Merge pull request #848 from ritza-co/968-database

968: add system lvl oracle details; index.mdx

Author: Nadia-JSch

docs/auto-discovery/database-discovery/index.mdx

@@ -266,7 +266,7 @@ Device42 supports autodiscovery on Windows and \*nix platforms for the following
 
 Device42 database autodiscovery for Windows and \*nix targets supports discovery for Oracle RAC clustered database environments, which helps users better assess their cluster databases and understand all the IT assets tied to critical business applications. Discovery returns data about the RAC configuration, the RAC database, and the nodes (physical servers) running the RAC software. You can run the autodiscovery against one or more nodes in the Oracle RAC and return information about all connected nodes. Device42 requires the use of sudo for Oracle discoveries to mitigate the risk of lockout.
 
-### Minimum Permissions Requirements for Oracle Discovery
+### Minimum Database-Level Permissions Requirements for Oracle Discovery
 
 For discovery to return detailed info about your database instance, you will require read or view permissions for the following system views and tables:
 
@@ -284,6 +284,53 @@ To get information about pluggable databases (PDBs) within an Oracle container d
     CONTAINER = CURRENT;
     ```
 
+#### System-Level Permissions
+
+In addition to the minimum DB-level permissions above, discovery also needs shell access to the target system to run OS-level commands to get information about the Oracle environment. 
+
+For example, shell access is needed to read the `tnsames.ora` file, which contains network connection details:
+
+```bash
+/usr/bin/cat: /dbprog/oracle/product/19.3.0.0.26/network/admin/tnsnames.ora
+```
+
+Another example is the `lsnrctl status` command, which checks the status of the Oracle listener:
+
+```bash
+oracle -c 'lsnrctl status'
+```
+
+To allow Device42 to run these commands securely, you can grant limited `sudo` access by adding the following to the `/etc/sudoers` file or by creating a separate `sudoers` file for Device42 Oracle discovery:
+
+<details>
+  <summary>Click to expand the code block</summary>
+
+```bash
+# Basic Oracle Discovery Commands
+Cmnd_Alias DEVICE42_ORACLE = \
+    /usr/bin/ps -ef, \
+    /usr/bin/pwdx *, \
+    /usr/bin/su - oracle -c lsnrctl status, \
+    /usr/bin/su - oracle -c echo "select * from product_component_version;" | sqlplus -L -S -M "HTML ON" / as sysdba, \
+    /usr/bin/cat /etc/oratab, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/lsnrctl status, \
+    /usr/bin/su - oracle -c echo "select * from product_component_version;" | /u01/app/19.1.0.0/grid/bin/sqlplus -L -S -M "HTML ON" / as sysdba
+
+# Oracle RAC Additional Commands  
+Cmnd_Alias DEVICE42_ORACLE_RAC = \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/olsnodes -c, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/olsnodes -n -i -s, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/olsnodes -l -n -i -s, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/srvctl config scan_listener, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/srvctl config scan, \
+    /usr/bin/su - oracle -c /u01/app/19.1.0.0/grid/bin/crsctl stat res -t | grep *, \
+    /usr/bin/su - oracle -c srvctl config database -d *
+
+# Grant these permissions to your Device42 discovery user:
+# username ALL=(ALL) NOPASSWD: DEVICE42_ORACLE, DEVICE42_ORACLE_RAC
+```
+</details>
+
 ### Set Up Your Oracle Discovery Job
 
 To begin discovering your Oracle databases, navigate to **Discovery > HyperVisors /\*nix /Windows**. Create a new discovery job for Windows or \*nix (or both) targets, and be sure to check the **Collect database server information** checkbox.