Securing GoldenGate

Oracle Cloud Infrastructure GoldenGate provides a secure and easy to use data replication solution in accordance with industry-leading security best practices.

Security Recommendations

  • Assign least privilege access for IAM users and groups to resource types in goldengate-family.
  • To minimize loss of data from inadvertent deletes by an authorized user or malicious deletes, Oracle recommends giving the GOLDENGATE_DEPLOYMENT_DELETE and GOLDENGATE_DATABASE_REGISTRATION_DELETE permissions to the minimum possible set of IAM users and groups. Give these permissions only to tenancy and compartment administrators.
  • GoldenGate only needs USE level access to capture data from database registrations.

Security Policy Examples

Prevent deletion of deployments

Create this policy to allow the group ggs-users to perform all actions on deployments, except deleting them:

Allow group ggs-users to manage goldengate-family in tenancy where request.permission!='GOLDENGATE_DEPLOYMENT_DELETE'

For more information on creating policies, see Oracle Cloud Infrastructure GoldenGate Policies.