B.1 tfactl access

Use the tfactl access command to enable non-root users to have controlled access to Oracle Trace File Analyzer, and to run diagnostic collections.

Non-root users can run a subset of tfactl commands. Running a subset of commands enables non-root users to have controlled access to Oracle Trace File Analyzer, and to run diagnostic collections. However, root access is still required to install and administer Oracle Trace File Analyzer. Control non-root users and groups using the tfactl access command. Add or remove non-root users and groups depending upon your business requirements.

Note:

By default, all Oracle home owners, OS DBA groups, and ASM groups are added to the Oracle Trace File Analyzer Access Manager list while installing or upgrading Oracle Trace File Analyzer.

Syntax

tfactl access command [options]
Commands:lsusers|add|remove|block|unblock|enable|disable|reset|removeall
tfactl access lsusers [ -local ]
tfactl access add -user user_name [ -local ]
tfactl access remove -user user_name [ -all ] [ -local ]
tfactl access block -user user_name [ -local ]
tfactl access unblock -user user_name [ -local ]
tfactl access enable [ -local ]
tfactl access disable [ -local ]
tfactl access reset
tfactl access removeall

Parameters

Table B-2 tfactl access Command Parameters

Parameter Description

lsusers

Lists all the Oracle Trace File Analyzer users and groups.

enable

Enables Oracle Trace File Analyzer access for non-root users.

Use the –local flag to change settings only on the local node.

disable

Disables Oracle Trace File Analyzer access for non-root users.

However, the list of users who were granted access to Oracle Trace File Analyzer is stored, if the access to non-root users is enabled later.

Use the –local flag to change settings only on the local node.

add

Adds a user or a group to the Oracle Trace File Analyzer access list.

remove

Removes a user or a group from the Oracle Trace File Analyzer access list.

block

Blocks Oracle Trace File Analyzer access for non-root user.

Use this command to block a specific user even though the user is a member of a group that is granted access to Oracle Trace File Analyzer.

unblock

Enables Oracle Trace File Analyzer access for non-root users who were blocked earlier.

Use this command to unblock a user that was blocked earlier by running the command tfactl access block.

reset

Resets to the default access list that includes all Oracle Home owners and DBA groups.

removeall

Removes all Oracle Trace File Analyzer users and groups.

Remove all users from the Oracle Trace File Analyzer access list including the default users and groups.

Example B-1 tfactl access

To list all the Oracle Trace File Analyzer users and groups.
$ tfactl access lsusers

.---------------------------------.
|     TFA Users in rws1270069     |
+-----------+-----------+---------+
| User Name | User Type | Status  |
+-----------+-----------+---------+
| oradb     | USER      | Allowed |
| oragrid   | USER      | Allowed |
'-----------+-----------+---------'

To add a user, for example, abc to the Oracle Trace File Analyzer access list and enable access to Oracle Trace File Analyzer across cluster.

$ tfactl access add -user abc

To add all members of a group, for example, xyz to the Oracle Trace File Analyzer access list and enable access to Oracle Trace File Analyzer on the localhost.

$ tfactl access add -group xyz -local

To remove a user, for example, abc from the Oracle Trace File Analyzer access list.

$ tfactl access remove -user abc

To block a user, for example, xyz from accessing Oracle Trace File Analyzer.

$ tfactl access block -user xyz

To remove all Oracle Trace File Analyzer users and groups.

$ tfactl access removeall