1. Command Line Interface Reference for Oracle GoldenGate
  2. Admin Client Command Line Interface Commands
  3. ADD AUTHORIZATIONPROFILE

ADD AUTHORIZATIONPROFILE

When a profile is created for an Oracle GoldenGate deployment, the content which describes the profile will exist only in that deployment. This applies for both Service Manager deployments and non-Service Manager deployments. Information that is not sensitive will be stored with other configuration data. All profile information will be available throughout the entire Oracle GoldenGate deployment however, the profile information is not shared across deployments.

Only security administrators for an Oracle GoldenGate deployment can create authorization profiles. Security administrators can only create an authorization profile, which holds information for a specific IDP server and application.

Note:

You cannot create, modify or delete the localCredentialStore profile. This profile will always exist.

Syntax:

ADD AUTHORIZATIONPROFILE profile-name
    DEPLOYMENT deployment-name
    IDCS
    ID client-id [ SECRET client-secret ]
    DISCOVERYURI discovery-uri
    GROUPS
        SECURITY security-group
        [ ADMINISTRATOR administrator-group ]
        [ OPERATOR operator-group ]
        [ USER user-group ]
    [ TTLSECONDS ttl-number ]
    [ DESCRIPTION description ]
profile-name

Name of the authorization profile.

deployment-name

Name of the deployment associated with the authorization profile.

ID client-id SECRET client-secret

Specify the IDP Application's client ID and IDP Application’s Client Secret (securely stored).

DISCOVERYURI discovery-uri

IDP server's OpenID Discovery Docs endpoint.

GROUPS

IDP groups to Oracle GoldenGate user roles mapping. Possible values are:

SECURITYGROUP security-group (Mandatory)
[ADMINGROUP admin-group]
[OPERATORGROUP operator-group]
[USERGROUP user-group]

See Add New Users to the Deployment to know about Oracle GoldenGate user roles and privileges.

TTL value

The time, in seconds, needed to pass before the OpenID JSON Web Key (JWK) containing the OpenID signing certificate used to validate an access token needs to be queried again.

DESCRIPTION

Describe the authorization profile.

Example

Here's an example of adding an authorization profile with 2 mapped groups:
ADD AUTHORIZATIONPROFILE apn
DEPLOYMENT IDCS CLIENT ID SECRET DISCOVERYURI
GROUPS SECURITY group_security OPERATOR group_operator

Note:

When you successfully create the authorization profile, the system will not show any success message. This behavior occurs with other commands use for authorization profile management, including ALTER AUTHORIZATIONPROFILE, VALIDATE AUTHORIZATIONPROFILE, and DELETE AUTHORIZATIONPROFILE.

Parent topic: Admin Client Command Line Interface Commands