To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher.
Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.
Description of the SharePlex security groups
Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.
User Authorization Levels and Roles
| 1 |
Administration |
spadmin* |
You need at least one user with Administrator rights on each source and target system.
Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:
- startup, shutdown
- all configuration commands relating to an active configuration
- all parameter commands except list param
- start capture
- stop capture
- abort capture
- truncate log
The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file.
On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation. |
| 2 |
Operator |
spopr |
Can issue all SharePlex commands except those listed above. |
| 3 |
Viewer |
spview |
Can view lists, status screens, and logs to monitor replication only. |
Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.
Where and when to create the SharePlex groups on Unix and Linux depends on whether you install SharePlex as a root or non-root user.
- If you install as non-root, create the groups in the /etc/group file before you run the SharePlex installer. In a cluster, create them on all nodes.*
- If you install SharePlex as a root user, you can direct the installer to create the groups in the /etc/group file. If you install in a cluster, the installer creates the groups on the primary node, but you must create them yourself on the other nodes.
* The groups must exist because the installer adds the SharePlex Administrator user to the spadmin group during the installation process. In a cluster, this user is only added to the primary node. You must add the SharePlex Administrator user to the other nodes.
To create the groups in /etc/group
# groupadd spadmin
# groupadd spopr
# groupadd spview
To assign a user to a group
- Open the /etc/group file.
-
Add the Unix or Linux user name to the appropriate group. To assign a list of user names to a group, use a comma-separated list (see the following example).
spadmin:*:102:spadmin,root,jim,jane,joyce,jerry
If the password field is null, no password is associated with the group. In the example, the asterisk (*) represents the password, “102” represents the numerical group ID, and spadmin is the group. The group ID must be unique.
-
Save the file.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
On Windows, the SharePlex groups are created in the Windows User Accounts control panel by the SharePlex installer. To assign users to these groups, use that control panel after you install SharePlex.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
Start replication on your production systems
This chapter contains instructions for the initial startup of replication from a source database to a target database on production systems.
Contents
