Target Oracle Requirements, Permissions, and Ports
The Access Analyzer for Databases Solution provides the ability to audit and monitor Oracle database environments to collect permissions, sensitive data, and activity events. It scans:
- Oracle Database 12c
- Oracle Database 18c
- Oracle Database 19c
Data Collectors
This solution employs the following data collector to scan the target environment:
Permissions
For .Active Directory Inventory Prerequisite
-
Read access to directory tree
-
List Contents & Read Property on the Deleted Objects Container
NOTE: See the Microsoft Searching for Deleted Objects article and the Microsoft Dsacls article for additional information.
For PowerShell Data Collection
- Member of the Local Administrators group
For Oracle Data Collection
- User with SYSDBA role
- Local Administrator on the target servers – Only applies to Windows Servers and not on Linux or Unix operating systems
There is a least privilege model for scanning your domain. See the Oracle Target Least Privilege Model topic for additional information.
Ports
The following firewall ports are needed:
For ADInventory Data Collector
- TCP 389
- TCP 135-139
- Randomly allocated high TCP ports
For PowerShell Data Collector
- Randomly allocated high TCP ports
For SQL Data Collector
- Specified by Instances table (default is 1521)