Skip Headers

Oracle® Enterprise Manager Concepts
10g Release 1 (10.1)

Part Number B12016-01
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Master Index
Master Index
Go to Feedback page

Go to previous page
Go to next page
View PDF

7 Setting Up Enterprise Manager for Your Environment

The bigger your enterprise, the bigger the task to manage all the targets in that environment. You can set up Enterprise Manager to work within that environment so that multiple administrators can share the responsibilities of managing multiple targets. This set up includes defining the appropriate levels of access and privileges so administrators can perform their jobs in the most optimum way.

This chapter explains these concepts:

Creating Administrators

The breadth of management tasks available in Enterprise Manager depends on the privileges and roles assigned to the administrators. Administrator accounts are user accounts that allow administrators to log in to Enterprise Manager and perform management tasks. The privileges and roles assigned to the administrator account determine what the administrator can do within Enterprise Manager.

Superadministrator Account

Enterprise Manager is installed with a default superadministrator account called SYSMAN. During the installation, you provide a password for SYSMAN. You use the SYSMAN account for the initial log in to Enterprise Manager. The superadministrator account cannot be deleted nor renamed.

The superadministrator account can create, as well as delete other administrator accounts and set up all administrator credentials. Among other tasks, the superadministrator can:

  • Create Enterprise Manager privileges and roles

  • Perform the initial set up of Enterprise Manager, for example, defining e-mail configurations and defining global notifications rules

  • Add additional targets to Enterprise Manager

  • Perform any action on any target in the system

Oracle recommends that after installation, the first time you log in to Enterprise Manager as SYMAN, you create a new administrator account for yourself. Oracle does not recommend logging in as superadministrator to conduct daily administration tasks.

Each administrator should have his or her own account that is not a superadministrator account. For example, you could create a new administrator account that would have access to a subset of targets (databases, application servers, hosts) in the environment for which the administrator is primarily responsible.

Administrator Account

An Enterprise Manager administrator account (also known as an administrator) is an account that provides users permission to perform administrative tasks and access administrative information. You can set up each administrator account to have its own:

  • E-mail address

  • Notification rules

  • Set of privileges that determine what it can do in Enterprise Manager, for example, which targets it can access

Oracle recommends that you create an administrator account using the superadministrator account for each administrator on your administrative team. The superadministrator account has a lot of capabilities and it is not a good idea for everyone on the administration team to be logging in and doing work as SYSMAN.

See Also:

"About Administrators and Roles" in the Enterprise Manager online help

Using Privileges

System security is a major concern of any corporation. Security conscious IT departments plan privileges such that each person only has the minimum privileges needed to do his or her job. Also you do not want to perform the tedious task of individually granting access to tens, hundreds, or even thousands of targets to every new member of your organization.

With the Enterprise Manager administrator privileges and roles feature, you can perform this task within seconds, instead of hours.

A privilege is a right to perform management actions within Enterprise Manager such as:

The following types of privileges are defined by Oracle.

Defining Roles

Roles are named groups of related privileges that you grant to users and other roles. Creating roles is an easy way to grant a set of privileges to a group of administrators rather than granting the privileges to each administrator, a privilege at a time. So in time if administrator responsibilities change, you need only change the Role definition once and the changes are automatically propagated to the administrators who have these roles.

Enterprise Manager has one predefined role, the PUBLIC role. By default, the PUBLIC role contains no privileges and is granted to every new Enterprise Manager administrator account created. The PUBLIC role is an easy way to grant privileges to all administrators. By granting a privilege to the PUBLIC role, all administrators get that privilege.

Roles can be based on:

Granting of such roles and privileges guarantees security across all functional areas of Enterprise Manager. That is, if an administrator is restricted to only accessing development databases, then throughout the product, only those development databases on which he or she has been granted privileges will be available.

See Also:

"Creating, Editing, and Viewing Roles" in the Enterprise Manager online help

Organizing Targets as Groups

Because of the ever-growing number of systems and services that administrators are responsible for, Enterprise Manager provides a view that includes only those targets you need to monitor. This view is called a group.

Groups are user-defined sets of targets logically combined to be managed as one. You can use groups in Enterprise Manager to monitor and manage different targets collectively, easily perform administrative operations against the targets, and consolidate and monitor your distributed targets as one logical entity.

For example, you can define a group called TEST that contains all hosts and database targets within your test environment. From the group's home page, you can easily see the overall status and availability of all the targets in your test group, instead of having to check the status of each individual member. You can easily perform maintenance operations against the group, for example, run a weekly job that backs up all test scripts. Even if group membership changes, any jobs submitted to the group automatically keep up with group membership.

From a Group's Home page (see Figure 7-1), whether the group is based on a homogenous set of targets or a heterogeneous set of targets (for example, a business's application), you can:

There are three types of groups:

Figure 7-2 Home Page for a Database Group

Description of setup_database_group.gif follows
Description of the illustration setup_database_group.gif

Figure 7-3 Home Page for a Host Group

Description of setup_host_group.gif follows
Description of the illustration setup_host_group.gif