Creating Cloud Users and Administrators will be one of the first
tasks when setting up a new Exalogic 2.1 environment. We will step
through the simple process of creating users and describe a few
key user types. Initially we will need to login as either the root
user or the exl-admin user, that is a user with the User Admin Role.
Before adding users to the Exalogic 2.1 environment they must exist as either local users on the physical machine running the Exalogic Control Virtual Server or existing within an appropriate repository, LDAP etc, used by the machine for authentication. This is required because Enterprise Manager Ops Centre 12c (EMOC) does not store any account authorisation information instead this is left tot he underlying OS. It is assumed within this blog that this has been done.
To create a user simply open the "Administration" Accordion (Drawer), expand the Enterprise Controller then select "Local Users. This will present you with the following
You can see from the image that we have 3 options for Adding a
user and selection of any of these will display the following
Dialog.
As mentioned earlier the User Name must match that of an OS based
account to provide the authentication but we will need to specify
the EMOC account Roles and these will defined what
functionality the new user can access.
This user type can be created by adding the "Cloud Admin" to the
selected roles, when creating a user, and will provide access to
the Management functionality below vDC Management thus allowing
for the creation of new accounts and resources. It should be noted
that a Cloud Administrator can administer all user accounts within
the system.
The Cloud User is allowed to simply access the vDC accounts that
they have been given access to by a Cloud Administrator. For each
of the accounts they will be able to:
The
Network Administrator will be used to create additional EoIB networks
to be used by the Virtual Servers to access the external network.
Although by default the installation of Exalogic 2.1 will provide a
small EoIB management network this is not intended to be used for
external access from within Virtual Servers. Instead 1 or more VLAN
Tagged networks should be created prior to building the Virtual Server
infrastructure.
Before adding users to the Exalogic 2.1 environment they must exist as either local users on the physical machine running the Exalogic Control Virtual Server or existing within an appropriate repository, LDAP etc, used by the machine for authentication. This is required because Enterprise Manager Ops Centre 12c (EMOC) does not store any account authorisation information instead this is left tot he underlying OS. It is assumed within this blog that this has been done.
To create a user simply open the "Administration" Accordion (Drawer), expand the Enterprise Controller then select "Local Users. This will present you with the following
Cloud Administrator
This user type can be created by adding the "Cloud Admin" to the
selected roles, when creating a user, and will provide access to
the Management functionality below vDC Management thus allowing
for the creation of new accounts and resources. It should be noted
that a Cloud Administrator can administer all user accounts within
the system. Cloud User
The Cloud User is allowed to simply access the vDC accounts that
they have been given access to by a Cloud Administrator. For each
of the accounts they will be able to:- Create Private vNets
- Create vServers
- Manage vServer Life Cycle
- ManageVolumes
- Create Distribution Groups
- Upload Templates
Network Administrator
The
Network Administrator will be used to create additional EoIB networks
to be used by the Virtual Servers to access the external network.
Although by default the installation of Exalogic 2.1 will provide a
small EoIB management network this is not intended to be used for
external access from within Virtual Servers. Instead 1 or more VLAN
Tagged networks should be created prior to building the Virtual Server
infrastructure.Role Permissions
Hello, in my Exalogic server when I tried to add a new account (we just have the root and admin account) I got the error "10229".
ReplyDeleteSays to me "Specified user name TEST does not match a system account. (10229)"
Any ideas?
Regards
The account TEST needs to be created as a unix user on the EC vm before it can be added to EMOC.
ReplyDelete