Oracle Enterprise Manager User Management, part 1

One of the first things that should be done in Enterprise Manager is to create users other than the super user sysman. You should only use this for what it is created for, namely system maintenance, and the password should only known by a few people in your organization. Now how do you create new users? Do I have to create users?

For your administrators you should create users directly in Enterprise Manager:

The WebLogic server that Enterprise Manager runs on top of has the ability to use several authentication sources such as Active Directory and LDAP servers. Although users being cached, the catch is that these authentication sources needs to be reachable for the user to log into Enterprise Manager. If your AD is up 100% and you can guarantee that you never ever will experience network outages or other issues, then by all means go ahead and use AD for everything but I like to have the option to be able to log into my system even with all network cables disconnected. That's why you should create at least some of your admin users locally in Enterprise Manager, and you need them to be able to set privileges to your AD users too.

Just to get started, there is a perfectly simple recipe here on how to configure EMCC with AD.



Afterwards you should look into groups; normal groups, dynamic groups and admin groups.