2 Replies Latest reply on Jul 30, 2013 1:31 PM by BrianPa

    EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user

    BrianPa
    BrianPa Jul 26, 2013 5:28 PM

      Hi all,

       

      I'm running EM12cR3 (12.1.0.3) on Linux x86-64 (SLES 11) with an 11.2.0.3.7 EE repository database.

       

      Since upgrading to EM12cR3, it appears that I can no longer edit customized compliance standard rules as any user other SYSMAN.  Doing so worked just fine with my regular administrator account (which has the EM_ALL_ADMINISTRATOR role) prior to the upgrade.  If I edit the rule as SYSMAN, everything works as expected.

       

      Does anybody else see similar behavior or have a fix for it?  Is there perhaps some other role or privilege I am missing?

       

      Here's what I've tried without any luck:

      • Granting my user account the EM_COMPLIANCE_DESIGNER role
      • Granting my user account the Create Compliance Entity, Full any Compliance Entity, and View any Compliance Framework EM resource privileges
      • Creating a new user account with all of the mentioned privileges
      • Logging out and bouncing the OMS between each of these steps

       

      When I try to edit a compliance standard rule as a non-SYSMAN user I am able to step through the entire process, hit Save at the end, and I receive the message that the rule was updated successfully.  But when I view the rule again afterward, I cannot see the changes.  I have only confirmed that this happens when editing the SQL used to pull the compliance data out of the repository, I haven't checked if items like changing the rule priority are similarly impacted.

      • 288 Views
      • Tags:
        • 1. Re: EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user
          Davewolf-Oracle
          Davewolf-Oracle Jul 26, 2013 8:37 PM (in response to BrianPa)

          Brian,

           

          What user is the Author of the compliance rule? I am guessing it is SYSMAN.

           

          If so, there is a bug in which non-SA users cannot save changes to rules/standards/frameworks for which they are not the author regardless of roles/privileges.

          If you add Super Administrator to the user you will be able to save changes to that rule even not being owner. I am not suggesting this as a workaround but just saying this is something you can do to verify the bug.

           

          We will get this fixed as soon as possible.

          Dave

          1 person found this helpful
          • 2. Re: EM12cR3: Unable to edit compliance standard rules as non-SYSMAN user
            BrianPa
            BrianPa Jul 30, 2013 1:31 PM (in response to Davewolf-Oracle)

            Hi Dave,

             

            I apologize for the delay in responding.  Your response never showed up in my communications tab and I didn't manually check this thread again until now. 

             

            I've tried this a few different ways, both attempting to edit a compliance rule owned by SYSMAN and another compliance rule owned by my regular, non-super administrator account.  The rule edit did not stick either way, so it seems I am unable to edit rules even if my account is the owner.  I did file a sev-4 SR on this (3-7587998331) and the support analyst made the same suggestion that you did, to try editing the rule as a super administrator account that is not SYSMAN.  That succeeded as expected. 

             

            I've just uploaded some OMS debug logs to the SR taken while attempting to edit a rule, where I see an ORA-20221 coming from SYSMAN.EM_CHECK line 120.  This may be the same, or a different bug, since you mentioned that you would expect a non-SA user to be able to edit a rule which they do own, which is not what I'm seeing.

             

            Thank you for the response!

            -Brian