2 Replies Latest reply: Jul 30, 2013 8:31 AM by BrianPa RSS

    EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user


      Hi all,


      I'm running EM12cR3 ( on Linux x86-64 (SLES 11) with an EE repository database.


      Since upgrading to EM12cR3, it appears that I can no longer edit customized compliance standard rules as any user other SYSMAN.  Doing so worked just fine with my regular administrator account (which has the EM_ALL_ADMINISTRATOR role) prior to the upgrade.  If I edit the rule as SYSMAN, everything works as expected.


      Does anybody else see similar behavior or have a fix for it?  Is there perhaps some other role or privilege I am missing?


      Here's what I've tried without any luck:

      • Granting my user account the EM_COMPLIANCE_DESIGNER role
      • Granting my user account the Create Compliance Entity, Full any Compliance Entity, and View any Compliance Framework EM resource privileges
      • Creating a new user account with all of the mentioned privileges
      • Logging out and bouncing the OMS between each of these steps


      When I try to edit a compliance standard rule as a non-SYSMAN user I am able to step through the entire process, hit Save at the end, and I receive the message that the rule was updated successfully.  But when I view the rule again afterward, I cannot see the changes.  I have only confirmed that this happens when editing the SQL used to pull the compliance data out of the repository, I haven't checked if items like changing the rule priority are similarly impacted.

        • 1. Re: EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user



          What user is the Author of the compliance rule? I am guessing it is SYSMAN.


          If so, there is a bug in which non-SA users cannot save changes to rules/standards/frameworks for which they are not the author regardless of roles/privileges.

          If you add Super Administrator to the user you will be able to save changes to that rule even not being owner. I am not suggesting this as a workaround but just saying this is something you can do to verify the bug.


          We will get this fixed as soon as possible.


          • 2. Re: EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user

            Hi Dave,


            I apologize for the delay in responding.  Your response never showed up in my communications tab and I didn't manually check this thread again until now. 


            I've tried this a few different ways, both attempting to edit a compliance rule owned by SYSMAN and another compliance rule owned by my regular, non-super administrator account.  The rule edit did not stick either way, so it seems I am unable to edit rules even if my account is the owner.  I did file a sev-4 SR on this (3-7587998331) and the support analyst made the same suggestion that you did, to try editing the rule as a super administrator account that is not SYSMAN.  That succeeded as expected. 


            I've just uploaded some OMS debug logs to the SR taken while attempting to edit a rule, where I see an ORA-20221 coming from SYSMAN.EM_CHECK line 120.  This may be the same, or a different bug, since you mentioned that you would expect a non-SA user to be able to edit a rule which they do own, which is not what I'm seeing.


            Thank you for the response!