VSys generally requires READ, UPDATE, INSERT and DELETE privileges on its tables. One major exception is the "trace" table. Only one tool in VSys ever deletes records from this table, the Purge Old Trace Records tool, and no tools update any records here. To enhance the security of the tracing logs, you can prevent VSys from running that operation by revoking the privileges of VSys users at the database level, leaving them only READ and INSERT privileges.
VSys still requires READ and INSERT privileges, even if tracing is disabled (it stores some minor information there).