- Creating a user and group on the operating system with proper privileges to install and run Oracle GoldenGate
- Restricting the operating system users' executions of Oracle GoldenGate commands
Oracle GoldenGate Extract, Replicat, and Manager processes operate as an operating system user that has privileges to read, write, and delete files and subdirectories. Also, the Manager process requires privileges to control the other Oracle GoldenGate processes. Therefore, you need to make sure the operating system user running Oracle GoldenGate can:
- read/write/delete files and sub-directories in Oracle GoldenGate directory
- read/write/delete trail/report/discard etc. file and sub-folders if they are in locations different from the default configuration
- Have read access to the log files, both online and archived. On UNIX systems, that user must be a member of the group that owns the Oracle instance. This is not needed if you use integrated capture.
Oracle GoldenGate allows you to restrict which users (operating system users) have access to which Oracle GoldenGate functions. The configuration is defined in the CMDSEC (command-line security) file . Without this file, access to all Oracle GoldenGate commands is granted to all users. Let's discuss this file with more details.
CMDSEC file is an ASCII file with the name to be CMDSEC. The file needs to be created in the Oracle GoldenGate home directory. The format is defined as:
An example CMDSEC file is shown as follows:
Because this file control operating system users' access to Oracle GoldenGate command, you need to secure the file by making it read-only to only authorized users.