This chapter covers the following topics:
The Enterprise Manager credential subsystem enables Enterprise Manager administrators to store credentials, in a secure manner, as preferences or operation credentials. The credentials can then be used to perform different system management activities, such as real-time monitoring, patching, provisioning, and other target administrative operations.
Preferred credentials are used to simplify access to managed targets by storing target login credentials in the Management Repository. With preferred credentials set, users can carry out administrative operations using the job system without being prompted to log in to the target. Preferred credentials are set on a per user basis, thus ensuring the security of the managed enterprise environment.
Default preferred credentials can be set for a particular target type and will be available for all the targets of the target type. It will be overridden by target preferred credentials.
Target credentials are preferred credentials set for a particular target
To set a preferred credential you must first create a named credential. Credentials are stored within Enterprise Manager as "named" entities. Administrators can define and store credentials within Enterprise Manager and refer to the credential by a credential name.
If only the senior DBAs have knowledge of higher privileged credential likesys credentials for a database, they can store these credentials in named credential and share the name with the junior administrators. Junior administrators can perform their jobs using the named credentials without knowing what the actual credentials are.
If the administrators have the same credentials for targets, they can create one named credential containing those credentials and share the name with appropriate personnel. This simplifies credential maintenance (changing passwords, for example) by eliminating the need to several copies of named credentials containing the same credentials.
Create named credential for Oracle E-Business Suite Application Login
Navigate to Setup menu > Security > Named Credentials and click on the Create button.
Provide an appropriate name and description.
Select Oracle E-Business Suite from Authenticating Target Type dropdown list.
Select E-Business Suite Applications Login Credential from the credentials type dropdown list.
Select scope..
If you choose Global this named credential will be applicable for all Oracle E-Business Suite targets.
If you choose Target:
Select Oracle E-Business Suite as the target type;
Select the Oracle E-Business Suite for which this named credential is applicable.
Enter the applications login user name and password in credential properties;
You can test and save the credentials.
Set Preferred Credential for Oracle E-Business Suite Application Login
Navigate to Setup menu > Security > Preferred Credentials.
Select Oracle E-Business Suite.
Click on Manage Preferred Credentials.
Set Default Preferred Credentials for Oracle E-Business Suite Application Login
If you want to set a preferred credential for Oracle E-Business Suite Application Login which is applicable for all Oracle E-Business Suite targets, go to Default Preferred Credentials section.
Select AppsUserCredSet as the Credential Set.
Click on Set.
Choose the named credentials. Only those named credentials with scope as global will appear in the list.
You can test and save the credentials.
Set Target Preferred Credentials for Oracle E-Business Suite Application Login
If you want to set a preferred credential for Oracle E-Business Suite Application Login applicable only to a specific Oracle E-Business Suite target go to Target Preferred Credential section.
Select the Oracle E-Business Suite instance.
Select AppsUserCredSet as Credential Set.
Click on Set.
Choose the named credentials.
You can test and save the credentials.
Preferred credentials for database login are needed if you are using Customization Manager or Patch Manager. You must set the preferred credentials for the APPS, APPLSYS, and SYSTEM schemas.
Create named credential for Oracle E-Business Suite Database Login
Navigate to Setup menu > Security > Named Credentials and click on the Create button.
Provide an appropriate name and description.
Select Oracle E-Business Suite from Authenticating Target Type dropdown list.
Select E-Business Database Credentials from the credentials type dropdown list.
Select scope.
If you choose Global this named credential will be applicable for all Oracle E-Business Suite targets.
If you choose Target:
Select Oracle E-Business Suite as the target type.
Select the Oracle E-Business Suite for which this named credential is applicable.
Enter the schema name and password in credential properties.
You can test and save the credentials.
Note: You must create three named credentials here: one for the APPS schema, one for the APPLSYS schema, and one for the SYSTEM schema.
Set preferred credential for Oracle E-Business Suite Database Login
Navigate to Setup menu > Security > Preferred Credentials.
Select Oracle E-Business Suite.
Click on Manage Preferred Credentials.
Credential Sets for Oracle E-Business Suite Database Login
Name | Schema |
---|---|
AppsDBCredsSet | To access the APPS schema |
AppsSysDBCredsSet | To access the SYSTEM schema |
ApplsysDBCredsSet | To access the APPLSYS schema |
Set Default Preferred Credentials for Oracle E-Business Suite Database Login
If you want to set a preferred credential for Oracle E-Business Suite Application Database which is applicable for all Oracle E-Business Suite targets, go to Default Preferred Credentials section.
Select the Credential Set for the corresponding schema.
Click on Set.
Choose the named credentials and Save. Only those named credentials with scope as global will appear in the list.
Set Target Preferred Credentials for Oracle E-Business Suite Database Login
If you want to set a preferred credential for Oracle E-Business Suite Database Login applicable only to a specific Oracle E-Business Suite target go to Target Preferred Credential section.
Select the Oracle E-Business Suite instance.
Select Credential Set for the corresponding schema.
Click on Set.
Choose the named credentials.
You can test and save the credentials.
Preferred credentials for nodes are needed if you are using Customization Manager or Patch Manager. You must set them for both the applications node and database node.
Create named credentials for Oracle E-Business Suite Node using Host Credentials
Navigate to Setup menu > Security > Named Credentials and click the Create button.
Provide an appropriate name and description.
Select Host from Authenticating Target Type dropdown list.
Select Host Credentials from the credentials type dropdown list.
Select scope.
If you choose Global this named credential will be applicable for all Oracle E-Business Suite Nodes.
If you choose Target:
Select Oracle E-Business Suite Node as the target type.
Select the Oracle E-Business Suite Node for which this named credential is applicable.
Enter the user name and password in credential properties.
You can test and save the credentials.
Create named credential for Oracle E-Business Suite Node using SSH Key Credentials
Provide an appropriate name and description.
Select Host from Authenticating Target Type dropdown list.
Select SSH Key Credentials from the credentials type dropdown list.
Select scope.
If you choose Global this named credential will be applicable for all Oracle E-Business Suite Nodes.
If you choose Target:
Select Oracle E-Business Suite Node as the target type.
Select the Oracle E-Business Suite Node for which this named credential is applicable.
Enter the user name and upload private and public keys.
You can test and save the credentials.
Set preferred credential for Oracle E-Business Suite Node
Navigate to Setup menu > Security > Preferred Credentials.
Select Oracle E-Business Suite Node.
Click on Manage Preferred Credentials.
Set Default Preferred Credentials for Oracle E-Business Suite Node
If you want to set a preferred credential for Oracle E-Business Suite Node which is applicable for all Oracle E-Business Suite nodes go to Default Preferred Credentials section.
Select OS Credentials as Credential Set.
Click on Set.
Choose the named credentials. Only those named credentials with scope as Global will appear in the list.
You can test and save the credentials.
Set Target Preferred Credentials for Oracle E-Business Suite Node
If you want to set a preferred credential for Oracle E-Business Suite Node applicable only to a specific Oracle E-Business Suite Node, go to the Target Preferred Credential section.
Select the Oracle E-Business Suite Node.
Select OS Credentials for Credential Set.
Click on Set.
Choose the named credentials.
You can test and save the credentials.
A preferred credential for Oracle WebLogic Server is needed if you are using Patch Manager. You must set it for the Admin server.
In addition, the WebLogic Administrator credentials must be set before you register a custom application on the patch edition in Oracle E-Business Suite Release 12.2.
Create named credential for Oracle WebLogic Server
Navigate to Setup menu > Security > Named Credentials and click on the Create button.
Provide an appropriate name and description.
Select Oracle WebLogic Server from Authenticating Target Type dropdown list.
Select Oracle WebLogic Credentials from the credentials type dropdown list.
Select scope.
If you choose Global, then this named credential will be applicable for all WLS Servers.
If you choose Target:
Select Oracle WebLogic Server as the target type.
Select the Oracle WebLogic Admin Server for which this named credential is applicable.
Enter the user name and password in credential properties.
You can test and save the credentials.
Set preferred credential for Oracle WebLogic Server
Navigate to Setup menu > Security > Preferred Credentials.
Select Oracle WebLogic Server.
Click on Manage Preferred Credentials.
Set Default Preferred Credentials for Oracle WebLogic Server
If you want to set a preferred credential for Oracle WebLogic Server which is applicable for all Oracle E-Business Suite instances, go to Default Preferred Credentials section.
Select Oracle WebLogic Administration Credentials for Credential Set.
Click on Set.
Choose the named credentials. Only those named credentials with scope as Global will appear in the list.
You can test and save the credentials.
Set Target Preferred Credentials for Oracle WebLogic Server
If you want to set a preferred credential for Oracle WebLogic Server of a specific Oracle E-Business Suite target go to Target Preferred Credential section.
Select Oracle WebLogic Server of the specific Oracle E-Business Suite target.
Select Oracle WebLogic Administration Credentials as Credential Set.
Click on Set.
Choose the named credentials.
You can test and save the credentials.
Host Preferred credentials must be set for the host from where files will be checked out by Customization Manager. The same host which is referenced in file source mapping. You must set the Normal Username and Normal Password for the host. Navigate to Setup menu > Security > Preferred Credentials. On the Preferred Credentials page, select Host and click Manage Preferred Credentials. On the Host Preferred Credentials page, set the operating system credentials of the host.
If the Oracle E-Business Suite instance features online patching, credentials must be set for targets in both Run and Patch file system.
In Patch Manager while trying to deploy a patch, verification of credentials will fail if you set up the SSH Key Credentials. You will still be able to proceed and deploy the patch.
Pack diagnostics tests which check whether the preferred credential is set or not will fail if you have set up SSH Keys Credentials.