Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Exalogic
Creating Users and Roles - Part 3
Creating
Cloud Users
Now
we should be connected as the Exalogic Systems Administrator, so that we can
create Cloud Users. To create the cloud
users CloudUser1 and CloudUser2, you can follow these steps.
1.
Use the ELAdmin user account to log into the BUI Exalogic Control.
http://<EMOC_IP>
<EMOC_IP>
is the IP address that was assigned to the Enterprise Controller, when running
ECU to configure and bring up the Exalogic Control. Use the password “ovsroot”. This URL is redirected to a more secure URL: https://<EMOC_IP>/emoc
2. You should get to the home page, click on
“Administration” on the left navigation pane.
3.
Click on “Local Users”, under the Enterprise Controller. The Local Users page is displayed. Before you try to create a user in Exalogic
control, make sure that the user exists on the virtual machine, where the
Enterprise Manager Ops Center Enterprise Controller is running.
4.
Click the “Add Users” icon, under “Users and Notification Profiles”. You can also click on “Add User” on the
“Operate pane”. Either way the Add User
screen is displayed.
5.
Do the following to add a cloud user.
. In the user name (CloudUser1) in the User
Name field.
. From the list of Available Roles, and
select the Cloud User role, and move it to the Selected Roles by clicking the
right arrow.
. Click on the “Add User” button. The Cloud User CloudUser1 is created. You will find the user CloudUser1 listed in
the Users and Notification Profiles page.
6.
Do the same to create Cloud User “CloudUser2”, with Cloud User permissions.
Adding
Users from a Directory Server
It
is possible to add a Directory Server to Exalogic control. Then users and roles can be added to the
Exalogic Control from the directory server.
When users are added from a Directory Server, they to start with will
have a complete set of privileges, for each of the roles that have been
assigned to them.
Before
you add the remote Directory Server to Oracle Exalogic Control, you must
configure it:
1.
Start by creating the following user groups on the Directory Server:
. EXALOGIC_ADMIN
. CLOUD_ADMIN
. CLOUD_USER
2.
Now you continue by adding users to these groups. The users within each of the groups are given
the corresponding role.
Adding
a Directory Server
There
are a few steps to add a directory in Exalogic Control.
1.
Log into the BUI of Exalogic Control with the root user. http://<EMOC_IP>.
<EMOC_IP>
is the IP address that was assigned to the Enterprise Controller, when running
ECU to configure and bring up Exalogic Control.
Use the password “ovsroot”. The
URL is redirected to:
https://<EMOC_IP>/emoc
2.
Select “Administration” in the Navigation Pane.
3.
Click on the “Directory Servers” entry.
4.
Click on the “Add Directory Server” icon.
The Remote Directory Server Connection Settings page is displayed.
5.
You will need to enter the connection settings:
Name
|
This
is the name of the Directory Server
|
Hostname
|
The
Host Name of the Directory Server
|
Port
|
The
port number that is going to be used to access the directory server
|
Use
SSL
|
Select
this option, if you want to use SSL to connect to the directory server
|
Username
|
The
user name to be used to access the directory server
|
Password
|
The
password to be used to access the directory server
|
6.
Click on the Next button. The Remote
Directory Server Schema Settings page is displayed.
7. You need to enter the following schema
settings:
Root suffix
|
This is the root node of the directory tree
for the user search
|
User search DN
|
This is the subnode in which to search for
users
|
User search scope
|
This is the scope for the user search. Acceptable values are
base
one
subtree
baseObject
singleLevel
wholeSubtree
subordinateSubtree
|
User search filter
|
This is a LDAP search filter which users
must meet for inclusion
|
8.
Click on the Next button. The
summary page is displayed.
9. Now you need to review the summary. When you are finished you can click on “Add
Directory Server”.
Synchronizing
Remote Users and Roles
You
can synchronize Exalogic Control with one of the directory servers, or with all
of the directory servers. This process
will update the list of users and roles to match the directory server’s current
information.
To
synchronize Exalogic Control with a single directory server you can follow the
following steps:
1.
Log into the BUI of Exalogic Control with the root user account. http://<EMOC_IP>, and use the ovsroot
password.
2.
Select “Administration” from the Navigation pane.
3.
Click on “Directory Servers”. The list
of directory servers is displayed.
4.
From the list select a Directory Server and click on the “Sync Remote Users and
Roles” icon. A confirmation window is
displayed.
5.
Click on the OK button.
Synchronizing
Exalogic Control with all Directory Servers
You should synchronize the Exalogic Control with all the
directory servers as follows:
1. Log in to the BUI Exalogic Control with the root user
account. http://<EMOC_IP>
Use the password ovsroot.
2. Select “Administration” from the Navigation pane.
3. Click on
“Directory Servers”. The list of
directory servers is displayed.
4. In the Actions pane, click on “Sync All Remote Users and
Roles”. A confirmation windows will be
displayed.
5. Click on the OK button and you are done.
Roles and Permissions
Exalogic
Systems Administrator
Exalogic
Systems Administrator has the following permissions:
READ
|
WRITE
|
ASSET_MGMT
|
CREDENTIAL_MGMT
|
DIRECTORY_SERVER_MGMT
|
JOB_MGMT
|
NETWORK_DOMAIN_CREATION
|
NETWORK_DOMAIN_DELETION
|
NETWORK_DOMAIN_MGMT
|
NETWORK_DOMAIN_USAGE
|
OVM_MANAGER_MGMT
|
OVM_MANAGER_USAGE
|
PDU_MGMT
|
PDU_USAGE
|
PROFILE_PLAN_MGMT
|
REPORT_MGMT
|
SERVER_DEPLOYMENT
|
STORAGE_MGMT
|
NETWORK_MGMT
|
NETWORK_CREATION
|
NETWORK_DELETION
|
NETWORK_USAGE
|
FABRIC_CREATION
|
FABRIC_DELETION
|
FABRIC_MGMT
|
FABRIC_USAGE
|
STORAGE_CREATION
|
STORAGE_DELETION
|
STORAGE_USAGE
|
PROXY_CONTROLLER_MGMT
|
USER_MGMT
|
ROLE_MGMT
|
SERVICE_REQUEST
|
STORAGE_SERVER_USAGE
|
STORAGE_SERVER_MGMT
|
SERVER_USAGE
|
SERVER_MGMT
|
OPERATING_SYSTEM_USAGE
|
OPERATING_SYSTEM_MGMT
|
SWITCH_USAGE
|
LINK_AGGREGATION
|
UPDATE_FIRMWARE
|
OPERATION_EXECUTION
|
EC_REGISTRATION
|
EC_HTTP_PROXY_MGMT
|
EC_ENERGY_COST_MGMT
|
Cloud
Administrator
Cloud
Administrator has the following permissions:
READ
|
SERVER_POOL_MGMT
|
SERVER_POOL_USAGE
|
VIRTUALIZATION_HOST_MGMT
|
VIRTUALIZATION_HOST_USAGE
|
VIRTUALIZATION_GUEST_CREATION
|
VIRTUALIZATION_GUEST_DELETION
|
VIRTUALIZAITON_GUEST_MGMT
|
VIRTUALIZATION_GUEST_USAGE
|
STORAGE_MGMT
|
STORAGE_USAGE
|
NETWORK_MGMT
|
NETWORK_USAGE
|
FABRIC_MGMT
|
FABRIC_USAGE
|
LINK_AGGREGATION
|
IPMP_GROUPS
|
SERVER_MGMT
|
SEVER_USAGE
|
OPERATING_SYSTEM_USAGE
|
OPERATING_SYSTEM_MGMT
|
STORAGE_SERVER_USAGE
|
SWITCH_MGMT
|
SWITCH_USAGE
|
CLOUD_MGMT
|
WRITE
|
Cloud User
Cloud User has the following
permissions:
READ
|
VIRTUALIZATION_GUEST_MGMT
|
VIRTUALIZATION_GUEST_USAGE
|
STORAGE_USAGE
|
NETWORK_USAGE
|
FABRIC_USAGE
|
SERVER_USAGE
|
OPERATING_SYSTEM_USAGE
|
OPERATING_SYSTEM_MGMT
|
STORAGE_SERVER_MGMT
|
STORAGE_SERVER_USAGE
|
SWITCH_USAGE
|
CLOUD_USAGE
|
WRITE
|
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
No comments:
Post a Comment