This discussion is archived
3 Replies Latest reply: Sep 16, 2013 9:47 AM by Courtney Llamas RSS

Not showing users on "Add Grant" option

Vitor Jr. Newbie
Currently Being Moderated

First of all, sorry for my pour english.

I'm trying to do some exercices with EM Cloud Control 12c. One is:

 

b. Specify who can share, edit or even delete this shared credential using one of the three

privileges (Full, Edit, View).

• SYS user with Full privilege will be able to use, edit and delete the credential.

• SYSTEM user with Edit privilege will be able to use and edit the credential.

1) Click “Add Grant” then select the user SYS to be added in the Access Control list.

2) Repeat this operation to add the user SYSTEM.

By default, the selected users are granted the View privilege only.

3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.

Choose Full and click OK.

4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change

Privilege”. Choose Edit and click OK.

3. Test against the orcl database instance, click Test and Save until you get the following

message: Confirmation Credential Operation Successful. This means that the credential

was successful and saved.

 

When I try to add grant I can't see the users, like this:

https://dl.dropboxusercontent.com/u/23080098/erro_cloud_control_12c.jpg

 

Can someone help me with this?

 

Thanks in advance.

 

Regards

Vitor Jr

  • 1. Re: Not showing users on "Add Grant" option
    Courtney Llamas Journeyer
    Currently Being Moderated

    This should be looking for EM users, not database users.  SYS is not a valid EM user that you should be logging in to EM with and using named credentials.   Go to Setup -> Security -> Administrators, and create a new Admin, grant them Named Credential privilege if you want them to be able to create their own credentials.  Then as your user/sysman, grant that new user the access to the credential you created.   You should find them in the list now.

  • 2. Re: Not showing users on "Add Grant" option
    Vitor Jr. Newbie
    Currently Being Moderated

    Hi CourtneyLlamas. Thanks for your reply and again sorry for my english!

    I'm trying to do some exercices from Oracle Database 12c: New Features for Administrators (D77758GC10) traininig, and the exercice says:

     

    'Practice 1-3: Creating New Named Credentials

    Overview

    In this practice, you create the credorcl credential used for any connection as SYS user

    sharable in the database instance orcl.

    Assumptions

    You completed the practice 1-2 to add the orcl database instance as a new target monitored

    by Enterprise Manager Cloud Control.

    Tasks

    1. Navigate to Setup > Security > Named Credentials.

    2. Click Create.

    a. Enter the following values, then complete the Access Control section:

    Field Choice or Value

    General Properties

    Credential Name credorcl

    Credential description Credentials for Database

    Authenticating Target Type Database Instance

    Credential type Database Credentials

    Scope Target

    Target type Database Instance

    Target Name orcl (Click the magnifying glass

    to find orcl and select)

    Credential Properties

    Username SYS

    Password oracle_4U

    Confirm Password oracle_4U

    Role SYSDBA

    b. Specify who can share, edit or even delete this shared credential using one of the three

    privileges (Full, Edit, View).

    • SYS user with Full privilege will be able to use, edit and delete the credential.

    • SYSTEM user with Edit privilege will be able to use and edit the credential.

    1) Click “Add Grant” then select the user SYS to be added in the Access Control list.

    2) Repeat this operation to add the user SYSTEM.

    By default, the selected users are granted the View privilege only.

    3) To grant Full privilege to SYS, select the SYS user and click “Change Privilege”.

    Choose Full and click OK'

    4) To grant Edit privilege to SYSTEM, select the SYSTEM user and click “Change

    Privilege”. Choose Edit and click OK.

    3. Test against the orcl database instance, click Test and Save until you get the following

    message: Confirmation Credential Operation Successful. This means that the credential

    was successful and saved.'

     

    I'm logged with SYSMAN account, like the exercice asks, and I'm trying to Add Grant to user SYS. The exercice is wrong? Am I doing something wrong?

     

    Thanks in advance.

     

    Regards

    Vitor Jr

  • 3. Re: Not showing users on "Add Grant" option
    Courtney Llamas Journeyer
    Currently Being Moderated

    In this example, the sys user is the named credential input for username.  Not the administrator in EM that has access to that Named Credential.   To complete this properly you will need to create an EM administrator as I mentioned (say Vitor).   Then create the named credential with sys/pwd as the input, and grant Vitor access to the named credential.  

     

    Keep in mind there are two categories of accounts that you will deal with:

    EM Administrators - created in EM, grant privs to targets and resources within EM  (sysman is the main account, but you should create unique accounts for users). this is the login account to EM. 

    Target Credentials - db accounts such as sys, dbsnmp, etc needed to authenticated into the target itself (performance page, tablespaces, storage, etc.) or host accounts (root, oracle, etc.).  this is the login account to the target.

     

    The named credential is storing the target credentials, but granting a particular EM Administrator access to that set of target credentials.

    Take a look at this screenwatch as well, might help clarify -

    https://apex.oracle.com/pls/apex/f?p=44785:24:0::NO:24:P24_CONTENT_ID,P24_PREV_PAGE:5460,1

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points