3 Replies Latest reply: Sep 16, 2013 11:47 AM by Courtney Llamas-Oracle RSS

    Not showing users on "Add Grant" option

    Vitor Jr.

      First of all, sorry for my pour english.

      I'm trying to do some exercices with EM Cloud Control 12c. One is:

       

      b. Specify who can share, edit or even delete this shared credential using one of the three

      privileges (Full, Edit, View).

      • SYS user with Full privilege will be able to use, edit and delete the credential.

      • SYSTEM user with Edit privilege will be able to use and edit the credential.

      1) Click “Add Grant” then select the user SYS to be added in the Access Control list.

      2) Repeat this operation to add the user SYSTEM.

      By default, the selected users are granted the View privilege only.

      3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.

      Choose Full and click OK.

      4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change

      Privilege”. Choose Edit and click OK.

      3. Test against the orcl database instance, click Test and Save until you get the following

      message: Confirmation Credential Operation Successful. This means that the credential

      was successful and saved.

       

      When I try to add grant I can't see the users, like this:

      https://dl.dropboxusercontent.com/u/23080098/erro_cloud_control_12c.jpg

       

      Can someone help me with this?

       

      Thanks in advance.

       

      Regards

      Vitor Jr

        • 1. Re: Not showing users on "Add Grant" option
          Courtney Llamas-Oracle

          This should be looking for EM users, not database users.  SYS is not a valid EM user that you should be logging in to EM with and using named credentials.   Go to Setup -> Security -> Administrators, and create a new Admin, grant them Named Credential privilege if you want them to be able to create their own credentials.  Then as your user/sysman, grant that new user the access to the credential you created.   You should find them in the list now.

          • 2. Re: Not showing users on "Add Grant" option
            Vitor Jr.

            Hi CourtneyLlamas. Thanks for your reply and again sorry for my english!

            I'm trying to do some exercices from Oracle Database 12c: New Features for Administrators (D77758GC10) traininig, and the exercice says:

             

            'Practice 1-3: Creating New Named Credentials

            Overview

            In this practice, you create the credorcl credential used for any connection as SYS user

            sharable in the database instance orcl.

            Assumptions

            You completed the practice 1-2 to add the orcl database instance as a new target monitored

            by Enterprise Manager Cloud Control.

            Tasks

            1. Navigate to Setup > Security > Named Credentials.

            2. Click Create.

            a. Enter the following values, then complete the Access Control section:

            Field Choice or Value

            General Properties

            Credential Name credorcl

            Credential description Credentials for Database

            Authenticating Target Type Database Instance

            Credential type Database Credentials

            Scope Target

            Target type Database Instance

            Target Name orcl (Click the magnifying glass

            to find orcl and select)

            Credential Properties

            Username SYS

            Password oracle_4U

            Confirm Password oracle_4U

            Role SYSDBA

            b. Specify who can share, edit or even delete this shared credential using one of the three

            privileges (Full, Edit, View).

            • SYS user with Full privilege will be able to use, edit and delete the credential.

            • SYSTEM user with Edit privilege will be able to use and edit the credential.

            1) Click “Add Grant” then select the user SYS to be added in the Access Control list.

            2) Repeat this operation to add the user SYSTEM.

            By default, the selected users are granted the View privilege only.

            3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.

            Choose Full and click OK'

            4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change

            Privilege”. Choose Edit and click OK.

            3. Test against the orcl database instance, click Test and Save until you get the following

            message: Confirmation Credential Operation Successful. This means that the credential

            was successful and saved.'

             

            I'm logged with SYSMAN account, like the exercice asks, and I'm trying to Add Grant to user SYS. The exercice is wrong? Am I doing something wrong?

             

            Thanks in advance.

             

            Regards

            Vitor Jr

            • 3. Re: Not showing users on "Add Grant" option
              Courtney Llamas-Oracle

              In this example, the sys user is the named credential input for username.  Not the administrator in EM that has access to that Named Credential.   To complete this properly you will need to create an EM administrator as I mentioned (say Vitor).   Then create the named credential with sys/pwd as the input, and grant Vitor access to the named credential.  

               

              Keep in mind there are two categories of accounts that you will deal with:

              EM Administrators - created in EM, grant privs to targets and resources within EM  (sysman is the main account, but you should create unique accounts for users). this is the login account to EM. 

              Target Credentials - db accounts such as sys, dbsnmp, etc needed to authenticated into the target itself (performance page, tablespaces, storage, etc.) or host accounts (root, oracle, etc.).  this is the login account to the target.

               

              The named credential is storing the target credentials, but granting a particular EM Administrator access to that set of target credentials.

              Take a look at this screenwatch as well, might help clarify -

              https://apex.oracle.com/pls/apex/f?p=44785:24:0::NO:24:P24_CONTENT_ID,P24_PREV_PAGE:5460,1