Each deployment has its own set of users with specific roles. The administrator account user, which is created when the Service Manager is created for a host using OGGCA, can log into the Service Manager and other microservices. This user can also create users with specific roles to access or operate Oracle GoldenGate processes. This administrator account user can access all deployments that are added to this existing Service Manager.

However, all other users created from either the Service Manager or Administration Service are associated with the specific deployment. These users are not available with other deployments on the same host server.

To create users from the Service Manager or Administration Service:

1. Log in to either the Service Manager or the Administration Service.

2. From the left navigation pane, select Administrator.

3. Click Users (+) to add users.

4. Enter a unique user name.

5. Select one of the roles from the Role list box. The options are User, Operator, Administrator, and Security.

   Table 6-1 Oracle GoldenGate User Roles and Privileges

   Role ID	Privilege Level
   User	Allows information-only service requests, which do not alter or effect the operation of either the MA. Examples of Query/Read-Only information include performance metric information and resource status and monitoring information.
   Operator	Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the MA server.
   Administrator	Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the server.
   Security	Grants administration of security related objects and invoke security related service requests. This role has full privileges.

6. Select the user type from the Type list box as Password or Certificate.

   If you select the user type as Password, then the authentication is done based on the username and password.

   If you select the user type as Certificate, then the user will authenticate itself by presenting a client certificate. After you select the Certificate option, you need to enter the common name (in the certificate that will be presented such CN="certuser").

   Note:

   The certificate is with the user and not saved by the Oracle GoldenGate service. When presented for authentication, the Oracle GoldenGate service first authenticates that the certificate presented can be trusted and then checks if the common name in the certificate has been registered as a valid user. If yes, it will assign the appropriate user role.

7. Enter information that describes the user.

8. Click Submit. The user is registered.