Skip Headers
Oracle® Enterprise Manager Cloud Control Security Guide
12c Release 4 (12.1.0.4)

E36415-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

B Privileges

The following tables list available target privileges.

Table B-1 Target Privileges Applicable to All Targets

Display Name Description Included Privilges Applicable Target types Internal Name

Full any Target

Ability to do all operations on all the targets, including delete the target

Operator any Target

 

FULL_ANY_TARGET

Execute Command as any Agent

Execute any OS Command as the Agent User at any Agent

 

Agent

PERFORM_OPERATION_AS_ANY_AGENT

Put File as any Agent

Put any File to any Agent's Filesystem as the Agent User

 

Agent

PUT_FILE_AS_ANY_AGENT

Execute Command Anywhere

Execute any OS Command at any Agent

 

Host

PERFORM_OPERATION_ANYWHERE

Operator any Target

Ability to perform administrative operations on all managed targets

View any Target

 

OPERATOR_ANY_TARGET

Connect to any viewable target

Ability to connect and manage any of the viewable target

   

CONNECT_ANY_VIEW_TARGET

Use any beacon

Use any Beacon on any monitored host to monitor transactions, URLs, and network components. Beacon is installed with the Oracle Agent.

   

USE_ANY_BEACON

Monitor Enterprise Manager

Monitor Enterprise Manager performance

   

EM_MONITOR

View any Target

Ability to view any target

Monitor Enterprise Manager

 

VIEW_ANY_TARGET

Create Privilege Propagating Group

Ability to create privilege propagating groups.Privileges granted on a privilege propagating group will be automatically granted on the members of the group

Add any Target

 

CREATE_PROPAGATING_GROUP

Add any Target

Add any target in Enterprise Manager

   

CREATE_TARGET


Table B-2 Target Privileges Applicable to Specific Targets

Display Name Description Internal Name Included Privilges Applicable Target types

Group Administration

Ability to administor groups

GROUP_ADMINISTRATION

Full Target on group members

Group

Full Target

Ability to do all operations on the target, including delete the target

FULL_TARGET

Connect Target, Operator Target

 

Connect Target

Ability to connect to the target.

CONNECT_TARGET

Connect Target Read-only

 

Connect Target Readonly

Ability to connect to the target in readonly mode

CONNECT_READONLY_TARGET

   

Operator Target

Ability to do normal administrative operations on the target, such as configure a blackout and edit the target properties

OPERATOR_TARGET

Manage Template Collection Operations, Manage Target Patch, Manage Target Metrics, Manage Target Compliance, Manage Target Events, Configure Target, Blackout Target, Execute Command

 

Manage Target Compliance

Ability to manage compliance of the target

MANAGE_TARGET_COMPLIANCE

   

Execute Command as Agent

Execute any OS Command as the Agent User

PERFORM_OPERATION_AS_AGENT

Agent

 

Put File as Agent

Put any File to the Agent's Filesystem as the Agent User

PUT_FILE_AS_AGENT

Agent

 

Execute Command

Execute any OS Command

PERFORM_OPERATION

Host

 

Manage Target Events

Ability to clear events, re-evaluate metric alert events, create incidents, add events to incidents, and define what actions the administrator can perform on individual incidents, such as acknowledgment or escalation.

MANAGE_TARGET_ALERTS

   

Configure target

Ability to edit target properties and modify monitoring configuration

CONFIGURE_TARGET

   

Manage Target Patch

Privilege to Analyze, Apply and Rollback patches on the target

MANAGE_TARGET_PATCH

Blackout Target

 

Manage Target Metrics

Ability to edit threshold for metric and policy setting, apply monitoring templates, and manage User Defined Metrics

MANAGE_TARGET_METRICS

   

Manage Template Collection Operations

Ability to associate a template collection to a admiministration group and Sync targets with the associated template collections.

MANAGE_TC_OPERATION

   

Blackout Target

Ability to create, edit, schedule and stop a blackout on the target

BLACKOUT_TARGET

   

View Target

Ability to view properties, inventory and monitor information about a target

VIEW_TARGET

   

Resource Privileges: These privileges allow a user to perform operations against specific types of resources. The following table lists all available resource privileges.

Table B-3 Resource Privileges

Resource Type Privilege Name Description Internal Name

Access

Access Enterprise Manager

Ability to access Enterprise Manager interfaces

ACCESS_EM

Application Performance Management

Real User Session Diagnostics

Gives ability to access real user session diagnostic capabilities in Business Applications

ACCESS_APM_SESSION_DIAG

Application Performance Management

Associate APM Entities to Business Application

Gives ability to associate Application Performance Management managed entities to a Business Application service target

ASSOCIATE_APM_ENTITIES

Application Performance Management

View Payload Content

Gives ability to view page/object or transaction/message payload content in Business Applications

VIEW_APM_PAYLOAD

Application Performance Management

Business Applications Menu Item

Shows Business Applications menu item in the Targets menu

VIEW_BA_MENU_ITEM

Application Replay Entities

Application Replay Viewer

View any Application Replay entity.

ASREPLAY_VIEWER

Application Replay Entities

Application Replay Operator

View, create, and edit any Application Replay entity.

ASREPLAY_OPERATOR

Backup Configurations

Create Backup Configuration

Ability to create a backup configuration.

CREATE_BACKUP_CONFIG

Backup Configurations

Edit Backup Configuration

Ability to edit a backup configuration.

EDIT_BACKUP_CONFIG

Backup Configurations

Full Access

Full access to a backup configuration.

FULL_BACKUP_CONFIG

Backup Configurations

Use Backup Configuration

Ability to use a backup configuration.

USE_BACKUP_CONFIG

Backup Status Report

Create Backup Status Report

Ability to create a backup status report.

CREATE_BACKUP_REPORT

Backup Status Report

Full Access

Full access to a backup report.

FULL_BACKUP_REPORT

Backup Status Report

View Backup Status Report

Ability to view a backup report.

VIEW_BACKUP_REPORT

Change Activity Plan

Basic Change Activity Plan Access

Basic Access privilege provides the ability to view and manage Change Activity Plans.

BASIC_CAP_ACCESS

Change Activity Plan

Create Change Activity Plan

Create privilege provides the ability to create, edit, delete and activate Change Activity Plans

CREATE_CAP_PLAN

Change Plan

View change plan

View a Change Manager Change Plan

VIEW_CHANGE_PLAN

Change Plan

Edit change plan

Edit a Change Manager Change Plan

EDIT_CHANGE_PLAN

Change Plan

Manage change plans

Create and delete Change Manager Change Plans

MANAGE_ANY_CHANGE_PLAN

Cloud Policy

Create any Policy

Ability to Create any Policy

CREATE_ANY_POLICY

Cloud Policy

View any Policy

Ability to View any Policy

VIEW_ANY_POLICY

Cloud Policy

View Policy

Ability to View a Policy

VIEW_POLICY

Cloud Policy

Modify Policy

Ability to Modify a Policy

MODIFY_POLICY

Cloud Policy

Full Policy

Privilege required to View, Modify, Delete a Policy

FULL_POLICY

Cloud Policy Group

Create Policy Group

Ability to Create Policy Group

CREATE_POLICY_GROUP

Cloud Policy Group

View any Policy Group

Ability to View any Policy Group

VIEW_ANY_POLICY_GROUP

Cloud Policy Group

View Policy Group

Ability to View a Policy Group

VIEW_POLICY_GROUP

Cloud Policy Group

Modify Policy Group

Ability to Modify a Policy Group

MODIFY_POLICY_GROUP

Cloud Policy Group

Full Policy Group

Privilege required to View, Modify, Delete a Policy Group

FULL_POLICY_GROUP

Compliance Framework

Create Compliance Entity

Ability to create compliance framework, standard, rules

CREATE_COMPLIANCE_ENTITY

Compliance Framework

Full any Compliance Entity

Ability to edit/delete compliance framework, standard, rules

FULL_ANY_COMPLIANCE_ENTITY

Compliance Framework

View any Compliance Framework

Ability to view compliance framework definition and results

VIEW_ANY_COMPLIANCE_FWK

Custom Configurations

Manage custom configurations owned by any user

Ability to create new and edit/delete Custom Configuration specification owned by any user

FULL_ANY_CCS

Custom Configurations

Manage custom configurations owned by the user

Ability to create new and edit/delete Custom Configuration specification owned by the user

FULL_OWNED_CCS

Dashboards

Create Services Dashboard

 

SVCD_CREATE_DASH

Dashboards

Edit Services Dashboard

 

SVCD_EDIT_DASH

Database Replay Entities

Database Replay Viewer

Ability to view any Database Replay entity.

VIEW_DBREPLAY_ENTITY

Database Replay Entities

Database Replay Operator

Ability to view, create, and edit any Database Replay entity.

OPERATE_DBREPLAY_ENTITY

Deployment Procedure

Create

Ability to create deployment procedures.

CREATE_DP

Deployment Procedure

Launch

Ability to perform launch and create like operations on a Deployment Procedure.

LAUNCH_DP

Deployment Procedure

Full

Ability to perform launch, create like, edit structure and delete operations on a Deployment Procedure.

FULL_DP

Deployment Procedure

Import

Ability to create deployment procedures and ability to import/export customized deployment procedures.

IMPORT_DP

Deployment Procedure

Grant launch privilege

Ability to grant launch privilege on deployment procedures.

GRANT_LAUNCH_DP

Deployment Procedure

Grant full privilege

Ability to grant upto full privilege on deployment procedures.

GRANT_FULL_DP

Enterprise Manager High Availability

Enterprise Manager High Availability Administration

Gives access to manage Enterprise Manager High Availability

EMHA_ADMINISTRATION

Enterprise Manager Plug-in

Plug-in Agent Administrator

Gives access to manage Enterprise Manager plug-in on Agent

PLUGIN_AGENT_ADMINISTRATOR

Enterprise Manager Plug-in

Plug-in OMS Administrator

Gives access to manage Enterprise Manager plug-in on Management Server

PLUGIN_OMS_ADMINISTRATOR

Enterprise Manager Plug-in

Plug-in view privilege

Gives access to manage Enterprise Manager plug-in life cycle console

PLUGIN_VIEW

Fusion MiddleWare Offline Diagnostics

View object

Ability to view the offline diagnostics objects

VIEW_OBJECT

Fusion MiddleWare Offline Diagnostics

Create Object

Ability to manage the offline diagnostic object lifecycle

CREATE_OBJECT

JVM Diagnostics

JVM Diagnostics Administrator

Gives capability to manage all JVM Diagnostic Administrative operations

AD4J_ADMINISTRATOR

JVM Diagnostics

JVM Diagnostics User

Gives capability to view the JVM Diagnostic data

AD4J_USER

JVM Diagnostics

JVM Diagnostics View Locals Privilege

Gives capability to view the JVM Diagnostics frame locals data

JVMD_VIEW_LOCALS_PRIV

Job System

Create

Ability to submit jobs, create library jobs, create deployment procedure instance and create deployment procedure configuration.

CREATE_JOB

Job System

View

Ability to view, do create like on a job, launch deployment procedure configuration and view deployment procedure instance.

VIEW_JOB

Job System

Grant view privilege

Ability to grant view privilege on jobs.

GRANT_VIEW_JOB

Job System

Manage

Ability to perform various operations except edit and delete on job, library job, deployment procedure configuration and on deployment procedure instance.

MANAGE_JOB

Job System

Full

Ability to perform all the valid operations on job, library job, deployment procedure configuration and on deployment procedure instance.

FULL_JOB

Linux Patching

Setup Linux Patching

Ability to perform Linux Patching setup.

LINUX_PATCHING_SETUP

Metric Extensions

Create New Metric Extension

Create or import new metric extensions

CREATE_MEXT

Metric Extensions

Edit MEXT

Can edit or create the next version of a metric extension object, but cannot delete it

EDIT_MEXT

Metric Extensions

Full MEXT

Gives complete access to edit, and delete metric extension object

FULL_MEXT

Named Credentials

Edit Credential

User can update credential but cannot delete it.

EDIT_CREDENTIAL

Named Credentials

Full Credential

Full Credential

FULL_CREDENTIAL

Named Credentials

View Credential

View Credential

GET_CREDENTIAL

Named Credentials

Create new Named Credential

Ability to create new named credentials

CREATE_CREDENTIAL

OMS Configuration Property

View any OMS configuration property

Gives access to view any OMS configuration property

VIEW_ANY_OMS_PROPERTY

OMS Configuration Property

View / Edit any OMS configuration property

Gives access to view / edit any OMS configuration property

MANAGE_ANY_OMS_PROPERTY

Patch Plan

Create Patch Plan

Privilege for creating a Patching Plan object

CREATE_PATCH_PLAN

Patch Plan

Create Patch Plan Template

Privilege for creating a Patching Plan Template object

CREATE_PLAN_TEMPLATE

Patch Plan

View Patching Plan

Privilege to View a Patching Plan Object

VIEW_PATCH_PLAN

Patch Plan

Full Patch Plan

Privilege to view, modify, execute and delete a Patching plan object

FULL_PATCH_PLAN

Patch Plan

View any Patching Plan

Privilege to view any Patching plan object

VIEW_ANY_PATCH_PLAN

Patch Plan

View any Patching Plan Template

Privilege to view any Patching Plan Template object

VIEW_ANY_PLAN_TEMPLATE

Patch Plan

Manage privileges on a Patching Plan

Privilege to grant or revoke privileges on a Patching plan object

MANAGE_PRIV_PATCH_PLAN

Patch Plan

Full privileges on any Patching Plan

Privilege to view, modify, execute and delete any Patching plan object

FULL_ANY_PATCH_PLAN

Patch Plan

Manage privileges on any Patching Plan

Privilege to grant or revoke privileges on any Patching plan object

MANAGE_PRIV_ANY_PATCH_PLAN

Patch Plan

Privileges for Patch Setup

Privilege to grant privileges any Patching plan object

PATCH_SETUP

Patching Setup

Setup Offline Patching

Ability to perform Offline Patching setup.

SETUP_OFFLINE_PATCHING

Proxy Settings

Setup Proxy for connecting to Agents

Ability to set up a proxy server which can be used by your Oracle Management Server (OMS) to connect to Agents.

SETUP_PROXY_FOR_AGENTS

Proxy Settings

Setup Proxy for connecting to My Oracle Support

Ability to set up a proxy server which can be used by your Oracle Management Service (OMS) to connect to My Oracle Support.

SETUP_PROXY_FOR_MOS

Reports

Publish Report

Ability to publish reports for public viewing

PUBLISH_REPORT

Reports

View Report

Ability to view report definition and stored reports, generate on demand reports and do a create like

VIEW_REPORT

Request monitoring

Request Monitoring Administrator

Gives capability to manage all Request Monitoring Administrative Operations

BTM_ADMINISTRATOR

Request monitoring

Request Monitoring User

Gives capability to view the Request Monitoring Data

BTM_USER

Ruleset

Create Business Ruleset

Create Business Ruleset

CREATE_BUSINESS_RULESET

Ruleset

Edit Business Ruleset

Edit Business Ruleset

EDIT_BUSINESS_RULESET

Self Update

View any Enterprise Manager Update

Gives access to view any Enterprise Manager Update

VIEW_ANY_SELFUPDATE

Self Update

Self Update Administrator

Gives access to manage Enterprise Manager Update

SELFUPDATE_ADMINISTRATOR

Software Library Administration

Software Library Storage Administration

Ability to manage upload and reference file storage locations, import and export entities, and purge deleted entities

SWLIB_STORAGE_ADMIN

Software Library Entity

Create Any Software Library Entity

Ability to create any Software Library entity

SWLIB_CREATE_ANY_ENTITY

Software Library Entity

Edit Any Software Library Entity

Ability to edit any Software Library entity

SWLIB_EDIT_ANY_ENTITY

Software Library Entity

Edit an Software Library Entity

Ability to edit a Software Library entity

SWLIB_EDIT_ENTITY

Software Library Entity

Export Any Software Library Entity

Ability to view and export any Software Library entity to a Provisioning Archive (PAR) file

SWLIB_EXPORT

Software Library Entity

Grant Any Entity Privilege

Ability to grant view, edit and delete privilege on any Software Library entity. This privilege is required if the user granting the privilege on an entity is not a super administrator or owner of the entity.

SWLIB_GRANT_ANY_ENTITY_PRIV

Software Library Entity

Import Any Software Library Entity

Ability to import any Software Library entity from a Provisioning Archive (PAR) file

SWLIB_IMPORT

Software Library Entity

Manage Any Software Library Entity

Ability to create, view, edit and delete any Software Library entity

SWLIB_MANAGE_ANY_ENTITY

Software Library Entity

Manage Entity

Ability to view, edit and delete a Software Library entity

SWLIB_MANAGE_ENTITY

Software Library Entity

View Any Software Library Entity

Ability to view any Software Library entity

SWLIB_VIEW_ANY_ENTITY

Software Library Entity

View Software Library Entity

Ability to view a Software Library entity

SWLIB_VIEW_ENTITY

Software Library Entity

View any Oracle Load Testing Scenario Entity

Ability to view any Oracle Load Testing Scenario Entity

VIEW_ANY_SWLIB_OLT_SCE_ENTITY

Software Library Entity

View any User Defined Test Entity

Ability to view any User Defined Test Entity

VIEW_ANY_SWLIB_USERTEST_ENTITY

Software Library Entity

View any Template Entity

Ability to view any Template Entity

VIEW_ANY_SWLIB_TEMPLATE_ENTITY

Software Library Entity

View any Virtual Disk Entity

Ability to view any Virtual Disk Entity

VIEW_ANY_SWLIB_V_DISK_ENTITY

Software Library Entity

View any Assembly Entity

Ability to view any Assembly Entity

VIEW_ANY_SWLIB_ASSEMBLY_ENTITY

Software Library Entity

View any ISO Entity

Ability to view any ISO Entity

VIEW_ANY_SWLIB_ISO_ENTITY

System

Super User

Provides all the privileges to any target in the system

SUPER_USER

Target Discovery Framework

Scan Network

Ability to create, edit and delete host discovery configuration

CAN_SCAN_NETWORK_PRIVILEGE

Target Discovery Framework

View Any Discovered Hosts

Ability to view any discovered hosts

VIEW_ANY_DISCOVERED_HOSTS

Target Discovery Framework

View Any Discovered Targets On Host

Ability to view any discovered targets on host

VIEW_ANY_DISC_TARGETS_ON_HOST

Template

View Template

Ability to view a template and apply it to any target on which you have Manage Target Metrics

VIEW_TEMPLATE