If SharePlex cannot connect to a source or target database, you can view the login credentials that are being used for that database by using the connection command with the show option. For example:
sp_ctrl> connection r.mydb show
You can also view connection settings in the connections.yaml file, which is stored in the data sub-directory of the SharePlex variable-data directory. If there are no settings in this file, it means that the SharePlex database setup procedure was not performed on this database.
To view the correct database setup procedure for the database, see SharePlex Reference GuideSharePlex Utilities
You can use the connection command to update connection properties. For more information, see the SharePlex Reference Guide.
The SharePlex PostgreSQL user requires a DBA role with unlimited privileges. The SharePlex user is created with the default PostgreSQL profile under the assumption that the profile has the unlimited resource privileges assigned by PostgreSQL as the default. If SharePlex is unable to interact with PostgreSQL, check to see if the default was changed. If so, assign SharePlex a DBA role with unlimited privileges for all definitions.
The SharePlex security groups provide access control to the SharePlex command and control system. Without proper configuration of these groups, anyone with permissions on the system can use the commands that view, configure, and control data replication.
To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher. Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.
Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.
Auth level | User type | User group | User roles |
---|---|---|---|
1 | Administration | spadmin* |
You need at least one user with Administrator rights on each source and target system. Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:
The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file. On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation. |
2 | Operator | spopr | Can issue all SharePlex commands except those listed above. |
3 | Viewer | spview | Can view lists, status screens, and logs to monitor replication only. |
Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.
Where and when to create the SharePlex groups on Unix and Linux depends on whether you install SharePlex as a root or non-root user.
* The groups must exist because the installer adds the SharePlex Administrator user to the spadmin group during the installation process. In a cluster, this user is only added to the primary node. You must add the SharePlex Administrator user to the other nodes.
To create the groups in /etc/group :
# groupadd spadmin
# groupadd spopr
# groupadd spview
To assign a user to a group:
Add the Unix or Linux user name to the appropriate group. To assign a list of user names to a group, use a comma-separated list (see the following example).
spadmin:*:102:spadmin,root,jim,jane,joyce,jerry
If the password field is null, no password is associated with the group. In the example, the asterisk (*) represents the password, “102” represents the numerical group ID, and spadmin is the group. The group ID must be unique.
Save the file.
Users can verify their authorization levels by issuing the authlevel command in sp_ctrl.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center