In this Document
| Goal |
| Solution |
APPLIES TO:
Enterprise Manager for Oracle Database - Version 13.1.1.0.0 and laterInformation in this document applies to any platform.
GOAL
Requirement is to create an EM user with Read only access to the database target but the user should be able to view the details in the Database target performance pages. However, the user should not be allowed to perform any performance activities in the database target.
Created a new EM Admin and granted the "Connect Target Read-only" privilege but accessing the Database load map as the new EM admin returns the below error:
Created a new EM Admin and granted the "Connect Target Read-only" privilege but accessing the Database load map as the new EM admin returns the below error:
Insufficient Privilege User XXXXXX does not have sufficient privileges to perform the operation. Operation: Access to Enterprise Manager management Page Required Privilege: View Database Performance Home Page Contact Enterprise Manager Administrator to get the privileges required to perform the operation.
What privileges should be granted to the EM Admin to be able to view only the performance pages?
SOLUTION
For the EM admin to be able to only view the DB performance pages, grant the privilege: View Database Performance Privilege Group. This includes the "Connect Target Read-only" privilege and the view privilege to access the performance details but will not allow the user to perform any changes.
This is a new privilege in 13c EM and the complete list of privileges are described in Oracle Enterprise Manager Cloud Control Online Documentation Library, Release 13.1, Enterprise Manager Cloud Control Security Guide
Appendix B - Privileges
Appendix B - Privileges
Follow the below steps:
- Login to the EM console as a super-administrator user.
- Navigate to Setup -> Security -> Administrator.
- Select the EM Admin created and click on Edit button.
- In the 'Target Privileges' page, scroll down and click on the edit icon in the 'Manage Target Privileges Grants' for the specific database target:
- Navigate to Setup -> Security -> Administrator.
- Select the EM Admin created and click on Edit button.
- In the 'Target Privileges' page, scroll down and click on the edit icon in the 'Manage Target Privileges Grants' for the specific database target:
- In the next page, search for "View Database Performance" in the search field.
- Select the privilege named 'View Database Performance Privilege Group':
- Save the details.
- Login to the EM console as the new EM Admin and verify if the DB target performance pages are accessible.
FYI 'View Database Performance Privilege Group' privilege also provides 'Install Database Management Packages' which defeats the purpose because for developers we don't want to provide install privileges. Not sure why Oracle has given this install privilege.
ReplyDelete