About the SharePlex Security Groups
To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher. Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.
Description of the SharePlex security groups
Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.
User Authorization Levels and Roles
| 1 |
Administration |
spadmin* |
You need at least one user with Administrator rights on each source and target system.
Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:
- startup, shutdown
- all configuration commands relating to an active configuration
- all parameter commands except list param
- start capture
- stop capture
- abort capture
- truncate log
The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file.
On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation. |
| 2 |
Operator |
spopr |
Can issue all SharePlex commands except those listed above. |
| 3 |
Viewer |
spview |
Can view lists, status screens, and logs to monitor replication only. |
Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.
Create and Populate SharePlex Groups on Unix and Linux
Where and when to create the SharePlex groups on Unix and Linux depends on whether you install SharePlex as a root or non-root user.
- If you install as non-root, create the groups in the /etc/group file before you run the SharePlex installer. In a cluster, create them on all nodes.*
- If you install SharePlex as a root user, you can direct the installer to create the groups in the /etc/group file. If you install in a cluster, the installer creates the groups on the primary node, but you must create them yourself on the other nodes.
* The groups must exist because the installer adds the SharePlex Administrator user to the spadmin group during the installation process. In a cluster, this user is only added to the primary node. You must add the SharePlex Administrator user to the other nodes.
To create the groups in /etc/group :
# groupadd spadmin
# groupadd spopr
# groupadd spview
To assign a user to a group:
- Open the /etc/group file.
-
Add the Unix or Linux user name to the appropriate group. To assign a list of user names to a group, use a comma-separated list (see the following example).
spadmin:*:102:spadmin,root,jim,jane,joyce,jerry
If the password field is null, no password is associated with the group. In the example, the asterisk (*) represents the password, “102” represents the numerical group ID, and spadmin is the group. The group ID must be unique.
-
Save the file.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
Create and Populate SharePlex Groups on Windows
On Windows, the SharePlex groups are created in the Windows User Accounts control panel by the SharePlex installer. To assign users to these groups, use that control panel after you install SharePlex. Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
Start Replication on your Production Systems
When you activate a configuration, through the activate config command in sp_ctrl, SharePlex does the following:
The activation of a configuration generally proceeds as follows:
1. Assign an activation ID
SharePlex assigns an activation ID number to each configuration activation and its associated replication processes and queues. A configuration can be activated many times, and this ID keeps track of each one.
2. Create an object cache
SharePlex builds an object cache that records the standard metadata needed to support replication: the name, size, and type of columns, NOT-NULL constraints, and whether a column is part of a key. For tables using partitioned replication, additional information is stored.
3. Add a configuration change marker
SharePlex places a configuration-change marker in the data stream. This marker directs sp_cop to generate a new set of replication processes and queues. If another configuration is active for the same datasource, the marker deactivates it, causing the removal of the old processes and queues after the data they contain is posted.
4. Lock the tables, add the activation marker, unlock
(Oracle only) SharePlex locks the tables that are listed in the configuration file so that it can obtain information about them while they are in a read-consistent state. As many tables can be locked concurrently as there are locking threads available. When SharePlex locks a table, it places an activation marker in the data stream that tells the Capture process to start (or stop) replicating that table.
Note: If an application uses NOWAIT locking on tables in the replication configuration, the NOWAIT could fail if it attempts to obtain a lock on an object that is already locked because it is being activated.
SharePlex locks the following:
- All tables added to replication (new and reactivated configurations)
- All tables removed from replication (reactivated configurations)
- All tables where routes changed (reactivated configurations)
Each table is locked for a very short time, just long enough to activate a table. Replication of each table begins as soon as its activation is complete. Should one or more table fail to activate, SharePlex continues with the activation of the other tables. Users can access the data in a source table when the activation lock is released.
