Table of Contents
- Title and Copyright Information
- Preface
- 1 Security Overview
-
2
Security Features
-
Configuring Authentication
- Supported Authentication Schemes
- Creating a New Administrator
- Deleting an Administrator
- Enterprise User Security Based Authentication
- Oracle Internet Directory (OID)
- Microsoft Active Directory Based Authentication
- External Authorization using External Roles
- Mapping LDAP User Attributes to Enterprise Manager User Attributes
- Changing User Display Names in Enterprise Manager
- Configuring Other LDAP/SSO Providers
- Configuring Enterprise User Security based Authentication
- Restoring to the Default Authentication Method
- Configuring Privileges and Role Authorization
-
Configuring Secure Communication
- About Secure Communication
- Enabling Security for the Oracle Management Service
- Securing the Oracle Management Agent
- Managing Agent Registration Passwords
- Restricting HTTP Access to the Management Service
-
Enabling Security for the Management Repository Database
- About Oracle Advanced Security and the sqlnet.ora Configuration File
- Configuring the Management Service to Connect to a Secure Management Repository Database
- Enabling Oracle Advanced Security for the Management Repository
- Enabling Security for a Management Agent Monitoring a Secure Management Repository or Database
- Custom Configurations
- Secure Communication Setup Tools
- Configuring Third Party Certificates
-
Configuring and Using Target Credentials
-
Credential Subsystem
- Named Credentials
- Privileged Credentials
- Monitoring Credentials
- Preferred Credentials
- Saving Preferred Credentials for Hosts and Oracle Homes
- Saving Preferred Credentials to Access My Oracle Support
- Managing Credentials Using EM CLI
-
Host Authentication Features
- Setting Up SSH Key-based Host Authentication
- Setup Example Session
- Setting Up Host Preferred Credentials Using SSH Key Credentials
- Setting Up Host Preferred Credentials Using SSH Key Credentials (pre-12.1.0.4)
- Authenticating host credentials
- Configuring the PAM "emagent" Service
-
Sudo and PowerBroker Support
- Authentication Utility Tools Configuration
- Sudo Configuration
- Powerbroker Configuration
- Privilege Needed for Creating a Privilege Delegation
- Creating a Privilege Delegation
- Setting Privilege Delegation Templates from Cloud Control
- Setting Privilege Delegation via EM CLI
- Testing Privilege Delegation Settings
- Agent Support for PowerBroker
- Starting an Agent Using Sudo or PowerBroker Credentials
- Creating a Privilege Delegation Setting
-
Credential Subsystem
- Configuring and Using Cryptograhic Keys
- Configuring and Managing Audit
- Additional Security Considerations
-
Configuring Authentication
-
3
Keeping Enterprise Manager Secure
-
Guidelines for Secure Infrastructure and Installations
- Secure the Infrastructure and Operating System
- Securing the Oracle Management Repository
- Securing the Oracle Management Agent
- Secure Communication
- Security Console
- Guidelines for SSL Communication
- Guidelines for Authentication
- Guidelines for Authorization
- Guidelines for Auditing
- Guidelines for Managing Target Credentials
-
Guidelines for Secure Infrastructure and Installations
-
4
Security Best Practices for Database Management in Enterprise Manager
-
Flexible Database Access Control
- Database Management Roles and Responsibilities
- Application DBA Access
- Application Developer Access
- Database Monitoring User Access
- Database Administrator Access
-
Privilege Groups
- Database Application DBA
- Database Application Developer
- Manage Database High Availability Privilege Group
- View Database High Availability Privilege Group
- Manage Database Performance Privilege Group
- View Database Performance Privilege Group
- Manage Database Schema Privilege Group
- View Database Schema Privilege Group
- Manage Database Security Privilege Group
- View Database Security Privilege Group
- Manage Database Storage Privilege Group
- Secured Communication (TCPS) Access to Databases
- Account Management
-
Flexible Database Access Control
- 5 Troubleshooting
- 6 References
- Out-of-Box Roles
- User Access to Database Targets without SYSDBA Privileges
- Privileges
- Audit Operations
- Configuring TLSv1.2 for Communication with the Enterprise Manager Repository
- Index