Working at the Command Line - Oracle Enterprise Manager 12c Command-Line Interface

Database Reference

In-Depth Information

Managing OEM Administrators

The console provides a clear, convenient method for managing OEM administrator accounts, but its flexibility makes

it tremendously inconvenient for creating multiple accounts as you click through all the screens. EM CLI combines

the flexibility inherent in the OEM codebase with the simplicity of the command-line interface.

All of the options defined in the console can be granted as options in EM CLI using the flags shown below.

To create an administrator you only need to give the account a name and password.

emcli create_user -name="SuzyQueue" -password="oracle"

You wouldn't be reading a book from Apress if you were one to ignore user security, so you'll want to expire the

user's new password with the -expired="true" flag, like this:

emcli create_user -name="SuzyQueue" -password="oracle" -expired="true"

Other optional parameters allow you to perform most of the user grants available in the OEM console but without

the click-stream. Both EM CLI and the OMS server use the same codebase, so this should come as no surprise.

Role Management

Enterprise Manager administrators and users are stored as database user accounts in the repository database.

Resist the temptation to grant role privileges through SQL*Plus, since there may be other actions being performed by

OEM's internal security management.

You can add role grants while creating the user by adding the -roles parameter:

emcli create_user -name="SuzyQueue" -password="oracle" \

-roles="em_all_administrator"

You can also modify the user through the grant_roles or revoke_roles verbs:

emcli grant_roles -name="SuzyQueue" -roles="em_all_viewer"

emcli revoke_roles -name="SuzyQueue" -roles="em_all_operator"

We'll discover how to build out a set of administrators using shell scripts in the next chapter.

Tracking Management Server Login

Occasionally you may want to know who is logged in to your management servers. The list_active_sessions verb

provides that information with details if you pass the -details flag, like this:

emcli list_active_sessions -details

OMS Name: myoms.com:4889_Management_Service

Administrator: SYSMAN

Logged in from: Browser@123.45.6.234

Session: F7CA6D7DE88B0917E04312E7510A9E54

Login Time: 2014-04-24 06:46:53.876687

Search WWH ::

Custom Search

Home