You can add users to Oracle Enterprise Manager Ops Center from the local authentication subsystem of the Enterprise Controller's operating system or from a separate directory server. You can give each user a set of roles that grant access to the different functions of Oracle Enterprise Manager Ops Center. You can also give users privileges for their roles, which apply the roles to specific assets, networks, or other objects.
You can view the existing users and their roles and privileges from the Administration section.
The following features and topics are covered in this chapter:
Oracle Enterprise Manager Ops Center can import any user known to the Enterprise Controller, and import sets of users from directory servers. These users can log in and launch jobs separately.
Each user can be granted roles and privileges for each role, giving them a tailored set of abilities. Roles define what actions the user can take, and privileges specify the targets to which their roles apply.
You can view the permissions granted by each role, add and remove users, and assign roles and notification profiles to users.
Users with the User Admin role can add other users to Oracle Enterprise Manager Ops Center. New user information, such as the passwords for new users, are drawn from the local authentication subsystem.
Select Administration in the Navigation pane.
Click Local Users.
The Users page is displayed.
Click the Add User icon.
The Add User window is displayed.
Enter the user name.
Add one or more roles to the list of Selected Roles.
Click Add User.
The new user is created.
A user with the User Admin role can delete other users, removing the user from Oracle Enterprise Manager Ops Center and erasing the user's roles and privileges.
Select Administration in the Navigation pane.
Click Local Users.
The Users page is displayed.
Select the user that you want to delete, then click the Delete User icon.
The Delete User window is displayed.
Click OK.
The user is deleted.
You can view the details of a specified user's roles. This includes all of the roles and privileges assigned to that user.
Select Administration in the Navigation pane.
Click either Local Users or a directory server.
The users are displayed.
Select a user from the list of users.
Click the View User Role Details icon.
The user's roles are displayed.
Click Next.
The privileges for each of the user's roles are displayed on separate pages.
View each set of privileges, then click Next.
The Summary page is displayed.
View the summary, then click Finish.
You can add directory servers to Oracle Enterprise Manager Ops Center. Users and roles are added to the product from the directory server.
To grant roles to the users in a directory server, you create groups on the directory server that correspond to the roles in Oracle Enterprise Manager Ops Center. You grant a role to a user by adding the user to the corresponding group, and remove a role from a user by removing them from the group. You cannot edit the roles of a directory server user through the Oracle Enterprise Manager Ops Center user interface.
Users that are added from a directory server begin with complete privileges for each of their roles.
You must configure the remote directory server before adding it to Oracle Enterprise Manager Ops Center.
Create the following user groups on the directory server:
ASSET_ADMIN
CLOUD_ADMIN
CLOUD_USER
EXALOGIC_ADMIN
FAULT_ADMIN
NETWORK_ADMIN
OPS_CENTER_ADMIN
PROFILE_PLAN_ADMIN
READ
REPORT_ADMIN
ROLE_ADMIN
SECURITY_ADMIN
SERVER_DEPLOY_ADMIN
STORAGE_ADMIN
SUPERCLUSTER_ADMIN
UPDATE_ADMIN
UPDATE_SIM_ADMIN
USER_ADMIN
VIRT_ADMIN
Add users to these groups on the directory server. When the directory server is imported, the users are given the roles corresponding to their groups.
Select Administration in the Navigation pane.
Click Directory Servers.
Click the Add Directory Server icon.
The Remote Directory Server Connection Settings page is displayed.
Enter the following connection settings:
Name: The name of the directory server.
Host: The host name of the directory server.
Port: The port number to be used to access the directory server.
SSL: Check this box to use SSL to connect to the directory server.
Anonymous Bind: Check this box to use anonymous binding to access the directory server.
Username: The user name used to access the directory server. Username is required only if Anonymous Bind is not checked.
Password: The password for the given user name. Password is required only if Anonymous Bind is not checked.
Authentication: Select Use Directory Server for Authentication or Use Ops Center Local Authentication.
Click Next.
The Remote Directory Server Schema Settings page is displayed.
Enter the following schema settings:
Root suffix: The root node of the directory tree.
Group search DN: The container or operational unit in which to search for the role groups.
Group search scope: The scope of the group search. Select Search One Level or Search Subtree.
User search DN: The container or operational unit in which to search for users.
User search scope: The scope of the user search. Acceptable values are base, one, subtree, baseObject, singleLevel, wholeSubtree, or subordinateSubtree.
User search filter: An LDAP search filter which users must meet for inclusion.
Click Next.
The Summary page is displayed.
Review the summary, then click Add Directory Server.
You can synchronize Oracle Enterprise Manager Ops Center with one or all directory servers. This updates the list of users and roles to match the directory server's current information.
You can synchronize Oracle Enterprise Manager Ops Center with a single directory server.
To Sync Remote Users and Roles
Select Administration in the Navigation pane.
Click Directory Servers.
The list of directory servers is displayed.
Select a directory server and click the Sync Remote Users and Roles icon.
A confirmation window is displayed.
Click OK.
You can synchronize Oracle Enterprise Manager Ops Center with all known directory servers.
To Sync Remote Users and Roles
Select Administration in the Navigation pane.
Click Directory Servers. The list of directory servers is displayed.
Click Sync All Remote Users and Roles in the Actions pane.
A confirmation window is displayed.
Click OK.
You can remove a directory server. This action removes all users in that directory server from Oracle Enterprise Manager Ops Center.
Select Administration in the Navigation pane.
Click Directory Servers. The list of directory servers is displayed.
Select a directory server and click the Delete Directory Server icon.
A confirmation window is displayed.
Click OK.
Roles grant users the ability to use the different functions of Oracle Enterprise Manager Ops Center. By giving a role to a user, an Enterprise Controller Administrator controls the functions available to that user on specific assets and groups.
Each role grants a user a specific set of permissions. To perform a job, you must have the correct permissions for the target of the job.
Note:
Subgroups inherit the roles assigned to the parent group.Table 7-1, "Roles and Permissions" shows the permissions granted by each role.
Table 7-1 Roles and Permissions
Role | Permissions |
---|---|
Asset Admin |
Asset Group Management Asset Management Asset Network Management Boot Environmnent Management Chassis Management Chassis Usage Cluster Management Discover Assets IPMP Groups Link Aggregation Manage Assets Network Management Operating System Management Operating System Usage Power Distribution Unit Management Power Distribution Unit Usage Power Management Rack Creation Rack Deletion Rack Management Rack Usage Read Access Server Management Server Usage Service Request Storage Server Management Storage Server Usage Switch Management Switch Usage Write Access |
Cloud Admin |
Asset Management Asset Network Management Cloud Management Cloud Usage Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups Link Aggregation Manage Assets Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage OVM Manager Management OVM Manager Usage Profile Plan Management Read Access Role Management Server Management Server Pool Management Server Pool Usage Server Usage Storage Management Storage Server Management Storage Server Usage Storage Usage Switch Management Switch Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Management Virtualization Host Usage Write Access |
Cloud User |
Asset Management Asset Network Management Cloud Usage Fabric Creation Fabric Deletion Fabric Usage Manage Assets Network Creation Network Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage OVM Manager Usage Read Access Server Pool Usage Server Usage Storage Management Storage Server Usage Storage Usage Switch Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Management Virtualization Host Usage Write Access |
Exalogic Systems Admin |
Asset Management Credential Management Directory Server Management EC Energy Cost Management EC HTTP Proxy Management EC Registration Fabric Creation Fabric Deletion Fabric Management Fabric Usage Job Management Link Aggregation Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage Operation Execution OVM Manager Management OVM Manager Usage Power Distribution Unit Management Power Distribution Unit Usage Profile Plan Management Proxy Controller Management Read Access Report Management Role Management Server Deployment Server Management Server Usage Service Request Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Switch Usage Update Firmware User Management Write Access |
Fault Admin |
Fault Management Read Access Write Access |
Network Admin |
Asset Management Asset Network Management Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups Link Aggregation Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Read Access Write Access |
Ops Center Admin |
Add Product Alias Discover Assets EC Connection Mode Management EC Energy Cost Management EC HTTP Proxy Management EC Local Agent Management EC Proxy Management EC Registration EC Storage Library Management EC Upgrade Enterprise Controller Management Cloud Control Management Job Management Manage Assets Ops Center Downloads OVM Manager Management OVM Manager Usage Proxy Controller Management Proxy Controller Upgrade Read Access Unconfigure EC Windows Update Management Write Access |
Plan/Profile Admin |
Plan/Profile Management Read Access Write Access |
Read |
Read Access |
Report Admin |
Read Access Report Management Update Simulation Write Access |
Role Management Admin |
Read Access Role Management Write Access |
Security Admin |
Credential Management Read Access Write Access |
Apply Deployment Plans |
Operation Execution Read Access Server Deployment Update Firmware Write Access |
Storage Admin |
Asset Management Read Access Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Write Access |
Supercluster Systems Admin |
Asset Management Cluster Management Credential Management Directory Server Management EC Energy Cost Management EC HTTP Proxy Management EC Registration Fabric Creation Fabric Deletion Fabric Management Fabric Usage Job Management Link Aggregation Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage Operation Execution Power Distribution Unit Management Power Distribution Unit Usage Profile Plan Management Proxy Controller Management Read Access Report Management Role Management Server Deployment Server Management Server Usage Service Request Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Switch Usage Update Firmware User Management Write Access |
Update Admin |
Boot Environment Management Read Access Update Update Simulation Windows Update Management Write Access |
Update Simulation Admin |
Read Access Update Simulation Write Access |
User Management Admin |
Directory Server Management Read Access User Management Write Access |
Virtualization Admin |
Asset Management Asset Network Management Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups Link Aggregation Manage Assets Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management OVM Manager Management OVM Manager Usage Read Access Server Deployment Server Management Server Pool Creation Server Pool Deletion Server Pool Management Server Pool Usage Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Creation Virtualization Host Deletion Virtualization Host Management Virtualization Host Usage Write Access |
Table 7-2, "Permissions and Tasks" shows the tasks that a user with a given permission can perform.
Table 7-2 Permissions and Tasks
Permission | Tasks |
---|---|
Read Access |
Read Access |
Discover Assets |
Add Assets Find Assets |
Manage Assets |
Manage Assets Delete Assets |
Asset Group Management |
Create Group Edit Group Add Assets to Group Delete Group |
Update |
New Update OS Job Deploy or Update Software Compare System Catalog Create Catalog Snapshot View and Modify Catalog |
Update Simulation |
New Simulated OS Update Job |
Server Deployment |
Configure and Deploy Server Install Server Configure RAID |
Virtualization Guest Management |
Add or delete storage Assign or detach network Start Guest Shut Down Guest Migrate Guest Clone Guest Lifecycle actions |
Fault Management |
Assign Incidents Add Annotation to incidents Acknowledge incidents Take Actions on Incidents Mark Incidents as Repaired Close Incidents Delete Notifications Take Actions on Notification |
Credential Management |
Update Management Credentials Any Actions related to changing credentials |
Network Management |
Edit Network Domain Edit Network Attributes Edit Network Services |
Fabric Management |
Fabric Management |
Storage Management |
Import ISO Upload image Edit Attributes |
Report Management |
Create reports Delete reports |
Plan/Profile Management |
Create, delete, and modify profiles and plans |
Cloud Usage |
Create/Update/Delete Instance Attach/Detach Volume to Instance Create/Delete/Update Security Group Create/Update/Delete Volume Upload/Register/Delete templates Create/RollbackTo/Delete Snapshot Shutdown All servers Link/Launch OVAB |
Cloud Management |
Create/Delete/Update Cloud Create/Delete/Update Cloud Domain Create Public Security Group Share Public Security Group Create VM Instance Type |
Enterprise Controller Management |
Manage Enterprise Controller |
Proxy Controller Management |
Unconfigure/Uninstall Proxy Controller Configure Agent Controller Unconfigure Agent Controller DHCP configuration Subnets External DHCP Servers |
Cloud Control Management |
Configure/Connect Disconnect/Unconfigure Cloud Control Console |
Windows Update Management |
Unconfigure SCCM Configuration |
User Management |
Add Users Remove Users |
Role Management |
Assign Roles |
Asset Management |
Asset Management |
Write Access |
Write Access |
Service Request |
Open Service Request |
Power Management |
Power On Power Off Power on with Net Boot Set Power Policy |
Chassis Management |
Chassis Management |
Storage Server Management |
Storage Server Management |
Switch Management |
Launch Switch UI |
Server Management |
Reset Servers Reset Service Processors Refresh Locator Light On/Off Snapshot Bios Configuration Update Bios Configuration |
Operating System Management |
Reboot Upgrade Agent Controller |
Cluster Management |
Cluster Management |
Link Aggregation |
Aggregate Links |
IPMP Groups |
IPMP Groups |
Update Firmware |
Update Firmware |
Proxy Controller Upgrade |
Upgrade Proxy Controller |
Operation Execution |
Execute Operation |
Unconfigure EC |
Unconfigure Enterprise Controller |
Add Product Alias |
Add Product Alias |
EC Upgrade |
Upgrade Enterprise Controller |
EC Storage Library Management |
Set Enterprise Controller Storage Library |
EC Local Agent Management |
Configure Local Agent Unconfigure Local Agent |
EC Proxy Management |
Proxy Deployment Wizard |
EC Connection Mode Management |
Set up Connection Mode |
EC Registration |
Register Enterprise Controller |
EC HTTP Proxy Management |
Change HTTP Proxy |
EC Energy Cost Management |
Edit Energy Cost |
Ops Center Downloads |
Ops Center Downloads |
Boot Environmnent Management |
Activate Boot Env and Reboot Create New Boot Env. Synchronize Boot Env. |
Server Pool Creation |
Create Server Pool |
Server Pool Deletion |
Delete Server Pool |
Server Pool Management |
Rebalance Resource Edit Server Pool Attribute Attach Network to Server Pool Associate Library to Server Pool Add/Remove Virtual Host |
Server Pool Usage |
Create OVM virtual Servers Create zone servers Create Logical Domains |
Virtualization Host Creation |
Create Virtualization Host |
Virtualization Host Deletion |
Delete Virtualization Host |
Virtualization Host Management |
Add/Remove Virtual Host to/from Server Pool Edit Tags Edit Attributes Reboot Change Routing Configuration Change NFS4 Domain Change Naming Service Change Remote Logging Configuration |
Virtualization Host Usage |
Create Logical Domains Create zones Create OVM virtual servers |
Virtualization Guest Creation |
Create Logical Domains Create zones Create OVM virtual servers |
Virtualization Guest Deletion |
Delete Logic Domain Delete Zones Delete OVM Virtual Servers |
Virtualization Guest Usage |
Start Guest Shutdown Guest Migrate Guest Clone Guest |
Storage Creation |
Create Library |
Storage Deletion |
Delete Library |
Storage Usage |
Associate Library |
Network Creation |
Create Network Domain Create Network(manage network) |
Network Deletion |
Delete Network Domain Delete Network |
Network Usage |
Assign Network Connect Guests |
Fabric Creation |
Create Fabric |
Fabric Deletion |
Delete Fabric |
Fabric Usage |
Fabric Management |
Chassis Usage |
Chassis Usage |
Storage Server Usage |
Storage Server Usage |
Switch Usage |
Switch Usage |
Server Usage |
Launch LOM Controller Edit Tags |
Operating System Usage |
Edit Tags Edit Attributes |
Rack Creation |
Create Rack |
Directory Server Management |
Directory Server Management |
Power Distribution Unit Usage |
Power Distribution Unit Usage |
Power Distribution Unit Management |
Power Distribution Unit Management |
Rack Creation |
Rack Creation |
Rack Deletion |
Rack Deletion |
Rack Management |
Rack Management |
Rack Usage |
Rack Usage |
OVM Manager Usage |
OVM Manager Usage |
OVM Manager Management |
OVM Manager Management |
Network Domain Creation |
Network Domain Creation |
Network Domain Deletion |
Network Domain Deletion |
Network Domain Management |
Network Domain Management |
Network Domain Usage |
Network Domain Usage |
Asset Network Management |
Asset Network Management |
Job Management |
Job Management |
Users with the Role Admin role can grant users different roles and privileges.
To Assign Roles and Privileges to a User
Select Administration in the Navigation pane.
Click the Roles tab.
The Roles page is displayed.
Select a user from the list of users.
Click the Manage User Roles icon.
Add or remove one or more roles from the selected roles list.
By default, users are given full privileges for each of their assigned roles. To specify privileges, deselect the Use the default Role associations box.
Click Next.
If you chose to specify privileges, the privileges for each type of target are displayed on separate pages. Select the roles to apply to each target, then click Next.
The Summary page is displayed. Review the roles and privileges assigned to the user, then click Finish.
You can copy a user's roles and privileges to other target users. The target users' current roles and privileges are overwritten.
Note:
You can replicate a user from a directory server, but only the user's privileges are replicated. The target user must begin with the same roles as the source user.Select Administration in the Navigation pane.
Click either Local Users or a directory server.
The users are displayed.
Select the source user from the list of users.
Click the Replicate User Roles icon.
The Replicate User Roles page is displayed.
Add one or more users to the list of target users.
Click Replicate Roles.
Notification Profiles determine how notifications are sent to a user and what levels of notifications are sent. By configuring separate notification profiles, different users can receive specific levels of notifications through the UI, through email, or through a pager.
Eight levels of notification can be sent:
None: No notifications are sent to the destination.
Incident Severity >= Critical: Incidents of critical severity are sent to the destination.
Incident Severity >= Warning: Incidents of critical or warning severity are sent to the destination.
Incident Severity >= Info: Incidents of any severity are sent to the destination.
Incident updates and all severities: Incidents of any severity and incident updates are sent to the destination.
Notification Priority >= High: High severity notifications are sent to the destination. This level can only be sent to the user interface.
Notification Priority >= Medium: Medium and high severity notifications are sent to the destination. This level can only be sent to the user interface.
Notification Priority >= Low: Low, medium, and high severity notifications are sent to the destination. This level can only be sent to the user interface.
Different levels of notifications can be sent for specific Server Pools, Groups, or top-level Smart Groups.
If a user has no notification profile, all notifications of medium or high severity for all assets are sent to the UI, and no notifications are sent to other destinations.
To Configure a Notification Profile
You can configure a new notification profile for a user or edit an existing profile.
Select Administration in the Navigation pane.
Select Local Users in the Navigation pane.
The Users tab is displayed.
Select the user for whom you want to configure notifications.
Click the Configure Notification Profile icon.
The Configure Notification Profile Wizard is displayed.
If a Notification Profile has already been configured for the user, the existing profile is displayed.
Select either Subscribe to All Messages or Subscribe to Custom List of Messages.
If you select Subscribe to All Messages, you receive notifications for all assets.
Use the User Interface drop-down list to select the severity of messages to be received through the UI.
Use the Email drop-down list to select the severity of messages to be received through email.
Use the Pager drop-down list to select the severity of messages to be received through a pager.
If you select Subscribe to Custom List of Messages, the Configure Group Notifications page is displayed. You receive the specified priority of notifications for each Virtualization Pool and Group.
For each Virtualization Pool, select the severity of messages to be received through the UI, email, and pager.
For each System Group, select the severity of messages to be received through the UI, email, and pager.
For each Group, select the severity of messages to be received through the UI, email, and pager.
If you chose to receive notifications by email, enter the email information:
Email Address: The destination email address.
Mail Host: The mailhost to use in sending the email. Enter localhost or the name or IP address of the Enterprise Controller to send emails directly.
Port: The port to use in sending the email.
Mail User Name: Enter a user name if it is required by the mail host.
Mail Password: Enter a password if it is required by the mail host.
Connection Security: Select STARTTLS or SSL/TLS for the connection security.
From Email Address: Enter the email address from which email notifications are sent.
If you chose to receive notifications by pager, enter a pager address, then click Next.
The Summary page is displayed.
Click Update Notification Profile.
The new notification profile is applied.
Notification Profiles determine what events generate notifications for a user and how those notifications are sent to the user. If a user's notification profile is deleted, Oracle Enterprise Manager Ops Center only sends notifications of medium or high severity to the UI, and does not send notifications by email or pager.
To Delete a Notification Profile
Select Administration in the Navigation pane.
Select Local Users in the Navigation pane.
The Users tab is displayed.
Select the user whose Notification Profile you want to delete.
Click the Delete Notification Profile icon.
The Delete User Notification Profile confirmation window is displayed.
Click Delete.
The User's Notification Profile is deleted.