Make DevOps work in EM13c – Database privileges

devops-em13c

When implementing the ‘DevOps’ way of working you would want to be able to setup Enterprise Manager to support you in that…

When considering database management;

  • Administrators, granted the ‘Developer’ role should be able to Stop/Start ‘Developer’ and ‘Test’ database and only ‘view’ ‘Acceptance’ and ‘Production’ databases
  • Administrators, granted the ‘Operator’ role should be able to Stop/Start ‘Acceptance’ and ‘Production’ database and only ‘view’ ‘Development’ and ‘Test’ databases

We need to do the following setup in EM:

Dynamic Groups

Create dynamic groups based on the target lifecycle stages Development, Test, Acceptance (Stage) and Production. The best way to do this would be by creating an Administration Group, that includes the Lifecycle Stage in one of the levels.

administration-group

Roles

Create a ‘Developer’ and ‘Operator’ role and grant target privileges as desired

roles

em_rl_dba_oper

As you can see the ‘Developer’ role EM_RL_DBA_DEVL is granted Manage Database High Availability Privilege Group on all Development and Test targets.

Notice, groups DEV TARGETS and TST TARGETS have been used to grant the target privileges.

This would include the following privileges:

  • Manage Database Advanced Queues
  • Manage Database Upgrades
  • Database Startup Shutdown
  • Manage Database Resources
  • Perform Database Recovery
  • View Database High Availability Privilege Group
  • Manage Database Backup/Recovery
  • Manage Cluster Database Operations
  • Convert Database to Cluster Database

em_rl_dba_devl

The ‘Operator’ role EM_RL_DBA_OPER is granted Manage Database High Availability Privilege Group on all Acceptance (Staging) and Production targets.

Notice, groups ACC TARGETS and PRD TARGETS have been used to grant the target privileges.

For this example, we have limited ourselves using only the Manage Database High Availability Privilege Group privilege. Obviously, we could have used any combination of the 160+ available privileges for a database.

databaseprivs160

Assign the proper role to Administrators

Next, we need to assign these roles to our administrators.

dba_devl_user1

Administrator DBA_DEVL_USER1 has been granted the EM_RL_DBA_DEVL role

dba_oper_user1

Administrator DBA_OPER_USER1 has been granted the EM_RL_DBA_OPER role

Check DevOps behavior

We will now connect to the EM13c console as administrator DBA_DEVL_USER1

connect-to-the-em13c-console

If we now navigate to the Database targets page we would see all databases:

database-orclref1-control

When right clicking on ‘Development’ database orclref1 we see that this administrator is allowed to Stop/Start the database

database-orclref2-control

However, when selecting the same menu option for ‘Production’ database orclref2 we notice that the Startup/Shutdown option has been ‘grayed out’ meaning the option is unavailable…

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s