1. User’s Guide
  2. Collecting Diagnostic Data and Triaging, Diagnosing, and Resolving Issues
  3. Getting Started with Oracle Trace File Analyzer
  4. Securing Access to Oracle Trace File Analyzer

4.2.4 Securing Access to Oracle Trace File Analyzer

Running tfactl commands is restricted only to authorized users.

tfactl provides a command-line interface and shell in order to:

  • Run any desired diagnostics and collect all relevant log data from a time of your choosing

  • Trim log files around the time, collecting only what is necessary for diagnosis

  • Collect and package all trimmed diagnostics, from any desired nodes in the cluster and consolidate everything in one package on a single node

Authorized non-root users can run a subset of the tfactl commands. All other tfactl  commands require root access. Users who are not authorized cannot run any tfactl command.

By default, the following users are authorized to access a subset of tfactl commands:

  • Oracle Grid Infrastructure home owner

  • Oracle Database home owners

To provision user access to tfactl:

  1. To list the users who have access to tfactl:
    tfactl access lsusers
  2. To add a user to access tfactl:
    tfactl access add –user user [-local]

    By default, access commands apply to cluster-wide unless –local is used to restrict to local node.

  3. To remove a user from accessing tfactl:
    tfactl access remove –user user [-local]
  4. To remove all users from accessing tfactl:
    tfactl access removeall [-local]
  5. To reset user access to default:
    tfactl access reset