Skip to content
vScope Support Page

Oracle Database

Integrate Oracle Database with vScope to gain insights into database structures, users, and privileges. Ensure the database user has the required privileges, and configure the correct Connect Descriptor for seamless integration.

Required Privileges for Oracle Database Integration

To allow vScope to scan your Oracle Database, assign the following roles and privileges:

  • Role: SELECT_CATALOG_ROLE

    • Purpose: Allows read access to database structures, users, and privileges.
    • Command: 
      ALTER USER "USERNAME" DEFAULT ROLE "SELECT_CATALOG_ROLE";

  • System Privilege: CREATE SESSION

    • Purpose: Enables session creation to access the database.
    • Command: 
      GRANT CREATE SESSION TO "USERNAME";

Replace "USERNAME" with the actual username.

Configuring the Connect Descriptor

There are two types of connect descriptors: Service Name and Instance Name.

Instance Name

Connects to the Container Database (CDB) on a specific instance. This is what you do when you want to inventory a specific instance and all the PDB’s within it. This is the recommended way as it guarantees which instance you are inventorying.

Service Name

Connects to a specific Pluggable Database (PDB) service. This what applications usually do and in a clustered environment (RAC), the service listener may route the client to any instance within the cluster.

Finding the Oracle DB Connect Descriptor

To connect vScope to Oracle DB, you need to find the instance name or service name. Below are four methods to find the instance name and one (Solution 3) to find the service names via the listener service.

Solution 1 - pgrep

Run in a shell on the Oracle instance server:

Terminal window
[root@oracle]# pgrep -a ora_pmon
39649 ora_pmon_ORCLCDB

ORCLCDB is the instance name in this case.

Solution 2 - oratab

Run in a shell on the Oracle instance server:

Terminal window
[root@oracle]# cat /etc/oratab
ORCLCDB:/opt/oracle/product/21c/dbhome_1:Y

ORCLCDB is the instance name in this case.

Solution 3 – lsnrctl

Lists service and instance names. Run in a shell on the Oracle instance server:

Terminal window
[oracle@oracle]$ lsnrctl status


LSNRCTL for Linux: Version 21.0.0.0.0 - Production on 10-JUN-2025 13:40:04


Copyright (c) 1991, 2021, Oracle.  All rights reserved.


Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=0.0.0.0)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 21.0.0.0.0 - Production
Start Date                05-JUN-2024 13:48:15
Uptime                    324 days 23 hr. 51 min. 49 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/oracle/homes/OraDBHome21cEE/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/oracle21-1/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=oracle21.isl)(PORT=5500))...
Services Summary...
Service "36d247444c119370e063d40ba8c0ef72" has 1 instance(s).
  Instance "ORCLCDB", status READY, has 1 handler(s) for this service...
Service "ORCLCDB" has 1 instance(s).
  Instance "ORCLCDB", status READY, has 1 handler(s) for this service...
Service "ORCLCDBXDB" has 1 instance(s).
  Instance "ORCLCDB", status READY, has 1 handler(s) for this service...
Service "orclpdb1" has 1 instance(s).
  Instance "ORCLCDB", status READY, has 1 handler(s) for this service...
The command completed successfully

ORCLCDB is the instance name in this case. It also lists PDB services 36d247444c119370e063d40ba8c0ef72, ORCLCDB, ORCLCDBXDB and orclpdb1.

Solution 4 – Query the Database for the Instance Name

If you have database access, use any of the following queries to retrieve instance names:

SQL> SELECT instance_name FROM v$instance;


INSTANCE_NAME
----------------
ORCLCDB
SQL> SELECT sys_context('USERENV', 'INSTANCE_NAME') FROM dual;


SYS_CONTEXT('USERENV','INSTANCE_NAME')
--------------------------------------------------------------------------------
ORCLCDB

Following these steps will help you configure the correct Connect Descriptor and enable full Oracle DB discovery with vScope.

Settings

Oracle comes with default values that should work in most environments but you may change them to suit your needs.

Advanced Settings

  • Connect As Role - Which role the user will claim when connecting. Example: SYSDBA.
  • Port - The port to use when connecting. Defaults to 1521.
  • Only Scan This Connect Descriptor
    • If enabled, the credential will only connect to the specified instance or service name.
    • If disabled, this credential may be used to scan Oracle instances reported by other data sources if the credential is attached to the “All Oracle” Smart Target or to an IP range which includes the IP address of the reported instance. This setting needs to be disabled if Oracle Smart Targets from SSH are to be scanned by this credential.

Common Errors

Cannot connect to the instance

Make sure that the service is listening on interface bound to the IP address being inventoried by vScope. By default, the Oracle service only listens for local connections. To verify what interfaces and ports the listener is listening on, run the following in a shell:

Terminal window
[oracle@oracle]$ lsnrctl status
...
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=0.0.0.0)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=oracle21.isl)(PORT=5500))...
Services Summary...
...

In the example above, the service is listening on all interfaces (0.0.0.0 mean all interfaces) on port 1521. It also listens for secure connections on oracle21.isl port 5500.