Manage deployment users

Managing GoldenGate users depends on whether or not your tenancy uses OCI IAM with Identity Domains. With IAM with Identity Domains, you use your Oracle Cloud account to access the deployment console. If you're not using IAM with Identity Domains, then each deployment has its own set of users.

Note:

This information applies only to Data replication deployments.

Using OCI IAM with Identity Domains

With OCI IAM with Identity Domains, you create identity domains to manage users and roles, federate and provision users, secure application integration through Oracle Single Sign-On (SSO) configuration, and SAML/OAuth based Identity Provider administration.

Configure Identity domains for OCI GoldenGate

The following steps describe how to create groups of users and configure password policies for your domain.

The domain settings mentioned here are specific to OCI GoldenGate. Learn more about identity domains and how to create one.

1. In the Oracle Cloud console navigation menu, select Identity & Security, and then under Identity, click Domains.
2. From the list of Domains, select your identity domain.
3. On your domain details page, select User Management, then under Groups, click Create group.
4. Create the following groups to map to GoldenGate roles:
   • GGS_Administrator
   • GGS_Security
   • GGS_Operator
   • GGS_User

   Note:

   GoldenGate roles are as follows:

   • Administrator: Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the OCI GoldenGate deployment service.
   • Security: Grants administration of security related objects and invoke security related service requests. This role has full privileges.
   • Operator: Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the OCI GoldenGate deployment services.
   • User: Allows information-only service requests, which do not alter or effect the operation of either the OCI GoldenGate deployment services.
5. Select the users to add to the group, and then click Create.

   Note:

   Each group must be assigned at least one user. Learn more about groups.
6. Set the Access signing certificate option.
   1. On the domain details page, select Settings.
   2. For Domain settings - Access signing certificate, select Configure client access to allow clients to access the tenant signing certificate and the SAML metadata without logging in to the identity domain.
   3. Click Save changes.
7. Specify the password policy for your Identity domain:
   1. On the domain details page, select Domain policies.
   2. Under Password policy, click Add.
   3. On the Add password policy page, you can edit the default password policy or add a new one.

Using GoldenGate credential store

When using the GoldenGate credential store, deployment user management occurs within the OCI GoldenGate deployment console. Each OCI GoldenGate deployment can have its own set of users.

Add a user to a deployment

To add a user:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. Click Add User (plus icon).
5. For Name, enter a unique user name.

   Note:

   The user name must start with an alphabetic character and contain only alphanumeric characters. Symbols that can be used are: at sign (@), period (.) , dash(-), comma(,), underscore(_), number sign(#), dollar sign($), plus sign (+), backslash (\), slash (/), equal sign (=), less than sign (<), or greater than sign(>)
6. For Role, select one of the following roles:
   • User: Allows information-only service requests, which do not alter or effect the operation of either the OCI GoldenGate deployment services.
   • Operator: Allows users to perform only operational actions, such as creating, starting and stopping resources. Operators cannot alter the operational parameters or profiles of the OCI GoldenGate deployment services.
   • Administrator: Grants full access to the user, including the ability to alter general, non-security related operational parameters and profiles of the OCI GoldenGate deployment service.
   • Security: Grants administration of security related objects and invoke security related service requests. This role has full privileges.
7. (Optional) For Description, enter a short description.
8. For Type, select Basic from the dropdown.

   Note:

   Certificate type user accounts is not currently supported in OCI GoldenGate.
9. Enter a password, and then enter it again to verify.

   Note:

   The password must be 8 to 30 characters and contain at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.

10. Click Submit.

The deployment user account appears in the Users list. You can edit or delete the user from the Actions column.

Edit a deployment user

When you edit a deployment user, you can only change the Info and Password values. Certificate type user accounts are not currently supported by OCI GoldenGate.

To edit a user:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. For the user account you want to edit, click Edit user.
5. Make your changes, and then click Submit.

   Note:

   Passwords must be 8 to 30 characters and contain at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.

If you changed the user account password, ensure that you also update the user credentials for any Oracle GoldenGate processes that involve this user.

Delete a deployment user

Oracle recommends that you periodically review deployment user accounts and remove inactive accounts.

To delete a user from a deployment:

1. Launch the OCI GoldenGate deployment console from the deployment details page.
2. Log in to the OCI GoldenGate deployment console as the Oracle GoldenGate Administrator user.

   Note:

   The Administrator user was created when the deployment was created.
3. Open the OCI GoldenGate deployment console navigation menu, and then click Administrator.
4. In the Users list, locate the user to delete, and then click Delete user (trash icon) in the Action column associated with that user.
5. In the Confirm Deletion dialog, verify that this is the user correct user you want to delete, and then click OK.

The user is removed from the Users list.

---

Title and Copyright Information

Copyright ©2022,

Oracle and/or its affiliates.