| Oracle® GoldenGate Veridata Administrator's Guide 11g Release 2 (11.2.1.0.0) Part Number E29092-01 |
|
|
PDF · Mobi · ePub |
| Oracle® GoldenGate Veridata Administrator's Guide 11g Release 2 (11.2.1.0.0) Part Number E29092-01 |
|
|
PDF · Mobi · ePub |
This chapter explains how to set security for Oracle GoldenGate Veridata.
This chapter includes the following sections:
When using Oracle GoldenGate Veridata, you will be selecting, viewing and storing data values from the tables or files of your business applications. Care must be taken to protect access to the following components:
The files, programs, and directories in the Oracle GoldenGate Veridata installation directories
Data files that contain the results of data comparisons
The Oracle GoldenGate Veridata Web User Interface, where data values can be viewed
This section describes how to secure you business data and control access to the Oracle GoldenGate Veridata installation directories and user interface.
Standard operating system permissions apply to the programs, files, and directories within the Oracle GoldenGate Veridata Server and Web User Interface, and Oracle GoldenGate Veridata Agent installation directories. You should adjust the permissions for these objects based on your business security rules.
Oracle GoldenGate Veridata Server creates data files that will contain sensitive application data. By default, these files reside in the shared/data directory within the Oracle GoldenGate Veridata Server installation directory, but the person who installed the software might have installed them in a different location. All of the sub-directories within that directory contain files that may reflect business data.
The types of files that contain sensitive data are:
The comparison report (rpt sub-directory)
The out-of-sync report (oosxml and oos sub-directories)
These files inherit the same file permissions as those of the user that runs the Oracle GoldenGate Veridata Server installation program. Do not change the permissions, or Oracle GoldenGate Veridata may be unable to maintain them. These files should be kept just as secure as you would keep your business data. Users of Oracle GoldenGate Veridata Web do not require access to these files because they see the same information through the client interface.
You can assign security roles to the users of Oracle GoldenGate Veridata to control their access to the functions that are performed by the software, some of which expose selected data values from the database. These roles are:
Administrator: The administrator role is the highest-level security role in Oracle GoldenGate Veridata. This role can perform all of the functions that configure, execute, and monitor Oracle GoldenGate Veridata.
PowerUser: The power user role is the second-highest role in Oracle GoldenGate Veridata. This role can perform all of the functions that configure, execute, and monitor Oracle GoldenGate Veridata from the Oracle GoldenGate Veridata Web User Interface, but this role cannot perform any configuration functions for the Oracle GoldenGate Veridata Server.
ReportViewer: The report viewer role cannot perform functions that configure Oracle GoldenGate Veridata or execute jobs. This role can only view configuration and job information, and view comparison reports.
DetailReportViewer: The detail report viewer role cannot perform any functions that configure Oracle GoldenGate Veridata or execute jobs. This role can only view configuration and job information, and view comparison reports and out-of-sync report information through the Oracle GoldenGate Veridata Web User Interface or at the file level.
Security is controlled through the Administration Tool of the Apache Tomcat Web Server. From this interface, a user with the administrator role can:
Create a user and assign it a security role.
Create user groups and assign them security roles. Users can be added to these groups without being given a security role. A user inherits the role of its group.
Create a user and assign it a security role, and then add that user to a group. The user inherits the role of its group and keeps its individual role.
Note:
You should back up the conf directory prior to changing the server configuration or Tomcat users.
To open the Apache Tomcat Web Server Administration Tool
Connect to the Apache Tomcat Web Server from a browser by typing the following address:
http://hostname:port/admin
Where:
hostname is the name or IP address of the system where the Oracle GoldenGate Veridata server and web components are hosted, and port is the port number assigned to Oracle GoldenGate Veridata Server (default is 8830).
Log on to the Apache Tomcat Web Server Administration Tool as an Oracle GoldenGate Veridata administrator user. A default administrator user was created during the installation of Oracle GoldenGate Veridata.
In the navigation pane, click to expand User Definition. From this node, all user resources are managed.
Under User Definition, click Groups. Existing groups are displayed and can be edited by clicking their names.
From the Group Actions list, select Create New Group.
Under Group Properties, type a name for the group (no spaces, case sensitive) in the Group Name box and (optional) a description in the Description box.
Under Role Name, select the check box next to the role you want to assign to the group. You can select any role that is listed in Section 8.3, "Securing access to Oracle GoldenGate Veridata Web".
Click Save to save the group.
When finished using the Apache Tomcat Web Server Administration Tool, click Commit Changes to save the changes to the repository. To make any more changes after you commit the changes, you must log in again.
Under User Definition, click Users.
To edit a user, click its name. To add a new user, select Create New User from the User Actions list.
Under User Properties, type:
User Name: A name for the user (no spaces, case-sensitive)
Password: A password for the user (no spaces, case-sensitive).
Full Name: (Optional) the name of the person who is this user.
To assign the user to a group, click the check box next to the name of the group under Group Name. Linking a user to a group is optional. The user inherits the default role of the group.
To assign a role to this user, click the check box next to the name of the role under Role Name. You can select any role that is listed in Section 8.3, "Securing access to Oracle GoldenGate Veridata Web."
Click Save to save the user.
When finished using the Apache Tomcat Web Server Administration Tool, click Commit Changes to save the changes to the repository. To make any more changes after you commit the changes, you must log in again.
You can change the passwords that allow users access to the Veridata Web User Interface and those that access the repository.
User passwords can be changed in the Oracle GoldenGate Veridata Web User Interface by selecting the Change Password option of the Options/Settings menu item. Refer to the online Help for more information.
A valid repository database password must be stored in Oracle GoldenGate Veridata to allow it to access the database. This repository database password is initially set based on user entries during the installation. It is stored in an Oracle Wallet created by the installation program.
If the repository database password changes after installation, the vericom program is used to change the corresponding password stored in Oracle GoldenGate Veridata.
Before you begin you must know the changed password that is currently valid for the database of the repository.
Navigate to the Oracle GoldenGate Veridata installation directory.
Enter one of the following commands to request a change to the repository password currently stored in Oracle GoldenGate Veridata:
On Windows:
Shell> vericom.bat -reset_password [password]
On UNIX or Linux:
Shell> vericom.sh -reset_password [password]
If you do not enter a password on the command line, you will be prompted to enter one once vericom starts.
After you enter the password, vericom connects to the database to verify the password is valid.
To activate the change, bring down the Oracle GoldenGate Veridata Web User Interface and restart.
See Section 10.2 for more information on running vericom.
|
 Copyright © 2005, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|