The SharePlex security groups provide access control to the SharePlex command and control system. Without proper configuration of these groups, anyone with permissions on the system can use the commands that view, configure, and control data replication.
To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher.
Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.
Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.
Auth level | User type | User group | User roles |
---|---|---|---|
1 | Administration | spadmin* |
You need at least one user with Administrator rights on each source and target system. Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:
The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file. On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation. |
2 | Operator | spopr | Can issue all SharePlex commands except those listed above. |
3 | Viewer | spview | Can view lists, status screens, and logs to monitor replication only. |
Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.
Where and when to create the SharePlex groups on Unix and Linux depends on whether you install SharePlex as a root or non-root user.
* The groups must exist because the installer adds the SharePlex Administrator user to the spadmin group during the installation process. In a cluster, this user is only added to the primary node. You must add the SharePlex Administrator user to the other nodes.
To create the groups in /etc/group
# groupadd spadmin
# groupadd spopr
# groupadd spview
To assign a user to a group
Add the Unix or Linux user name to the appropriate group. To assign a list of user names to a group, use a comma-separated list (see the following example).
spadmin:*:102:spadmin,root,jim,jane,joyce,jerry
If the password field is null, no password is associated with the group. In the example, the asterisk (*) represents the password, “102” represents the numerical group ID, and spadmin is the group. The group ID must be unique.
Save the file.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
On Windows, the SharePlex groups are created in the Windows User Accounts control panel by the SharePlex installer. To assign users to these groups, use that control panel after you install SharePlex.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center