Emcli creates credentials in Cloud Control

Cloud Control
Hello everyone. Today we would like to share with you a way to create credentials and assign permissions in Cloud Control via command line using the emcli command.

Working with EMCLI

We have carried out a project in which it was necessary to register credentials for sys and system users for all the client’s databases and in this way be able to use a password rotation tool. Having the client more than 300 databases create them manually was not viable, so we have used the emcli utility for these tasks. Through the process that we describe below, you can create the credentials you need without having to register them one by one.

We can get the list of databases in cloud control with the query we used in a previous post.

From this list here we begin to generate the credentials of the two users:

emcli create_named_credential -cred_name=maquina1-bd1-sys -auth_target_type=oracle_database -cred_type=DBCreds -cred_scope=instance -target_name=bd1 -target_type=oracle_database -attributes="DBUserName:sys;DBPassword:Password1;DBRole:SYSDBA"
emcli create_named_credential -cred_name=maquina1-bd1-system -auth_target_type=oracle_database -cred_type=DBCreds -cred_scope=instance -target_name=bd1 -target_type=oracle_database -attributes="DBUserName:system; DBPassword:Password1;DBRole:normal"

We have generated the commands on different lines. You can also use text files to make a batch process. This batch process will load the data without having to format the scripts.

It was also necessary to assign permissions to the Cloud Control user who is in charge of rotation (SECURITY). This part is solved with the following command:

emcli grant_privs -name=SEGURIDAD -privilege="FULL_CREDENTIAL;CRED_NAME=maquina1-bd1-sys:CRED_OWNER=SYSMAN"
emcli grant_privs -name=SEGURIDAD -privilege="FULL_CREDENTIAL;CRED_NAME=maquina1-bd1-system:CRED_OWNER=SYSMAN"

With this last part, the task would be completed. If we have made a mistake, we can delete the credential as follows:

emcli delete_named_credential -cred_owner=sysman -cred_name="maquina1-bd1-sys"

We hope you find it useful.

Greetings and see you next time.

Database Equipment.

Comments are closed.