Script to create an Oracle user with the access required for Oracle Database inventory collection

Script to create an Oracle user with the access required for Oracle Database inventory collection

Summary

This article describes the procedure to use the Flexera Software-provided script to create an Oracle user for Oracle database inventory collection.

Synopsis

Although Flexera Software recommends inventory collection through Flexera inventory collection components (FlexNet inventory agent or FlexNet inventory beacon), you may choose to collect Oracle database inventory through any of the following additional methods:

  • Direct inventory collection process: The inventory collection component of the inventory beacon (FlexNet Beacon engine) connects directly to each of the targeted Oracle databases within its assigned subnet using the discovery information from the selected source (Port scan, SNMP scan, TNS Names file, Gather Oracle database environment inventory).
  • Manually deploying and executing the inventory collection component (ndtrack) as an externally-authenticated account: The inventory collection component (ndtrack) runs locally as an externally-authenticated user to collect Oracle database inventory. An externally-authenticated user is maintained by Oracle database but authenticated by the operating system. This feature is helpful when you wish to use a database user that is not a member of the dba group.
  • Executing the inventory collection component (ndtrack) as an externally-authenticated account from the appropriate inventory beacon: The inventory collection component (ndtrack) runs as an externally-authenticated user from the appropriate inventory beacon, using the OracleInventoryUser parameter.

Note: The support for inventory collection through an externally-authenticated account (any of the last two methods in the above list) is available only for supported UNIX-based Oracle servers when you have FlexNet Manager Suite 2015 R2 SP4 or later. This feature also requires you to create an operating system user with the same name as the externally-authenticated database user (without the OPS$ prefix). For example, for an exernally-authenticated user OPS$RSMITH, you need an operating system user with a name RSMITH. For more information on externally-authenticated users, see Oracle documentation.

Each of the above-stated inventory collection methods require an Oracle user with the read-only access to certain Oracle tables and views on all the target Oracle servers. This user can either be specified with the ndtrack command line option or can be added to the OracleInventoryUser setting in the ndtrack.ini file (only when running from the appropriate inventory beacon). One helpful practice is to create the same user on every Oracle server.

This article lists the steps to create the desired inventory collection user by running a Flexera Software-supplied script. For details on the available inventory collection methods, see the Oracle Discovery and Inventory chapter of the FlexNet Manager Suite System Reference Guide that is accessible through the title page of the online help.

 

Discussion

Creating an Oracle User for Inventory Collection

The following is the process to create an inventory collection user for Oracle database inventory:

  1. Open the command prompt as a user with administrative privileges on the Oracle database. Typically this will require the sysdba privilege, using connect as sysdba.
  2. Run the attached script to create an externally-authenticated user on the database using the following syntax:
    @/<path_to_script>/create_oracle_audit_user.sql <parameter>

Where, parameter is case sensitive, and can take any of the following values:

  • remote: When running Oracle introspection from the inventory beacon for direct inventory collection method. Make sure to register this user in the secure Password Store on the appropriate inventory beacon.?
  • local: When running ndtrack as an externally-authenticated user either locally on the Oracle server or from the appropriate inventory beacon. When using the latter approach, make sure to register this user in the secure Password Store on the appropriate inventory beacon.

 

Additional Information

Additional information

An Oracle user created with the attached script provides the read-only access to the following tables and views. For details on the available inventory collection methods, see the Oracle Discovery and Inventory chapter of the FlexNet Manager Suite System Reference Guide that is accessible through the title page of the online help.

  • ALL_SDO_GEOM_METADATA SELECT
  • DBA_ADVISOR_TASKS SELECT
  • DBA_AUDIT_TRAIL SELECT
  • DBA_AWS SELECT
  • DBA_CPU_USAGE_STATISTICS SELECT
  • DBA_CUBES SELECT
  • DBA_DV_REALM SELECT
  • DBA_ENCRYPTED_COLUMNS SELECT
  • DBA_FEATURE_USAGE_STATISTICS SELECT
  • DBA_FLASHBACK_ARCHIVE SELECT
  • DBA_FLASHBACK_ARCHIVE_TABLES SELECT
  • DBA_FLASHBACK_ARCHIVE_TS SELECT
  • DBA_INDEXES SELECT
  • DBA_LOB_PARTITIONS SELECT
  • DBA_LOB_SUBPARTITIONS SELECT
  • DBA_LOBS SELECT
  • DBA_MINING_MODELS SELECT
  • DBA_OBJECT_TABLES SELECT
  • DBA_OBJECTS SELECT
  • DBA_RECYCLEBIN SELECT
  • DBA_REGISTRY SELECT
  • DBA_SEGMENTS SELECT
  • DBA_SQL_PROFILES SELECT
  • DBA_SQLSET SELECT
  • DBA_SQLSET_REFERENCES SELECT
  • DBA_TAB_PARTITIONS SELECT
  • DBA_TAB_SUBPARTITIONS SELECT
  • DBA_TABLES SELECT
  • DBA_TABLESPACES SELECT
  • DBA_USERS SELECT
  • DUAL SELECT
  • GV_$INSTANCE SELECT
  • GV_$PARAMETER SELECT
  • MODEL$ SELECT
  • REGISTRY$HISTORY SELECT
  • ROLE_SYS_PRIVS SELECT
  • SDO_GEOM_METADATA_TABLE SELECT
  • USER_ROLE_PRIVS SELECT
  • USER_SYS_PRIVS SELECT
  • UTL_INADDR EXECUTE
  • V_$ARCHIVE_DEST_STATUS SELECT
  • V_$BLOCK_CHANGE_TRACKING SELECT
  • V_$CONTAINERS SELECT
  • V_$DATABASE SELECT
  • V_$INSTANCE SELECT
  • V_$LICENSE SELECT
  • V_$OPTION SELECT
  • V_$PARAMETER SELECT
  • V_$SESSION SELECT
  • V_$VERSION SELECT

Below are SQL scripts that are referenced in the documentation FNMS System Reference guide (page 108).

CONTENT.ODM_DOCUMENT
DMSYS.DM$MODEL
DMSYS.DM$OBJECT
DMSYS.DM$P_MODEL
LBACSYS.LBAC$POLT
ODM.ODM_MINING_MODEL
ODM.ODM_RECORD
OLAPSYS.DBA$OLAP_CUBES
SYSMAN.MGMT$TARGET
SYSMAN.MGMT_ADMIN_LICENSES
SYSMAN.MGMT_FU_LICENSE_MAP
SYSMAN.MGMT_FU_REGISTRATIONS
SYSMAN.MGMT_FU_STATISTICS
SYSMAN.MGMT_INV_COMPONENT
SYSMAN.MGMT_LICENSE_CONFIRMATION
SYSMAN.MGMT_LICENSE_DEFINITIONS
SYSMAN.MGMT_LICENSES
SYSMAN.MGMT_TARGET_TYPES
SYSMAN.MGMT_TARGETS
APPLSYS.FND_APP_SERVERS
APPLSYS.FND_NODES
APPLSYS.FND_PRODUCT_INSTALLATIONS
APPLSYS.FND_APPLICATION_TL
APPLSYS.FND_USER
APPLSYS.FND_RESPONSIBILITY
APPS.FND_USER_RESP_GROUPS

 

Was this article helpful? Yes No
100% helpful (2/2)
Comments

Both files match with eachother so perhaps 1 can be removed?

Version history
Revision #:
3 of 3
Last update:
‎Mar 02, 2020 11:33 AM
Updated by: