When implementing the ‘DevOps’ way of working you would want to be able to setup Enterprise Manager to support you in that…
When considering database management;
- Administrators, granted the ‘Developer’ role should be able to Stop/Start ‘Developer’ and ‘Test’ database and only ‘view’ ‘Acceptance’ and ‘Production’ databases
- Administrators, granted the ‘Operator’ role should be able to Stop/Start ‘Acceptance’ and ‘Production’ database and only ‘view’ ‘Development’ and ‘Test’ databases
We need to do the following setup in EM:
Create dynamic groups based on the target lifecycle stages Development, Test, Acceptance (Stage) and Production. The best way to do this would be by creating an Administration Group, that includes the Lifecycle Stage in one of the levels.
Create a ‘Developer’ and ‘Operator’ role and grant target privileges as desired
As you can see the ‘Developer’ role EM_RL_DBA_DEVL is granted Manage Database High Availability Privilege Group on all Development and Test targets.
Notice, groups DEV TARGETS and TST TARGETS have been used to grant the target privileges.
This would include the following privileges:
- Manage Database Advanced Queues
- Manage Database Upgrades
- Database Startup Shutdown
- Manage Database Resources
- Perform Database Recovery
- View Database High Availability Privilege Group
- Manage Database Backup/Recovery
- Manage Cluster Database Operations
- Convert Database to Cluster Database
The ‘Operator’ role EM_RL_DBA_OPER is granted Manage Database High Availability Privilege Group on all Acceptance (Staging) and Production targets.
Notice, groups ACC TARGETS and PRD TARGETS have been used to grant the target privileges.
For this example, we have limited ourselves using only the Manage Database High Availability Privilege Group privilege. Obviously, we could have used any combination of the 160+ available privileges for a database.
Assign the proper role to Administrators
Next, we need to assign these roles to our administrators.
Administrator DBA_DEVL_USER1 has been granted the EM_RL_DBA_DEVL role
Administrator DBA_OPER_USER1 has been granted the EM_RL_DBA_OPER role
Check DevOps behavior
We will now connect to the EM13c console as administrator DBA_DEVL_USER1
If we now navigate to the Database targets page we would see all databases:
When right clicking on ‘Development’ database orclref1 we see that this administrator is allowed to Stop/Start the database
However, when selecting the same menu option for ‘Production’ database orclref2 we notice that the Startup/Shutdown option has been ‘grayed out’ meaning the option is unavailable…