Re: Question on job-system access in OEM

From: Dave Herring <gdherri_at_gmail.com>
Date: Mon, 22 Jul 2019 16:46:41 -0500
Message-ID: <b1b00024-dc11-40ca-90df-af24590b1b27_at_getmailbird.com>

Thanks for the info, Courtney. I couldn't access the slide share due to company policies on various sites but am reading through the doc on private roles.

Dave

On 7/22/2019 8:20:45 AM, Courtney Llamas <courtney.llamas_at_oracle.com> wrote: What you need to look at is the Private Roles. These allow grants to jobs, credentials, etc. It’s been a while, but I have an example in this deck starting on slide 37 https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide [https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide]

Not sure if its changed much, but the docs are included here https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf [https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf]

On Jul 19, 2019, at 2:06 PM, Dave Herring <gdherri_at_gmail.com [mailto:gdherri_at_gmail.com]> wrote:

The issue is with permissions/access to the OEM Job scheduling system, not database / DBMS_SCHEDULER.

I believe I found a potential solution - create a role under Setup -> Security -> Role, then on each Job update to allow access by this role, then lastly grant this role to each Administrator as I create them (well, do for one and everyone else is a "Create like").

If there's a better way (other than retro-fitting the existing environments to NOT create and schedule all OEM jobs as SYSMAN) by all means share. Thx.

Dave
On 7/19/2019 1:23:13 PM, Mladen Gogala <gogala.mladen_at_gmail.com [mailto:gogala.mladen_at_gmail.com]> wrote: Version 12.1.0.4? I seem to be a bit behind the latest development. What’s going to happen next? Someone will invent a telephone with a camera which can connect to Internet? However, try granting your admins SCHEDULER_ADMIN role and CREATE JOB and MANAGE SCHEDULER privileges. That should allow the newly minted admins to perform administrative functions on DBMS_SCHEDULER. Regards

On 7/19/19 1:57 PM, Dave Herring wrote:

I've got a bit of a newb question related to view-access of other admin's jobs in OEM. The environment is 12.1.0.4 where all target jobs are created under SYSMAN account. I'd like to grant a new slew of admins the ability to view these jobs, both the definition in the Job Library along with scheduled and execution history. I don't see anything that explicitly grants this during Administrator creation so perhaps I'm missing something. Is it possible to do this?

Thx.

Dave

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Jul 22 2019 - 23:46:41 CEST

This message: [ Message body ]
Next message: Sallie Cottingham: "Remove EXIF metadata from photos stored in BLOB in Oracle table"
Previous message: Courtney Llamas: "Re: Question on job-system access in OEM"
In reply to: Courtney Llamas: "Re: Question on job-system access in OEM"
Next in thread: Orion ten: "Re: script command - linux"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message