Skip Headers
Oracle® Exalogic Elastic Cloud Administrator's Guide
Release EL X2-2, X3-2, and X4-2

E25258-13
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

6 Creating and Managing Users and Roles

This chapter discusses user and role management in Exalogic Control.

It contains the following topics:

6.1 User Profiles

Table 6-1 describes the user profiles and their primary responsibilities in the Exalogic cloud environment.

Table 6-1 Roles and Responsibilities

Role Primary Responsibilities Skills Required

Root user

Super user or a data center administrator that creates the Exalogic Systems Admin user.

The user must be an experienced data center administrator.

Exalogic Systems Admin

Administers and manages the Exalogic machine platform.

The user must be familiar with Exalogic machine management, Exalogic machine network, and OS management.

Cloud Admin

Sets up the cloud infrastructure and resource allocation, so that Cloud Users can deploy their applications on to authorized Accounts.

The Cloud Admin user also manages the Cloud Users accessing the accounts and their authorization.

The user must be familiar with system administration, including virtualization, networking, and storage.

Cloud User

Uses the resources allocated to them to create Virtual Servers and deploy applications.

Cloud users are presented only with the required options in the Exalogic Control browser user interface (BUI).

The user must be familiar with hardware management, network management, virtualization, and OS management in general.


6.2 Before You Begin

When Exalogic Control is initiated and started by the Exalogic Configuration Utility (ECU), a default root user account is created. This root user must create the Exalogic Systems Admin user in Exalogic Control.

When you create a user, the user name and its associated password are imported from the local directory on the VM hosting the Enterprise Controller component of Exalogic Control. You must add a user name to this local directory before you can add it as a local user in Exalogic Control.

To create a user on the VM hosting the Enterprise Controller, do the following:

  1. Run the useradd command, as in the following example:

    # useradd -d /home/ELAdmin -s /bin/bash -m ELAdmin

  2. Run the passwd command to set a password for the newly created local user, as in the following example:

    # passwd ELAdmin

  3. Repeat this procedure to create other local users, such as CloudAdmin, User1, and User2.

6.3 Creating the Exalogic Systems Admin User

To create the Exalogic Systems Admin role in Exalogic Control, complete the following steps:

  1. Ensure that the user exists as a local user on the virtual machine that hosts the Enterprise Controller component of Exalogic Control, as described in Section 6.2, "Before You Begin.".

  2. Access the browser UI of Exalogic Control as described in Section 2.6, and log in as the root user.

    If you do not know the password for the root user, contact Oracle Support.

  3. On the home page, click Administration in the navigation pane on the left.

  4. Under Enterprise Controller, click Local Users. The Local Users page is displayed.

  5. Under Users and Notification Profiles, click the Add User icon. Alternatively, click Add User on the Operate pane. The Add User screen is displayed, as shown in Figure 6-1.

    Figure 6-1 Add User Screen

    Description of Figure 6-1 follows
    Description of "Figure 6-1 Add User Screen"

  6. In the User Name field, enter the user name, which was added to the OS environment. For example, ELAdmin.

  7. Select the Exalogic Systems Admin role, the Role Management Admin role, and the User Management Admin role from the Available Roles list, and move them to the Selected Roles list by clicking the right arrow.

    Note:

    You are adding the User Management Admin role to allow the Exalogic Systems Admin user to manage users.

  8. Click Add User.

    The Exalogic Systems Admin user is created.

    Note:

    Typically, only one or two users are created with the Exalogic Systems Admin role.

  9. Log out as the root user.

6.4 Creating the Cloud Admin User

The Exalogic Systems Admin user creates the Cloud Admin user. To create the Cloud Admin user, complete the following steps:

  1. Ensure that the user exists as a local user on the virtual machine that hosts the Enterprise Controller component of Exalogic Control, as described in Section 6.2, "Before You Begin.".

  2. Access the browser UI of Exalogic Control as described in Section 2.6, and log in as the ELAdmin user.

  3. On the home page, click Administration in the navigation pane on the left.

  4. Under Enterprise Controller, click Local Users. The Local Users page is displayed.

  5. Under Users and Notification Profiles, click the Add User icon. Alternatively, click Add User on the Operate pane. The Add User screen is displayed.

  6. To create the Cloud Admin user, do the following:

    • In the User Name field, enter the user name. For example, CloudAdmin.

    • Select the Cloud Admin role and the User Management Admin role from the list of Available Roles, and move it to Selected Roles by clicking the right arrow.

      Note:

      You are adding the User Management Admin role to allow the Cloud Admin user to manage users.

    • Click Add User. The Cloud Admin user is created. The CloudAdmin user is listed in the Users and Notification Profiles page.

  7. Select the CloudAdmin user on the Users and Notification Profiles page, and click the Manage User Roles icon. The Manage Roles wizard is displayed, as shown in Figure 6-2.

    Figure 6-2 Manage Roles Wizard

    Description of Figure 6-2 follows
    Description of "Figure 6-2 Manage Roles Wizard"

    By default, the Associations option is selected. De-select this option.

  8. Click Next. The Specify Asset Privileges screen is displayed.

  9. Click Next. The Specify Library Privileges screen is displayed.

  10. Click Next. The Specify Network Privileges screen is displayed.

  11. Click Next. The Specify Plan Management Privileges screen is displayed.

  12. Click Next. The Specify vDC Privileges screen is displayed, as shown in Figure 6-3.

    Figure 6-3 Specify vDC Privileges

    Description of Figure 6-3 follows
    Description of "Figure 6-3 Specify vDC Privileges"

  13. Expand All Virtual Datacenters.

    The MyCloud (the default Exalogic vDC) is listed. Select the Cloud Admin option for this vDC. Click Next.

    The Summary screen is displayed, as shown in Figure 6-4.

    The Summary screen provides a summary of Asset Privileges, Library Privileges, Network Privileges, Report Privileges, Plan Management Privileges, and vDC Privileges.

  14. Review the summary, and click Finish.

6.5 Creating Cloud Users

The Exalogic Systems Admin user creates Cloud Users. To create Cloud Users (User1 and User2), complete the following steps:

  1. Ensure that the user exists as a local user on the virtual machine that hosts the Enterprise Controller component of Exalogic Control, as described in Section 6.2, "Before You Begin.".

  2. Access the browser UI of Exalogic Control as described in Section 2.6, and log in as the ElAdmin user.

  3. On the home page, click Administration in the navigation pane on the left.

  4. Under Enterprise Controller, click Local Users. The Local Users page is displayed.

  5. Under Users and Notification Profiles, click the Add User icon. Alternatively, click Add User on the Operate pane. The Add User screen is displayed.

  6. To create a Cloud User, do the following:

    • In the User Name field, enter the user name. For example, User1.

    • Select the Cloud User role from the list of Available Roles, and move it to Selected Roles by clicking the right arrow.

    • Click Add User. The Cloud User (User1) is created. The User1 user is listed in the Users and Notification Profiles page.

  7. Similarly, create User2 with Cloud User permissions.

6.6 Adding Users from a Directory Server

You can add directory servers to Exalogic Control. Users and roles are added to Exalogic Control from the directory server. Users that are added from a directory server begin with complete privileges for each of their roles.

You must configure the remote directory server before adding it to Oracle Exalogic Control as follows:

  1. Create the following user groups on the directory server:

    • EXALOGIC_ADMIN

    • CLOUD_ADMIN

    • CLOUD_USER

  2. Add users to these groups. The users within each group are given the role corresponding to the group.

Adding a Directory Server

To add a directory server in Exalogic Control, complete the following steps:

  1. Access the browser UI of Exalogic Control as described in Section 2.6, and log in as a user with the Exalogic Systems Admin role.

  2. In the Navigation pane, select Administration.

  3. Select Directory Servers.

  4. In the Actions pane, click Add Directory Server icon.

    The Add Directory Server wizard is displayed, as shown in Figure 6-5.

    Figure 6-5 Add Directory Server Wizard

    Surrounding text describes Figure 6-5 .
  5. Enter the following connection settings:

    • Name - Enter the name of the directory server

    • Hostname - Enter the host name of the directory server

    • Port - Enter the port number to be used to access the directory server

    • Use SSL - Select this option to use SSL to connect to the directory server

    • Username - Enter the user name used to access the directory server

    • Password - Enter the password used to access the directory server

  6. Click Next. The Remote Directory Server Schema Settings page is displayed.

  7. Enter the following schema settings:

    • Root suffix - The root node of the directory tree for the user search

    • User search DN - The subnode in which to search for users

    • User search scope - The scope of the user search. Acceptable values are base, one, subtree, baseObject, singleLevel, wholeSubtree, or subordinateSubtree.

    • User search filter -An LDAP search filter which users must meet for inclusion

  8. Click Next. The Summary page is displayed.

  9. Review the summary, and click Add Directory Server.

Synchronizing Remote Users and Roles

You can synchronize Exalogic Control with one or all directory servers. This updates the list of users and roles to match the directory server's current information.

  1. Access the browser UI of Exalogic Control as described in Section 2.6, and log in as a user with the Exalogic Systems Admin role.

  2. In the Navigation pane, select Administration.

  3. Click Directory Servers.

    The list of directory servers is displayed.

  4. To synchronize Exalogic Control with a single directory server, select the server and click the Sync Remote Users and Roles icon.

    To synchronize Exalogic Control with all the directory servers, click Sync all remote users and roles in the Actions pane.

    A confirmation window is displayed.

  5. Click OK.

6.7 Roles and Permissions

This section lists the permissions associated with the following roles:

Exalogic Systems Admin

Exalogic Systems Admin has the following permissions:

Cloud Admin

Cloud Admin has the following permissions:

Cloud User

Cloud User has the following permissions: