OEM 13c : Non sysman users are able to view all the targets in global preferences page of Preferred Credentials
(Doc ID 2618194.1)
Last updated on DECEMBER 06, 2019
Applies to:Enterprise Manager Base Platform - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 13c]
Information in this document applies to any platform.
In EM 13.2 Cloud Control, non sysman users are able to view all the targets in global preferences page of Preferred Credentials
EM_USER1 is created and granted target privileges this this user.
When login to EM console as EM_USER2 and navigate to below path :
Setup --> security --> preferred credential --> database instance --> manage preferred credential --> global preferences
Result: all target names are visible without any filter despite of there are absolutely no rights on the targets
Security Imapact : The target names may contain business critical information and must not be visible to those whom (EM_USER2) does not have privilege on the target.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document