3.70 FETCHUSERID

Valid For

Integrated primary Extract on Oracle; data pump Extract is not valid

Description

Use the FETCHUSERID parameter to specify the type of authentication for an Oracle GoldenGate process to use when logging into a database, and to specify password encryption information. This parameter can be used instead of FETCHUSERIDALIAS when an Oracle GoldenGate credential store is not being used.

Always use FETCHUSERID or FETCHUSERIDALIAS for a primary Extract. Use FETCHUSERID or FETCHUSERIDALIAS for a data pump Extract.

FETCHUSERID Compared to FETCHUSERIDALIAS

FETCHUSERID requires either specifying the clear-text password in the parameter file or encrypting it with the ENCRYPT PASSWORD command and, optionally, storing an encryption key in an ENCKEYS file. FETCHUSERID supports a broad range of the databases that Oracle GoldenGate supports.

FETCHUSERIDALIAS enables you to specify an alias, rather than a user ID and password, in the parameter file. The user IDs and encrypted passwords are stored in a credential store. FETCHUSERIDALIAS supports databases running on Linux, UNIX, and Windows platforms.

See Administering Oracle GoldenGate for Windows and UNIX for more information about Oracle GoldenGate security features.

FETCHUSERID Requirements

FETCHUSERID is not always required, nor is PASSWORD always required when FETCHUSERID is required. In some cases, it is sufficient just to use FETCHUSERID or even just to use the SOURCEDB or TARGETDB parameter, depending on how authentication for the database is configured.

See "SOURCEDB" and "TARGETDB" for more information.

Use FETCHUSERID for Oracle GoldenGate processes that connect to an Oracle database. The purpose of this connection is to offload fetch operations to an Active Data Guard standby database, which eliminates overhead that would otherwise be placed on the source database.

  • To use an operating system login, use FETCHUSERID with the / argument.

  • To use a database user name and password, use FETCHUSERID with PASSWORD.

  • Optionally, you can specify the user to log in as sysdba.

  • (Oracle Enterprise Edition earlier than 11.2.0.2) Special database privileges are required for the FETCHUSERID user when Extract is configured to use LOGRETENTION. These privileges might have been granted when Oracle GoldenGate was installed. See the Installing and Configuring Oracle GoldenGate for Oracle Database for more information about LOGRETENTION.

  • (Oracle Standard or Enterprise Edition 11.2.0.2 or later) To use FETCHUSERID for an Extract group that is configured for integrated capture, the user must have the privileges granted in the dbms_goldengate_auth.grant_admin_privilege.

  • To support capture from an Oracle container database, the user that is specified with FETCHUSERID must log into the root container and must be a common user. A connect string must be supplied for this user and must include the required C## prefix of the common user, such as C##GGADMIN@FINANCE. For more information, see Installing and Configuring Oracle GoldenGate for Oracle.

  • The connection specified by FETCHUSERI or FETCHUSERIDALIAS must be to an Active Data Guard standby database of the source database.

  • FETCHUSERID can be specified anywhere in the parameter file. Ordering does not matter. It can come before or after a TABLE or MAP statement.

Default

None

Syntax

FETCHUSERID {/ | user}[, PASSWORD password]
[algorithm ENCRYPTKEY {key_name | DEFAULT}] [SYSDBA]
/

Directs Oracle GoldenGate to use an operating-system login for Oracle, not a database user login. Use this argument only if the database allows authentication at the operating-system level. Bypassing database-level authentication eliminates the need to update Oracle GoldenGate parameter files if application passwords frequently change. To use this option, the correct user name must exist in the database, in relation to the value of the Oracle OS_AUTHENT_PREFIX initialization parameter, as follows:

  • The value set with OS_AUTHENT_PREFIX is concatenated to the beginning of a user's operating system account name and then compared to the database name. Those two names must match.

  • If OS_AUTHENT_PREFIX is set to ' ' (a null string), the user name must be created with IDENTIFIED EXTERNALLY. For example, if the OS user name is ogg, you would use the following to create the database user:

    CREATE USER ogg IDENTIFIED EXTERNALLY;
    
  • If OS_AUTHENT_PREFIX is set to OPS$ or another string, the user name must be created in the following format:

    OS_AUTHENT_PREFIX_value OS_user_name
    

    For example, if the OS user name is ogg, you would use the following to create the database user:

    CREATE USER ops$ogg IDENTIFIED BY oggpassword;
    
user

Specifies the name of a database user or a schema, depending on the database configuration. A SQL*Net connect string can be used.

password

Use when database authentication is required to specify the password for the database user. If the password was encrypted by means of the ENCRYPT PASSWORD command, supply the encrypted password; otherwise, use the clear-text password. If the password is case-sensitive, type it that way.

If either the user ID or password changes, the change must be made in the Oracle GoldenGate parameter files, including the re-encryption of the password if necessary.

algorithm

Specifies the encryption algorithm that was used to encrypt the password with ENCRYPT PASSWORD.

The algorithm can be one of:

AES128

AES192

AES256

BLOWFISH

ENCRYPTKEY {key_name | DEFAULT}

Specifies the encryption key that was specified with ENCRYPT PASSWORD.

  • ENCRYPTKEY key_name specifies the logical name of a user-created encryption key in the ENCKEYS lookup file. Use if ENCRYPT PASSWORD was used with the KEYNAME key_name option.

  • ENCRYPTKEY DEFAULT directs Oracle GoldenGate to use a random key. Use if ENCRYPT PASSWORD was used with the KEYNAME DEFAULT option.

SYSDBA

Specifies that the user logs in as sysdba.

Example

fetchuserid gg_user@adg_inst password pwd