ACCESSRULE

Valid for Manager

Use ACCESSRULE to control connection access to the Manager process and the processes under its control. You can establish multiple rules by specifying multiple ACCESSRULE statements in the parameter file and control their priority. There is no limit to the number of rules that you can specify. To establish priority, you can either list the rules in order from most important to least important, or you can explicitly set the priority of each rule with the PRI option.

Default

None

Syntax

ACCESSRULE[, PROG program_name][, IPADDR address][, PRI rule][, login_ID]{, ALLOW | DENY}

Argument	Description
PROG program_name	Specifies connection security for a specific Oracle GoldenGate program or multiple programs specified with a wildcard. If one of these options is not specified, the access rule applies to all programs that Manager starts, stops, or kills. Valid values: `GGSCI`: Secures access to the GGSCI command-line interface. `GUI`: Secures access to Oracle GoldenGate from the Activity Console. `MGR \| MANAGER`: Secures access to all inter-process commands controlled by Manager, such as `START`, `STOP`, and `KILL` `REPLICAT`: Secures connection to the Replicat process. `COLLECTOR \| SERVER`: Secures the ability to dynamically create a Collector process. `*` (asterisk): Wildcard. Use a wildcard to specify all of the preceding options.
IPADDR address	Permits access to Manager from the host with the specified IP address.
PRI rule	Specifies a priority for each `ACCESSRULE` statement. Valid values are from 1 through 99, with 1 being the highest priority and 99 being the lowest. Rules that have priorities assigned can appear in any order in the parameter file.
login_ID	Permits access based on a user password. This option requires specifying `USER` and `PASSWORD` options with the `RMTHOST` parameter. The syntax for `login_ID` is: USER user, PASSWORD password, [ENCRYPTKEY keyname] Valid values: `user` : The user specified with the `USER` option of the `RMTHOST` parameter. `password`: The password specified with the `PASSWORD` option of the `RMTHOST` parameter. `keyname`: Optional. Specifies an encryption key in the `ENCKEYS` file. When `ENCRYPTKEY` `keyname` is used as part of the login ID, Oracle GoldenGate looks up the key in the `ENCKEYS` file on the target system and uses it to decrypt the corresponding password. If the decrypted password matches the password supplied with the `password` portion of the login ID option, the rule passes.
ALLOW \| DENY	Determines whether the rule specified with `ACCESSRULE` permits or denies access. Either `ALLOW` or `DENY` is required.

Example 1

The following access rules allow any nodes that begin with IP address 205 or the node 194.168.11.102 to access the requested services. All others are denied.

ACCESSRULE, PROG *, IPADDR 194.168.11.102, ALLOW ACCESSRULE, PROG *, IPADDR 205.*, ALLOW ACCESSRULE, PROG *, IPADDR *, DENY

Example 2

The following access rules have been assigned explicit priority levels through the PRI option. These rules allow any user to access the Collector process (the SERVER program), and in addition, allow the IP address 122.11.12.13 to access GGSCI commands. Access to all other Oracle GoldenGate programs is denied.

ACCESSRULE, PROG *, DENY, PRI 99ACCESSRULE, PROG SERVER, ALLOW, PRI 1ACCESSRULE, PROG GGSCI, IPADDR 122.11.12.13, PRI 1

Example 3

The following access rules are the same as Example 2, but they assign priority by means of their order in the parameter file, instead of the PRI option.

ACCESSRULE, PROG SERVER, ALLOWACCESSRULE, PROG GGSCI, IPADDR 122.11.12.13ACCESSRULE, PROG *, DENY

Example 4

The following access rule grants access to all programs to the user JOHN.

ACCESSRULE, PROG *, USER JOHN, PASSWORD OCEAN1

Example 5

The following access rule grants access to all programs to the user JOHN and designates an encryption key to decrypt the password. If the password provided with PASSWORD matches the one in the ENCKEYS lookup file, connection is granted.

ACCESSRULE, PROG *, USER JOHN, PASSWORD OCEAN1, ENCRYPTKEY lookup1