Cache Group Users
There are required users when using cache.
This section covers these topics regarding cache group users:
Required Users for Cache
To use cache, you must create administration and schema users on both the Oracle and TimesTen databases.
To use cache, you must have the following users on the Oracle Database:
-
Create an Oracle cache administration user who creates, owns, and maintains Oracle Database objects that store information used to manage the cache environment for a TimesTen database and enforce predefined behaviors of particular cache group types.
-
Identify one or more schema users who own the Oracle Database tables to be cached in a TimesTen database.
To use cache, you must create the following users on the TimesTen database:
-
A TimesTen cache administration user who performs cache group operations. The TimesTen cache administration user must have the same user name as the Oracle cache administration user created for cache who can access the cached Oracle Database tables. The password of the TimesTen cache administration user can be different from the password of the companion Oracle cache administration user.
-
One or more cache table users who own the cache tables. You must create a TimesTen cache table user with the same user name as each Oracle Database schema user who owns Oracle Database tables to be cached in the TimesTen database. The password of a cache table user can be different from the password of the Oracle Database schema user with the same name.
The owner and name of a TimesTen cache table is the same as the owner and name of the corresponding cached Oracle Database table.
Providing Both Cache Administration Users and Passwords
You first create or change a cache administration user and its password through CREATE USER
or ALTER USER
SQL statements. See Creating or Identifying a Database User.
Once the cache administration users are created with their respective passwords, these credentials need to be provided with one of the following methods.
Providing the Cache Administration User Names and Passwords in an Oracle Wallet
The most secure method to provide credentials when connecting is to store a user's password in an Oracle Wallet. When connecting, you provide the user name and wallet to supply credentials for the connection. Supplying the user name identifies which user's password to retrieve from within the wallet.
You can store existing credentials for both the cache user and the cache administration user and their associated passwords within an Oracle Wallet using the ttUser
utility.
-
For the cache user, you can add this user's password to a wallet in the same manner as a TimesTen user as described in Providing a User Name and Password in an Oracle Wallet.
-
To connect as the cache administration users, you must provide the passwords for both the TimesTen cache administration user and the Oracle cache administration user.
See Providing a User Name and Password in an Oracle Wallet for full details on how to store credentials in an Oracle Wallet. This section describes the process to add both cache administration user passwords to an Oracle Wallet.
You can add the cache administration users passwords to a wallet used by other users, such as a wallet that contains all credentials for those connecting to a DSN. Alternatively, you could create a wallet only for the cache administration users.
Use the ttUser -setPwd
command to store the password for the TimesTen cache administration user. Use the ttUser -setOraclePwd
command to store the password for the Oracle cache administration user.
The following example shows how to use the ttUser
utility to add both cache administration users to an Oracle Wallet in the /wallets/cacheadminwallet
directory.
-
If it does not already exist, make a directory for your wallet. This example users
/wallets
as the directory for the wallet.% mkdir /wallets
-
Run the
ttUser -setPwd
command to store the TimesTen cache administration user credentials. Provide a subdirectory name that identifies the wallet (since you cannot change the name of an OracleWallet). This example providescacheadminwallet
as the subdirectory name for the wallet. Ifcacheadminwallet
directory does not exist, then thettUser
utility creates thecacheadminwallet
subdirectory and then creates the Oracle Wallet in the/wallets/cacheadminwallet
directory. ThettUser
utility prompts for the password for the TimesTen cache administration usercacheadmin
, which is added to the wallet.% ttUser -setPwd -wallet /wallets/cacheadminwallet -uid cacheadmin Enter password:
-
Run the
ttUser -setOraclePwd
command to store the Oracle cache administration user credentials. ThettUser
utility prompts for the password for the Oracle cache administration usercacheadmin
, which is added to the wallet in/wallets/cacheadminwallet
.% ttUser -setOraclePwd -wallet /wallets/cacheadminwallet -uid cacheadmin Enter password:
See ttUser in the Oracle TimesTen In-Memory Database Reference.
When it's time to authenticate the cache administration users when connecting to a database, provide the name of the cache administration user and the location of the corresponding wallet with the UID
and PwdWallet
connection attributes. The UID
connection attribute specifies which user to authenticate using the PwdWallet
provided.
connect “dsn=mydb;uid=cacheadmin;PwdWallet=/wallets/cacheadminwallet”;
Providing Cache Administration User Name and Passwords in Connection Attributes
UID
, PWD
and OraclePWD
general connection attributes.Once you have created both cache administration users and associated passwords, you can specify them on a connection string with the UID
, PWD
, and OraclePWD
connection attributes when connecting to the database.
TimesTen uses the following order of precedence when locating the user name and password for connection authentication:
-
An Oracle Wallet with the cache administration user name and passwords. See Providing the Cache Administration User Names and Passwords in an Oracle Wallet.
-
The
UID
,PWD
andOraclePWD
connection attributes provided in the connection string. -
The
UID
,PWD
andOraclePWD
connection attributes provided in the client DSN.
The UID
, PWD
and OraclePWD
connection attributes are as follows:
-
UID
: In this case, specifies the cache administration user name to be used for the connection to the database. -
PWD
: In this case, specifies the password for the TimesTen cache administration user. -
OraclePWD
: Specifies the password for the Oracle cache administration user.Note:
For more information on the
UID
,PWD
andOraclePWD
general connection attributes, see UID and PWD in the Oracle TimesTen In-Memory Database Reference. See Authentication in TimesTen in the Oracle TimesTen In-Memory Database Security Guide.
The following example is a connection request to database1
that provides the cache administration user name as cacheadmin
, the TimesTen cache administration user password as ttpwd
, and the Oracle cache administration user password as orapwd
.
% ttIsql "DSN=database1;UID=cacheadmin;PWD=ttpwd;OraclePWD=orapwd"
Providing Cache Administration User Name and Passwords in a Client DSN
You can provide both cache administration user names and passwords in the client DSN.
On Windows, you specify connection attributes in the Oracle TimesTen Client DSN Setup dialog. In this dialog, you can specify the User ID
, and Password
connection attributes. However, the OraclePWD
connection attribute can only be specified on the connection string. See Creating a Client DSN on Windows in the Oracle TimesTen In-Memory Database Operations
Guide.
On Linux and UNIX, you specify connection attributes in the odbc.ini
file. In the client DSN in the odbc.ini
file, you can specify the UID
, PWD
and OraclePWD
connection attributes.
The following is the syntax for the client DSN in the odbc.ini
file:
[ODBC Data Sources]
Client_DSN=TimesTen 22.1 Client Driver
See Creating a DSN on Linux and UNIX for TimesTen Classic in the Oracle TimesTen In-Memory Database Operations Guide.
Registering the Oracle Database Administration User and Password
One of the prerequisites to setting up your cache environment is registering the Oracle cache administration user and password in TimesTen. TimesTen uses these credentials to connect to the Oracle database.
There are cache operations that TimesTen performs for you. In order for TimesTen to connect to the Oracle database successfully to perform these cache operations, TimesTen needs to have the Oracle cache administration user and password credentials registered internally. This is accomplished when you run either the ttCacheUidPwdSet
built-in procedure for TimesTen Classic or ttGridAdmin dbCacheCredentialSet
in TimesTen Scaleout. By default, the Oracle cache administration user and password are stored in memory. You can specify that the Oracle cache administration user and passwords are saved in a system-managed Oracle Wallet (preferred) by setting the CacheAdminWallet
=1 in the DSN as a first connection attribute. Once the Oracle cache administration user and password are registered (either in memory or in a system-managed wallet), TimesTen uses the credentials to connect to the backend Oracle database for cache operations.
See CacheAdminWallet in the Oracle TimesTen In-Memory Database Reference.
This section discusses how to do this in TimesTen ClassicTimesTen Scaleout.
Registering the Oracle Cache Administration User and Password in TimesTen Classic
You can register with TimesTen Classic the Oracle cache administration user name and password.
Note:
You can run the ttCacheUidPwdSet
built-in procedure over a client/server connection only when TLS is used. The password is only encrypted when sent over a TLS connection.
See Setting Up the Oracle Database and TimesTen Classic Systems and Setting Up a Caching Infrastructure in Oracle TimesTen In-Memory Database Cache Guide.
See Privileges for Cache Groups.
Note:
Alternatively, you can use ttAdmin
to set the Oracle cache
administration user ID and password. See Set Cache Policies in Oracle TimesTen In-Memory Database
Reference.
For example:
% ttAdmin -cacheUidPwdSet -cacheUid cacheadmin -cachePwd orapwd database1
You can use the ttCacheUidPwdSet
built-in procedure to later change the Oracle cache administration password at any time, or change the Oracle cache administration user name (and optionally the password as well) as long as there are no existing cache groups.
Registering the Cache Administration User Password in TimesTen Scaleout
In TimesTen Scaleout, use the ttGridAdmin dbCacheCredentialSet
command on the active management instance to register the Oracle cache administration user name and password with TimesTen Scaleout.
-
Ensure that the
CacheAdminWallet
connection attribute is set to 1. See Create a Database Definition in the Oracle TimesTen In-Memory Database Scaleout User's Guide. -
Use the
ttGridAdmin dbCacheCredentialSet
command (only once) to register the TimesTen database of the Oracle cache administration user name and password in the Oracle database. SinceCacheAdminWallet
=1, the Oracle cache administration user name and password are stored in a system-managed Oracle Wallet.The following example specifies
database1
as the TimesTen database. ThettGridAdmin dbCacheCredentialSet
command prompts for the user name and password. The Oracle cache administration user name iscacheadmin
.% ttGridAdmin dbCacheCredentialSet database1 Enter your Oracle user id: cacheadmin Enter Oracle password: Password accepted Configuring cache.....................................................OK
See Set the Cache Administration User Name and Password in the TimesTen Database in Oracle TimesTen In-Memory Database Scaleout User's Guide and Set Credentials (dbCacheCredentialSet) in Oracle TimesTen In-Memory Database Reference.
Note:
- You can also use
dbCacheCredentialSet
to later change the Oracle cache administration password at any time, or change the Oracle cache administration user name (and optionally the password as well) as long as there are no existing cache groups. - When the active management instance of the grid is created, the
ttGridAdmin gridCreate -walletDir
specifies the path to the directory where the server-managed Oracle Wallets with cryptographic information will be stored. This cryptographic information includes the Oracle cache administration user, client/server, and membership service credentials. The default istimesten_home/info
. Wallets for multiple instances can be stored in the same directory, a directory which can be shared between the instances, such as through NFS. This enables a user to pass the cache credentials securely around the grid. See Secure Network Communication in TimesTen. - The
ttGridAdmin modelApply
command sends new wallets to all new instances. - The
ttGridAdmin dbDistribute
command sets the Oracle cache administration user ID and password whenever a new instance is added to the distribution map of the database. - If you plan to use
ttGridAdmin dbImport
with any cache groups being imported into the database,dbCacheCredentialSet
must be executed prior todbImport
. You can use thedbImport -dbCacheCredentialCheck
option, before you start the import, to confirm this.