This section summarizes the new features and significant product changes for Oracle Privileged Account Manager in the Oracle Fusion Middleware 11g Release 2 (11.1.2.3) release.
This chapter includes the following topics:
Follow the pointers in this guide to get more information about the features and how to use them.
Oracle Privileged Account Manager 11g Release 2 (11.1.2.3.0) includes the following new and changed administrative, development, and security features:
Added support for the Connector Server. Refer to Section 5.4, "Managing a Connector Server" for more information about configuring connector servers.
Added support for the Windows target type. Refer to Chapter 6, "Working with Targets" for more information.
Added support for Windows Session Recording using the Windows Agent. Refer to Chapter 8, "Configuring and Managing Agents" for more information about the actions a user preforms on a Windows target.
Enhanced the Session Recording feature to include DVR-Like session recording and playback. Refer to Section 9.7, "Viewing a Session Recording" for more information about viewing session recordings.
Added the SAP UM and SAP UME target types, which are used to manage privileged accounts on SAP software systems. Refer to the following:
Chapter 6, "Working with Targets" for more information about configuring SAP targets.
Chapter 9, "Working with Privileged Accounts" for more information about Oracle Privileged Account Manager operations (such as password checkout, password reset, and automatic password recycling) on SAP targets and accounts.
Added support for Session and Password management for the SSH targets. Refer to the following:
Chapter 6, "Working with Targets" for more information about configuring Network Devices such as routers, firewalls, and hypervisors like Oracle Virtual Machine through the SSH targets.
Appendix C, "Working with the SSH Connector" for more information configuring the SSH Connector.
Added support for Copying Passwords to the Clipboard. Refer to Section 9.5.1, "Checking Out Passwords" for more information about how a user can copy the passwords that are provided during password checkout directly to the clipboard.
Added support for the Clear Clipboard feature. Refer to Section 9.5.2, "Clearing Copied Passwords From the Clipboard" for more information about clearing the clipboard after a copied password has been used and is no longer needed for further use.
Enhanced the Oracle Privileged Account Manager Usage Policies. Refer to Section 10.3, "Working with Usage Policies" for information about how to enable administrators to control users' session access and capabilities.
Added the ability for administrators to delegate their administrative privileges using resource groups. Refer to Chapter 12, "Working with Resource Groups" for more information about managing resource groups and delegating administration.
Enhanced the Oracle Privileged Account Manager plug-in framework. Refer to Chapter 13, "Working with Plug-Ins" for more information about how the following features enhance functionality, manageability, and fault tolerance:
Provided additional filtering rules to help manage plug-in implementations.
Enabled retry support for post plug-ins to provide fault tolerance.
Added a "create-like" feature and improved defining required attributes and defaults to better facilitate plug-ins.
Enhanced various Oracle Privileged Account Manager reports. Refer to Chapter 15, "Working with Reports" for more information about improved user interfaces, additional metrics, and the new password age search option.
The following common problems and their workarounds have been added to Chapter 20, "Troubleshooting Oracle Privileged Account Manager":
Section 20.3.17, "Audit Records Appear in BI Reports After a Long Delay"
Section 20.3.18, "The "Failure to Load Windows Connector" Exception Occurs"
Section 20.3.19, "Failure to Add a UNIX Target or Checkout a UNIX Account"
Section 20.3.20, "Copying Password to Clipboard Fails in a HA Environment"
Section 20.3.21, "Error in Loading SAP Classes During the Startup of the Server"
Section 20.3.23, "The OPAMAgentService Windows Service Stops"
Section 20.3.24, "A User is Able to Access the Grants of Another User"
Added information about frequently asked questions. Refer to Section 20.4, "Frequently Asked Questions" for more information.
Various other changes have been made to the Console, command line, and RESTful interfaces. Information about these new or updated interface changes is provided throughout this guide.
Oracle Privileged Account Manager 11g Release 2 (11.1.2.2.0) included the following new and changed administrative, development, and security features:
Added a plug-in framework that enables you to extend and customize Oracle Privileged Account Manager functionality to better suit your specific requirements. This framework enables you to
Validate and manipulate data before Oracle Privileged Account Manager performs operations
Perform specific actions after Oracle Privileged Account Manager completes its operations
Register and manage plug-ins through the Oracle Privileged Account Manager Console, command line, or RESTful interface
Integrate Oracle Privileged Account Manager with third-party systems such as wallets, ticket management systems, and audit systems
In addition, a new Plug-in Configuration page and several new plug-in related options have been added to the Oracle Privileged Account Manager Console, command line tool, and RESTful interface. For more information about plug-ins and using the new interface features to configure plug-ins, refer to the following:
Chapter 1, "Introduction to Oracle Privileged Account Manager" for information about how the plug-in framework functionality works within Oracle Privileged Account Manager.
Section 2.6, "Understanding Plug-In Security" for information about plug-in security.
Chapter 4, "Starting and Using the Oracle Privileged Account Manager Console" for information about the using the Console features to search for and configure plug-ins.
Chapter 13, "Working with Plug-Ins" for basic information about configuring and deploying plug-ins in Oracle Privileged Account Manager by using the Console.
Chapter 18, "Developing Plug-Ins for Oracle Privileged Account Manager" for information about creating your own custom plug-ins for Oracle Privileged Account Manager.
Section A.9, "Working with Plug-Ins" for information about configuring and deploying plug-ins by using the command line tool.
Section B.12, "Plug-In Resource" for information about configuring and deploying plug-ins by using Oracle Privileged Account Manager's RESTful interface.
Added the Oracle Privileged Session Manager to manage the privileged sessions to the target system. By creating a single access point to the target resources, Oracle Privileged Session Manager (Session Manager) helps administrators easily control and monitor all of the activities within the privileged session.
In addition, a new Session Management page and several new session management-related updates have been made to the Console, command line tool, and RESTful interface. For more information about session management and configuring sessions, refer to the following:
Chapter 1, "Introduction to Oracle Privileged Account Manager"for information about how the Session Manager functionality works within Oracle Privileged Account Manager.
Section 2.5, "Understanding Session Management Security" for information about Session Manager security.
Section 5.3, "Managing the Oracle Privileged Session Manager Server" for information about configuring the Session Manager server.
Chapter 9, "Working with Privileged Accounts" for information about administering managed sessions from the Console and about privileged sessions.
Section 10.3, "Working with Usage Policies" for information about configuring sessions in Usage Polices.
Section 14.7, "Checking Out Privileged Account Sessions" for information about how to check out sessions and passwords.
Section 15.5, "Working with Checkout History Reports" for information about working with Session History reports.
Appendix B, "Working with Oracle Privileged Account Manager's RESTful Interface" for information about administering managed sessions by using Oracle Privileged Account Manager's RESTful interface.
Added a new opsmconfig
configuration object that represents the configuration information for Session Manager servers.
Added a new My Checkouts page where users can access a list of the accounts they currently have checked out and a Checkout History page where administrators can access information about account checkouts.
For information about the My Checkouts page, refer to Section 4.3, "Navigating Oracle Privileged Account Manager's Console" and Section 9.5, "Checking Out Privileged Accounts."
For information about the Checkout History page, refer to Section 15.5, "Working with Checkout History Reports."
Added new Checkout History Report that enables administrators to view information about any account checkouts performed over a specified period of time. Refer to Section 15.5, "Working with Checkout History Reports" for information.
Various other changes have been made to the Console, command line, and RESTful interfaces. Information about these new or updated interface changes is provided throughout this guide.
This section describes significant changes that have been made in this guide. The topics include:
The following significant changes have been made in revision "2" of the guide:
Section 5.4.1.1, "Installing and Configuring The Connector Server" has been modified.
"ActiveDirectorySwitch" has been renamed to "WindowsLocalSwitch" in step 2 of Section 5.4.1.4, "Enabling Logging."
"Administrators Account" row of Table 6-8, "Basic Configuration Parameters for the Windows Target Type" has been updated.
The following significant changes have been made in Release 11gR2 (11.1.2.3.0) of the guide:
Added and updated various parameter labels, procedure descriptions, and screenshots throughout this guide based on changes to the user interface, command line tool commands, and RESTful APIs.
For release 11.1.2.2.0, this guide was reorganized and updated as follows:
Added and updated various parameter labels, procedure descriptions, and screenshots throughout this guide based on changes to the user interface, command line tool commands, and RESTful APIs.
Reorganized Chapter 5, "Configuring and Managing Oracle Privileged Account Manager," into smaller, separate chapters. Refer to the Contents for more information.
Added the following new chapters and appendixes:
Chapter 4, "Starting and Using the Oracle Privileged Account Manager Console," describes how to invoke and work with Oracle Privileged Account Manager's web-based graphical user interface, or Console.
Chapter 7, "Working with Service Accounts" describes how to configure and manage OPAM Service Accounts.
Chapter 13, "Working with Plug-Ins," describes how to configure and deploy an Oracle Privileged Account Manager plug-in.
Chapter 18, "Developing Plug-Ins for Oracle Privileged Account Manager," describes how to write your own, custom plug-ins.
Reorganized Chapter 11752016, "Working with the Command Line Tool," by combining related commands into sections. For example, all of the server related- commands are now located in Section A.2, "Working with the Server." Refer to the Contents for more information.