Oracle ReviewLite is the primary SQL-based audit script Oracle uses to assess Oracle Database compliance. This guide covers what data it collects, how it works step by step, how to run it proactively, how to interpret the output, common compliance findings, ULA certification usage, and how to defend against audit findings.
Part of the Oracle licensing technical series. See also: Oracle Licence Compliance Scripts Guide | Interpreting LMS Script Output | Conducting Internal Oracle Licence Audits.
Oracle ReviewLite is a proprietary SQL-based audit script developed by Oracle's License Management Services (LMS) team. It is designed specifically for Oracle Database products and collects detailed information about every Oracle database instance in your environment, including editions, options, management packs, processor counts, user counts, and feature usage. Oracle uses ReviewLite data during licence audits and ULA certifications to determine compliance and quantify deployments.
ReviewLite is not publicly available. Oracle provides it during audit engagements, ULA certifications, or upon proactive request. The script is read-only and does not modify data, but the information it collects forms the foundation of Oracle's compliance findings. Organisations that run ReviewLite proactively and analyse the output before sharing with Oracle gain a significant strategic advantage.
| Characteristic | Detail | Why It Matters |
|---|---|---|
| Purpose | Audits Oracle Database usage; supports ULA certification; collects data for compliance analysis | Oracle uses this data to identify compliance gaps and calculate licence shortfalls |
| Scope | Oracle Database products only (separate scripts exist for middleware, EBS, and Java) | Must be run on every server with Oracle Database installed: production, development, test, DR |
| Technology | Read-only SQL queries against Oracle data dictionary views; does not modify data | Safe to run in production environments with minimal performance impact |
| Output | CSV/text files with server details, instance configuration, options/packs usage, processor counts, user data | Output is highly detailed and requires expert interpretation to distinguish compliance risks from benign findings |
| Ownership | Proprietary to Oracle. Not publicly downloadable | Oracle controls the script version. Always request the latest version for accurate results |
| Contractual basis | Oracle contracts typically require customers to run LMS scripts upon audit request | Cannot refuse to run ReviewLite without breaching contract terms |
| Data Category | What ReviewLite Collects | Licensing Relevance | Common Compliance Risk |
|---|---|---|---|
| Server and instance information | Hostname, OS, Oracle version, edition (EE/SE/SE2), SID, database name, creation date | Edition determines licence type and pricing (EE = $47.5K/processor; SE2 = $17.5K/server) | SE2 database with Enterprise Edition features used = Oracle reclassifies to EE pricing |
| Options and packs usage | DBA_FEATURE_USAGE_STATISTICS: every option and management pack ever activated, including timestamps and sample counts | Each option (Partitioning, Advanced Security, etc.) requires a separate licence at $11.5K-$23K+ per processor | Options activated "for testing" or auto-enabled by default. Oracle counts any recorded usage as licensable |
| Processor and hardware data | CPU count, core count, socket count, hardware model, virtualisation type (VMware, OVM, etc.) | Processor-based licensing requires counting all physical cores multiplied by core factor (or all cluster cores for VMware) | VMware environments: Oracle counts all physical cores in the cluster, not just the VM. Exposure can be 10x+ expected |
| User and session data | Named users, concurrent sessions, high-watermark (peak) session counts, DBA accounts | Named User Plus licensing requires minimum counts per processor (25 NUP per processor minimum) | Peak sessions exceeding NUP minimums; accounts not properly counted |
| Configuration details | RAC configuration, Data Guard, ASM, partitioning settings, encryption, compression | RAC requires EE + RAC option licence for all nodes; Data Guard may require licensing standby | Data Guard Active standby = full licence required for DR server |
| Database link and connection data | Database links, TNS connections, external system connections | May reveal indirect access or undisclosed database instances | Database links to unlicensed instances or external systems that should be counted |
| Step | What Happens | Customer Action Required |
|---|---|---|
| 1. Oracle provides the script | Oracle LMS delivers the ReviewLite package (ZIP file containing SQL scripts and shell wrappers). Includes version-specific scripts for different Oracle DB versions (11g, 12c, 19c, 21c, 23ai) | Verify you have the latest version. Request directly from Oracle if self-assessing |
| 2. DBA extracts and prepares | DBA unzips the package on each target server, reviews the README for execution instructions. Scripts require SYSDBA or DBA-level access to query data dictionary views | Coordinate with DBA team. Schedule execution across all Oracle instances |
| 3. Script execution | DBA runs the master script (typically via SQL*Plus or shell wrapper). Read-only queries execute against the database, querying DBA_FEATURE_USAGE_STATISTICS, V$LICENSE, V$INSTANCE, GV$SESSION, DBA_USERS, and other dictionary views | Run during off-peak hours as a precaution. Monitor for any unexpected load (rare) |
| 4. Output generation | Script produces output files (CSV and/or text) in a designated directory. Typically 5-15 files per instance covering each data category | Collect all output files. Ensure no instances are missed |
| 5. Internal review | ITAM/SAM team reviews output before sending to Oracle. Cross-reference findings against licence entitlements. Identify potential compliance gaps | CRITICAL: never send raw output to Oracle without internal analysis first |
| 6. Submission to Oracle | Reviewed output files are securely uploaded to Oracle (typically via Oracle's secure portal). Oracle LMS team analyses the data and produces a compliance report | Oracle will use this data to calculate licence shortfalls and potential fees |
The most effective use of ReviewLite is proactive: running it internally before Oracle requests it. This gives you time to identify and remediate compliance gaps before they become audit findings.
| Proactive Activity | What to Do | Frequency | Strategic Benefit |
|---|---|---|---|
| Internal ReviewLite execution | Run ReviewLite on all Oracle Database instances. Analyse output internally | Annually minimum; quarterly for large environments | Discover compliance gaps before Oracle does. Remediate on your terms and timeline |
| Options and packs audit | Focus on DBA_FEATURE_USAGE_STATISTICS output. Identify any option or pack showing CURRENTLY_USED = TRUE | After every ReviewLite run; after any major database change | Each unlicensed option = $11.5K-$23K+ per processor. Early detection saves hundreds of thousands |
| Environment inventory validation | Compare ReviewLite servers list against your CMDB/asset inventory. Identify unknown or forgotten instances | Annually; after any infrastructure change | No blind spots. Every Oracle instance accounted for in your compliance position |
| Pre-ULA certification dry run | Run ReviewLite 6-12 months before ULA expiry to understand current deployment and plan maximisation strategy | At least 6 months before ULA end date | Maximise licences certified. Deploy strategically before certification to increase entitlement |
| Script version check | Verify you have the latest ReviewLite version from Oracle. Older versions may miss newer features | Before each execution | Prevent false confidence. Outdated scripts miss features Oracle's auditors will catch |
| Finding Category | What ReviewLite Shows | Financial Exposure (8-Core Server) | Remediation |
|---|---|---|---|
| Unlicensed database options | DBA_FEATURE_USAGE_STATISTICS shows options like Partitioning, Advanced Compression, Advanced Security as "USED" | $46K-$92K per option per server (list) + 22% annual support | Disable unused options. Purchase licences for genuinely needed ones. Document business justification |
| Unlicensed management packs | Diagnostics Pack or Tuning Pack showing usage. Often auto-enabled by Oracle Enterprise Manager | $30K-$60K per pack per server (list) | Disable CONTROL_MANAGEMENT_PACK_ACCESS parameter. Remove OEM pack targets |
| Enterprise Edition features on Standard Edition | EE-only features (bitmap indexes, parallel query, etc.) used on an SE/SE2 database | $190K+ per 8-core server (upgrade from SE2 to EE processor licensing) | Remove EE-specific features. Verify SE2 feature restrictions are enforced |
| Processor count discrepancy | More physical cores detected than licences purchased. VMware cluster showing all host cores | $190K+ per additional 4 processors (DB EE list) | Review core factor table. Consider Oracle-approved hard partitioning. Right-size VMs |
| Inactive/unknown instances | Oracle Database instances on servers not in the CMDB. Developer installs, DR copies, forgotten test systems | $47.5K+ per processor per undiscovered instance | Decommission unnecessary instances. Add discovered instances to inventory |
| ULA Certification Aspect | How ReviewLite Is Used | Customer Strategy | Common Mistake |
|---|---|---|---|
| Deployment counting | Counts processors, cores, and instances across all servers to determine total licensed deployment | Deploy Oracle Database on maximum servers before certification to maximise certified licence count | Failing to deploy on all planned servers before running ReviewLite. Certifying fewer licences than possible |
| Options and packs inclusion | Identifies which options/packs are deployed. Only options included in ULA scope can be certified | Verify all deployed options are within ULA scope. Negotiate to add any out-of-scope options before certification | Options deployed but not in ULA scope creating a compliance finding during certification |
| Out-of-scope products | May reveal Oracle products deployed that are not part of the ULA (additional options, RAC, GoldenGate) | Audit your environment 6+ months before certification. Resolve any out-of-scope deployments | Oracle using certification as a forced upsell |
| Virtualisation impact | Captures VMware/OVM configurations. Oracle applies its virtualisation licensing rules | Consider hard partitioning (OVM, Solaris Zones) to limit processor counts | VMware clusters inflating processor count. Certifying far more licences than expected |
| Timing and preparation | Must be run at a specific point as part of the certification declaration | Run internally 6-12 months before ULA expiry. Identify and deploy optimally. Then run officially for certification | Treating certification as a formality. Missing the opportunity to maximise licence counts |
Never send raw ReviewLite output to Oracle without internal analysis first. Oracle will interpret every data point in the way that maximises their compliance claim. Your internal analysis must identify legitimate findings vs benign configurations before anything is shared.
| Output Section | What to Look For | How Oracle Will Interpret It | Your Defence |
|---|---|---|---|
| DBA_FEATURE_USAGE_STATISTICS | Any row with CURRENTLY_USED = TRUE or DETECTED_USAGES > 0 | Oracle treats any recorded usage as licensable, even a single sample from years ago | Investigate each flagged feature: was it auto-enabled? Used once for testing? Document context. Disable if not needed |
| V$LICENSE / session data | Peak concurrent sessions; high-watermark values | Oracle compares peak usage against NUP minimum counts and licensed quantities | Compare against licence entitlements. Verify NUP minimums are met (25 per processor) |
| Hardware / processor data | Total cores, sockets, VMware cluster membership | Oracle applies core factor table and VMware full-cluster licensing to calculate required processor licences | Verify core factor lookup. Challenge VMware findings if Oracle VM or hard partitioning is available |
| Database edition | Edition reported (Enterprise, Standard, SE2) | Oracle verifies no EE-only features are used on SE/SE2 instances | Audit SE2 instances for EE-only features before submitting data |
| Instance discovery | List of all discovered database instances and their status | Every instance = licensable, including stopped or rarely used databases | Decommission unnecessary instances before the official run. Document any test instances with their purpose |
When Oracle presents audit findings based on ReviewLite data, the findings are a negotiating position, not a verdict.
| Defence Strategy | How It Works | Expected Outcome |
|---|---|---|
| Challenge feature usage timestamps | DBA_FEATURE_USAGE_STATISTICS records historical usage. Argue one-time or ancient usage does not constitute current licensable use | 50-100% of marginal feature findings eliminated |
| Disable and document remediation | Disable unlicensed options/packs immediately. Provide Oracle with evidence of remediation and commitment to not re-enable | Oracle may waive findings for remediated issues, especially if combined with new purchase discussions |
| Challenge VMware processor counts | Oracle counts all physical cores in VMware clusters. Argue for Oracle VM migration, hard partitioning, or actual usage-based counting | Significant processor count reduction, potentially 50-80% fewer processors |
| Bundle remediation with new purchase | Combine audit settlement with planned OCI migration, ULA renewal, or new product purchase for maximum discount leverage | 70-100% of audit findings absorbed into deal value |
| Contract interpretation defence | Argue specific findings are covered under existing licence grants, bundled options, or contractual ambiguity | Case-by-case. Depends on contract language and Oracle's willingness to negotiate |
| Negotiate backdated support waiver | Challenge retroactive support charges. Argue Oracle should have identified issues earlier if long-standing | 50-100% of backdated support eliminated |
| Tool | Scope | When Oracle Uses It | Key Compliance Risk |
|---|---|---|---|
| ReviewLite (Database) | Oracle Database products: editions, options, packs, processors, users, configurations | Every database audit; every ULA certification | Unlicensed options/packs; VMware cluster exposure; SE2 to EE reclassification |
| LMS Middleware Script | Oracle WebLogic, SOA Suite, Forms, Reports, BI | Middleware-specific audits; EBS customisation audits | Unlicensed middleware products; custom applications on restricted-use WebLogic |
| LMS EBS Script | Oracle E-Business Suite: users, responsibilities, module access, concurrent usage | EBS-specific audits | User misclassification; unlicensed module access |
| Oracle Java Audit Scripts | Oracle Java SE deployments: installations, versions, usage patterns across all servers | Java audits (increasingly common since 2023 licence model change) | Unlicensed Java SE installations on production servers |
| Oracle SAM Tools / VLTS | Verified SAM tool integration: hardware, software, and usage data via third-party SAM tools | Ongoing compliance management; audit-accepted data collection | SAM tool data may be accepted in lieu of LMS scripts but Oracle must approve |
| # | Action | Owner | Timing | Key Outcome |
|---|---|---|---|---|
| 1 | Inventory all Oracle Database instances: production, dev, test, DR, standby across on-premises, cloud, and hybrid | DBA / SAM | Quarterly | No hidden instances. Every Oracle database accounted for |
| 2 | Obtain latest ReviewLite script from Oracle account manager or Oracle Support. Verify version matches your database versions | SAM / DBA | Before each assessment; upon audit notice | Accurate data collection using current script version |
| 3 | Run ReviewLite on every instance. Execute on all identified servers. Collect all output files | DBA | Annually; quarterly for large environments | Complete compliance picture with no blind spots |
| 4 | Analyse output internally first. Review all findings before sharing anything with Oracle. Identify compliance gaps, benign findings, and defensible positions | SAM / Licensing Adviser | Immediately after each run | Strategic advantage: know what Oracle will find before they find it |
| 5 | Audit options and packs usage. Check DBA_FEATURE_USAGE_STATISTICS for every flagged feature. Disable unused options. Document genuinely needed ones | DBA / SAM | After every ReviewLite run | Eliminate unlicensed options exposure ($46K-$92K+ per option per server) |
| 6 | Validate processor counts. Verify core counts, core factors, and virtualisation configurations. Challenge VMware full-cluster counting if applicable | DBA / Infrastructure | After ReviewLite run; before audit response | Accurate processor licence calculation. Prevents over-counting |
| 7 | Decommission unnecessary instances. Remove or deactivate forgotten, test, or unused Oracle databases before official audit data collection | DBA / IT | Immediately upon discovery; before audit response | Every decommissioned instance = licensing exposure removed |
| 8 | Prepare ULA certification strategy. If approaching ULA expiry, use ReviewLite data to plan maximum deployment before certification | SAM / Procurement | 6-12 months before ULA expiry | Maximise certified licences: the single biggest financial lever in ULA lifecycle |
| 9 | Engage licensing adviser for complex findings. Get expert interpretation before responding to Oracle | SAM / Procurement | Upon complex findings; before audit response | Expert analysis can reduce findings by 50-80% through proper interpretation and defence |
| 10 | Establish ongoing ReviewLite cadence. Embed execution into quarterly or annual SAM process as routine compliance hygiene | SAM / CIO | Ongoing: quarterly recommended | Continuous compliance. Never caught off guard by an audit |
Oracle ReviewLite is a proprietary SQL-based audit script developed by Oracle's License Management Services (LMS) team. It collects detailed data from Oracle Database instances including editions, options, management packs, processor counts, user counts, and feature usage. Oracle uses it during licence audits and ULA certifications to determine compliance.
Yes. ReviewLite is a read-only script that queries Oracle data dictionary views and configuration tables. It does not modify any data or configurations. It is designed for production environments with minimal performance impact. Most organisations run it during off-peak hours as a precaution.
In most cases, no. Oracle contracts typically include audit clauses requiring customers to run LMS scripts upon request. Refusing would breach contract terms. The better strategy is to run it proactively, analyse the output internally, and be prepared before Oracle requests it.
ReviewLite queries DBA_FEATURE_USAGE_STATISTICS to identify every Oracle Database option and management pack that has been activated, including timestamps and usage counts. Oracle treats any recorded usage, even from a single test years ago, as potentially licensable. Each option costs $11.5K-$23K+ per processor.
ReviewLite is the primary tool Oracle uses to count deployments during ULA certification. It determines how many processor licences, NUP licences, and option/pack licences you retain as perpetual entitlements. Running it proactively 6-12 months before ULA expiry helps you plan maximum deployment to maximise certified licence counts.
Absolutely. This is the single most important recommendation. Oracle will interpret every data point to maximise their compliance claim. Internal analysis allows you to identify legitimate findings vs benign configurations, remediate issues before Oracle sees them, and prepare defences for any findings you cannot resolve.
The five most common findings are: unlicensed database options showing usage (Partitioning, Advanced Security, etc.), unlicensed management packs (Diagnostics, Tuning), Enterprise Edition features on Standard Edition databases, processor count discrepancies (especially VMware environments), and undiscovered/forgotten database instances.
Individual findings range from $30K-$190K+ per server. Unlicensed options typically cost $46K-$92K per option per server. SE2 to EE reclassification can cost $190K+ per 8-core server. VMware cluster licensing can multiply exposure by 5-10x. Total audit exposure from ReviewLite findings commonly reaches $500K-$5M+ for large enterprises.
No. ReviewLite is specifically for Oracle Database products. Oracle has separate LMS scripts for middleware (WebLogic, SOA Suite, etc.), E-Business Suite, and Java SE. A complete compliance assessment requires running the appropriate script for each Oracle product category deployed.
Quarterly for large or dynamic environments, annually at minimum. Additionally, run it immediately upon receiving an audit notice, 6-12 months before ULA expiry, after any major infrastructure change (VM migration, cloud deployment, database upgrade), and before any Oracle contract negotiation.
Redress Compliance provides independent Oracle licensing assessments, audit defence, ULA certification support, and contract negotiation. Our clients typically reduce ReviewLite-based audit findings by 50-80% through proper interpretation and defence. 100% vendor-independent. Fixed-fee engagement.
Oracle Audit Defence ServiceIndependent Oracle advisory. Audit defence. ReviewLite interpretation. ULA certification. Licence management. 100% vendor-independent, fixed-fee engagement.