Monthly Archive: January 2016

Enterprise Manager 13c – Disable the BI Publisher

The BI Publisher will be started automatically during the startup process of the Enterprise Manager 13c. You don’t like the BI Publisher or you don’t use it? Save the resources, speed up your startup process, disable it. The password of the database repository owner SYSMAN is required.

Verify the Status – the BI Publisher is up and running

Disable the BI Publisher

Verify the Status again

If you want to enable the BI Publisher again, the command is listed below the emctl output.


I have tested the start of the Oracle Enterprise Manager in my local virtual machine environment (VMWare Workstation,15GB Memory, 4 Cores, SSD) with and without the BI Publisher. The difference:

BI Publisher enabled – 4 Minutes and 18 Seconds

BI Publisher disabled – 3 Minutes and 6 Seconds

Link to the Oracle Documentation


If you don’t use it – disable it.

Enterprise Manager 13c – Change Memory Settings with emctl

In Enterprise Manager Grid Control 11g, changes in the Oracle Management Server JVM memory settings could be done in a file called located in a domain subdirectory like /u00/app/oracle/product/gc_inst/user_projects/domains/GCDomain/bin/

And after an OMS restart, the JVM has used this new settings for the OMS.  Since 12c, it can be done by an emctl command.

emctl – Get your actual Settings OMS_HEAP_MAX

emctl – Change the Value

For example, the Memory will be resized to 2304M.


Restart your Oracle Management Server. In one of my tests this did not work. The OMS still used the old memory value. Another start/stop with emctl stop oms -all has worked.

The new value is now active:

In Linux, you can search for the java process with ps -ef | grep “java -server -Xms256M -Xmx”  – here are the first lines from my output where the Xmx parameter is located:

As you can see, the -Xmx Parameter is now set to 2304M, the Java virtual machine for EMGC_OMS1 is now using 2304M.


Enterprise Manager Cloud Control Advanced Installation and Configuration Guide – Sizing Your Enterprise Manager Deployment

Hostname in Oracle Enterprise Linux 7 anpassen – hostnamectl

In Oracle Enterprise Linux 6 konnte man den Hostname beispielsweise mit Tools wie system-config-network oder durch editieren vom /etc/sysconfig/network File anpassen. In der Version 7 kann der Hostname mit dem Tool hostnamectl geändert werden. Ein Editieren vom Network-File funktioniert nicht mehr, der Hostname wird aus dem File /etc/hostname abgeleitet.

Auszug aus den Oracle Enterprise Linux 7 Release Notes –


Nebst hostnamectl gibt es mit Tools für den NetworkManager wie nmtui und nmcli weitere Möglichkeiten, den Hostname anzupassen.

Anzeigen vom Hostname mit hostnamectl

Neben dem eigentlichen Hostname werden noch Zusatzinformationen der Plattform angezeigt. Das gute alte hostname Kommando funktioniert natürlich weiterhin.

Ändern vom Hostname Online

Der Hostname kann online geändert werden, nach einem erneuten Login wird auch der Prompt richtig angezeigt. Ist der Hostname in /etc/hosts eingetragen, so muss dieser Eintrag auch angepasst werden !

Variante 1: hostnamectl set-hostname – ändert den Hostname ein /etc/hostname

Anzeige vom alten Hostname:

Setzen vom neuen Hostname:

Das File /etc/hostname wurde angepasst:

Der neue Hostname ist ab sofort gültig, nach dem erneuten Login wird der Prompt und der neue Hostname angezeigt:

Variante 2: Editieren vom File /etc/hostname und Service neu starten

Anzeigen vom neuen Hostname im geänderten /etc/hostname:

Neustart vom Service:

Der neue Hostname ist ab sofort gültig, nach dem erneuten Login wird der Prompt und der neue Hostname angezeigt:



My Oracle Support – How to Configure hostname in Oracle Linux 7 (Doc ID 2049221.1)

Oracle Enterprise Manager 13c – KILL SESSION for Application Administrators – Part 1

Basically to execute a ALTER SYSTEM KILL SESSION command you have to be a) a DBA or b) you need the ALTER SYSTEM privilege. Granting the ALTER SYSTEM privilege to a Non-DBA has big risks. This user is now able to change a lot of parameters like memory parameters, NLS settings etc.

In one of my projects, a small team of well known application administrators is having a read-only account in Enterprise Manager 12c to verify the performance, see the user sessions and many more of their subset of databases. And sometimes, they have to kill a hanging Oracle session. Until now they called the DBA: “Please do it for me”. Sure, we can build a small PL/SQL procedure on every database and give them the executions rights so they can kill a session in their terminal theirself. But this is not very user friendly.

Here is an approach to manage the small path between security and manageability. I am aware that this is – like we say in Switzerland – a “Kompromiss”. But in fact we have implemented this solution in a production environment two months ago without any negative impacts.

Note: All the steps which are show below in Enterprise Manager 13c can be executed in 12c too.

The Concept

  • we create a new database user in the target databases
  • we create a new role with ALTER SYSTEM privilege in the target databases
  • we enable auditing for ALTER SYSTEM commands in the target databases
  • we create a new Enterprise Manager role for the application administrators
  • we create a new named credential with the new user and grant it to the application administrators
  • we build an Enterprise Manager report which shows us the ALTER SYSTEM actions based on a metric extension

The New Database User

This user has to be created in every target database.

The New Database Role

This role has to be created in every target database.

Grant role to the user:

Enable Auditing for ALTER SYSTEM Commands


Verify the enabled audit settings:

Verify the audit parameterin the target database. If audit_trail is not set to EXTENDED, the SQL command which was executed is not recorded. How it works with Unified Auditing will be verified in a later blog post.

In the example below you can see the difference in the column SQL_TEXT.

Enterprise Manager Role

Setup – Security – Role – Create


Set name and description – Next




Activate the checkbox for the privilige Connect to any viewable target and scroll down


Add database targets and set the Manage Targets Privilege Grants

  • For EM12c use: View
  • For EM13c use: Manage Database Sessions




Select the user to grant the role – Next




The role is now created and be granted to a user.


Enterprise Manager Named Credential

The application adninistrators don’t have to know the password for the created user with the ALTER privileges. We create a named credential and give the admins the permission to use it.

Setup – Security – Named Credentials – Create

Set Credential Name, Authenticated Target Type, Credential Type and set Scope to Global. The Credential Properties are according to our new created user APPL_ADMIN.

Scroll down to set Access Control


Add Grant


Search for the user, in my case it is APPL_BERGER



Feel free to test ist against a target which contains the APPL_ADMIN user.




Now we test the configuration. The role APPL_ADMIN was granted to my user APPL_BERGER. On the target database TVD12 user SCOTT has locked some data.


On the target site we go to the Blocking Sessions page


The Named Credential is already filled in.



Select the session – Kill Session


Confirm the action to kill the selected session immediate – Yes


Session has been killed.



On the target database, an audit record was generated. Login as user SYS and execute this query. You can see the TIME, the USERNAME, the EM13c USERNAME in column CLIENT_ID and the SQL statement which was executed in background.

Summary – Part 1

As I said in the introduction, giving some other users than DBAs the ALTER SYSTEM privilege is risky. But when the DBAs and application adminstrators are working as a team, then this can be a possible solution to make their daily business easier.

In the next blog post I will show how you can create a Enterprise Manager report based on a Metric Extension to produce daily reports of the ALTER SYSTEM actions.