1. Oracle GoldenGate Microservices Documentation
  2. Deploy
  3. Add Deployment Users from the Service Manager

Add Deployment Users from the Service Manager

Each deployment has its own set of users with specific roles. The administrator account user, which is created when the Service Manager is created for a host using OGGCA, can log into the Service Manager and other microservices. This user can also create users with specific roles to access or operate Oracle GoldenGate processes. This administrator account user can access all deployments that are added to this existing Service Manager.

However, all subsequent users created from either the Service Manager or Administration Service are associated with the specific deployment. These users are not available with other deployments on the same host server.

The other users are specific to the MA deployment and the security user needs to create users to every MA deployment individually.

You can create users from the Service Manager or the Administration Service. See Add Deployment Users from the Administration Server for steps to create users.

For Oracle database, see Granting the Appropriate User Privileges to learn about specifying database privileges for Oracle GoldenGate.

For non-Oracle databases, see the user privileges section for DB2 z/OS, MySQL, PostgreSQL, SQL Server.

You can create users for that deployment by performing the following steps:

  1. Log in to the Administration Service.

  2. From the left navigation pane, select User Administration.

  3. Click Users (+) to add users.

  4. Enter the following details for the user:

    • Authenticated By: User authentication can be done with a user ID and password method or by using certificates. Select the type of authentication for the user from the drop down.

    • Role: User roles include Administrator, Security, User, and Operator. Select the user role based on the functions that the user needs to be perform. The following table describes these user roles:

      Role ID Privilege Level

      User

      Allows information-only service requests, which do not alter or effect the operation of either the MA. Examples of Query/Read-Only information include performance metric information and resource status and monitoring information.

      Operator

      Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the MA service.

      Administrator

      Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the service.

      Security

      Grants administration of security related objects and invoke security related service requests. This role has full privileges.

    • If you selected the Password option from the Authenticated By drop down, then specify the user ID and password for the Oracle GoldenGate user.

    • If you selected the Certificate option from the Authenticated By drop down, then click Upload to upload the related Certificate or paste it in the text box. This certificate is validated for user authentication when connecting remote deployments. This type of user authernticates itself by presenting a client certificate to the target deployment to allow connectivity. The common name (in the certificate that will be presented such as CN="certuser") is used when setting up the DISTPATH (target authentication method) to connect different source and target deployments.

      Note:

      The certificate is associate with the user and not saved by the Oracle GoldenGate service. When presented for autherntication, the Oracle GoldenGate deployment service first authenticates that the certificate presented can be trusted and then checks to see that the common name in the certificate has been registered as a valid user. If yes, it will assign the appropriate user role.

      If the user needs to set up a trusted CA certificate, then in the CA Certificates section, you can click Enter and paste the CA certificate in the text box. You can also click Upload to upload the CA certificate file.

  5. Click Submit. The new user shows in the list of Users in the Users table.

  6. You can also edit or delete a user from the Action column of the Users table.

    You can switch the User Type from Basic to Certificate or the other way around. You can also change the password for the user, if required.

    Click Submit to confirm the modifications to the user attributes.

Users cannot be changed. You must delete a user, and then add it again. However, you can modify or edit a user's attributes, by clicking the Edit User (pencil) in the Action column of the Users table.

You can switch the authenticated by option from Password to Certificate or the other way around.

You can also change the password for the user, if required.

Click Submit to confirm the modifications to the user attributes.