My Oracle Support Banner

How to Transition from Enterprise Manager12c Cloud Control Database Target VIEW Privileges to Enterprise Manager 13c Flexible Database Access Control Group Privileges (Doc ID 2277277.1)

Last updated on AUGUST 04, 2018

Applies to:

Enterprise Manager Base Platform - Version 13.1.0.0.0 and later
Oracle Database - Enterprise Edition - Version 11.2.0.4 and later
Information in this document applies to any platform.

Goal

Enterprise Manager (EM)13c Cloud Control introduce Flexible Database Access Control that provides a fine-grained flexible privilege control model for database target management.

Enterprise Manager 13c introduced flexible DB access control for Enterprise Manager Database Plug-in. New out of box roles align with database personas and provide tighter access control on managed target databases. Before the introduction of this feature an Enterprise Manager user granted access on the database had access to all of the database management features, such as performance management, high availability management, storage management, security management and so forth. Enterprises have different classes of users such as DBA, Application Developer, Application DBA, and Infrastructure DBA that need to access database management functions. There is a need for a flexible privilege model to accommodate these roles. For example, enterprises may want their application developers to access only performance management functions in a View Only mode.

Providing enterprise users access to unnecessary features and pages opens up the database to security vulnerabilities. Oracle recommends that you grant Enterprise Manager users the minimum number of privileges required to perform their job. Introducing these out of box database management roles grants users access to only the Enterprise Manager pages required to perform their job.

Fine grained privilege control for Enterprise Manager Database plug-in provides a privilege control model for database pages. This enables Enterprise Manager super administrators to grant the minimum access to Enterprise Manager administrators and users required to complete their more specific responsibilities.

This document addresses upgrade concerns where customers upgrading to EM 13c from EM 12ce want to carry over similar granted VIEW database target privileges during the upgrade. Customers can decide in adopting the rich features of Flexible Database Access Control at a later time; but as part of upgrade, they do not want their existing users to relinquish current access.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.