Role based access control in Oracle VM using Enterprise Manager 12c
By Ronen Kofman on Nov 28, 2011
Enterprise Managers lets you control any element in the environment and define which users can do what on each element. We will show here an example on how to set up RBAC (Role Base Access Control) for Oracle VM using Enterprise Manager, this will be a very simplified explanation to help you get going. For more comprehensive explanations please refer to the Enterprise Manager User Guide.
OK, first some basic Enterprise Manager terminology:
Target – any element in the environment is a target – server, pool, zone, VM etc.
Administrators – these are the Enterprise Manager users who can login to the platform.
Roles – roles are privilege profiles which could be applied to Administrators.
The first step will be to discover the virtual environment and bring it in to Enterprise Manager, this process is simple and can be done in two ways:
Work on your Oracle VM manager, set it up until you feel comfortable and then register it in Enterprise Manager
Use Enterprise Manager and build it all from there.
In both cases we will be able to see the same picture from Oracle VM and from Enterprise Manager, any change made in one will be reflected in the other.
Oracle VM Manager:
Once you have your virtual environment set up in Enterprise Manager it is time to start associating VMs with users (or Administrators as they are called in Enterprise Manager). Enterprise Manager allows us to connect to multiple different identity services and import users from them but the simplest way to add Administrators is just go to setup->security->Administrators and create new Administrator.
The creation wizard will walk you through several stages and allow you to assign role(s) to your newly created Administrator, using roles can really shorten the process if done multiple times. When you get to “Target Privileges” stage, scroll down to the bottom to the “Target Privileges” section. In this section you can add targets (virtual machine in our case) and define the type of privileges you would like to assign to the Administrator which you are creating. In this example I chose one of the VMs and granted full privileges to the newly created Administrator.
Administrator creation wizard "Target Privileges":
Now when you login as the newly created administrator, you will only see the VM that was assign to you and will be able to have full control over it.
That’s it, simple and straight forward, Enterprise Manager offers many more things which I skipped here but the point is that if you need role based access control Enterprise Manager can give it to you in a very easy way.
Oh and one more thing, virtualization management in Enterprise Manager has no license cost, sweet.