This tutorial describes setting up Enterprise Manager Grid Control 10g Release 2.
Approximately ½ hour
This tutorial covers the following topics:
|
Overview | |
|
Scenario | |
|
Creating the Roles | |
|
Creating the Administrator | |
|
Summary | |
Place the cursor over this icon to load and view all
the screenshots for this tutorial. (Caution: Because this action loads all screenshots
simultaneously, response time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.
The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in the Oracle Enterprise Manager 10g Grid Control console.
Security is a major concern for most organizations. You have to ensure that there is no breach of privileges happening at any given point of time. For this, you require to set different levels of accessibility for different users. To manually grant privileges to all the users is time consuming and not viable.
Oracle Enterprise Manager 10g Grid Control console provides you with a single, integrated solution to administer and manage several targets. All this is achieved with very little effort and in very less time. However, you have to configure Enterprise Manager before you begin using it. You have to establish standard administrative settings and privileges. You can create Roles for specific tasks with specific privileges. This will set a standard action and access plan for different users.
To simplify the process of identifying the members who need certain privileges and granting them the required permissions, Enterprise Manager enables you to create Roles and Administrators.
In this lesson, you see how to create administrators and roles, and set privileges.
Linda is a super administrator who needs to set up accounts for her team of administrators. She needs to first create roles and then assign them to various administrators. Each administrator might require a different set of privileges. For example, a database administrator requires access to managed databases, but not to the application server that uses the database. A Web administrator might require the ability to manage beacons or create targets without the privilege of access to the database.
A role is a collection of Enterprise Manager system privileges,
or target privileges, or both, which you can grant to administrators or to other
roles. You can create a role based on geographic locations, line of business,
or any other model. You can assign the role to the team members rather than
individually assigning privileges to each member. A role can be used to achieve
the following:
Limit target access.
Limit access to specific
management features.
Facilitate the granting
of privileges, or roles, or both.
As per the scenario, in this tutorial, you learn to create roles to perform specific tasks.
Create
a role with create target and manage beacon privileges.
Create
a role with view permissions.
Create a Role with Create Target and Manage Beacon Privileges
Perform the following steps to create a Role with create target and manage beacon privileges.
|
1. |
Open the browser and enter the URL to access the server on which you installed the management service, in the following format: http://<management service hostname>.<domain>:<port>/em/ The default port value on a machine with no other instances installed on it is 7777. However, if there are other instances running on the machine, then the port may be different. The Login page will be displayed. Enter the User Name and Password, and then click the Login button.
|
|
2. |
The Home page of Enterprise Manager Grid Control shows you a high-level view of your entire enterprise. This page is useful as a starting point when you are assessing the health
of your Oracle environment. It provides high-level data, as well as the
ability to drill down so you can investigate, isolate, and repair availability
and performance problems. To Create a Role, from the Grid Control home page, click Setup. First, you create a role that has manage beacon and create target privileges.
|
| 3. |
Use the Setup page to perform multiple administrative tasks. You can create administrators (other than SYSMAN), new roles and also groups, Systems, and Services. You can set the preferred credentials and e-mail address for the alerts to be sent to. Click the Roles link in the left navigation pane.
|
| 4. |
Click the Create button.
|
| 5. |
On the Create Role page, specify a name to the role that you are
creating. Also, specify the purpose of the role in the Description field.
Click Next.
|
| 6. |
Because you are creating the role with specific privileges for this task, click Next without selecting any predefined roles.
|
| 7. |
The System Privileges page enables you to perform systemwide operations. Use this page to grant privileges to the roles. Select VIEW ANY TARGET, ADD ANY TARGET, USE ANY BEACON and MONITOR ENTERPRISE MANAGER. Click Next.
|
| 8. |
Here, you select the targets whose privileges are to be considered for this role. Select All target types from the Type drop-down list. Click the Move All link.
|
| 9. |
Click Next.
|
| 10. |
Target privileges allow an administrator to perform operations on a target. Certain privileges are automatically granted to the administrator based on other privileges. Granting any privileges on a target automatically grants the View privilege on the host. The target privileges available are View, Operator, Full, and None. View is selected by default. Click Review.
|
| 11. |
The Review page shows you the targets and the privileges that you have assigned to this Role. Click Finish.
|
| 12. |
You have successfully created the Role to create targets and manage beacons.
|
Create a Role with View Permissions
Perform the following steps to create a Role with view permissions.
| 1. |
Click the Create button to create the role.
|
| 2. |
On the Create Role page, specify a name to the role that you are creating. Also, specify the purpose of the role in the Description field. Click Next.
|
| 3. |
Do not select any predefined roles in this step. Click Next.
|
| 4. |
On the System Privileges page, you can grant privileges to the roles. As per the scenario, select VIEW ANY TARGET. Click Next.
|
| 5. |
On the Available Targets page, from the Type drop-down list, choose All target types. Then, click the Move All link.
|
| 6. |
Click Next.
|
| 7. |
All the targets have View privileges by default. Click Review.
|
| 8. |
The Review page lists all the privileges available for this role. Click Finish.
|
| 9. |
You have successfully created the role to view the targets.
|
Using Enterprise Manager, you can create Administrator and Roles to group the members who require similar privileges.
By default, during the installation of Oracle Enterprise Manager, one Super Administrator is created with the username of SYSMAN. This account should be sparingly used. Oracle recommends that administrators should have their own Enterprise Manager account.
Administrators are database users defined in the Management
Repository who can log in to Enterprise Manager to perform management tasks.
The Super Administrator can choose to grant certain privileges to certain administrators
to access and manage certain targets based on the requirement. Thus, the Super
Administrator can divide the work intelligently among the administrators.
You add the roles that you just created to the administrator.
Create
an administrator with manage beacon and create target privileges.
Create
an administrator with view privileges.
Create an Administrator with Manage Beacon and Create Target Privileges
In this tutorial, you create an administrator with manage
beacon and create target privileges.
|
1. |
Click the Administrators link in the left navigation pane.
|
| 2. |
The given scenario requires you to create a Web administrator user who needs privileges for managing the beacons for his Web applications. This administrator will also require the create target privilege for adding additional beacons and creating System and Services. Click the Create button.
|
| 3. |
Specify a name for the administrator. Specify the password required to log in to Enterprise Manager. Also, specify the e-mail address. All the notifications will be sent to this e-mail address. Click Next.
|
| 4. |
Select User_With_Create_Permission because this role has the create target and manage beacon privileges. Click the Move link to select this role for the administrator. Note: Remove PUBLIC from the Selected Roles list box.
|
| 5. |
Click Next.
|
| 6. |
Because you have already selected the privileges for the role, you do not need to grant any privileges for this task. Click Review.
|
|
7.
|
On the Review page, you can see a summary of all the privileges that your administrator will have. The net permission available to the administrator is that of the role. Click Finish.
|
| 8. |
You have successfully created the administrator. You can log in to Enterprise Manager with this administrator account and check whether you are able to create targets and manage beacons.
|
Create an Administrator with View Privileges
To create an administrator with View privileges, perform the following steps.
| 1. |
As per the scenario, you need to create an administrator with View privileges. Click the Create button.
|
| 2. |
Specify a name for the administrator. Specify the password. Also, enter the e-mail address. All the notifications will be sent to this e-mail address. Click Next.
|
| 3. |
Select USER_WITH_VIEW_PERMISSION. This is the role that you created with View privileges. Click the Move link to select the user. Note: Remove PUBLIC from the Selected Roles list box.
|
| 4. |
Click Next.
|
| 5. |
Because you have already selected the system privileges for the role, you do not need to select any option here. Click Review to view the summary.
|
| 6. |
On the Review page, you can see a summary of all the privileges that your administrator will have. In this case, the net permission available to the administrator is that of the role. Click Finish.
|
| 7. |
You have successfully created the administrator with the view permissions. You can log in to Enterprise Manager with this administrator account and verify that you are able to view the targets. You can try creating a target. This should fail because you have not given the create target permission to this account.
|
In this lesson, you learned how to:
|
Create the roles | |
|
Create the administrator | |
Place the cursor over this icon to hide all screenshots.