C Oracle Enterprise Manager Roles

This appendix describes the privileges that users with the administrator, operator, and monitor roles are authorized with when accessing pages in Oracle Enterprise Manager Fusion Middleware Control.

This appendix includes the following topic:

For information about how to create roles, add users to groups, and secure resources with roles and policies, see Oracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server and the Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help. Click the Contents link in the Console Help to access procedures for performing the above-mentioned tasks.

C.1 Roles and Privileges

Oracle Enterprise Manager Fusion Middleware Control supports the notion of role-based access. Users are mapped to different roles; each role corresponds to a different set of privileges. Using this mechanism, you can provision certain users with simple monitoring privileges (for instance view-only access), while administrators can be granted full access, including the ability to update configurations, restart servers, and so on.

The following roles have been defined for Oracle WebLogic Server in Oracle Enterprise Manager Fusion Middleware Control:

  • Administrator

    This role provides complete management and monitoring capabilities.

  • Operator

    This role provides restricted management capabilities.

  • Monitor

    This role provides read-only capabilities.

C.1.1 Overall Role Functionality Matrix

Table C-1 lists the actions that users with each role can perform.

Table C-1 Role Functionality Matrix

Actions Monitor Operator Administrator

View monitoring metrics

Yes

Yes

Yes

View configurations

Yes

Yes

Yes

Update configurations

No

No

Yes

Handle fault actions

No

Yes

Yes

Create instances using the Test Web Service page

Yes

Yes

Yes

Start, stop, retire, and activate a composite

No

Yes

Yes

Execute unit tests

No

Yes

Yes

Attach and detach policies

No

No

Yes

View instances, the flow trace, and the audit trail

Yes

Yes

Yes

View audit trail payloads

Yes

Yes

Yes

Delete instances

No

No

Yes

Start and stop the SOA Infrastructure

No

Yes

Yes

Perform deployment options (deploy, undeploy, and redeploy)

No

Yes

Yes

Modify composite properties (enable payload and audit level)

No

Yes

Yes

Create partitions

No

No

Yes

Delete partitions

No

No

Yes

Bulk composite lifecycle management (start all, stop all, retire all, and activate all)

No

Yes

Yes


C.1.2 SOA Infrastructure Page

Table C-2 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-2 SOA Infrastructure Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Deployed Composites tab

  • Start/stop (SOA Infrastructure)

  • Activate/retire

  • Deployment options

  • Set as default

Monitor

Operator

Operator

Operator

Operator

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

View Instances tab

  • Delete options (all)

  • Abort

Monitor

Administrator

Administrator

Yes

No

No

Yes

No

No

Yes

Yes

Yes

View Faults and Rejected Messages tab

  • Recovery actions

  • Delete rejected messages

Monitor

Operator

Administrator

Yes

No

No

Yes

Yes

No

Yes

Yes

Yes


C.1.3 SOA Infrastructure Menu

Table C-3 lists the lowest role that a user must have to access the options on this menu and the privileges that each role has on the menu options.

Table C-3 SOA Infrastructure Menu

Menu Items Lowest Role for Accessing Monitor Operator Administrator

Control

Operator

No

Yes

Yes

SOA Deployment

Operator

No

Yes

Yes

Logs >Log Configuration

Administrator

No

No

Yes

Other menu items

Monitor

Yes

Yes

Yes


C.1.4 SOA Composite Menu

Table C-4 lists the lowest role that a user must have to access the options on this menu and the privileges that each role has on the menu options.

Table C-4 SOA Composite Menu

Menu Items Lowest Role for Accessing Monitor Operator Administrator

SOA Deployment

Operator

No

Yes

Yes

Test Service

Monitor

Yes

Yes

Yes

Other menu items

Monitor

Yes

Yes

Yes


C.1.5 Composite Home Page

Table C-5 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-5 Composite Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

  • Test composite service action

  • Activate/retire action

  • Start/stop action

  • Property changes (settings)

Monitor

Operator

Operator

Operator

Operator

Yes

No

No

No

No

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

View Instances tab

  • Delete/abort actions

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View Faults tab

  • Fault recovery actions

  • Delete rejected messages

Monitor

Operator

Administrator

Yes

No

No

Yes

Yes

No

Yes

Yes

Yes

View Unit Test tab

  • Execute test action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.6 BPEL Process Service Engine

Table C-6 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-6 BPEL Process Service Engine

Menu Items Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Statistics tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery actions (abort, retry, and so on)

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Deployed Components tab

Monitor

Yes

Yes

Yes

Message Recovery tab

  • BPEL message recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Configuration (Properties page)

  • Apply button

  • Add button

Monitor

Administrator

Administrator

Yes

No

No

Yes

No

No

Yes

Yes

Yes


C.1.7 Mediator Service Engine

Table C-7 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-7 Mediator Service Engine

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Statistics tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action (abort, retry, and so on)

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Deployed Components tab

Monitor

Yes

Yes

Yes

View Configuration (Properties page)

Monitor

Yes

Yes

Yes

Apply button

Administrator

No

No

Yes


C.1.8 Human Workflow Service Engine

Table C-8 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-8 Human Workflow Service Engine

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Statistics tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action (abort, retry, and so on)

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Deployed Components tab

Monitor

Yes

Yes

Yes

View Notification Management tab

  • Send notifications

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

Configuration (Properties page)

  • Apply button

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.9 Business Rules Service Engine

Table C-9 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-9 Business Rules Service Engine

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

Monitor

Yes

Yes

Yes

View Deployed Components tab

Monitor

Yes

Yes

Yes


C.1.10 BPEL Process Service Component Home Page

Table C-10 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-10 BPEL Process Service Component Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.11 Mediator Service Component Home Page

Table C-11 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-11 Mediator Service Component Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.12 Human Task Service Component Home Page

Table C-12 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-12 Human Task Service Component Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View Administration tab

  • Apply changes

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.13 Decision Service Component Home Page

Table C-13 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-13 Decision Service Component Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Instances tab

Monitor

Yes

Yes

Yes

View Faults tab

  • Fault recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes


C.1.14 Flow Trace Page

Table C-14 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-14 Flow Trace Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Flow trace

Monitor

Yes

Yes

Yes


C.1.15 Audit Trail

Table C-15 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-15 Audit Trail Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Audit Trail tab

  • Audit trail payloads

Monitor

Monitor

Yes

Yes

Yes

Yes

Yes

Yes

View Flow Debug tab

Monitor

Yes

Yes

Yes

View Sensors tab

Monitor

Yes

Yes

Yes

View Fault Recovery tab

  • Recovery action

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes


C.1.16 Services Home Page

Table C-16 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-16 Services Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View Faults tab

  • Delete rejected messages

Monitor

Administrator

Yes

No

Yes

No

No

Yes

View Properties

  • Apply changes

  • Add properties

Monitor

Administrator

Administrator

Yes

No

No

Yes

No

No

Yes

Yes

Yes


C.1.17 References Home Page

Table C-17 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-17 References Home Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Dashboard tab

Monitor

Yes

Yes

Yes

View Policies tab

  • Attach/detach action

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View Faults tab

  • Delete rejected messages

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View Properties

  • Apply changes

  • Add properties

Monitor

Administrator

Administrator

Yes

No

No

Yes

No

No

Yes

Yes

Yes


C.1.18 B2B Pages

Table C-18 lists the lowest role that a user must have to access these pages and the privileges that each role has on these pages.

Table C-18 B2B Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View B2B Configuration page

  • Apply changes

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes

View B2B Bindings page

Monitor

Yes

Yes

Yes


C.1.19 Business Events Page

Table C-19 lists the lowest role that a user must have to access this page and the privileges that each role has on this page.

Table C-19 Business Events Page

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Events tab

  • Subscribe/test

  • Show event definition

Monitor

Administrator

Monitor

Yes

No

Yes

Yes

No

Yes

Yes

Yes

Yes

View Subscriptions tab

  • Add/edit/delete subscriptions

  • Manage database agents

Monitor

Administrator

Administrator

Yes

No

No

Yes

No

No

Yes

Yes

Yes

View Faults tab

  • Retry/abort

Monitor

Operator

Yes

No

Yes

Yes

Yes

Yes


C.1.20 System MBean Browser

Table C-20 lists the lowest role that a user must have to access this browser and the privileges that each role has on this page.

Table C-20 System MBean Browser

Page Elements Lowest Role for Accessing Monitor Operator Administrator

View Configuration

  • Add/apply changes

Monitor

Administrator

Yes

No

Yes

No

Yes

Yes