Skip Headers
Oracle® GoldenGate Veridata Administrator's Guide
11g Release 2 (11.2.1.0.0)

Part Number E29092-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

8 Configuring Oracle GoldenGate Veridata Security

This chapter explains how to set security for Oracle GoldenGate Veridata.

This chapter includes the following sections:


Section 8.1, "Oracle GoldenGate Veridata Security Overview"
Section 8.2, "Securing the Oracle GoldenGate Veridata Files"
Section 8.3, "Securing access to Oracle GoldenGate Veridata Web"
Section 8.4, "Maintaining Passwords"

8.1 Oracle GoldenGate Veridata Security Overview

When using Oracle GoldenGate Veridata, you will be selecting, viewing and storing data values from the tables or files of your business applications. Care must be taken to protect access to the following components:

8.2 Securing the Oracle GoldenGate Veridata Files

This section describes how to secure you business data and control access to the Oracle GoldenGate Veridata installation directories and user interface.

8.2.1 Controlling Access to the Installation Directories

Standard operating system permissions apply to the programs, files, and directories within the Oracle GoldenGate Veridata Server and Web User Interface, and Oracle GoldenGate Veridata Agent installation directories. You should adjust the permissions for these objects based on your business security rules.

8.2.2 Securing files that Contain Business Data

Oracle GoldenGate Veridata Server creates data files that will contain sensitive application data. By default, these files reside in the shared/data directory within the Oracle GoldenGate Veridata Server installation directory, but the person who installed the software might have installed them in a different location. All of the sub-directories within that directory contain files that may reflect business data.

The types of files that contain sensitive data are:

  • The comparison report (rpt sub-directory)

  • The out-of-sync report (oosxml and oos sub-directories)

These files inherit the same file permissions as those of the user that runs the Oracle GoldenGate Veridata Server installation program. Do not change the permissions, or Oracle GoldenGate Veridata may be unable to maintain them. These files should be kept just as secure as you would keep your business data. Users of Oracle GoldenGate Veridata Web do not require access to these files because they see the same information through the client interface.

8.3 Securing access to Oracle GoldenGate Veridata Web

You can assign security roles to the users of Oracle GoldenGate Veridata to control their access to the functions that are performed by the software, some of which expose selected data values from the database. These roles are:

Security is controlled through the Administration Tool of the Apache Tomcat Web Server. From this interface, a user with the administrator role can:

Note:

You should back up the conf directory prior to changing the server configuration or Tomcat users.

To open the Apache Tomcat Web Server Administration Tool

  1. Connect to the Apache Tomcat Web Server from a browser by typing the following address:

    http://hostname:port/admin
    

    Where:

    hostname is the name or IP address of the system where the Oracle GoldenGate Veridata server and web components are hosted, and port is the port number assigned to Oracle GoldenGate Veridata Server (default is 8830).

  2. Log on to the Apache Tomcat Web Server Administration Tool as an Oracle GoldenGate Veridata administrator user. A default administrator user was created during the installation of Oracle GoldenGate Veridata.

  3. In the navigation pane, click to expand User Definition. From this node, all user resources are managed.

To create a group

  1. Under User Definition, click Groups. Existing groups are displayed and can be edited by clicking their names.

  2. From the Group Actions list, select Create New Group.

  3. Under Group Properties, type a name for the group (no spaces, case sensitive) in the Group Name box and (optional) a description in the Description box.

  4. Under Role Name, select the check box next to the role you want to assign to the group. You can select any role that is listed in Section 8.3, "Securing access to Oracle GoldenGate Veridata Web".

  5. Click Save to save the group.

  6. When finished using the Apache Tomcat Web Server Administration Tool, click Commit Changes to save the changes to the repository. To make any more changes after you commit the changes, you must log in again.

To create or edit a user

  1. Under User Definition, click Users.

  2. To edit a user, click its name. To add a new user, select Create New User from the User Actions list.

  3. Under User Properties, type:

    • User Name: A name for the user (no spaces, case-sensitive)

    • Password: A password for the user (no spaces, case-sensitive).

    • Full Name: (Optional) the name of the person who is this user.

  4. To assign the user to a group, click the check box next to the name of the group under Group Name. Linking a user to a group is optional. The user inherits the default role of the group.

  5. To assign a role to this user, click the check box next to the name of the role under Role Name. You can select any role that is listed in Section 8.3, "Securing access to Oracle GoldenGate Veridata Web."

  6. Click Save to save the user.

  7. When finished using the Apache Tomcat Web Server Administration Tool, click Commit Changes to save the changes to the repository. To make any more changes after you commit the changes, you must log in again.

8.4 Maintaining Passwords

You can change the passwords that allow users access to the Veridata Web User Interface and those that access the repository.

8.4.1 Changing User Passwords

User passwords can be changed in the Oracle GoldenGate Veridata Web User Interface by selecting the Change Password option of the Options/Settings menu item. Refer to the online Help for more information.

8.4.2 Changing the Repository Password

A valid repository database password must be stored in Oracle GoldenGate Veridata to allow it to access the database. This repository database password is initially set based on user entries during the installation. It is stored in an Oracle Wallet created by the installation program.

If the repository database password changes after installation, the vericom program is used to change the corresponding password stored in Oracle GoldenGate Veridata.

  1. Before you begin you must know the changed password that is currently valid for the database of the repository.

  2. Navigate to the Oracle GoldenGate Veridata installation directory.

  3. Enter one of the following commands to request a change to the repository password currently stored in Oracle GoldenGate Veridata:

    On Windows:

    Shell> vericom.bat -reset_password [password]
    

    On UNIX or Linux:

    Shell> vericom.sh -reset_password [password]
    
  4. If you do not enter a password on the command line, you will be prompted to enter one once vericom starts.

  5. After you enter the password, vericom connects to the database to verify the password is valid.

  6. To activate the change, bring down the Oracle GoldenGate Veridata Web User Interface and restart.

See Section 10.2 for more information on running vericom.