Tags

, ,

Normal Host Credentials

Named credentials can be used across multiple EM targets to simplify administration.  This article will address host / operating system credentials but you can also create database and WebLogic credential sets using the same technique.

You create normal named credential set through the Setup | Security | Named Credentials page.

  1. Press the Create icon from the menu bar
  2. Give it a a meaningful name (oracle_prod, test_credential1, etc)  and description
  3. Select Host from the drop-down
  4. Select Host Credential from the next drop-down
  5. Click the Global radio button for Scope
  6. Enter the Username and Password for the binary owner login
  7. Leave the Run Privilege set to None
  8. Press the Test and Save button to check your inputs against any matching host

Privileged Host Credentials

Privileged credentials allow OEM to manage targets with root privileges using the Privilege Delegation mechanism in Cloud Control. This is handy for agent deployments and indispensable for patching through OEM 12c.

Privilege Delegation mechanism manages either Sudo or Powerbroker.  The examples below use Sudo.

Detailed description of this process is contained in Chapter 2 of Doc E27046-18 Lifecycle Management Administrators Guide, and is a probably available elsewhere.

There are two steps required if you do not have root access.

  1. Grant sudo permission to your account
  2. Build and test the privileged credential set

Setting Sudo

Privilege Delegation works through a package located in each host’s EM agent sbin directory named nmosodu.  Ask your system administrator to grant you NOPASSWD access as root for $AGENT_HOME/sbin/nmosudo *

Oracle Doc ID 1550964.1 describes how to test the sudo privilege

Creating the Privileged Credential Set

You create privileged named credential set through the same Setup | Security | Named Credentials page as before

  1. Press the Create icon from the menu bar
  2. Give it a a meaningful name (oracle_prod_privileged, test_priv_credential, etc)  and description
  3. Select Host from the drop-down
  4. Select Host Credential from the next drop-down
  5. Click the Global radio button for Scope
  6. Enter the Username and Password for the binary owner login
  7. Set the Run Privilege set to Sudo and enter root in the Run as block
  8. Press the Test and Save button to check your inputs against any matching host with the sudo priv listed above

Image