Subscribe to Blog via Email
I talk a lot about Enterprise Manager 12c, from the OMS all the way to the EM CLI and the Agent, but I was discussing some interesting history with the account used by the OEM Management Agent- the DBSNMP account.
The origination of the DBSNMP account was to support Oracle SNMP, (Simple Network Management Protocol.) Back in Oracle 7-8i days, this account was vulnerable to all kinds of nasty issues and there were steps that administrators needed to take to secure it- from making the snmp_rw.ora file inaccessible except to the ORACLE OS user, (residing in the $ORACLE_HOME/rdbms/admin directory) to stopping the listener and the “Intelligent Agent” back then to update passwords and lock everything else down, not to mention how many patches have been released to assist.
The DBSNMP was *the* account used by the Oracle’s Intelligent Agent which connected automatically to remote servers and provided information to Enterprise Manager earlier incarnations. The DBSNMP account is still used by OEM via the Management Agent for instance/node target discovery and connectivity by the OMS to the target instance/node.
The DBNSMP user was one of those accounts that was granted the SELECT ANY DICTIONARY privilege and was set during many installations of Oracle’s RDBMS to be locked upon completion of the installation process. Forward thinking on the administrator’s part these days, should ensure that this account is both configured with a secure password, unlocked, as well as set to a proper profile, (vs. DEFAULT) that doesn’t lock and expire the account after 90 days. If you have to ask why, consider how many times I’ve had folks ask me why a target was unreachable and I found the DBSNMP account locked.
The user is created as part of the catalog.sql call and the unique script that creates it in the Oracle home is $ORACLE_HOME/rdbms/admin/catsnmp.sql.
DBSNMP.MGMT_SNAPSHOT_xxx: Tables containing all snapshot information
DBSNMP.MGMT_BASELINE_xxx: Tables containing information regarding baselines.
DBSNMP.MGMT_CAPTURE_xxx: Tables containing statistical information captured.
DBSNMP.MGMT_RESPONSE_xxx: Tables contain info regarding instance bounce
DBSNMP.MGMT_LATEST_xxx: Each table houses the information for the metric named in the table.
DBSNMP.MGMT_HISTORY_xxx: Historical information for the type of table named.
PRIVILEGE -------------------------------------------------------------------------------- CREATE PROCEDURE UNLIMITED TABLESPACE SELECT ANY DICTIONARY CREATE TABLE OEM_MONITOR EXECUTE on SYS.DBMS_SERVER_ALERT EXECUTE on SYS.DBMS_MANAGEMENT_PACKS SELECT on APPQOSSYS.WLM_CLASSIFIER_PLAN SELECT on APPQOSSYS.WLM_METRICS_STREAM SELECT on APPQOSSYS.WLM_MPA_STREAM SELECT on APPQOSSYS.WLM_VIOLATION_STREAM EXECUTE on SYSMAN.MGMT_EMREP_OOB_MONITORING
With the DB Console gone, what does this mean for the new, evolved Enterprise Manager Database Express? EM Express still is dependent upon the DBNSMP user and to find out if you have it installed and configured in DB12c is a quick query run away:
select dbms_xdb_config.gethttpsport() from dual;
If it comes back without a value or error, nope, you need to run through the steps here to get it set up.
So always remember to keep the following as part of your checklist or even better, set up in a template, (the less manual, the less human error!):