The scanning process

Snow Inventory Oracle Scanner is designed to perform automatic Oracle inventory without the need to create a specific user account within the Oracle databases. The scanner automatically discovers all running Oracle instances on the current server, detects what user is running each database instance, and switches to that specific user when inventorying the databases. No specific permissions and no specific user is needed to inventory the databases.

The scanner is designed to be lightweight and scalable regarding size and number of objects in database. Resource consumption is mainly CPU bound as metadata is often available in memory.

Performing only read operations on databases, the scanner has been designed in a non-invasive manner. It performs SELECT queries based on PL/SQL blocks to extract the inventory data needed to determine license needs.

Only Oracle internal objects listed in Required Oracle permissions are accessed. To avoid concerns related to data security, the scanner never reads user or application data.

Snow Software recommends the use of automatic Oracle Inventory rather than setting up specific user accounts and permissions for each Oracle database.

note

All inventory results provide a snapshot of the environment from the time when the inventory scan was performed.

Oracle inventory with specific user authentication – simplified config

If you do not wish to use automatic Oracle Inventory, it is possible to use the scanner with a specific user.

To avoid the time-consuming process of creating this user with specific SELECT permissions, the user account can be created with SELECT permissions on ALL TABLES and DICTIONARY in all databases. The account also needs to be able to CREATE SESSION, by granting the user SELECT ANY privileges on TABLE and DICTIONARY, see the example below.

The user needs to be created and permissions need to be granted on each database that is to be inventoried.

note

Create the user <Oracle Scanner User> and grant SELECT ANY privileges in earlier versions than Oracle 12c:

| |

For Oracle version 12c or later, the user needs to be created as a common user, by typing “c##” before the username. Also, CONTAINER=ALL must be added to each line, see the example below.

note

Create the user <Oracle Scanner User> and grant SELECT ANY privileges in Oracle 12c or later:

| |

Required Oracle permissions

The list below details the objects accessed during the Oracle inventory, and so the user needs to be able to run SELECT queries on these tables/views. If Oracle built-in roles and privileges cannot be used due to security reasons, grants need to be made to the objects listed here.

all_sdo_geom_metadata
all_views
cdb_pdb_history
dba_advisor_tasks
dba_aws
dba_cpu_usage_statistics
dba_cubes
dba_encrypted_columns
dba_feature_usage_statistics
dba_flashback_archive
dba_flashback_archive_tables
dba_flashback_archive_ts
dba_indexes
dba_lob_partitions
dba_lob_subpartitions
dba_lobs
dba_object_tables
dba_objects
dba_recyclebin
dba_registry
dba_segments
dba_sql_profiles
dba_sqlset
dba_sqlset_references
dba_tab_columns
dba_tab_partitions
dba_tab_subpartitions
dba_tables
dba_tablespaces
dba_users
dba_workload_captures
dba_workload_filters
dba_workload_replays
dmsys.dm$model
dmsys.dm$object
dmsys.dm$p_model
dual
dvsys.dba_dv_realm
dvsys.dba_dv_realm_auth
global_name
gv$im_segments
gv$instance
gv$parameter
lbacsys.lbac$polt
lbacsys.ols$polt
mdsys.sdo_feature_usage
mdsys.sdo_geom_metadata_table
mgmt$target

mgmt_targets
odm.odm_mining_model
odm_document
odm_record
olapsys.dba$olap_cubes
RC_DATABASE
redaction_policies
sys.cdc_change_sets$
sys.cdc_change_tables$
sys.dba_mining_models
sys.dba_users
sys.model$
sys.obj$
sys.registry$history
sysman.mgmt_admin_licenses
sysman.mgmt_fu_license_map
sysman.mgmt_fu_registrations
sysman.mgmt_fu_statistics
sysman.mgmt_inv_component
sysman.mgmt_inv_container
sysman.mgmt_license_confirmation
sysman.mgmt_license_definitions
sysman.mgmt_licensed_targets
sysman.mgmt_licenses
sysman.mgmt_target_types
sysman.mgmt_targets
sysman.mgmt_versions
system.aq$_queue_tables
system.aq$_queues
system.fnd_oracle_userid
system.product_privs
system.schema_version_registry
timesten.tt_gridid
timesten.tt_gridinfo
user_role_privs
v$archive_dest_status
v$block_change_tracking
v$containers
v$database
v$dataguard_config
v$instance
v$license
v$option
v$parameter
v$pdbs
v$session
v$session_connect_info
v$version

Examples: Required Oracle permissions

In this scenario, the Oracle built-in roles and privileges cannot be used due to security reasons.

The following example script creates the user OSCAN, and then adds the required Oracle permissions, which are used for non-container databases:

CREATE USER OSCAN IDENTIFIED BY <passwd>;
GRANT CREATE SESSION TO OSCAN;
GRANT EXECUTE ON SYS.DBMSOUTPUT_LINESARRAY TO OSCAN;
GRANT EXECUTE ON SYS.DBMS_APPLICATION_INFO TO OSCAN;
GRANT EXECUTE ON SYS.DBMS_OUTPUT TO OSCAN;
GRANT SELECT ON DBA_INDEXES TO OSCAN;
GRANT SELECT ON DMSYS.DM$MODEL TO OSCAN;
GRANT SELECT ON DMSYS.DM$OBJECT TO OSCAN;
GRANT SELECT ON DMSYS.DM$P_MODEL TO OSCAN;
GRANT SELECT ON DVSYS.DBA_DV_REALM TO OSCAN;
GRANT SELECT ON DVSYS.DBA_DV_REALM_AUTH TO OSCAN;
GRANT SELECT ON GV_$IM_SEGMENTS TO OSCAN;
GRANT SELECT ON LBACSYS.LBAC$POLT TO OSCAN;
GRANT SELECT ON LBACSYS.OLS$POLT TO OSCAN;
GRANT SELECT ON MDSYS.ALL_SDO_GEOM_METADATA TO OSCAN;
GRANT SELECT ON MDSYS.SDO_FEATURE_USAGE TO OSCAN;
GRANT SELECT ON MDSYS.SDO_GEOM_METADATA_TABLE TO OSCAN;
GRANT SELECT ON MGMT$TARGET TO OSCAN;
GRANT SELECT ON ODM.ODM_MINING_MODEL TO OSCAN;
GRANT SELECT ON ODM_DOCUMENT TO OSCAN;
GRANT SELECT ON ODM_RECORD TO OSCAN;
GRANT SELECT ON OLAPSYS.DBA$OLAP_CUBES TO OSCAN WITH GRANT OPTION;
GRANT SELECT ON RC_DATABASE TO OSCAN;
GRANT SELECT ON SYS.ALL_VIEWS TO OSCAN;
GRANT SELECT ON SYS.CDB_PDB_HISTORY TO OSCAN;
GRANT SELECT ON SYS.CDC_CHANGE_SETS$ TO OSCAN;
GRANT SELECT ON SYS.CDC_CHANGE_TABLES$ TO OSCAN;
GRANT SELECT ON SYS.DBA_ADVISOR_TASKS TO OSCAN;
GRANT SELECT ON SYS.DBA_AWS TO OSCAN;
GRANT SELECT ON SYS.DBA_CPU_USAGE_STATISTICS TO OSCAN;
GRANT SELECT ON SYS.DBA_CUBES TO OSCAN;
GRANT SELECT ON SYS.DBA_ENCRYPTED_COLUMNS TO OSCAN;
GRANT SELECT ON SYS.DBA_FEATURE_USAGE_STATISTICS TO OSCAN;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE TO OSCAN;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE_TABLES TO OSCAN;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE_TS TO OSCAN;
GRANT SELECT ON SYS.DBA_LOB_PARTITIONS TO OSCAN;
GRANT SELECT ON SYS.DBA_LOB_SUBPARTITIONS TO OSCAN;
GRANT SELECT ON SYS.DBA_LOBS TO OSCAN;
GRANT SELECT ON SYS.DBA_MINING_MODELS TO OSCAN;
GRANT SELECT ON SYS.DBA_OBJECT_TABLES TO OSCAN;
GRANT SELECT ON SYS.DBA_OBJECTS TO OSCAN;
GRANT SELECT ON SYS.DBA_RECYCLEBIN TO OSCAN;
GRANT SELECT ON SYS.DBA_REGISTRY TO OSCAN;
GRANT SELECT ON SYS.DBA_SEGMENTS TO OSCAN;
GRANT SELECT ON SYS.DBA_SQL_PROFILES TO OSCAN;
GRANT SELECT ON SYS.DBA_SQLSET_REFERENCES TO OSCAN;
GRANT SELECT ON SYS.DBA_SQLSET TO OSCAN;
GRANT SELECT ON SYS.DBA_TAB_COLUMNS TO OSCAN;
GRANT SELECT ON SYS.DBA_TAB_PARTITIONS TO OSCAN;
GRANT SELECT ON SYS.DBA_TAB_SUBPARTITIONS TO OSCAN;
GRANT SELECT ON SYS.DBA_TABLES TO OSCAN;
GRANT SELECT ON SYS.DBA_TABLESPACES TO OSCAN;
GRANT SELECT ON SYS.DBA_USERS TO OSCAN;
GRANT SELECT ON SYS.DBA_WORKLOAD_CAPTURES TO OSCAN;
GRANT SELECT ON SYS.DBA_WORKLOAD_FILTERS TO OSCAN;
GRANT SELECT ON SYS.DBA_WORKLOAD_REPLAYS TO OSCAN;
GRANT SELECT ON SYS.DUAL TO OSCAN;
GRANT SELECT ON SYS.GLOBAL_NAME TO OSCAN;
GRANT SELECT ON SYS.GV_$INSTANCE TO OSCAN;
GRANT SELECT ON SYS.GV_$PARAMETER TO OSCAN;
GRANT SELECT ON SYS.MODEL$ TO OSCAN;
GRANT SELECT ON SYS.OBJ$ TO OSCAN;
GRANT SELECT ON SYS.REDACTION_POLICIES TO OSCAN;
GRANT SELECT ON SYS.REGISTRY$HISTORY TO OSCAN;
GRANT SELECT ON SYS.USER_ROLE_PRIVS TO OSCAN;
GRANT SELECT ON SYS.V_$ARCHIVE_DEST_STATUS TO OSCAN;
GRANT SELECT ON SYS.V_$BLOCK_CHANGE_TRACKING TO OSCAN;
GRANT SELECT ON SYS.V_$CONTAINERS TO OSCAN;
GRANT SELECT ON SYS.V_$DATABASE TO OSCAN;
GRANT SELECT ON SYS.V_$DATAGUARD_CONFIG TO OSCAN;
GRANT SELECT ON SYS.V_$INSTANCE TO OSCAN;
GRANT SELECT ON SYS.V_$LICENSE TO OSCAN;
GRANT SELECT ON SYS.V_$OPTION TO OSCAN;
GRANT SELECT ON SYS.V_$PARAMETER TO OSCAN;
GRANT SELECT ON SYS.V_$PDBS TO OSCAN;
GRANT SELECT ON SYS.V_$SESSION TO OSCAN;
GRANT SELECT ON SYS.V_$SESSION_CONNECT_INFO TO OSCAN;
GRANT SELECT ON SYS.V_$VERSION TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_ADMIN_LICENSES TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_FU_LICENSE_MAP TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_FU_REGISTRATIONS TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_FU_STATISTICS TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_INV_COMPONENT TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_INV_CONTAINER TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_LICENSE_CONFIRMATION TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_LICENSE_DEFINITIONS TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_LICENSED_TARGETS TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_LICENSES TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_TARGET_TYPES TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_TARGETS TO OSCAN;
GRANT SELECT ON SYSMAN.MGMT_VERSIONS TO OSCAN;
GRANT SELECT ON SYSTEM.AQ$_QUEUE_TABLES TO OSCAN;
GRANT SELECT ON SYSTEM.AQ$_QUEUES TO OSCAN;
GRANT SELECT ON SYSTEM.FND_ORACLE_USERID TO OSCAN;
GRANT SELECT ON SYSTEM.PRODUCT_PRIVS TO OSCAN WITH GRANT OPTION;
GRANT SELECT ON SYSTEM.SCHEMA_VERSION_REGISTRY TO OSCAN;
GRANT SELECT ON TIMESTEN.TT_GRIDID TO OSCAN;
GRANT SELECT ON TIMESTEN.TT_GRIDINFO TO OSCAN;

The following example script creates the user C##OSCAN that needs to be created as a common user, and then adds the required Oracle permissions, which are used for container databases:

CREATE USER C##OSCAN IDENTIFIED BY <passwd> CONTAINER=ALL;
ALTER USER C##OSCAN SET CONTAINER_DATA=ALL CONTAINER=CURRENT;
GRANT CONNECT TO C##OSCAN CONTAINER=ALL;
GRANT CREATE SESSION TO C##OSCAN CONTAINER=ALL;
GRANT EXECUTE ON SYS.DBMSOUTPUT_LINESARRAY TO C##OSCAN CONTAINER=ALL;
GRANT EXECUTE ON SYS.DBMS_APPLICATION_INFO TO C##OSCAN CONTAINER=ALL;
GRANT EXECUTE ON SYS.DBMS_OUTPUT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DBA_INDEXES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DMSYS.DM$MODEL TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DMSYS.DM$OBJECT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DMSYS.DM$P_MODEL TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DVSYS.DBA_DV_REALM TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON DVSYS.DBA_DV_REALM_AUTH TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON GV_$IM_SEGMENTS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON LBACSYS.LBAC$POLT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON LBACSYS.OLS$POLT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON MDSYS.ALL_SDO_GEOM_METADATA TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON MDSYS.SDO_FEATURE_USAGE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON MDSYS.SDO_GEOM_METADATA_TABLE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON MGMT$TARGET TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON ODM.ODM_MINING_MODEL TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON ODM_DOCUMENT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON ODM_RECORD TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON OLAPSYS.DBA$OLAP_CUBES TO C##OSCAN WITH GRANT OPTION CONTAINER=ALL;
GRANT SELECT ON RC_DATABASE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.ALL_VIEWS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.CDB_PDB_HISTORY TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.CDC_CHANGE_SETS$ TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.CDC_CHANGE_TABLES$ TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_ADVISOR_TASKS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_AWS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_CPU_USAGE_STATISTICS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_CUBES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_ENCRYPTED_COLUMNS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_FEATURE_USAGE_STATISTICS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE_TABLES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_FLASHBACK_ARCHIVE_TS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_LOB_PARTITIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_LOB_SUBPARTITIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_LOBS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_MINING_MODELS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_OBJECT_TABLES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_OBJECTS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_RECYCLEBIN TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_REGISTRY TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_SEGMENTS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_SQL_PROFILES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_SQLSET TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_SQLSET_REFERENCES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_TAB_COLUMNS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_TAB_PARTITIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_TAB_SUBPARTITIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_TABLES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_TABLESPACES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_USERS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_WORKLOAD_CAPTURES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_WORKLOAD_FILTERS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DBA_WORKLOAD_REPLAYS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.DUAL TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.GLOBAL_NAME TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.GV_$INSTANCE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.GV_$PARAMETER TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.MODEL$ TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.OBJ$ TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.REDACTION_POLICIES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.REGISTRY$HISTORY TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.USER_ROLE_PRIVS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$ARCHIVE_DEST_STATUS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$BLOCK_CHANGE_TRACKING TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$CONTAINERS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$DATABASE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$DATAGUARD_CONFIG TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$INSTANCE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$LICENSE TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$OPTION TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$PARAMETER TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$PDBS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$SESSION TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$SESSION_CONNECT_INFO TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYS.V_$VERSION TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_ADMIN_LICENSES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_FU_LICENSE_MAP TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_FU_REGISTRATIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_FU_STATISTICS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_INV_COMPONENT TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_INV_CONTAINER TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_LICENSE_CONFIRMATION TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_LICENSE_DEFINITIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_LICENSED_TARGETS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_LICENSES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_TARGET_TYPES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_TARGETS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSMAN.MGMT_VERSIONS TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSTEM.AQ$_QUEUE_TABLES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSTEM.AQ$_QUEUES TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSTEM.FND_ORACLE_USERID TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON SYSTEM.PRODUCT_PRIVS TO C##OSCAN WITH GRANT OPTION CONTAINER=ALL;
GRANT SELECT ON SYSTEM.SCHEMA_VERSION_REGISTRY TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON TIMESTEN.TT_GRIDID TO C##OSCAN CONTAINER=ALL;
GRANT SELECT ON TIMESTEN.TT_GRIDINFO TO C##OSCAN CONTAINER=ALL; 

note

These privileges allow Snow Inventory Oracle Scanner to read metadata about database objects, but not the data inside them. They are needed in order to determine the license needs; if there for example exists partitioned or compressed tables.

Database vault

When Database Vault is enabled, then SYS or the specific Oracle user must:

have PARTICIPANT or OWNER authorization on 'Oracle Data Dictionary" realm
have PARTICIPANT or OWNER authorization on 'Oracle Database Vault' realm
be granted the DV_SECANALYST role for querying Oracle Database Vault-supplied views
be granted SELECT on LBAC$POLT from LBACSYS

Example: Database Vault

Example using OSCAN.

Log into the database instance as a user who has been granted the DV_OWNER or DV_ADMIN role.

sqlplus /nolog
conn DV_OWNER/<password>
grant DV_SECANALYST to OSCAN;
exec DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM('Oracle Data Dictionary','OSCAN');
exec DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM('Oracle Database Vault','OSCAN');
conn LBACSYS/<password>
grant select on LBACSYS.LBAC$POLT to OSCAN;

The scanning process

Oracle inventory with specific user authentication – simplified config​

Required Oracle permissions​

Database vault​

Oracle inventory with specific user authentication – simplified config

Required Oracle permissions

Database vault