You can add users to Oracle Enterprise Manager Ops Center from the local authentication subsystem of the Enterprise Controller's operating system or from a separate directory server. You can give each user a set of roles that grant access to the different functions of Oracle Enterprise Manager Ops Center. You can also give users privileges for their roles, which apply the roles to specific assets, networks, or other objects.
You can view the existing users and their roles and privileges from the Administration section.
This chapter includes the following sections:
Oracle Enterprise Manager Ops Center can import any user known to the Enterprise Controller, and import sets of users from directory servers. These users can log in and launch jobs separately.
Each user can be granted roles and privileges for each role, giving them a tailored set of abilities. Roles define what actions the user can take, and privileges specify the targets to which their roles apply.
You can view the permissions granted by each role, add and remove users, and assign roles and notification profiles to users.
Whenever a user is added or deleted, or new roles are assigned to a user, an entry for the event is added to the Oracle Enterprise Manager Ops Center audit log. You can view this log to verify changes to users and roles.
You require specific roles to manage users and roles in Oracle Enterprise Manager Ops Center.
The following table lists the tasks and the role required to complete the task. Contact your administrator if you do not have the necessary role or privilege to complete a task.
Table 8-1 User and Role Management Tasks and Roles
Task | Role |
---|---|
Add, replicate, or delete a user |
Ops Center Admin |
View user role details |
Ops Center Admin |
Add or delete a directory server |
Ops Center Admin |
Synchronize remote users and roles |
Ops Center Admin |
Manage Roles |
Ops Center Admin |
Configure or delete a notification profile |
Ops Center Admin |
Ops Center Admin |
Ops Center Admin |
You can perform several user and role management operations using Oracle Enterprise Manager Ops Center.
Using Oracle Enterprise Manager Ops Center, you can perform the following tasks:
Add a user
Delete a user
View user role details
Add a directory server
Synchronize remote users and roles
Deleting a directory server
Manage roles
Replicate a user
Configure a Notification Profile
Delete a Notification Profile
View the audit log
In the Oracle Enterprise Manager Ops Center user interface, you can find users and roles information in different locations.
Table 8-2 Location of User and Role Management Information in the UI
To See | Location |
---|---|
View/Add/Replicate/Delete a user |
Expand Administration in the Navigation pane and select Local Users. |
View/Add/Modify/Delete Directory Servers |
Expand Administration in the Navigation pane and select Directory Servers. |
View/Update Credentials |
Expand Administration in the Navigation pane and select Credentials. |
Sync Remote Users and Roles |
Expand Administration in the Navigation pane and select Directory Servers. |
Manage Roles |
Expand Administration in the Navigation pane and select the Roles tab in the center pane. |
Configure or delete a Notification Profiles |
Expand Administration in the Navigation pane and select Local Users. |
For more details on Credentials, see <Config Guide>.
Users with the User Admin role can add other users to Oracle Enterprise Manager Ops Center. New user information, such as the passwords for new users, are drawn from the local authentication subsystem.
To add a user, perform the following steps:
A user with the User Admin role can delete other users, removing the user from Oracle Enterprise Manager Ops Center and erasing the user's roles and privileges.
To delete a user, perform the following steps:
You can view the details of a specified user's roles. This includes all of the roles and privileges assigned to that user.
To view user role details, perform the following steps:
You can add directory servers to Oracle Enterprise Manager Ops Center. Users and roles are added to the product from the directory server.
To grant roles to the users in a directory server, you create groups on the directory server that correspond to the roles in Oracle Enterprise Manager Ops Center. You grant a role to a user by adding the user to the corresponding group, and remove a role from a user by removing them from the group. You cannot edit the roles of a directory server user through the Oracle Enterprise Manager Ops Center user interface. Users that are added from a directory server begin with complete privileges for each of their roles.
When you add a directory server to Oracle Enterprise Manager Ops Center, the login page uses directory server users by default. Local users can still be selected.
You can synchronize Oracle Enterprise Manager Ops Center with one or all directory servers.
Synchronizing Oracle Enterprise Manager Ops Center with one or all directory servers updates the list of users and roles to match the directory server's current information.
Note:
Oracle Enterprise Manager Ops Center does not support synchronizing active directory servers.
You can synchronize Oracle Enterprise Manager Ops Center with a single directory server.
To synchronize Oracle Enterprise Manager Ops Center with a single directory server, perform the following steps:
You can remove a directory server. This action removes all users in that directory server from Oracle Enterprise Manager Ops Center.
To delete a directory server, perform the following steps:
Roles grant users the ability to use the different functions of Oracle Enterprise Manager Ops Center. By giving a role to a user, an Enterprise Controller Administrator controls the functions available to that user on specific assets and groups.
Each role grants a user a specific set of permissions. To perform a job, you must have the correct permissions for the target of the job.
Note:
Subgroups inherit the roles assigned to the parent group.
Some of the permissions are mapped to the roles.
Table 8-3 shows the permissions granted by each role.
Table 8-3 Roles and Permissions
Role | Permissions |
---|---|
Asset Admin |
Asset Group Management Asset Management Asset Network Management Boot Environment Management Chassis Management Chassis Usage Cluster Management Discover Assets IPMP Groups Link Aggregation Manage Assets Network Management Operating System Management Operating System Usage Power Distribution Unit Management Power Distribution Unit Usage Power Management Rack Creation Rack Deletion Rack Management Rack Usage Read Access Server Management Server Usage Service Request Storage Server Management Storage Server Usage Switch Management Switch Usage Write Access |
Cloud Admin |
Asset Management Asset Network Management Cloud Management Cloud Usage Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups LDOM Power Management Link Aggregation Manage Assets Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage OVM Manager Management OVM Manager Usage Profile Plan Management Read Access Role Management Server Management Server Pool Management Server Pool Usage Server Provisioning Server Usage Solaris Zone Creation Solaris Zone Deletion Solaris Zone Host Management Solaris Zone Management Storage Management Storage Server Management Storage Server Usage Storage Usage Switch Management Switch Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Management Virtualization Host Usage Write Access |
Cloud User |
Asset Management Asset Network Management Cloud Usage Fabric Creation Fabric Deletion Fabric Usage LDOM Power Management Manage Assets Network Creation Network Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management Operating System Usage OVM Manager Usage Read Access Server Pool Usage Server Provisioning Server Usage Solaris Zone Creation Solaris Zone Deletion Solaris Zone Host Management Solaris Zone Management Storage Management Storage Server Usage Storage Usage Switch Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Management Virtualization Host Usage Write Access |
Fault Admin |
Fault Management Read Access Write Access |
Network Admin |
Asset Management Asset Network Management Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups Link Aggregation Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Read Access Write Access |
Ops Center Admin |
Add Product Alias Discover Assets EC Connection Mode Management EC Energy Cost Management EC HTTP Proxy Management EC Local Agent Management EC Proxy Management EC Registration EC Storage Library Management EC Upgrade Enterprise Controller Management Cloud Control Management Job Management Manage Assets Ops Center Downloads OVM Manager Management OVM Manager Usage Proxy Controller Management Proxy Controller Upgrade Read Access Unconfigure EC Windows Update Management Write Access |
Plan/Profile Admin |
Plan/Profile Management Read Access Write Access |
Proxy Controller Admin |
Proxy Controller Management Write Access Read Access |
Read |
Read Access |
Report Admin |
Read Access Report Management Update Simulation Write Access |
Role Management Admin |
Read Access Role Management Write Access |
Security Admin |
Credential Management Read Access Write Access |
Supercluster Systems Admin |
Read Access Manage Assets Asset Group Management Server Provisioning Fault Management Credential Management Network Management Fabric Management Storage Management Report Management Profile and Plan Management User Management Role Management Asset Management Write Access Service Requests Power Management Storage Server Management Server Management Operating System Management Cluster Management Link Aggregation Operation Execution EC Registration EC HTTP Proxy Management EC Energy Cost Management Server Pool Creation Server Pool Deletion Server Pool Management Server Pool Usage Storage Creation Storage Deletion Storage Usage Network Creation Network Deletion Network Usage Fabric Creation Fabric Deletion Fabric Usage Storage Server Usage Switch Usage Server Usage |
Supercluster Admin (Continued) |
Operating System Usage Directory Server Management PDU Usage PDU Management Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Asset Network Management Job Management Solaris Zone Creation Solaris Zone Deletion Solaris Zone Host Management Solaris Zone Management Software Library Management LDOM Power Management |
Apply Deployment Plans |
Operation Execution Read Access Server Provisioning Update Firmware Write Access |
Storage Admin |
Asset Management Read Access Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Write Access |
Update Admin |
Boot Environment Management Read Access Software Library Management Update Update Simulation Windows Update Management Write Access |
Update Simulation Admin |
Read Access Update Simulation Write Access |
User Management Admin |
Directory Server Management Read Access User Management Write Access |
Virtualization Admin |
Asset Management Asset Network Management Fabric Creation Fabric Deletion Fabric Management Fabric Usage IPMP Groups Link Aggregation LDOM Power Management Manage Assets Network Creation Network Deletion Network Domain Creation Network Domain Deletion Network Domain Management Network Domain Usage Network Management Network Usage Operating System Management OVM Manager Management OVM Manager Usage PDOM Domain Management Read Access Server Provisioning Server Management Server Pool Creation Server Pool Deletion Server Pool Management Server Pool Usage Solaris Zone Creation Solaris Zone Deletion Solaris Zone Host Management Solaris Zone Management Storage Creation Storage Deletion Storage Management Storage Server Management Storage Server Usage Storage Usage Virtualization Guest Creation Virtualization Guest Deletion Virtualization Guest Management Virtualization Guest Usage Virtualization Host Creation Virtualization Host Deletion Virtualization Host Management Virtualization Host Usage Write Access |
Some of the permissions are mapped to tasks.
Table 8-4 shows the tasks that a user with a given permission can perform.
Table 8-4 Permissions and Tasks
Permission | Tasks |
---|---|
Read Access |
Read Access |
Discover Assets |
Add Assets Find Assets |
Manage Assets |
Manage Assets Delete Assets |
Asset Group Management |
Create Group Edit Group Add Assets to Group Delete Group |
Update |
New Update OS Job Deploy or Update Software Compare System Catalog Create Catalog Snapshot View and Modify Catalog |
Update Simulation |
New Simulated OS Update Job |
Server Provisioning |
Configure and Deploy Server Install Server Configure RAID |
Virtualization Guest Management |
Add or delete storage Assign or detach network Start Guest Shut Down Guest Migrate Guest Clone Guest Lifecycle actions |
Fault Management |
Assign Incidents Add Annotation to incidents Acknowledge incidents Take Actions on Incidents Mark Incidents as Repaired Close Incidents Delete Notifications Take Actions on Notification |
Credential Management |
Update Management Credentials Any Actions related to changing credentials |
Network Management |
Edit Network Domain Edit Network Attributes Edit Network Services |
Fabric Management |
Fabric Management |
Storage Management |
Import ISO Upload image Edit Attributes |
Report Management |
Create reports Delete reports |
Plan/Profile Management |
Create, delete, and modify profiles and plans |
Cloud Usage |
Create/Update/Delete Instance Attach/Detach Volume to Instance Create/Delete/Update Security Group Create/Update/Delete Volume Upload/Register/Delete templates Create/RollbackTo/Delete Snapshot Shutdown All servers Link/Launch OVAB |
Cloud Management |
Create/Delete/Update Cloud Create/Delete/Update Cloud Domain Create Public Security Group Share Public Security Group Create VM Instance Type |
Enterprise Controller Management |
Manage Enterprise Controller |
Proxy Controller Management |
Unconfigure/Uninstall Proxy Controller Configure Agent Controller Unconfigure Agent Controller DHCP configuration Subnets External DHCP Servers |
Cloud Control Management |
Configure/Connect Disconnect/Unconfigure Cloud Control Console |
Windows Update Management |
Unconfigure SCCM Configuration |
User Management |
Add Users Remove Users |
Role Management |
Assign Roles |
Asset Management |
Asset Management |
Write Access |
Write Access |
Service Request |
Open Service Request |
Power Management |
Power On Power Off Power on with Net Boot Set Power Policy |
Chassis Management |
Chassis Management |
Storage Server Management |
Storage Server Management |
Switch Management |
Launch Switch UI |
Server Management |
Reset Servers Reset Service Processors Refresh Locator Light On/Off Snapshot Bios Configuration Update Bios Configuration |
Operating System Management |
Reboot Upgrade Agent Controller |
Cluster Management |
Cluster Management |
Link Aggregation |
Aggregate Links |
IPMP Groups |
IPMP Groups |
Update Firmware |
Update Firmware |
Proxy Controller Upgrade |
Upgrade Proxy Controller |
Operation Execution |
Execute Operation |
Unconfigure EC |
Unconfigure Enterprise Controller |
Add Product Alias |
Add Product Alias |
EC Upgrade |
Upgrade Enterprise Controller |
EC Storage Library Management |
Set Enterprise Controller Storage Library |
EC Local Agent Management |
Configure Local Agent Unconfigure Local Agent |
EC Proxy Management |
Proxy Deployment Wizard |
EC Connection Mode Management |
Set up Connection Mode |
EC Registration |
Register Enterprise Controller |
EC HTTP Proxy Management |
Change HTTP Proxy |
EC Energy Cost Management |
Edit Energy Cost |
Ops Center Downloads |
Ops Center Downloads |
Boot Environment Management |
Activate Boot Env and Reboot Create New Boot Env. Synchronize Boot Env. |
Server Pool Creation |
Create Server Pool |
Server Pool Deletion |
Delete Server Pool |
Server Pool Management |
Rebalance Resource Edit Server Pool Attribute Attach Network to Server Pool Associate Library to Server Pool Add/Remove Virtual Host |
Server Pool Usage |
Create OVM virtual Servers Create zone servers Create Logical Domains |
Virtualization Host Creation |
Create Virtualization Host |
Virtualization Host Deletion |
Delete Virtualization Host |
Virtualization Host Management |
Add/Remove Virtual Host to/from Server Pool Edit Tags Edit Attributes Reboot Change Routing Configuration Change NFS4 Domain Change Naming Service Change Remote Logging Configuration |
Virtualization Host Usage |
Create Logical Domains Create zones Create OVM virtual servers |
Virtualization Guest Creation |
Create Logical Domains Create zones Create OVM virtual servers |
Virtualization Guest Deletion |
Delete Logic Domain Delete Zones Delete OVM Virtual Servers |
Virtualization Guest Usage |
Start Guest Shutdown Guest Migrate Guest Clone Guest |
Solaris Zone Creation |
Create Solaris Zone |
Solaris Zone Deletion |
Delete Solaris Zone |
Solaris Zone Host Management |
Solaris Zone Host Management |
Solaris Zone Management |
Solaris Zone Management |
Storage Creation |
Create Library |
Storage Deletion |
Delete Library |
Storage Usage |
Associate Library |
Network Creation |
Create Network Domain Create Network (manage network) |
Network Deletion |
Delete Network Domain Delete Network |
Network Usage |
Assign Network Connect Guests |
Fabric Creation |
Create Fabric |
Fabric Deletion |
Delete Fabric |
Fabric Usage |
Fabric Management |
Chassis Usage |
Chassis Usage |
Storage Server Usage |
Storage Server Usage |
Switch Usage |
Switch Usage |
Server Usage |
Launch LOM Controller Edit Tags |
Operating System Usage |
Edit Tags Edit Attributes |
Rack Creation |
Create Rack |
Directory Server Management |
Directory Server Management |
Power Distribution Unit Usage |
Power Distribution Unit Usage |
Power Distribution Unit Management |
Power Distribution Unit Management |
Rack Creation |
Rack Creation |
Rack Deletion |
Rack Deletion |
Rack Management |
Rack Management |
Rack Usage |
Rack Usage |
OVM Manager Usage |
OVM Manager Usage |
OVM Manager Management |
OVM Manager Management |
Network Domain Creation |
Network Domain Creation |
Network Domain Deletion |
Network Domain Deletion |
Network Domain Management |
Network Domain Management |
Network Domain Usage |
Network Domain Usage |
Asset Network Management |
Asset Network Management |
Job Management |
Job Management |
Users with the Role Admin role can grant users different roles and privileges.
To grant users different roles and privileges, perform the following steps:
You can copy a user's roles and privileges to other target users.
The target users' current roles and privileges are overwritten.
Note:
You can replicate a user from a directory server, but only the user's privileges are replicated. The target user must begin with the same roles as the source user.
Notification Profiles determine how notifications are sent to a user and what levels of notifications are sent. By configuring separate notification profiles, different users can receive specific levels of notifications through the UI, through email, or through a pager.
To receive notifications, a user must have either of the following roles assigned.
To receive notifications about all the assets, a user must have an Ops Center Admin role.
To receive notifications only about the assets in a specific user-defined group, a user must have a Read role. When assigning the Read role to a user, uncheck the Use the default Role associations option to apply the role only to specific groups.
Note:
To receive email notifications about assets, a user must have a Read role. You can receive email notifications either in HTML or plain text format by using the alert.mail.format
property. See About EC Manager Configuration for more information on how to set the property value to receive email notification in HTML or plain text format.
Eight levels of notification can be sent:
None: No notifications are sent to the destination.
Incident Severity >= Critical: Incidents of critical severity are sent to the destination.
Incident Severity >= Warning: Incidents of critical or warning severity are sent to the destination.
Incident Severity >= Info: Incidents of any severity are sent to the destination.
Incident updates and all severities: Incidents of any severity and incident updates such as status changes and new annotations are sent to the destination.
Notification Priority >= High: High severity notifications are sent to the destination. This level can only be sent to the user interface.
Notification Priority >= Medium: Medium and high severity notifications are sent to the destination. This level can only be sent to the user interface.
Notification Priority >= Low: Low, medium, and high severity notifications are sent to the destination. This level can only be sent to the user interface.
Different levels of notifications can be sent for specific Server Pools, or asset groups.
If a user has no notification profile, all notifications of medium or high severity for all assets are sent to the UI, and no notifications are sent to other destinations.
You can configure a new notification profile for a user or edit an existing profile.
To configure a new notification profile for a user or to edit an existing profile:
Notification Profiles determine what events generate notifications for a user and how those notifications are sent to the user. If a user's notification profile is deleted, Oracle Enterprise Manager Ops Center only sends notifications of medium or high severity to the UI, and does not send notifications by email or pager.
To delete a notification profile, perform the following steps:
Whenever a user is added or deleted, or new roles are assigned to a user, an entry for the event is added to the Oracle Enterprise Manager Ops Center audit log. The log also contains the details of the connection. You can view this log to verify and track changes to users and roles.
You must have root permissions on the Enterprise Controller system to view the audit log. This log cannot be edited.
You can view the Oracle Enterprise Manager Ops Center documents for additional information.
For more information, see these Oracle resources:
For more information on audit logs, see Oracle Enterprise Manager Ops Center Configuration Reference
For more information on product administration, see http://docs.oracle.com/cd/E59957_01/nav/administer.htm
For end-to-end examples, see the Deploy How To library at http://docs.oracle.com/cd/E59957_01/nav/deploy.htm
and the Operate How To library at http://docs.oracle.com/cd/E59957_01/nav/operate.htm
For more information on Enterprise Manager Ops Center, see the Ops Center blog at https://blogs.oracle.com/opscenter/