As part of the data collection, the Oracle databases are automatically queried as well. Querying the databases as part of the system scan is configured out-of-the-box with "OS-Authentication", therefore no special user needs to be deployed in the databases in order to retrieve all the necessary information.
The scripts detect all instances that are running on the systems. After changing into the context of the process owner, the database is accessed and all information is gathered. Authentication is realized via the operating system (OS authentication).
Other ways of authentication are possible and configurable. A dedicated user can be deployed within the databases to gather all information.
To implement a different user based authentication method, the following steps must be performed:
Configuration for database querying
If the database should not be accessed via the default OS authentication, then this can be reconfigured in the file M42DataCollectionUnix/bin/config/M42DataCollection.env:
Possible values for OracleDBAuthentication:
- 1: OS authentication.
- 2: encrypted password/Oracle Wallet.
- 3: login file with user and password. This option is not recommended.
In the login file, the credentials must be stored for the following cases:
- If encrypted passwords/Oracle Wallets are used, only the name of the wallet must be in the first line. Example: @mywallet01
- If you work with username and unencrypted password (not recommended), the first line must contain username and password. Possible separators: space or #####. Example: myuser01#####mypassword1
Creating a user to query databases
To create the user that will access the databases, the M42_AddOracleDBUser.sql script must be run once on the corresponding databases.
The grant script must be run as SYSDBA (or similar role) with the right to create users.
To run the script:
@M42_AddOracleDBUser.sql <user> <password> <tablespace> <ORACLE_SID>
For Oracle databases with pluggable databases (PDB), the grant script must be executed in CDB$ROOT . In this way, the user will be created automatically both in the CDB$ROOT and in all for this CDB generated PDBs.
To create the user for databases where Database Vault is active, the M42_AddOracleUserDBV.sql script must be executed instead.