Wednesday, December 31, 2014

Oracle Enterprise Manager Security– Disable SYSMAN access

In Enterprise Manager 12c SYSMAN user is the schema owner and as a best practice all the users should log in using their own individual accounts. To enforce this you can prevent SYSMAN from login into the console and/or emcli by setting SYSTEM_USER to -1 in the MGMT_CREATED_USERS table:

UPDATE MGMT_CREATED_USERS
SET SYSTEM_USER=’-1’
WHERE user_name=’SYSMAN’


To re-enable the access just set it to 1.

UPDATE MGMT_CREATED_USERS
SET SYSTEM_USER=’1’
WHERE user_name=’SYSMAN’


Refer to Oracle Support’s note:

How To Disable SYSMAN & SYSTEM Users from Logging into Grid Console? (Doc ID 867360.1)

Thanks,

Alfredo