Chat now with support
Chat mit Support

SharePlex 10.2 - Administration Guide

About this Guide Conventions used in this guide Revision History Overview of SharePlex Run SharePlex Run multiple instances of SharePlex Execute commands in sp_ctrl Set SharePlex parameters Configure data replication Configure replication to and from a container database Configure named queues Configure partitioned replication Configure replication to a change history target Configure a replication strategy Configure DDL replication Configure error handling Configure data transformation Configure security features Start replication on your production systems Monitor SharePlex Prevent and solve replication problems Repair out-of-sync data Tune the Capture process Tune the Post process Recover replication after Oracle failover Make changes to an active replication environment Apply an Oracle application patch or upgrade Back up Oracle data on the source or target Troubleshooting Tips Appendix A: Peer-To-Peer Diagram Appendix B: SharePlex environment variables

Assign SharePlex users to security groups

Contents

 

Overview

The SharePlex security groups provide access control to the SharePlex command and control system. Without proper configuration of these groups, anyone with permissions on the system can use the commands that view, configure, and control data replication.

Overview of SharePlex security groups

To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher.

Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.

Description of the SharePlex security groups

Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.

User Authorization Levels and Roles
Auth level User type User group User roles
1 Administration spadmin*

You need at least one user with Administrator rights on each source and target system.

Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:

  • startup, shutdown
  • all configuration commands relating to an active configuration
  • all parameter commands except list param
  • start capture
  • stop capture
  • abort capture
  • truncate log

The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file.

On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation.

2 Operator spopr Can issue all SharePlex commands except those listed above.
3 Viewer spview Can view lists, status screens, and logs to monitor replication only.

Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.

Create and populate SharePlex groups on Unix and Linux

Where and when to create the SharePlex groups on Unix and Linux depends on whether you install SharePlex as a root or non-root user.

  • If you install as non-root, create the groups in the /etc/group file before you run the SharePlex installer. In a cluster, create them on all nodes.*
  • If you install SharePlex as a root user, you can direct the installer to create the groups in the /etc/group file. If you install in a cluster, the installer creates the groups on the primary node, but you must create them yourself on the other nodes.

* The groups must exist because the installer adds the SharePlex Administrator user to the spadmin group during the installation process. In a cluster, this user is only added to the primary node. You must add the SharePlex Administrator user to the other nodes.

To create the groups in /etc/group

# groupadd spadmin

# groupadd spopr

# groupadd spview

To assign a user to a group

  1. Open the /etc/group file.
  2. Add the Unix or Linux user name to the appropriate group. To assign a list of user names to a group, use a comma-separated list (see the following example).

    spadmin:*:102:spadmin,root,jim,jane,joyce,jerry

    If the password field is null, no password is associated with the group. In the example, the asterisk (*) represents the password, “102” represents the numerical group ID, and spadmin is the group. The group ID must be unique.

  3. Save the file.

Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.

Create and populate SharePlex groups on Windows

On Windows, the SharePlex groups are created in the Windows User Accounts control panel by the SharePlex installer. To assign users to these groups, use that control panel after you install SharePlex.

Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen