Amazon RDS User Permissions and Requirements

The following user requirements and minimum database privileges and permissions are required for Oracle GoldenGate to capture from and apply to an Amazon RDS for SQL Server database:

Create a dedicated login for Oracle GoldenGate for Amazon RDS for SQL Server.
Add the login as a user to the msdb database and to the source or target database.
Create a schema in the source or target database, to be used for objects required for Oracle GoldenGate. This schema should map to the GGSCHEMA value used in the GLOBALS parameter file.
Enable the following privileges and permissions for the Oracle GoldenGate user based on whether the user is for an Extract, or for a Replicat.

Table 3-5 Privileges and Permissions for Oracle GoldenGate User

Privilege	Extract	Replicat	Syntax
msdb Database Roles and Privileges
`EXECUTE ON rds_cdc_enable_db`	Yes	No	`GRANT EXECUTE ON msdb.dbo.rds_cdc_enable_db TO gguser;` Database administrators with master credentials can manually enable the database for Change Data Capture using the following command, which would negate the need for the Extract user to have this permission: `EXEC msdb.dbo.rds_cdc_enable_db ‘source_database’`
`SQLAgentOperatorRole`	Yes	No	`ALTER ROLE SQLAgentOperatorRole ADD MEMBER gguser;`
`SQLAgentUserRole`	Inherited	Yes	`ALTER ROLE SQLAgentUserRole ADD MEMBER gguser;`
`SELECT ON sysjobactivity`	Yes	No	`GRANT SELECT ON msdb.dbo.sysjobactivity TO gguser;`
`SELECT ON sysjobs`	Yes	No	`GRANT SELECT ON msdb.dbo.sysjobs TO gguser;`
User Database Roles and Privileges
`DBOWNER`	Yes	Yes	`ALTER ROLE db_owner ADD MEMBER gguser;`