10 Securing Manager

You can use the Manager parameter, ACCESSRULE, to set security access rules for Manager. It allows GGSCI access from a remote host if you are using passive Extract or Director.

The ACCESSRULE parameter controls connection access to the Manager process and the processes under its control. You can establish multiple rules by specifying multiple ACCESSRULE statements in the parameter file and control their priority. To establish priority, you can either list the rules in order from most important to least important, or you can explicitly set the priority of each rule with the PRI option.

You must specify one of the following options:

IPADDR, login_ID, or PROGRAM

For example, the following access rules have been assigned explicit priority levels through the PRI option. These rules allow any user to access the Collector process (the SERVER program), and in addition, allow the IP address 122.11.12.13 to access GGSCI commands. Access to all other Oracle GoldenGate programs is denied.

ACCESSRULE, PROG *, DENY, PRI 99
ACCESSRULE, PROG SERVER, ALLOW, PRI 1
ACCESSRULE, PROG GGSCI, IPADDR 122.11.12.13, PRI 1

Another example, the following access rule grants access to all programs to the user JOHN and designates an encryption key to decrypt the password. If the password provided with PASSWORD matches the one in the ENCKEYS lookup file, connection is granted.

ACCESSRULE, PROG *, USER JOHN, PASSWORD OCEAN1, ENCRYPTKEY lookup1