LMS scripts at the discovery layer.

What the scripts are.

Oracle LMS scripts are data-collection scripts written and distributed by the LMS team to read deployment, configuration and feature-use signals from the buyer's Oracle estate. The most cited is the database options and packs script (sometimes called OPTIONS_PACKS_USAGE_STATISTICS or the feature-use script) which reads the database control file for evidence that priced options or management packs have been used since database creation.

Other scripts read WebLogic Server deployment topology, named-product inventory, processor counts against the deployed hosts and virtualisation host-level data. Each script targets a different evidentiary purpose; each script writes to a structured output file; each output file is requested for return to LMS.

The wider editorial sits in the Oracle pillar and the audit anatomy sits at LMS audit anatomy. The scope discipline that precedes any script question sits at LMS scope control.

The buyer-side read.

The contractual right of LMS is the audit right at the front of the Oracle Master Agreement. That right entitles LMS to verify compliance; it does not entitle LMS to direct access to buyer infrastructure or to compel the buyer to run any specific tool. The script request is therefore a discovery proposal, not a contractual obligation, and the buyer holds the discretion on whether and how to comply.

The buyer-side response is to recognise the request and propose a buyer-controlled discovery: the same data points, collected by the buyer's internal SAM team or by an independent advisor, against an internal database-feature-use lookup or the equivalent. The buyer runs the discovery, the buyer reviews the output, the buyer narrates the output before it leaves the data room.

The database feature-use read.

The most commercially load-bearing script is the database feature-use script because the Oracle database options carry list prices in the same order of magnitude as the database itself. A feature-use signal against an option the buyer has not licensed (Partitioning, Advanced Compression, Advanced Security, Diagnostics, Tuning, RAT) becomes the central audit-finding line in an LMS settlement.

The buyer-side disciplines around the feature-use read are documented at database feature use. They include the disablement of unlicensed options at the parameter level, the routine clearing of feature-usage statistics where contractually permissible, the documentation of any one-time accidental use and the standing protocol that priced options are never enabled on a non-licensed instance.

The buyer-side narrative around an unexpected feature-use line is also load-bearing. Many feature-use lines read as accidental, one-time or trial use; the contractual position is that the buyer has not enabled the option as an ongoing deployment. The buyer-side memo to LMS should distinguish between trial use, accidental use and operational use; the settlement value varies accordingly.

The data-protection posture.

The script output is buyer data. It may contain user names, hostnames, schema names, IP addresses and other operational metadata that overlap with personal-data fields under GDPR (in the UK, EU and equivalent jurisdictions). The buyer-side governance is to treat the script output as restricted data and to gate disclosure through the data-room access controls already used for other audit data.

The disclosure to LMS therefore runs through a structured data-room with logged access, redaction where appropriate (personal-data fields, customer-data fields, sensitive infrastructure addresses) and a controlled export. The contract owner signs each disclosure; the LMS-side recipient signs an access undertaking. The buyer-side legal team owns the disclosure register.

The data-protection posture is also the load-bearing input on cross-border disclosure. Where the buyer is in a regulated jurisdiction with international-transfer constraints (the EU, the UK, Switzerland, parts of Asia), the disclosure of script output to a recipient outside the jurisdiction triggers a transfer assessment. The buyer-side response should anticipate this and propose in-jurisdiction review where the buyer counterparty is in-jurisdiction.

The discovery letter.

The buyer-side response to a script request is a short discovery letter signed by the contract owner. The letter (typically two to three pages) does five things: acknowledges the LMS engagement and the scope letter, references the audit-right clause in the master agreement, proposes a buyer-controlled discovery running the same data points, names the in-house team or independent advisor running the discovery, and sets the cadence (typically a six-week discovery window).

The letter is not a refusal of scripts; it is a counter-proposal of a buyer-controlled discovery that delivers the same evidentiary purpose. LMS engagements run smoothly under this framing in many cases; the engagements that escalate are those where the buyer refuses without a counter-proposal or where the buyer accepts the script without a discovery letter.

The wider editorial on the audit cycle sits in the Audit Defence programme and at Oracle LMS audit defence. The settlement framing at the end of the cycle sits at LMS settlement position.

What the buyer holds.

The buyer holds the script discretion (whether to run them), the script choreography (who runs them, on what infrastructure, in what window), the data-protection gate (what disclosure controls apply) and the narrative framing (how feature-use lines are explained before submission). Each of these is buyer-controlled. None of them are conceded by the audit right.

The audit defence engagement therefore runs not against a fixed set of script outputs but against a buyer-side discovery whose output the buyer has read and narrated. The engagement closes faster, the settlement is lower, and the buyer-side data position is protected.

The wider editorial sits in the Oracle licensing pillar and the engagement entry sits in the Oracle practice. The aggregated reading sits in the Oracle knowledge hub.