How to transition from EM 12c database target VIEW privileges to EM 13c flexible database access control group privileges (Doc ID 2277277.1)

Last updated on JUNE 19, 2017

Applies to:

Enterprise Manager Base Platform - Version 13.1.0.0.0 and later
Information in this document applies to any platform.

Goal

Enterprise Manager 13c introduces Flexible Database Access Control providing a fine-grained flexible privilege control model for database target management.

Before the introduction of this feature an Enterprise Manager user granted access on the database had access to all of the database management features, such as performance management, high availability management, storage management, security management and so forth. Enterprises have different classes of users such as DBA, Application Developer, Application DBA, and Infrastructure DBA that need to access database management functions. There is a need for a flexible privilege model to accommodate these roles. For example, enterprises may want their application developers to access only performance management functions in a View Only mode.

Providing enterprise users access to unnecessary features and pages opens up the database to security vulnerabilities. Oracle recommends that you grant Enterprise Manager users the minimum number of privileges required to perform their job. Introducing these out of box database management roles grants users access to only the Enterprise Manager pages required to perform their job.

 

Flexible Database Access Control enables Enterprise Manager super administrators to grant the minimum access to Enterprise Manager administrators and users required to complete their more specific responsibilities.High levels of security can be implemented using the new flexible DB access control features for database management.

 

This MOS note aims at addressing the concerns where customers in Enterprise Manager 12c who have granted VIEW database target privileges would want to carry over similar end-user experience in Enterprise Manager 13c following upgrade. Customers can decide in adopting the rich features of Flexible Database Access Control at a later point in time but as part of upgrade, they do not want their existing users to relinquish current access.

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms