1. Configure OCI Stack Monitoring for a PeopleSoft environment
  2. About Creating Dynamic Groups and Policies

About Creating Dynamic Groups and Policies

To deploy the management agent for the first time in your tenancy, create a Dynamic Group that allows the Management Agent to communicate with the OCI Management Agent Services (MACS). Note that the Dynamic Groups are tenancy-specific and policies are compartment-specific.

Create a Dynamic Group

Create the policies on the compartment where you are discovering the PeopleSoft applications. To Create Dynamic Groups:

  1. Navigate to Oracle Cloud menu.
  2. Select Identity & Security.
  3. Under Identity, select Dynamic Groups.

    Note:

    If you don’t have the necessary tenancy administrative privileges, have your organization's tenancy administrator create the dynamic group.
The following rule defines a Dynamic Group for the resource type managementagent, which belongs to the given compartment from which the management agent will be installed and upload its metrics.
ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1.examplecompartmentid'}

For example: 

ALL {resource.type='managementagent', resource.compartment.id='ocid1.compartment.oc1..aaaaaaaa7uzcx73agiwphhr4t4yhjrtyvpq zyyixd4xxxyyymo3byg2ofogq'}

Create Admin and View Groups

If they don't already exist on your tenancy, you need to create Admin and View groups.

Before you begin, you should consider which groups you need to create. Ideally this will include:
  • StackMonitoringAdminGrp
  • StackMonitoringUserGrp
To create these groups, do the following:
  1. Navigate to Oracle Cloud menu,
  2. Select Identity & Security and then select Groups.
  3. Create desired Admins and Users groups.
  4. Go to Users and add the users to that groups.
  5. Once the groups are created, for example:
    • StackMonitoringAdminGrp
    • StackMonitoringUserGrp
    Edit the users and assign these groups to the users based on the required access level.

Note:

If you don’t have the necessary tenancy administrative privileges, have your organization's tenancy administrator create the groups.

Create Required Policies

Next, you need to create the required policies. IAM policies allow four predefined verbs: inspect, read, use and manage. Inspect allows the minimum privilege and manage allows the maximum.

To create policies, navigate to the compartment, then, under Identity, select Policies then policies.
  • For Dynamic Groups, add these policies. Substitute the Dynamic Group Name and compartment OCID.
    ALLOW DYNAMIC-GROUP Management_Agent_Dynamic_Group TO USE METRICS IN COMPARTMENT compartment_name where target.metrics.namespace = 'oracle_appmgmt'
ALLOW DYNAMIC-GROUP Management_Agent_Dynamic_Group TO {STACK_MONITORING_DISCOVERY_JOB_RESULT_SUBMIT} IN COMPARTMENT compartment_name
  • For Users and Groups, add these policies. Be sure to replace compartment_name with the appropriate value.
    ALLOW GROUP StackMonitoringAdminGrp TO {MGMT_AGENT_DEPLOY_PLUGIN_CREATE, MGMT_AGENT_INSPECT, MGMT_AGENT_READ} IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp TO READ metrics IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp to READ instances IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp to MANAGE external-database-family IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp to MANAGE alarms IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp to USE ons-topics IN COMPARTMENT compartment_name
ALLOW GROUP StackMonitoringAdminGrp to USE ons-topics IN COMPARTMENT compartment_name

For more information on policies required for PeopleSoft applications, see "Getting Started" and "IAM Security Policies", both in the OCI documentation. You can access these documents from "Explore More", elsewhere in this playbook.