RVY200503: Required Permissions to Run a Zero Touch Oracle Inventory

The purpose of this article is to list the permissions that are required to run a zero touch inventory against an Oracle database.

Prerequisites #/ affected products

Product Version
RayVentory Portal 11.3 or later
RayVentory Scan Engine 12.0 or later

 

Change log

Date Change
2020-07-29

- fix problem with unlock user and special characters

- fix issue with OracleDB 9i/10i

- update script templates to version 1.5.4.7

2024-04-09

- changed create_user_1.5.6.sql to create_user_1.5.8.sql

 

Required Permissions

The service account requires the following read permissions:

Option Description
CONTENT.ODM_DOCUMENT Feature usage statistics
DMSYS.DM$MODEL Feature usage statistics
DMSYS.DM$OBJECT Feature usage statistics
DMSYS.DM$P_MODEL Feature usage statistics
DVSYS.DBA_DV_REALM Feature usage statistics
LBACSYS.LBAC$POLT Feature usage statistics
MDSYS.ALL_SDO_GEOM_METADATA Feature usage statistics
MDSYS.SDO_GEOM_METADATA_TABLE Feature usage statistics
ODM.ODM_MINING_MODEL Feature usage statistics
ODM.ODM_RECORD Feature usage statistics
OLAPSYS.DBA§OLAP_CUBES Feature usage statistics
SYS.CDB_FEATURE_USAGE_STATISTICS Displays information about database feature usage statistics in case of Container Database
SYS.DBA_ADVISOR_TASKS Displays information about all tasks in the database
SYS.DBA_AUDIT_TRAIL Displays all audit trail entries
SYS.DBA_AWS Feature usage statistic
SYS.DBA_CUBES Describes all OLAP cubes in the database
SYS.DBA_ENCRYPTED_COLUMNS Maintains encryption algorithm information for all encrypted columns in the database
SYS.DBA_FEATURE_USAGE_STATISTICS Displays information about database feature usage statistics
SYS.DBA_LOB_PARTITIONS Feature usage statistics
SYS.DBA_LOB_SUBPARTITIONS Feature usage statistics
SYS.DBA_LOBS Displays the BLOBs and CLOBs contained in all tables in the database
SYS.DBA_MINING_MODELS Feature usage statistics
SYS.DBA_OBJECTS Describes all objects in the database
SYS.DBA_RECYCLEBIN Containter for dropped objects
SYS.DBA_REGISTRY Displays information about the components loaded in the database
SYS.DBA_SEGMENTS Describes the storage allocated for all segments in the database
SYS.DBA_SQL_PROFILES Displays information about SQL profiles currently created for specific SQL statements
SYS.DBA_SQLSET Feature usage statistics
SYS.DBA_TAB_PARTITIONS Feature usage statistics
SYS.DBA_TAB_SUBPARTITIONS Feature usage statistics
SYS.DBA_TABLES Describes all relational tables in the database
SYS.DBA_TABLESPACES Describes all tablespaces in the database
SYS.DBA_USERS Describes all users of the database
SYS.DBA_VIEWS Describes all relational views in the database
SYS.DUAL A table in the data dictionary that Oracle database and user-written programs can reference to guarantee a known result
SYS.GV_$DATABASE Displays information about the database in the global view
SYS.GV_$INSTANCE Displays the state of the current instance
SYS.GV_$PARAMETER Displays information about the initialization parameters
SYS.MODEL$ Feature usage statistics
SYS.V_$ARCHIVE_DEST_STATUS Displays runtime and configuration informatoin for the archived redo log destinations
SYS.V_$BLOCK_CHANGE_TRACKING Displays the Status of block change tracking for the database
SYS.V_$CONTAINERS Displays information about PDBs and the root associated with the current instance
SYS.V_$DATABASE Displays information about the database from the control file
SYS.V_$INSTANCE Displays the state of the current instance
SYS.V_$LICENSE Displays information about license limits
SYS.V_$OPTION Feature usage statistics
SYS.V_$PARAMETER Displays information about the initialization parameters that are currently in effect for the session
SYS.V_$VERSION Displays version numbers of core library components in the Oracle Database
SYSMAN.MGMT_ADMIN_LICENSES Management pack usage statistics
SYSMAN.MGMT_LICENSE_CONFIRMATION Management pack usage statistics
SYSMAN.MGMT_LICENSE_DEFINITIONS Management pack usage statistics
SYSMAN.MGMT_LICENSES Management pack usage statistics
SYSMAN.MGMT_TARGETS Management pack usage statistics

SYS.V_$IM_SEGMENTS

List INMEMORY Segments

 

Only for Oracle ERP System

  • applsys.fnd_app_servers
  • applsys.fnd_nodes
  • applsys.fnd_product_installations
  • applsys.fnd_application_tl
  • applsys.fnd_responsibility
  • applsys.fnd_user
  • apps.fnd_user_resp_groups

 

Multitenant System

A credential needs to be created which has the required prefix added to its name in order for the service account to see the systems containers during any inventory scan. 

By default, this prefix is C##, which means that if the Inventory-User (example: RVUser) is being used, then the credential needs to be created as C##RVUser. 

If the system has been configured with a common_user_prefix value, then that prefix should be used instead of the default one. 

 

Script Templates to Grant Permissions for a Zero Touch Inventory of Oracle Databases

There are two different script templates available that can be used to grant the necessary permissions.

  1. create_user_1.5.5.0_oldformat.sql - This is a simple script without any error checking. The script simply tries to authorize all tables for the given user.  The multitenant prefix user will need to be specified within this script. 
  2. create_user_1.5.5.0.sql - This script checks the output and is the script which is recommended by Raynet. 
    • The script is checking if a Container User is needed (C##).
    • If it is not (C##), the script reads the container sign for the user.
    • If the user does not exist, the script creates the user.
    • If the user does exist, the script releases the user and sets the password.
    • The script sets the rights for the existing tables, in order to avoid any error messages.

The templates for all scripts can be found as attachments underneath this article.

Please keep in mind that you will need to check the scripts if they can be applied to your environment! These are templates and modifications may be needed!

 

Troubleshooting

In rare cases when the hostname of Oracle database inventory does not match the inventory of the operating system, RayVentory cannot manage the link between both inventories automatically. This situation could be indicated by:

1. The server inventory exists when viewing the Inventory report, but ...

2. Oracle Server overview report does not show a link to the server inventory and the column "Status" shows "No Hardware Inventory"

For these cases the IP-Address used by the Oracle database service could solve the problem.

Requirements:

- use OraTrack XML version 1.5.9 or later

- apply a change of the OracleDB ACL by using the attached sample "set_user_acl12.sql";
   if other OracleDB versions are used, contact Raynet support please.

 

Attached File

  • set_user_acl12.sql
  • create_user_1.5.8.sql
  • create_user_1.5.6.0_oldformat.sql

 

 

Comments

Powered by Zendesk