Activating the SPID Security Feature

This feature is activated by Oracle customer service using secure activation procedures. Once the feature is activated, the following actual usernames (not user group names) are defined to be “golden users” having access to all SPID and all other usernames are defined to have no access to any SPIDs:

lsmsadm
lsmsview
lsmsall
lsmsuser
lsmsuext

After the feature has been activated, the LSMS administrator (lsmsadm) is advised to immediately define associations between usernames and SPIDs as described in the following procedure:

Log in as lsmsadm on the active server.
If you do not wish the username lsmsadm to have access to all SPIDs, enter the following command to remove the username from golden access:
$ spidsec -r -u lsmsadm -s golden
If desired, repeat step 2 for the usernames lsmsview, lsmsall, lsmsuser, and lsmsuext.
To display all the usernames currently defined on the LSMS, see Displaying All LSMS User Accounts.
For each displayed username, determine which SPIDs you wish to allow this user access to and enter the following command to authorize this username for the specified SPID:
$ spidsec -a -u <username> -s {<spid>|golden}
The following parameters and options apply to this command:

<username>

A valid LSMS username that has been provisioned using admintool

<spid>

A valid SPID defined on the LSMS (alternatively, you can enter golden to allow this username access to all SPIDs defined on the LSMS)

To authorize this username to multiple SPIDs, but not for all SPIDs, you must enter the command once for each SPID.
Repeat step 5 for each user displayed in step 4.