Manage deployment users

Managing GoldenGate users depends on whether you're using an Identity Access Management (IAM) enabled tenancy or not. In IAM enabled tenancies, you use your Oracle Cloud account to access the deployment console. In non-IAM enabled tenancies, each deployment has its own set of users.

Note:

This information applies only to Data replication deployments.

In IAM-enabled tenancies

Identity Access Management (IAM) enabled tenancies let you create identity domains to manage users and roles, federate and provision users, secure application integration through Oracle Single Sign-On (SSO) configuration, and SAML/OAuth based Identity Provider administration.

Note:

These features can only be used in tenancies already migrated to Identity Access Management (IAM) with Identity domains. Once you select IAM as your deployment's credential store, you won't be able to change back.

Configure Identity domains for OCI GoldenGate

You can create identity domains in IAM-enabled tenancies. The following steps describe how to create groups of users and configure password policies for your domain.

The domain settings mentioned here are specific to OCI GoldenGate. Learn more about identity domains and how to create one.

1. In the Oracle Cloud console navigation menu, select Identity & Security, and then under Identity, click Domains.
2. From the list of Domains, select your identity domain.
3. On your identity domain overview page, from the Identity domain menu, click Groups.
4. Create the following groups to map to GoldenGate roles:
   • GGS_Administrator
   • GGS_Security
   • GGS_Operator
   • GGS_User

   Note:

   GoldenGate roles are as follows:

   • Administrator: Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the OCI GoldenGate deployment service.
   • Security: Grants administration of security related objects and invoke security related service requests. This role has full privileges.
   • Operator: Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the OCI GoldenGate deployment services.
   • User: Allows information-only service requests, which do not alter or effect the operation of either the OCI GoldenGate deployment services.
5. Select the users to add to the group, and then click Create.

   Note:

   Each group must be assigned at least one user. Learn more about groups.
6. Set the Access signing certificate option.
   1. From the Identity domain menu, click Settings.
   2. For Access signing certificate, select Configure client access to allow clients to access the tenant signing certificate and the SAML metadata without logging in to the identity domain.
   3. Click Save changes.
7. Specify the password policy for your Identity domain:
   1. From the Domain settings menu, click Password policy.
   2. On the Password policies page, you can edit the default password policy or add a new one.

In non-IAM enabled tenancies

In non-IAM enabled tenancies, deployment user management occurs within the OCI GoldenGate deployment console. Each OCI GoldenGate deployment can have its own set of users.

Add a user to a deployment

To add a user:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. Click Add User (plus icon).
5. For Name, enter a unique user name.

   Note:

   The user name must start with an alphabetic character and contain only alphanumeric characters. Symbols that can be used are: at sign (@), period (.) , dash(-), comma(,), underscore(_), number sign(#), dollar sign($), plus sign (+), backslash (\), slash (/), equal sign (=), less than sign (<), or greater than sign(>)
6. For Role, select one of the following roles:
   • User: Allows information-only service requests, which do not alter or effect the operation of either the OCI GoldenGate deployment services.
   • Operator: Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the OCI GoldenGate deployment services.
   • Administrator: Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the OCI GoldenGate deployment service.
   • Security: Grants administration of security related objects and invoke security related service requests. This role has full privileges.
7. (Optional) For Description, enter a short description.
8. For Type, select Basic from the dropdown.

   Note:

   Certificate type user accounts is not currently supported in OCI GoldenGate.
9. Enter a password, and then enter it again to verify.

   Note:

   The password must be 8 to 30 characters and contain at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.

10. Click Submit.

The deployment user account appears in the Users list. You can edit or delete the user from the Actions column.

Edit a deployment user

When you edit a deployment user, you can only change the Info and Password values. Certificate type user accounts are not currently supported by OCI GoldenGate.

To edit a user:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. For the user account you want to edit, click Edit user.
5. Make your changes, and then click Submit.

   Note:

   Passwords must be 8 to 30 characters and contain at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.

If you changed the user account password, ensure that you also update the user credentials for any Oracle GoldenGate processes that involve this user.

Delete a deployment user

Oracle recommends that you periodically review deployment user accounts and remove inactive accounts.

To delete a user from a deployment:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. In the Users list, locate the user to delete, and then click Delete user (trash icon) in the Action column associated with that user.
5. In the Confirm Deletion dialog, verify that this is the user correct user you want to delete, and then click OK.

The user is removed from the Users list.

---

Title and Copyright Information

Manage deployment users

Copyright © 2022, Oracle and/or its affiliates. 

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.