statistics |
SYS.CDB_FEATURE_USAGE_STATISTICS | Displays information about database feature usage statistics in case of Container Database |
SYS.DBA_ADVISOR_TASKS | Displays information about all tasks in the database |
SYS.DBA_AUDIT_TRAIL | Displays all audit trail entries |
SYS.DBA_AWS | Feature usage statistic |
SYS.DBA_CUBES | Describes all OLAP cubes in the database |
SYS.DBA_ENCRYPTED_COLUMNS | Maintains encryption algorithm information for all encrypted columns in the database |
SYS.DBA_FEATURE_USAGE_STATISTICS | Displays information about database feature usage statistics |
SYS.DBA_LOB_PARTITIONS | Feature usage statistics |
SYS.DBA_LOB_SUBPARTITIONS | Feature usage statistics |
SYS.DBA_LOBS | Displays the BLOBs and CLOBs contained in all tables in the database |
SYS.DBA_MINING_MODELS | Feature usage statistics |
SYS.DBA_OBJECTS | Describes all objects in the database |
SYS.DBA_RECYCLEBIN | Containter for dropped objects |
SYS.DBA_REGISTRY | Displays information about the components loaded in the database |
SYS.DBA_SEGMENTS | Describes the storage allocated for all segments in the database |
SYS.DBA_SQL_PROFILES | Displays information about SQL profiles currently created for specific SQL statements |
SYS.DBA_SQLSET | Feature usage statistics |
SYS.DBA_TAB_PARTITIONS | Feature usage statistics |
SYS.DBA_TAB_SUBPARTITIONS | Feature usage statistics |
SYS.DBA_TABLES | Describes all relational tables in the database |
SYS.DBA_TABLESPACES | Describes all tablespaces in the database |
SYS.DBA_USERS | Describes all users of the database |
SYS.DBA_VIEWS | Describes all relational views in the database |
SYS.DUAL | A table in the data dictionary that Oracle database and user-written programs can reference to guarantee a known result |
SYS.GV_$DATABASE | Displays information about the database in the global view |
SYS.GV_$INSTANCE | Displays the state of the current instance |
SYS.GV_$PARAMETER | Displays information about the initialization parameters |
SYS.MODEL$ | Feature usage statistics |
SYS.V_$ARCHIVE_DEST_STATUS | Displays runtime and configuration informatoin for the archived redo log destinations |
SYS.V_$BLOCK_CHANGE_TRACKING | Displays the Status of block change tracking for the database |
SYS.V_$CONTAINERS | Displays information about PDBs and the root associated with the current instance |
SYS.V_$DATABASE | Displays information about the database from the control file |
SYS.V_$INSTANCE | Displays the state of the current instance |
SYS.V_$LICENSE | Displays information about license limits |
SYS.V_$OPTION | Feature usage statistics |
SYS.V_$PARAMETER | Displays information about the initialization parameters that are currently in effect for the session |
SYS.V_$VERSION | Displays version numbers of core library components in the Oracle Database |
SYSMAN.MGMT_ADMIN_LICENSES | Management pack usage statistics |
SYSMAN.MGMT_LICENSE_CONFIRMATION | Management pack usage statistics |
SYSMAN.MGMT_LICENSE_DEFINITIONS | Management pack usage statistics |
SYSMAN.MGMT_LICENSES | Management pack usage statistics |
SYSMAN.MGMT_TARGETS | Management pack usage statistics |
SYS.V_$IM_SEGMENTS |
List INMEMORY Segments |
Only for Oracle ERP System
- applsys.fnd_app_servers
- applsys.fnd_nodes
- applsys.fnd_product_installations
- applsys.fnd_application_tl
- applsys.fnd_responsibility
- applsys.fnd_user
- apps.fnd_user_resp_groups
Multitenant System
A credential needs to be created which has the required prefix added to its name in order for the service account to see the systems containers during any inventory scan.
By default, this prefix is C##, which means that if the Inventory-User (example: RVUser) is being used, then the credential needs to be created as C##RVUser.
If the system has been configured with a common_user_prefix value, then that prefix should be used instead of the default one.
Script Templates to Grant Permissions for a Zero Touch Inventory of Oracle Databases
There are two different script templates available that can be used to grant the necessary permissions.
- create_user_1.5.5.0_oldformat.sql - This is a simple script without any error checking. The script simply tries to authorize all tables for the given user. The multitenant prefix user will need to be specified within this script.
- create_user_1.5.5.0.sql - This script checks the output and is the script which is recommended by Raynet.
- The script is checking if a Container User is needed (C##).
- If it is not (C##), the script reads the container sign for the user.
- If the user does not exist, the script creates the user.
- If the user does exist, the script releases the user and sets the password.
- The script sets the rights for the existing tables, in order to avoid any error messages.
The templates for all scripts can be found as attachments underneath this article.
Please keep in mind that you will need to check the scripts if they can be applied to your environment! These are templates and modifications may be needed!
Troubleshooting
In rare cases when the hostname of Oracle database inventory does not match the inventory of the operating system, RayVentory cannot manage the link between both inventories automatically. This situation could be indicated by:
1. The server inventory exists when viewing the Inventory report, but ...
2. Oracle Server overview report does not show a link to the server inventory and the column "Status" shows "No Hardware Inventory"
For these cases the IP-Address used by the Oracle database service could solve the problem.
Requirements:
- use OraTrack XML version 1.5.9 or later
- apply a change of the OracleDB ACL by using the attached sample "set_user_acl12.sql";
if other OracleDB versions are used, contact Raynet support please.
Attached File
- set_user_acl12.sql
- create_user_1.5.8.sql
- create_user_1.5.6.0_oldformat.sql
Comments