Home > Developer > Database Administrator

OGG security features-use Alibaba sec for permission Control

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

4. Use Alibaba sec for permission Control

GoldenGate can restrict the use of commands by some users. For example, some monitoring users can only use the INFO and STAT commands, rather than the start and stop commands. This is the purpose of limiting the use of commands by limiting the operating system user groups.

GoldenGate creates a file in the installation directory and adds rules to the file to control the use of commands. Each row contains a rule, rules must be written from top to bottom in sequence from the widest control range. Each rule must be separated by spaces. The format of the writing rule is as follows:

Example 21:

<Command name> <command object> <OS group> <OS user> <YES | NO>

Explanation of each option:

<Command name>: A GoldenGate command or a wildcard, such as start, stop, and ,*.

<Command object>: the type or wildcard character of the GoldenGate process group, such as Extract, Replicat, and MGR.

<OS group>: indicates the operating system user group. In UNIX, the user ID can be used instead of the user name, or * is used to represent all user groups.

<YES | NO>: indicates whether the command is open to this user or not.


The following is a simple case of using commands to control users in Linux:

Example 22:

# GG command security command Line

Status replicat * Smith NO -- smith is not allowed to use the STATUS command on the disaster recovery end.

STATUS * dpt1 * YES -- except for the above rules, all users in the dpt1 group can use the status command

Start replicat root * YES -- the user in the root group can use the start Replicat command

Start replicat ** NO -- except for the above rules, all users cannot use the start replicat command

* EXTRACT 200 * NO -- a group with a group id of 200 cannot use commands on the production end.

** Root YES -- the root user can use any command

* *** NO -- except for the above rules, all users cannot use the GoldenGate command.

The secure sec file is the root cause of command line security. You must ensure the security of the file and grant the user the permission to read it, however, users other than the GoldenGate administrator are not allowed to modify or delete this file.


Oracle video tutorial follow: http://u.youku.com/user_video/id_UMzAzMjkxMjE2.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More