Source and Sink Security

Some of the source and sink types have optional or mandatory security information for authentication purposes.

All sources and sinks that use services in the Oracle Cloud Infrastructure (OCI) can use certain parameters for providing optional security information. This information can be provided using an OCI configuration file or Instance Principal.

Oracle NoSQL Database sources and sinks require mandatory security information if the installation is secure and uses an Oracle Wallet-based authentication. This information can be provided by adding a jar file to the <MIGRATOR_HOME>/lib directory.

Wallet-based Authentication

If an Oracle NoSQL Database installation uses Oracle Wallet-based authentication, you must include additional JAR files that are a part of the data store installation into the Migrator library. For details on wallet-based installation, see Oracle Wallet.

When using Migrator 1.7.0 or lower, you will get the following error message if the JAR files are not present:
Could not find kvstore-ee.jar and kvstore-ee-<version>.jar in lib directory. Copy kvstore-ee.jar and kvstore-ee-<version>.jar to lib directory

To prevent this error, copy kvstore-ee.jar and kvstore-ee-<version>.jar files from one of your Oracle NoSQL Database storage nodes to the Migrator's lib directory:

Source path Destination path 
$KVHOME/lib/kvstore-ee*.jar
For example: If you are connected to Oracle NoSQL Database release 24.4.11, you must copy the following jar files from one of the storage nodes: 
$KVHOME/lib/kvstore-ee-24.4.11.jar
$KVHOME/lib/kvstore-ee.jar
 
<MIGRATOR_HOME>/lib

<MIGRATOR_HOME> is the nosql-migrator-M.N.O/ directory created by extracting the Oracle NoSQL Database Migrator package and M.N.O represent the software release.major.minor numbers.

For example: 
~/nosql-migrator-1.7.0/lib

Note:

  • The wallet-based authentication is supported ONLY in the Enterprise Edition (EE) of Oracle NoSQL Database.
  • From Oracle NoSQL Database Migrator release 1.8.0 onwards, copying these JAR files is not required.

Authorization in Oracle NoSQL Database sources and sinks

The Migrator utility accesses Oracle NoSQL Database using the authentication settings that you specify in the security file referenced by the security parameter. The success of migration operations depends on the role-based authorization granted to the authenticated user. Oracle NoSQL Database data store enforces the authorization. If a user attempts an action beyond their privileges, the Migrator utility returns the corresponding authorization error received from Oracle NoSQL Database.

Administrators can further restrict access by granting scoped privileges, such as limiting access to specific tables or namespaces. For more information on role-based authorization, see Configuring Authorization.

For example, consider importing data from a JSON source to an Oracle NoSQL Database table. If you only have the READ_ANY privilege, migration fails with an error similar to the following:
Migration failed. Reason: DDL Execution failed: CREATE TABLE IF NOT EXISTS users (id INTEGER, firstName STRING, lastName STRING, age INTEGER, income INTEGER, address JSON, PRIMARY KEY(SHARD(id))): Insufficient access rights granted. requestorPrivileges:PrivilegeCollection[DBVIEW, READ_ANY, USRVIEW]  requiredPrivileges:[CREATE_TABLE_IN_NAMESPACE(sysdefault)]