Loading...

Knowledge Center


ORACONF347, ORACONF353, and ORACONF390 require an additional privilege for the Oracle scan user
Technical Articles ID:   KB81128
Last Modified:  4/5/2019

Environment

McAfee Vulnerability Manager for Databases (DVM) 4.6.0–4.6.2

Summary

To run ORACONF347, ORACONF353, and ORACONF390 successfully, you must add an additional privilege to the Oracle scan user.

Problem

The current Oracle scan user is missing the following privileges:
  • SELECT ON SYS.X$KSPPI
  • SELECT ON SYS.X$KSPPCV
  • SELECT ON SYS.X$KSPPSV
These missing privileges prevent the above checks for ORACONF347, ORACONF353, and ORACONF390 from running properly. If you do not grant these privileges, the checks cannot detect the scenario properly.

Cause

Previously, the checks queried against a table that failed to return the data on certain conditions.

Solution

The create_scanuser.sql script was updated in version 4.6.3 to reflect this requirement. To resolve this issue, upgrade to DVM 4.6.3 or later.

Or, you can run the following command on the relevant database, with a high privileged user account:
 
’CREATE OR REPLACE VIEW SYS.X_$KSPPI AS SELECT * FROM SYS.X$KSPPI; CREATE OR REPLACE VIEW SYS.X_$KSPPCV AS SELECT * FROM SYS.X$KSPPCV; CREATE OR REPLACE VIEW SYS.X_$KSPPSV AS SELECT * FROM SYS.X$KSPPSV; GRANT SELECT ON SYS.X_$KSPPI to [SCAN USER]; GRANT SELECT ON SYS.X_$KSPPCV to [SCAN USER; GRANT SELECT ON SYS.X_$KSPPSV to [SCAN USER;’ 

where [SCAN USER] is the scan user name previously created for DVM on the database.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.