2 Replies Latest reply on Jul 22, 2019 7:49 PM by Gurinder Singh Wadhwa

    Review Named credential

    Gurinder Singh Wadhwa

      Hi All,

       

      Do anyone have worked on setting up control gap for Named Credentials?

       

      e.g.

      - Who all have access to Named Credentials

      - What type of access do they have (View, Full etc.)

        • 1. Re: Review Named credential
          Courtney Llamas-Oracle

          I think that all depends on who your users are and what they need to do.   If you want to set credentials for AppDev to use so that they can access perf tools and share an account in read-only mode, then they really only need VIEW, as you'd create and manage the credential.   If you have DBAs who are managing pwds and such, they would probably need EDIT.      If they need to delete, they'd need FULL.    

           

          If you want them to be able to create their own, they need the Named Credential resource priv as well. 

           

           

           

          VIEW: The VIEW privilege is the default privilege level. Grantee administrators with VIEW privilege on a named credential will be able to use that named credential to run jobs, patching operations and other system management activities within Enterprise Manager. The grantee administrator will also be able to view the nonsensitive details (for example, SUDO or PowerBroker and the commands being used) and username of the named credential. The grantee administrator will not be able to view any sensitive information of the named credential such as the password and public/private key.

           

          EDIT: The EDIT privilege level also contains VIEW level privileges. Grantee administrators with EDIT privilege on a named credential can use that named credential to run jobs, patch operations and other management activities within Enter‐ prise Manager. The grantee administrator will also be able to change the sensitive information such as the password, or the public/private key pair of that named credential. The grantee administrator can change both the Credential Type (such as Host or SSH key) of the named credential as well as the username for the credential. The authenticating target type cannot be changed.

           

          FULL: The FULL privilege contains both VIEW and EDIT. Grantee administrators with FULL privilege on a named credential will be able to use that named credential for running jobs, patching operations and other management activities within Enterprise Manager. The grantee administrator will also be able to change the named credential username, sensitive information such as the password or the public/private key pair, and Credential Type (Host, SSH key etc). An administrator with FULL privilege on a named credential will also be able to delete that named credential.

          • 2. Re: Review Named credential
            Gurinder Singh Wadhwa

            Thanks dear for reply,

             

            I am just looking for inventory view which can help me to extract this detail in Repository database.

             

            I spent time and found view (sysman.em_nc_creds), but this alone is serving the whole purpose.

             

            This view doesn't have details of grantee(s).