Cache Group Users

There are required users when using cache.

This section covers these topics regarding cache group users:

• Required Users for Cache

• Providing Both Cache Administration Users and Passwords

• unresolvable-reference.html

Required Users for Cache

To use cache, you must create administration and schema users on both the Oracle and TimesTen databases.

To use cache, you must have the following users on the Oracle Database:

• Create an Oracle cache administration user who creates, owns, and maintains Oracle Database objects that store information used to manage the cache environment for a TimesTen database and enforce predefined behaviors of particular cache group types.

• Identify one or more schema users who own the Oracle Database tables to be cached in a TimesTen database.

To use cache, you must create the following users on the TimesTen database:

• A TimesTen cache administration user who performs cache group operations. The TimesTen cache administration user must have the same user name as the Oracle cache administration user created for cache who can access the cached Oracle Database tables. The password of the TimesTen cache administration user can be different from the password of the companion Oracle cache administration user.

• One or more cache table users who own the cache tables. You must create a TimesTen cache table user with the same user name as each Oracle Database schema user who owns Oracle Database tables to be cached in the TimesTen database. The password of a cache table user can be different from the password of the Oracle Database schema user with the same name.

  The owner and name of a TimesTen cache table is the same as the owner and name of the corresponding cached Oracle Database table.

Providing Both Cache Administration Users and Passwords

If you are running a request that does not require access to the Oracle database, you can proceed without needing to provide credentials for the Oracle database. That is, you can connect with only the user name and password for connecting to the TimesTen database. However, when you want to perform an action that requires connecting to the Oracle database, then you must provide the appropriate credentials to be able to connect to both the TimesTen and Oracle databases.

You first create or change a cache administration user and its password through CREATE USER or ALTER USER SQL statements. See Creating or Identifying a Database User.

Once the cache administration users are created with their respective passwords, these credentials need to be provided with one of the following methods.

• Providing the Cache Administration User Names and Passwords in an Oracle Wallet

• Providing Cache Administration User Name and Passwords in Connection Attributes

• Providing Cache Administration User Name and Passwords in a Client DSN

Providing the Cache Administration User Names and Passwords in an Oracle Wallet

The most secure method to provide credentials when connecting is to store a user's password in an Oracle Wallet. When connecting, you provide the user name and wallet to supply credentials for the connection. Supplying the user name identifies which user's password to retrieve from within the wallet.

You can store existing credentials for both the cache user and the cache administration user and their associated passwords within an Oracle Wallet using the ttUser utility.

• For the cache user, you can add this user's password to a wallet in the same manner as a TimesTen user as described in Providing a User Name and Password in an Oracle Wallet.

• To connect as the cache administration users, you must provide the passwords for both the TimesTen cache administration user and the Oracle cache administration user.

See Providing a User Name and Password in an Oracle Wallet for full details on how to store credentials in an Oracle Wallet. This section describes the process to add both cache administration user passwords to an Oracle Wallet.

You can add the cache administration users passwords to a wallet used by other users, such as a wallet that contains all credentials for those connecting to a DSN. Alternatively, you could create a wallet only for the cache administration users.

Use the ttUser -setPwd command to store the password for the TimesTen cache administration user. Use the ttUser -setOraclePwd command to store the password for the Oracle cache administration user.

The following example shows how to use the ttUser utility to add both cache administration users to an Oracle Wallet in the /wallets/cacheadminwallet directory.

1. If it does not already exist, make a directory for your wallet. This example users /wallets as the directory for the wallet.

   % mkdir /wallets

2. Run the ttUser -setPwd command to store the TimesTen cache administration user credentials. Provide a subdirectory name that identifies the wallet (since you cannot change the name of an OracleWallet). This example provides cacheadminwallet as the subdirectory name for the wallet. If cacheadminwallet directory does not exist, then the ttUser utility creates the cacheadminwallet subdirectory and then creates the Oracle Wallet in the /wallets/cacheadminwallet directory. The ttUser utility prompts for the password for the TimesTen cache administration user cacheadmin, which is added to the wallet.

   % ttUser -setPwd -wallet /wallets/cacheadminwallet -uid cacheadmin
   Enter password: 

3. Run the ttUser -setOraclePwd command to store the Oracle cache administration user credentials. The ttUser utility prompts for the password for the Oracle cache administration user cacheadmin, which is added to the wallet in /wallets/cacheadminwallet.

   % ttUser -setOraclePwd -wallet /wallets/cacheadminwallet -uid cacheadmin
   Enter password: 

See ttUser in the Oracle TimesTen In-Memory Database Reference.

When it's time to authenticate the cache administration users when connecting to a database, provide the name of the cache administration user and the location of the corresponding wallet with the UID and PwdWallet connection attributes. The UID connection attribute specifies which user to authenticate using the PwdWallet provided.

connect “dsn=mydb;uid=cacheadmin;PwdWallet=/wallets/cacheadminwallet”;

Providing Cache Administration User Name and Passwords in Connection Attributes

General connection attributes are set by each connection and exist for the duration of the connection. Each concurrent connection can have different values. You can provide both cache administration user names and passwords with the UID, PWD and OraclePWD general connection attributes.

Once you have created both cache administration users and associated passwords, you can specify them on a connection string with the UID, PWD, and OraclePWD connection attributes when connecting to the database.

TimesTen uses the following order of precedence when locating the user name and password for connection authentication:

• An Oracle Wallet with the cache administration user name and passwords. See Providing the Cache Administration User Names and Passwords in an Oracle Wallet.

• The UID, PWD and OraclePWD connection attributes provided in the connection string.

• The UID, PWD and OraclePWD connection attributes provided in the client DSN.

The UID, PWD and OraclePWD connection attributes are as follows:

• UID: In this case, specifies the cache administration user name to be used for the connection to the database.

• PWD: In this case, specifies the password for the TimesTen cache administration user.

• OraclePWD: Specifies the password for the Oracle cache administration user.

  Note:

  For more information on the UID, PWD and OraclePWD general connection attributes, see UID and PWD in the Oracle TimesTen In-Memory Database Reference. See Authentication in TimesTen in the Oracle TimesTen In-Memory Database Security Guide.

The following example is a connection request to database1 that provides the cache administration user name as cacheadmin, the TimesTen cache administration user password as ttpwd, and the Oracle cache administration user password as orapwd.

% ttIsql "DSN=database1;UID=cacheadmin;PWD=ttpwd;OraclePWD=orapwd"

Providing Cache Administration User Name and Passwords in a Client DSN

You can provide both cache administration user names and passwords in the client DSN.

On Windows, you specify connection attributes in the Oracle TimesTen Client DSN Setup dialog. In this dialog, you can specify the User ID, and Password connection attributes. However, the OraclePWD connection attribute can only be specified on the connection string. See Creating a Client DSN on Windows in the Oracle TimesTen In-Memory Database Operations Guide.

On Linux and UNIX, you specify connection attributes in the odbc.ini file. In the client DSN in the odbc.ini file, you can specify the UID, PWD and OraclePWD connection attributes.

The following is the syntax for the client DSN in the odbc.ini file:

[ODBC Data Sources]
Client_DSN=TimesTen 26.1 Client Driver

See Creating a DSN on Linux and UNIX for TimesTen in the Oracle TimesTen In-Memory Database Operations Guide.

Registering the Oracle Cache Administration User and Password

One of the prerequisites to setting up your cache environment is registering the Oracle cache administration user and password in TimesTen. TimesTen uses these credentials to connect to the Oracle database. You can register with TimesTen Classic the Oracle cache administration user name and password.

There are cache operations that TimesTen performs for you. In order for TimesTen to connect to the Oracle database successfully to perform these cache operations, TimesTen needs to have the Oracle cache administration user and password credentials registered internally. This is accomplished when you run either the ttCacheUidPwdSet built-in procedure. By default, the Oracle cache administration user and password are stored in memory. You can specify that the Oracle cache administration user and passwords are saved in a system-managed Oracle Wallet (preferred) by setting the CacheAdminWallet=1 in the DSN as a first connection attribute. Once the Oracle cache administration user and password are registered (either in memory or in a system-managed wallet), TimesTen uses the credentials to connect to the backend Oracle database for cache operations. See CacheAdminWallet in the Oracle TimesTen In-Memory Database Reference.

1. Ensure that the CacheAdminWallet first connection attribute is set to 1.
2. Start the ttIsql utility and connect to the cache1 DSN (for example) as the TimesTen cache administration user. Provide the cache administration user name and passwords when connecting using one of the methods detailed in Providing Both Cache Administration Users and Passwords.

   % ttIsql "DSN=cache1;UID=cacheadmin;PwdWallet=/wallets/cacheadminwallet"

3. Use the ttCacheUidPwdSet built-in procedure (only once) to register the TimesTen database of the Oracle cache administration user name and password in the Oracle database. Since CacheAdminWallet=1, the Oracle cache administration user name and password are stored in a system-managed Oracle Wallet.

   The Oracle cache administration user name is cacheadmin and its password is orapwd.

   Command> call ttCacheUidPwdSet('cacheadmin','orapwd');

Note:

You can run the ttCacheUidPwdSet built-in procedure over a client/server connection only when TLS is used. The password is only encrypted when sent over a TLS connection.

See Setting Up a Caching Infrastructure in Oracle TimesTen In-Memory Database Cache Guide and Privileges for Cache Groups in this guide.

Note:

Alternatively, you can use ttAdmin to set the Oracle cache administration user ID and password. See Set Cache Policies in Oracle TimesTen In-Memory Database Reference. For example:

% ttAdmin -cacheUidPwdSet -cacheUid cacheadmin -cachePwd orapwd database1

You can use the ttCacheUidPwdSet built-in procedure to later change the Oracle cache administration password at any time, or change the Oracle cache administration user name (and optionally the password as well) as long as there are no existing cache groups.