Skip to main content
Question

How to avoid Oracle user account being not onboarded while scanning

  • January 15, 2026
  • 3 replies
  • 45 views
P

Hello All,

We have a requirement for to not onboard Oracle user account while performing oracle DB scan. We only want ‘Oracle system accounts’ and ‘Oracle Service accounts’ to be onboarded. We have attributes (Same as in DB) defined in BeyondInsight configuration. 

When we attempt to onboard DB accounts using the smart rule, it captures all accounts. Consequently, when we use the 'Set attributes in each account' action within the smart rule, it assigns attributes to all accounts, regardless of the account type.

 

Thanks,

Prasad

    3 replies

    J
    BeyondTrust Employee
    • jchandler
    • BeyondTrust Employee
    • January 19, 2026

    Hello ​@prasadp87 

    Please have a look at this kb on onboarding Oracle accounts.
    https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0019882

    Password Safe does no onboard accounts when scanning. The scan enumerates the database instance.
    Once the instance has been enumerated you can onboard the database as a managed system using an Asset based smart rule with the "Manage Assets using Password Safe" action.
    After the managed systems have been onboarded the Oracle accounts can be onboarded with a Managed Account smart rule with the "Manage Account Settings" action.
    To restrict what oracle account get onboarded use "User Account Attributes | Account Name | you can use equals, contains, or regex expression to onboard specific account. 
    Account name is the only option you can use for selection of accounts. If you are onboarding to many accounts make sure you add the "User Account Attributes | Account Name" to restrict the account selection.

    If you have any questions on this please let me know.

    Regards,

    john

      P
      • prasadp87
      • Author
      • Trailblazer
      • January 20, 2026

      Hello John,

       

      Thanks for the response. I have followed the KBA to onboard accounts with help of smart rules but unfortunately it brings out all the accounts (User, System, Service accounts) and we do not have any specific naming conventions to follow to distinguish System, Service accounts from User accounts. Do we have any way to filter accounts based on certain DB attributes (like Oracle Profile). We are getting many of the user accounts which we dont want to be in BT system.

       

      Thanks,

      Prasad

      J
      BeyondTrust Employee
      • jchandler
      • BeyondTrust Employee
      • January 28, 2026

      Hello ​@prasadp87 

      Unfortunately Password Safe cannot distinguish Oracle account by account type. If this feature is desired, create and upvote feature requests in the Ideas Portal.  Navigate to the BeyondTrust Okta homepage using the appropriate credentials to sign in. Once logged in, access the Ideas tile and create a request to submit for Product Management to review. Use this site to monitor and add to an idea thread, receive email notifications, and request updates.  The more votes on the Idea, the more visibility it will have.

       

      Regards,

      John

      Badge Earners

      • BCA: Password Safe
        erodrigueshas earned the badge BCA: Password Safe
      • BCSE: Privileged Remote Access
        TheSwitcherhas earned the badge BCSE: Privileged Remote Access
      • BCSE: Remote Support
        TheSwitcherhas earned the badge BCSE: Remote Support
      • BCIE: Remote Support
        TheSwitcherhas earned the badge BCIE: Remote Support
      • BCIE: Privileged Remote Access
        TheSwitcherhas earned the badge BCIE: Privileged Remote Access
      Show all badges
      Terms & ConditionsCookie settingsAccessibility statement