ALTER CREDENTIALSTORE
Use the ALTER CREDENTIALSTORE command to configure database
credentials for Oracle GoldenGate. You can also use this command to manage user ID and
password pairs in the credential store. This command enables you to add credentials to the
credential store and to specify different aliases for connecting to the database.
See Add and Alter Database Credentials to configure the database connections from the MA web interface.
The use of a credential store is not supported for the NonStop platforms.
Syntax
Admin Client Syntax:
ALTER CREDENTIALSTORE {
ADD USER userid | REPLACE USER userid | DELETE USER userid }
[NOPASSWORD | PASSWORD password]
[ALIAS alias]
[DOMAIN domain]-
ADD USER userid -
Note:
In MA,ADD USERwithALIASas email id, will fail. However, it works in Classic Architecture.Adds the specified user and its alias to the credential store. If the
ALIASoption is not used, the alias defaults to the user name. A credential can only be entered once unless theALIASoption is used to specify a different alias for each one. Unless thePASSWORDoption is used, the command prompts for the password of the specified user. The user can be an actual user name or a SQL*Net connect string.For multitenant databases with different users for the CDB and the PDB, you need to specify
@TNS_Service_Namewhen adding a user to the credential store. -
REPLACE USERuserid -
Changes the password of the specified user. If the
ALIASoption is not used, the alias defaults to the user name. You cannot change the alias or domain of a user with this option, but you can use theADD USERoption to add a new entry for the user under the desiredALIASorDOMAIN. Unless thePASSWORDoption is used, the command prompts for the new password for the specified user. -
DELETE USERuserid -
Removes the credential for the specified user from the credential store. If the
ALIASoption is not used, the alias defaults to the user name. If the user ID and alias are not the same, you must specify both user ID and alias. For example:ALTER CREDENTIALSTORE DELETE USER c##ggadmin alias ggadmin -
NOPASSWORD | PASSWORDpassword -
Specify the user's password using the
PASSWORDoption. The password is echoed (not obfuscated) when this option is used. If this option is omitted, the command prompts for the password, which is obfuscated as it is typed (recommended as more secure).Oracle GoldenGate 23c supports a maximum password length of 1024 bytes.
The
NOPASSWORDoption is the alternative to thePASSWORDoption when using external authentication because password is not required for external authentication such as using Kerberos authentication or IDCS. After theNOPASSWORDoption is set, theDBLOGINcommand can be used to access the database without a password.Also see USERIDALIAS parameter in the Reference for Oracle GoldenGate.
-
ALIASalias -
Specifies an alias for the user name. Use this option if you do not want the user name to be in a parameter file or command. If
ALIASis not used, the alias defaults to theUSERname, which then must be used in parameter files and commands where a login is required. You can create multiple entries for a user, each with a different alias, by using theADD USERoption withALIAS. -
DOMAINdomain -
Saves the credential user under the specified domain name. Enables the same alias to be used by multiple Oracle GoldenGate installations that use the same credential store. The default domain is
Oracle GoldenGate. For example, the administrators of system 1 might not want system 2 to have access to the same credentials that are used on system 1. Those credentials can be stored asALIAS pdbeast, for example, underDOMAIN system1, while a different set of credentials can be stored forALIAS pdbwestunderDOMAIN system2.
Examples
-
The following example (Admin Client) adds a user named
ggadminbut with external authentication and therefore uses theNOPASSWORDoption.ALTER CREDENTIALSTORE ADD USER /@ggadmin nopassword alias pdbeastThe output shows:
2020-06-22T21:08:33Z INFO OGG-15102 Credential store created.Running the
INFO CREDENTIALSTOREcommand, you can check the add user to the credentialstore:INFO CREDENTIALSTORE Default domain: OracleGoldenGate Alias: pdbeast Userid: /@ggadminAfter you update the credentialstore to use the
NOPASSWORDoption, you can use theDBLOGINcommand with Kerberos authentication for your database.DBLOGIN USERIDALIAS pdbeastOutput:
Successfully logged into database pdbeast.
-
This example adds a user named
ggadminbut omits thePASSWORDspecification, so the command prompts for pggeast's password.ALTER CREDENTIALSTORE ADD USER ggadmin Password: ******** -
This example adds the user
ggadminwith his passwordtigerand specifies the alias aspdbeast.ALTER CREDENTIALSTORE ADD USER ggadmin PASSWORD tiger ALIAS pdbeast -
This example adds the user
ggadminunder the domain ofOracleGoldenGate.ALTER CREDENTIALSTORE ADD USER ggadmin ALIAS pdbeast DOMAIN OracleGoldenGate Password: ******** -
This example issues two
ALTER CREDENTIALSTOREcommands, each of which adds aggadminentry, but with a different alias.ALTER CREDENTIALSTORE ADD USER ggadmin ALIAS pdbeast Password: ******** ALTER CREDENTIALSTORE ADD USER ggadmin ALIAS pdbwest Password: ******** -
The following shows how the
DELETE USERoption works with and without theALIASoption.The following command deletes the
user1entry for which theALIASis the same as the user name.ALTER CREDENTIALSTORE DELETE USER ggadmin Alias: pdbeast Userid: ggadminThe following command deletes the entry for user
ggadminthat is associated with the aliaspdbeast.ALTER CREDENTIALSTORE DELETE USER ggadmin ALIAS pdbeast Alias: pdbeast Userid: ggadmin -
This example uses a SQL*Net connect string as the user value. In this case, the
PASSWORDoption is omitted. The person issuing the command is prompted for the password, which is hidden.ALTER CREDENTIALSTORE ADD USER ggadmin@pdbeast ALIAS pdbeast