Enterprise Managers let’s you control any element in the
environment and define which users can do what on each element. We will show here
an example on how to set up RBAC (Role Base Access Control) for Oracle VM using
Enterprise Manager, this will be a very simplified explanation to help you
get going. For more comprehensive explanations
please refer to the Enterprise Manager User Guide.
OK, first some basic Enterprise Manager terminology:
Target – any element in the environment is a target –
server, pool, zone, VM etc.
Administrators – these are the Enterprise Manager users who
can login to the platform.
Roles – roles are privilege profiles which could be applied
to Administrators.
The first step will be to discover the virtual environment
and bring it in to Enterprise Manager, this process is simple and can be done
in two ways:
Work on your Oracle VM manager, set it up until you feel
comfortable and then register it in Enterprise Manager
Use Enterprise Manager and build it all from there.
In both cases we will be able to see the same picture from Oracle VM and from Enterprise Manager, any change made in one will be reflected in the other.
Oracle VM Manager:
Enterprise Manager:
Once you have your virtual environment set up in Enterprise
Manager it is time to start associating VMs with users (or Administrators as
they are called in Enterprise Manager). Enterprise Manager allows us to connect
to multiple different identity services and
import users from them but the simplest way to add Administrators is just go to
setup->security->Administrators and create new Administrator.
The creation wizard will walk you through several stages and
allow you to assign role(s) to your newly created Administrator, using roles can really shorten the process if done multiple
times. When you get to “Target Privileges” stage, scroll down to the bottom to the
“Target Privileges” section. In this section you can add targets (virtual machine
in our case) and define the type of privileges you would like to assign to the
Administrator which you are creating. In this example I chose one of the VMs
and granted full privileges to the newly created Administrator.
Administrator creation wizard "Target Privileges":
Now when you login as the newly created administrator, you
will only see the VM that was assign to you and will be able to have full
control over it.
That’s it, simple and straight forward, Enterprise Manager offers
many more things which I skipped here but the point is that if you need role based
access control Enterprise Manager can give it to you in a very easy way.
Oh and one more thing, virtualization management in Enterprise
Manager has no license cost, sweet.
