2.15 ALTER CREDENTIALSTORE
Use the ALTER CREDENTIALSTORE
command to manage user ID and
password pairs in the credential store. This command enables you to add credentials to the
credential store and to specify different aliases for a user.
The use of a credential store is not supported for the NonStop platforms.
Syntax
Admin Client Syntax:
ALTER CREDENTIALSTORE {
ADD USER userid | REPLACE USER userid | DELETE USER userid }
[NOPASSWORD | PASSWORD password]
[ALIAS alias]
[DOMAIN domain]
ALTER CREDENTIALSTORE {
ADD USER userid [@tns_alias] | REPLACE USER userid | DELETE USER userid }
[NOPASSWORD | PASSWORD password]
[ALIAS alias]
[DOMAIN domain]
-
ADD USER userid
-
Note:
In MA,ADD USER
withALIAS
as email id, will fail. However, it works in Classic Architecture.Adds the specified user and its alias to the credential store. If the
ALIAS
option is not used, the alias defaults to the user name. A credential can only be entered once unless theALIAS
option is used to specify a different alias for each one. Unless thePASSWORD
option is used, the command prompts for the password of the specified user. The user can be an actual user name or a SQL*Net connect string.In GGSCI, for multitenant databases with different users for the CDB and the PDB, you need to specify
@TNS_Service_Name
when adding a user to the credential store. -
REPLACE USER
userid
-
Changes the password of the specified user. If the
ALIAS
option is not used, the alias defaults to the user name. You cannot change the alias or domain of a user with this option, but you can use theADD USER
option to add a new entry for the user under the desiredALIAS
orDOMAIN
. Unless thePASSWORD
option is used, the command prompts for the new password for the specified user. -
DELETE USER
userid
-
Removes the credential for the specified user from the credential store. If the
ALIAS
option is not used, the alias defaults to the user name. If the user ID and alias are not the same, you must specify both user ID and alias. For example:alter credentialstore delete user c##ggadmin alias ggadmin
-
NOPASSWORD | PASSWORD
password
-
The
NOPASSWORD
option is the alternative to thePASSWORD
option when using external authentication because password is not required for external authentication such as using Kerberos authentication. After theNOPASSWORD
option is set, theDBLOGIN
command can be used to access the database without a password.Also see USERIDALIAS and USERID | NOUSERID parameters in the Reference for Oracle GoldenGate.
Specify the user's password using the
PASSWORD
option. The password is echoed (not obfuscated) when this option is used. If this option is omitted, the command prompts for the password, which is obfuscated as it is typed (recommended as more secure). -
ALIAS
alias
-
Specifies an alias for the user name. Use this option if you do not want the user name to be in a parameter file or command. If
ALIAS
is not used, the alias defaults to theUSER
name, which then must be used in parameter files and commands where a login is required. You can create multiple entries for a user, each with a different alias, by using theADD USER
option withALIAS
. -
DOMAIN
domain
-
Saves the credential user under the specified domain name. Enables the same alias to be used by multiple Oracle GoldenGate installations that use the same credential store. The default domain is
Oracle GoldenGate
. For example, the administrators of system 1 might not want system 2 to have access to the same credentials that are used on system 1. Those credentials can be stored asALIAS extract
, for example, underDOMAIN system1
, while a different set of credentials can be stored forALIAS extract
underDOMAIN system2
.
Examples
-
The following example add a user named
scott
but with external authentication and therefore uses theNOPASSWORD
option.OGG (http://localhost:9005 demo) 2> alter credentialstore add user /@cdb1_pdb1 nopassword alias ora1 2020-06-22T21:08:33Z INFO OGG-15102 Credential store created. OGG (http://localhost:9005 demo) 3> info credentialstore Default domain: OracleGoldenGate Alias: ora1 Userid: /@cdb1_pdb1
After you update the credentialstore to use the
NOPASSWORD
option, you can use theDBLOGIN
command with Kerberos authentication for your database.OGG (http://localhost:9005 demo) 4> dblogin useridalias ora1 Successfully logged into database CDB1_PDB1.
-
This example adds a user named
scott
but omits thePASSWORD
specification, so the command prompts for scott's password.ALTER CREDENTIALSTORE ADD USER scott Password: ********
-
This example adds the user
scott
with his passwordtiger
and specifies an alias forscott
that is namedscsm2
.ALTER CREDENTIALSTORE ADD USER scott PASSWORD tiger ALIAS scsm2
-
This example adds the user
scott
under the domain ofsupport
.ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm3 DOMAIN support Password: ********
-
This example issues two
ALTER CREDENTIALSTORE
commands, each of which adds ascott
entry, but with a different alias.ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm2 Password: ******** ALTER CREDENTIALSTORE ADD USER scott ALIAS scsm3 Password: ********
-
The following shows how the
DELETE USER
option works with and without theALIAS
option.The following command deletes the
user1
entry for which theALIAS
is the same as the user name.ALTER CREDENTIALSTORE DELETE USER user1 Alias: user1 Userid: user1
The following command deletes the entry for user
user1
that is associated with the aliasalias1
.ALTER CREDENTIALSTORE DELETE USER user1 ALIAS alias1 Alias: alias1 Userid: user1
-
This example uses a SQL*Net connect string as the user value. In this case, the
PASSWORD
option is omitted. The person issuing the command is prompted for the password, which is hidden.ALTER CREDENTIALSTORE ADD USER oggext1@ora1 ALIAS ora1
Parent topic: Common Command Line Interface Commands