The following tables list available target privileges.
Table B-1 Target Privileges Applicable to All Targets
| Display Name | Description | Included Privilges | Applicable Target types | Internal Name |
|---|---|---|---|---|
|
Full any Target |
Ability to do all operations on all the targets, including delete the target |
Operator any Target |
FULL_ANY_TARGET |
|
|
Execute Command as any Agent |
Execute any OS Command as the Agent User at any Agent |
Agent |
PERFORM_OPERATION_AS_ANY_AGENT |
|
|
Put File as any Agent |
Put any File to any Agent's Filesystem as the Agent User |
Agent |
PUT_FILE_AS_ANY_AGENT |
|
|
Execute Command Anywhere |
Execute any OS Command at any Agent |
Host |
PERFORM_OPERATION_ANYWHERE |
|
|
Operator any Target |
Ability to perform administrative operations on all managed targets |
View any Target |
OPERATOR_ANY_TARGET |
|
|
Connect to any viewable target |
Ability to connect and manage any of the viewable target |
CONNECT_ANY_VIEW_TARGET |
||
|
Use any beacon |
Use any Beacon on any monitored host to monitor transactions, URLs, and network components. Beacon is installed with the Oracle Agent. |
USE_ANY_BEACON |
||
|
Monitor Enterprise Manager |
Monitor Enterprise Manager performance |
EM_MONITOR |
||
|
View any Target |
Ability to view any target |
Monitor Enterprise Manager |
VIEW_ANY_TARGET |
|
|
Create Privilege Propagating Group |
Ability to create privilege propagating groups.Privileges granted on a privilege propagating group will be automatically granted on the members of the group |
Add any Target |
CREATE_PROPAGATING_GROUP |
|
|
Add any Target |
Add any target in Enterprise Manager |
CREATE_TARGET |
Table B-2 Target Privileges Applicable to Specific Targets
| Display Name | Description | Internal Name | Included Privilges | Applicable Target types |
|---|---|---|---|---|
|
Group Administration |
Ability to administor groups |
GROUP_ADMINISTRATION |
Full Target on group members |
Group |
|
Full Target |
Ability to do all operations on the target, including delete the target |
FULL_TARGET |
Connect Target, Operator Target |
|
|
Connect Target |
Ability to connect to the target. |
CONNECT_TARGET |
Connect Target Read-only |
|
|
Connect Target Readonly |
Ability to connect to the target in readonly mode |
CONNECT_READONLY_TARGET |
||
|
Operator Target |
Ability to do normal administrative operations on the target, such as configure a blackout and edit the target properties |
OPERATOR_TARGET |
Manage Template Collection Operations, Manage Target Patch, Manage Target Metrics, Manage Target Compliance, Manage Target Events, Configure Target, Blackout Target, Execute Command |
|
|
Manage Target Compliance |
Ability to manage compliance of the target |
MANAGE_TARGET_COMPLIANCE |
||
|
Execute Command as Agent |
Execute any OS Command as the Agent User |
PERFORM_OPERATION_AS_AGENT |
Agent |
|
|
Put File as Agent |
Put any File to the Agent's Filesystem as the Agent User |
PUT_FILE_AS_AGENT |
Agent |
|
|
Execute Command |
Execute any OS Command |
PERFORM_OPERATION |
Host |
|
|
Manage Target Events |
Ability to clear events, re-evaluate metric alert events, create incidents, add events to incidents, and define what actions the administrator can perform on individual incidents, such as acknowledgment or escalation. |
MANAGE_TARGET_ALERTS |
||
|
Configure target |
Ability to edit target properties and modify monitoring configuration |
CONFIGURE_TARGET |
||
|
Manage Target Patch |
Privilege to Analyze, Apply and Rollback patches on the target |
MANAGE_TARGET_PATCH |
Blackout Target |
|
|
Manage Target Metrics |
Ability to edit threshold for metric and policy setting, apply monitoring templates, and manage User Defined Metrics |
MANAGE_TARGET_METRICS |
||
|
Manage Template Collection Operations |
Ability to associate a template collection to a admiministration group and Sync targets with the associated template collections. |
MANAGE_TC_OPERATION |
||
|
Blackout Target |
Ability to create, edit, schedule and stop a blackout on the target |
BLACKOUT_TARGET |
||
|
View Target |
Ability to view properties, inventory and monitor information about a target |
VIEW_TARGET |
Resource Privileges: These privileges allow a user to perform operations against specific types of resources. The following table lists all available resource privileges.
| Resource Type | Privilege Name | Description | Internal Name |
|---|---|---|---|
|
Access |
Access Enterprise Manager |
Ability to access Enterprise Manager interfaces |
ACCESS_EM |
|
Application Performance Management |
Real User Session Diagnostics |
Gives ability to access real user session diagnostic capabilities in Business Applications |
ACCESS_APM_SESSION_DIAG |
|
Application Performance Management |
Associate APM Entities to Business Application |
Gives ability to associate Application Performance Management managed entities to a Business Application service target |
ASSOCIATE_APM_ENTITIES |
|
Application Performance Management |
View Payload Content |
Gives ability to view page/object or transaction/message payload content in Business Applications |
VIEW_APM_PAYLOAD |
|
Application Performance Management |
Business Applications Menu Item |
Shows Business Applications menu item in the Targets menu |
VIEW_BA_MENU_ITEM |
|
Application Replay Entities |
Application Replay Viewer |
View any Application Replay entity. |
ASREPLAY_VIEWER |
|
Application Replay Entities |
Application Replay Operator |
View, create, and edit any Application Replay entity. |
ASREPLAY_OPERATOR |
|
Backup Configurations |
Create Backup Configuration |
Ability to create a backup configuration. |
CREATE_BACKUP_CONFIG |
|
Backup Configurations |
Edit Backup Configuration |
Ability to edit a backup configuration. |
EDIT_BACKUP_CONFIG |
|
Backup Configurations |
Full Access |
Full access to a backup configuration. |
FULL_BACKUP_CONFIG |
|
Backup Configurations |
Use Backup Configuration |
Ability to use a backup configuration. |
USE_BACKUP_CONFIG |
|
Backup Status Report |
Create Backup Status Report |
Ability to create a backup status report. |
CREATE_BACKUP_REPORT |
|
Backup Status Report |
Full Access |
Full access to a backup report. |
FULL_BACKUP_REPORT |
|
Backup Status Report |
View Backup Status Report |
Ability to view a backup report. |
VIEW_BACKUP_REPORT |
|
Change Activity Plan |
Basic Change Activity Plan Access |
Basic Access privilege provides the ability to view and manage Change Activity Plans. |
BASIC_CAP_ACCESS |
|
Change Activity Plan |
Create Change Activity Plan |
Create privilege provides the ability to create, edit, delete and activate Change Activity Plans |
CREATE_CAP_PLAN |
|
Change Plan |
View change plan |
View a Change Manager Change Plan |
VIEW_CHANGE_PLAN |
|
Change Plan |
Edit change plan |
Edit a Change Manager Change Plan |
EDIT_CHANGE_PLAN |
|
Change Plan |
Manage change plans |
Create and delete Change Manager Change Plans |
MANAGE_ANY_CHANGE_PLAN |
|
Cloud Policy |
Create any Policy |
Ability to Create any Policy |
CREATE_ANY_POLICY |
|
Cloud Policy |
View any Policy |
Ability to View any Policy |
VIEW_ANY_POLICY |
|
Cloud Policy |
View Policy |
Ability to View a Policy |
VIEW_POLICY |
|
Cloud Policy |
Modify Policy |
Ability to Modify a Policy |
MODIFY_POLICY |
|
Cloud Policy |
Full Policy |
Privilege required to View, Modify, Delete a Policy |
FULL_POLICY |
|
Cloud Policy Group |
Create Policy Group |
Ability to Create Policy Group |
CREATE_POLICY_GROUP |
|
Cloud Policy Group |
View any Policy Group |
Ability to View any Policy Group |
VIEW_ANY_POLICY_GROUP |
|
Cloud Policy Group |
View Policy Group |
Ability to View a Policy Group |
VIEW_POLICY_GROUP |
|
Cloud Policy Group |
Modify Policy Group |
Ability to Modify a Policy Group |
MODIFY_POLICY_GROUP |
|
Cloud Policy Group |
Full Policy Group |
Privilege required to View, Modify, Delete a Policy Group |
FULL_POLICY_GROUP |
|
Compliance Framework |
Create Compliance Entity |
Ability to create compliance framework, standard, rules |
CREATE_COMPLIANCE_ENTITY |
|
Compliance Framework |
Full any Compliance Entity |
Ability to edit/delete compliance framework, standard, rules |
FULL_ANY_COMPLIANCE_ENTITY |
|
Compliance Framework |
View any Compliance Framework |
Ability to view compliance framework definition and results |
VIEW_ANY_COMPLIANCE_FWK |
|
Custom Configurations |
Manage custom configurations owned by any user |
Ability to create new and edit/delete Custom Configuration specification owned by any user |
FULL_ANY_CCS |
|
Custom Configurations |
Manage custom configurations owned by the user |
Ability to create new and edit/delete Custom Configuration specification owned by the user |
FULL_OWNED_CCS |
|
Dashboards |
Create Services Dashboard |
SVCD_CREATE_DASH |
|
|
Dashboards |
Edit Services Dashboard |
SVCD_EDIT_DASH |
|
|
Database Replay Entities |
Database Replay Viewer |
Ability to view any Database Replay entity. |
VIEW_DBREPLAY_ENTITY |
|
Database Replay Entities |
Database Replay Operator |
Ability to view, create, and edit any Database Replay entity. |
OPERATE_DBREPLAY_ENTITY |
|
Deployment Procedure |
Create |
Ability to create deployment procedures. |
CREATE_DP |
|
Deployment Procedure |
Launch |
Ability to perform launch and create like operations on a Deployment Procedure. |
LAUNCH_DP |
|
Deployment Procedure |
Full |
Ability to perform launch, create like, edit structure and delete operations on a Deployment Procedure. |
FULL_DP |
|
Deployment Procedure |
Import |
Ability to create deployment procedures and ability to import/export customized deployment procedures. |
IMPORT_DP |
|
Deployment Procedure |
Grant launch privilege |
Ability to grant launch privilege on deployment procedures. |
GRANT_LAUNCH_DP |
|
Deployment Procedure |
Grant full privilege |
Ability to grant upto full privilege on deployment procedures. |
GRANT_FULL_DP |
|
Enterprise Manager High Availability |
Enterprise Manager High Availability Administration |
Gives access to manage Enterprise Manager High Availability |
EMHA_ADMINISTRATION |
|
Enterprise Manager Plug-in |
Plug-in Agent Administrator |
Gives access to manage Enterprise Manager plug-in on Agent |
PLUGIN_AGENT_ADMINISTRATOR |
|
Enterprise Manager Plug-in |
Plug-in OMS Administrator |
Gives access to manage Enterprise Manager plug-in on Management Server |
PLUGIN_OMS_ADMINISTRATOR |
|
Enterprise Manager Plug-in |
Plug-in view privilege |
Gives access to manage Enterprise Manager plug-in life cycle console |
PLUGIN_VIEW |
|
Fusion MiddleWare Offline Diagnostics |
View object |
Ability to view the offline diagnostics objects |
VIEW_OBJECT |
|
Fusion MiddleWare Offline Diagnostics |
Create Object |
Ability to manage the offline diagnostic object lifecycle |
CREATE_OBJECT |
|
JVM Diagnostics |
JVM Diagnostics Administrator |
Gives capability to manage all JVM Diagnostic Administrative operations |
AD4J_ADMINISTRATOR |
|
JVM Diagnostics |
JVM Diagnostics User |
Gives capability to view the JVM Diagnostic data |
AD4J_USER |
|
JVM Diagnostics |
JVM Diagnostics View Locals Privilege |
Gives capability to view the JVM Diagnostics frame locals data |
JVMD_VIEW_LOCALS_PRIV |
|
Job System |
Create |
Ability to submit jobs, create library jobs, create deployment procedure instance and create deployment procedure configuration. |
CREATE_JOB |
|
Job System |
View |
Ability to view, do create like on a job, launch deployment procedure configuration and view deployment procedure instance. |
VIEW_JOB |
|
Job System |
Grant view privilege |
Ability to grant view privilege on jobs. |
GRANT_VIEW_JOB |
|
Job System |
Manage |
Ability to perform various operations except edit and delete on job, library job, deployment procedure configuration and on deployment procedure instance. |
MANAGE_JOB |
|
Job System |
Full |
Ability to perform all the valid operations on job, library job, deployment procedure configuration and on deployment procedure instance. |
FULL_JOB |
|
Linux Patching |
Setup Linux Patching |
Ability to perform Linux Patching setup. |
LINUX_PATCHING_SETUP |
|
Metric Extensions |
Create New Metric Extension |
Create or import new metric extensions |
CREATE_MEXT |
|
Metric Extensions |
Edit MEXT |
Can edit or create the next version of a metric extension object, but cannot delete it |
EDIT_MEXT |
|
Metric Extensions |
Full MEXT |
Gives complete access to edit, and delete metric extension object |
FULL_MEXT |
|
Named Credentials |
Edit Credential |
User can update credential but cannot delete it. |
EDIT_CREDENTIAL |
|
Named Credentials |
Full Credential |
Full Credential |
FULL_CREDENTIAL |
|
Named Credentials |
View Credential |
View Credential |
GET_CREDENTIAL |
|
Named Credentials |
Create new Named Credential |
Ability to create new named credentials |
CREATE_CREDENTIAL |
|
OMS Configuration Property |
View any OMS configuration property |
Gives access to view any OMS configuration property |
VIEW_ANY_OMS_PROPERTY |
|
OMS Configuration Property |
View / Edit any OMS configuration property |
Gives access to view / edit any OMS configuration property |
MANAGE_ANY_OMS_PROPERTY |
|
Patch Plan |
Create Patch Plan |
Privilege for creating a Patching Plan object |
CREATE_PATCH_PLAN |
|
Patch Plan |
Create Patch Plan Template |
Privilege for creating a Patching Plan Template object |
CREATE_PLAN_TEMPLATE |
|
Patch Plan |
View Patching Plan |
Privilege to View a Patching Plan Object |
VIEW_PATCH_PLAN |
|
Patch Plan |
Full Patch Plan |
Privilege to view, modify, execute and delete a Patching plan object |
FULL_PATCH_PLAN |
|
Patch Plan |
View any Patching Plan |
Privilege to view any Patching plan object |
VIEW_ANY_PATCH_PLAN |
|
Patch Plan |
View any Patching Plan Template |
Privilege to view any Patching Plan Template object |
VIEW_ANY_PLAN_TEMPLATE |
|
Patch Plan |
Manage privileges on a Patching Plan |
Privilege to grant or revoke privileges on a Patching plan object |
MANAGE_PRIV_PATCH_PLAN |
|
Patch Plan |
Full privileges on any Patching Plan |
Privilege to view, modify, execute and delete any Patching plan object |
FULL_ANY_PATCH_PLAN |
|
Patch Plan |
Manage privileges on any Patching Plan |
Privilege to grant or revoke privileges on any Patching plan object |
MANAGE_PRIV_ANY_PATCH_PLAN |
|
Patch Plan |
Privileges for Patch Setup |
Privilege to grant privileges any Patching plan object |
PATCH_SETUP |
|
Patching Setup |
Setup Offline Patching |
Ability to perform Offline Patching setup. |
SETUP_OFFLINE_PATCHING |
|
Proxy Settings |
Setup Proxy for connecting to Agents |
Ability to set up a proxy server which can be used by your Oracle Management Server (OMS) to connect to Agents. |
SETUP_PROXY_FOR_AGENTS |
|
Proxy Settings |
Setup Proxy for connecting to My Oracle Support |
Ability to set up a proxy server which can be used by your Oracle Management Service (OMS) to connect to My Oracle Support. |
SETUP_PROXY_FOR_MOS |
|
Reports |
Publish Report |
Ability to publish reports for public viewing |
PUBLISH_REPORT |
|
Reports |
View Report |
Ability to view report definition and stored reports, generate on demand reports and do a create like |
VIEW_REPORT |
|
Request monitoring |
Request Monitoring Administrator |
Gives capability to manage all Request Monitoring Administrative Operations |
BTM_ADMINISTRATOR |
|
Request monitoring |
Request Monitoring User |
Gives capability to view the Request Monitoring Data |
BTM_USER |
|
Ruleset |
Create Business Ruleset |
Create Business Ruleset |
CREATE_BUSINESS_RULESET |
|
Ruleset |
Edit Business Ruleset |
Edit Business Ruleset |
EDIT_BUSINESS_RULESET |
|
Self Update |
View any Enterprise Manager Update |
Gives access to view any Enterprise Manager Update |
VIEW_ANY_SELFUPDATE |
|
Self Update |
Self Update Administrator |
Gives access to manage Enterprise Manager Update |
SELFUPDATE_ADMINISTRATOR |
|
Software Library Administration |
Software Library Storage Administration |
Ability to manage upload and reference file storage locations, import and export entities, and purge deleted entities |
SWLIB_STORAGE_ADMIN |
|
Software Library Entity |
Create Any Software Library Entity |
Ability to create any Software Library entity |
SWLIB_CREATE_ANY_ENTITY |
|
Software Library Entity |
Edit Any Software Library Entity |
Ability to edit any Software Library entity |
SWLIB_EDIT_ANY_ENTITY |
|
Software Library Entity |
Edit an Software Library Entity |
Ability to edit a Software Library entity |
SWLIB_EDIT_ENTITY |
|
Software Library Entity |
Export Any Software Library Entity |
Ability to view and export any Software Library entity to a Provisioning Archive (PAR) file |
SWLIB_EXPORT |
|
Software Library Entity |
Grant Any Entity Privilege |
Ability to grant view, edit and delete privilege on any Software Library entity. This privilege is required if the user granting the privilege on an entity is not a super administrator or owner of the entity. |
SWLIB_GRANT_ANY_ENTITY_PRIV |
|
Software Library Entity |
Import Any Software Library Entity |
Ability to import any Software Library entity from a Provisioning Archive (PAR) file |
SWLIB_IMPORT |
|
Software Library Entity |
Manage Any Software Library Entity |
Ability to create, view, edit and delete any Software Library entity |
SWLIB_MANAGE_ANY_ENTITY |
|
Software Library Entity |
Manage Entity |
Ability to view, edit and delete a Software Library entity |
SWLIB_MANAGE_ENTITY |
|
Software Library Entity |
View Any Software Library Entity |
Ability to view any Software Library entity |
SWLIB_VIEW_ANY_ENTITY |
|
Software Library Entity |
View Software Library Entity |
Ability to view a Software Library entity |
SWLIB_VIEW_ENTITY |
|
Software Library Entity |
View any Oracle Load Testing Scenario Entity |
Ability to view any Oracle Load Testing Scenario Entity |
VIEW_ANY_SWLIB_OLT_SCE_ENTITY |
|
Software Library Entity |
View any User Defined Test Entity |
Ability to view any User Defined Test Entity |
VIEW_ANY_SWLIB_USERTEST_ENTITY |
|
Software Library Entity |
View any Template Entity |
Ability to view any Template Entity |
VIEW_ANY_SWLIB_TEMPLATE_ENTITY |
|
Software Library Entity |
View any Virtual Disk Entity |
Ability to view any Virtual Disk Entity |
VIEW_ANY_SWLIB_V_DISK_ENTITY |
|
Software Library Entity |
View any Assembly Entity |
Ability to view any Assembly Entity |
VIEW_ANY_SWLIB_ASSEMBLY_ENTITY |
|
Software Library Entity |
View any ISO Entity |
Ability to view any ISO Entity |
VIEW_ANY_SWLIB_ISO_ENTITY |
|
System |
Super User |
Provides all the privileges to any target in the system |
SUPER_USER |
|
Target Discovery Framework |
Scan Network |
Ability to create, edit and delete host discovery configuration |
CAN_SCAN_NETWORK_PRIVILEGE |
|
Target Discovery Framework |
View Any Discovered Hosts |
Ability to view any discovered hosts |
VIEW_ANY_DISCOVERED_HOSTS |
|
Target Discovery Framework |
View Any Discovered Targets On Host |
Ability to view any discovered targets on host |
VIEW_ANY_DISC_TARGETS_ON_HOST |
|
Template |
View Template |
Ability to view a template and apply it to any target on which you have Manage Target Metrics |
VIEW_TEMPLATE |