Creating a read only EM account along with viewing databases performance pages and generate AWR and ASH reports looks a piece of cake task, but this took me long time to figure it out, so I thought to write this post about it.
Login to your OEM console: i.e. https://xxx:7803/em
Login as admin account i.e. sysman
Go to Setup -> Security -> Administrators
-> Click on Create
(Enter the username and password)
-> Next (leave the default roles EM_USER, Public)
-> Next
Check the following:
Connect to any viewable target
Monitor Enterprise Manager
View any Target
Go down the page to "Target Privileges" section:
Click Add to add all databases the user will need to access
A new window will popup, check all the databases the user will need to access then click Select
Then Check the databases and under the tab "Manage Target Privilege Grants" click the pen
Then Select: [Of course you will need to follow all the pages to check all the privileges you need]
Connect Target, View Database Actions, View Database ADDM, View Database Advanced Queues, View Database Alert Logs, Manage Database ASH Reports, View Database ASH Reports and Analytics, Manage Database AWR Settings, View Database AWR Reports, View Database Backup, View Database Clients, View Database Links, View Database Dimensions, View Database Directory Objects, View Database Feature Usage, View High Availability Console, View Database indexes, View Database In Memory Setting, View Database Memory Usage, View Database Modules, View Database Materialized Views, View Database Packages and Package Bodies, View Database Performance Home Page, View Database Performance Privilege Group, View Database Optimizer Statistics, View Database Procedures and Functions, View Database Redo Logs, View Database Resources, View Database Roles, View Database Scheduler, View Database Schema Privilege Group, View Database Segments, View Database Sequences, View Database Services, View Database Sessions, View Database SQL Performance Analyzer, View Database SQL Monitor, View Database SQL Plan Control, Use Database SQL Tuning Advisor, View Database SQL Tuning Sets, View Database SQLs, View Database Storage Privilege Group, View Database Synonyms, View Database Table Data, View Database Tables, View Database Tablespaces, View Database Text Indexes, View Database Top Activity, View Database triggers, View Database Types, View Database Users, View Database Workspaces, View XML Database
Click Continue
This will allow the user to have a Read Only privilege on the selected DB along with generating AWR & ASH reports.
-> Next
-> Next
-> Finish
In case you need to create a similar EM user with similar privileges like the one you already created, you don't have to go through this daunting task again, just go to Setup -> Security -> Administrators
Check the user you want to create like and Click on "Create Like" button
-> Enter Name & Password
-> Click Review at the most right side of the page
-> Finish
That one was easy!
Login to your OEM console: i.e. https://xxx:7803/em
Login as admin account i.e. sysman
Go to Setup -> Security -> Administrators
-> Click on Create
(Enter the username and password)
-> Next (leave the default roles EM_USER, Public)
-> Next
Check the following:
Connect to any viewable target
Monitor Enterprise Manager
View any Target
Go down the page to "Target Privileges" section:
Click Add to add all databases the user will need to access
A new window will popup, check all the databases the user will need to access then click Select
Then Check the databases and under the tab "Manage Target Privilege Grants" click the pen
Then Select: [Of course you will need to follow all the pages to check all the privileges you need]
Connect Target, View Database Actions, View Database ADDM, View Database Advanced Queues, View Database Alert Logs, Manage Database ASH Reports, View Database ASH Reports and Analytics, Manage Database AWR Settings, View Database AWR Reports, View Database Backup, View Database Clients, View Database Links, View Database Dimensions, View Database Directory Objects, View Database Feature Usage, View High Availability Console, View Database indexes, View Database In Memory Setting, View Database Memory Usage, View Database Modules, View Database Materialized Views, View Database Packages and Package Bodies, View Database Performance Home Page, View Database Performance Privilege Group, View Database Optimizer Statistics, View Database Procedures and Functions, View Database Redo Logs, View Database Resources, View Database Roles, View Database Scheduler, View Database Schema Privilege Group, View Database Segments, View Database Sequences, View Database Services, View Database Sessions, View Database SQL Performance Analyzer, View Database SQL Monitor, View Database SQL Plan Control, Use Database SQL Tuning Advisor, View Database SQL Tuning Sets, View Database SQLs, View Database Storage Privilege Group, View Database Synonyms, View Database Table Data, View Database Tables, View Database Tablespaces, View Database Text Indexes, View Database Top Activity, View Database triggers, View Database Types, View Database Users, View Database Workspaces, View XML Database
Click Continue
This will allow the user to have a Read Only privilege on the selected DB along with generating AWR & ASH reports.
-> Next
-> Next
-> Finish
In case you need to create a similar EM user with similar privileges like the one you already created, you don't have to go through this daunting task again, just go to Setup -> Security -> Administrators
Check the user you want to create like and Click on "Create Like" button
-> Enter Name & Password
-> Click Review at the most right side of the page
-> Finish
That one was easy!