Re: Question on job-system access in OEM

From: Courtney Llamas <COURTNEY.LLAMAS_at_ORACLE.COM>
Date: Mon, 22 Jul 2019 08:20:39 -0500
Message-Id: <B3228358-1CA6-4C87-B311-3162EC106039_at_ORACLE.COM>

What you need to look at is the Private Roles. These allow grants to jobs, credentials, etc. It’s been a while, but I have an example in this deck starting on slide 37 https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide <https://www.slideshare.net/CourtneyLlamas/oracle-enterprise-manager-security-a-practitioners-guide>

Not sure if its changed much, but the docs are included here https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf <https://docs.oracle.com/en/enterprise-manager/cloud-control/enterprise-manager-cloud-control/13.3.1/emsec/emsec-13.3-sp-oracle-enterprise-manager-cloud-control-security-guide.pdf>

> On Jul 19, 2019, at 2:06 PM, Dave Herring <gdherri_at_gmail.com> wrote:
>
> The issue is with permissions/access to the OEM Job scheduling system, not database / DBMS_SCHEDULER.
>
> I believe I found a potential solution - create a role under Setup -> Security -> Role, then on each Job update to allow access by this role, then lastly grant this role to each Administrator as I create them (well, do for one and everyone else is a "Create like").
>
> If there's a better way (other than retro-fitting the existing environments to NOT create and schedule all OEM jobs as SYSMAN) by all means share. Thx.
>
> Dave

>> On 7/19/2019 1:23:13 PM, Mladen Gogala <gogala.mladen_at_gmail.com> wrote:
>> 
>> Version 12.1.0.4? I seem to be a bit behind the latest development. What’s going to happen next? Someone will invent a telephone with a camera which can connect to Internet? 
>> However, try granting your admins SCHEDULER_ADMIN role and CREATE JOB and MANAGE SCHEDULER privileges. That should allow the newly minted admins to perform administrative functions on DBMS_SCHEDULER.
>> Regards
>> 
>> 
>> On 7/19/19 1:57 PM, Dave Herring wrote:
>>> I've got a bit of a newb question related to view-access of other admin's jobs in OEM.  The environment is 12.1.0.4 where all target jobs are created under SYSMAN account.  I'd like to grant a new slew of admins the ability to view these jobs, both the definition in the Job Library along with scheduled and execution history.  I don't see anything that explicitly grants this during Administrator creation so perhaps I'm missing something.  Is it possible to do this?
>>> 
>>> Thx.
>>> 
>>> Dave

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Jul 22 2019 - 15:20:39 CEST

This message: [ Message body ]
Next message: Dave Herring: "Re: Question on job-system access in OEM"
Previous message: Yong Huang: "Re: APEX App to reset own password"
In reply to: Dave Herring: "Re: Question on job-system access in OEM"
In reply to Dave Herring: "Re: Question on job-system access in OEM"
Next in thread: Dave Herring: "Re: Question on job-system access in OEM"
Reply: Dave Herring: "Re: Question on job-system access in OEM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message