OGG -使用CMDSEC 檔案限制某個系統使用者對OGG 進行特定命令操作。

huzhichengforce發表於2014-06-05
You can establish command security for Oracle GoldenGate to control which users have
access to which Oracle GoldenGate functions. For example, you can allow certain users to
issue INFOand STATUScommands, while preventing their use of STARTand STOPcommands.
Security levels are defined by the operating system’s user groups.
To implement security for Oracle GoldenGate commands, you create a CMDSECfile in the
Oracle GoldenGate directory. Without this file, access to all Oracle GoldenGate commands
is granted to all users.
To implement command security
1. Open a new ASCII text file.
2. Referring to the following syntax and the example on page 135, create one or more
security rules for each commandthat you want to restrict, one rule per line. List the
rules in order from the most specific (those with no wildcards) to the least specific.
Security rules are processed from the top of the CMDSEC file downward. The first rule
satisfied is the one thatdetermines whether or not access is allowed.
Separate each of the following components with spaces or tabs.
Where:
? is a GGSCI command name or a wildcard, for example STARTor STOP
or *.
? is any GGSCI command objector a wildcard, for example EXTRACT
or REPLICATor MANAGER.
? is the name of a Windows or UNIX user group. On a UNIX system, you
can specify a numeric group ID instead ofthe group name. You can use a wildcard
to specify all groups.
? is the name of a Windows or UNIX user. On a UNIX system, you can
specify a numeric user ID instead of the user name. You can use a wildcard to
specify all users.
? specifies whether access to the command is granted or prohibited.
3. Save the file as CMDSEC(using upper case letters on a UNIX system) in the Oracle
GoldenGate home directory.
The following example illustrates the correct implementation of a CMDSECfile on a UNIX
system.
-------------------------------------------------------------------------------------------------------------------------------
1、GGSCI (OGG1) 2> status extract ggex
EXTRACT GGEX: RUNNING
2、[oracle@OGG1 ogg]$ vi CMDSEC 
[oracle@OGG1 ogg]$ more CMDSEC 
STATUS EXTRACT * oracle NO
3、GGSCI (OGG1) 2> status extract ggex
ERROR: Command not authorized for this user.
-----------------------------------------------------------------------------------------------------------------------------------

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26764973/viewspace-1176434/,如需轉載,請註明出處,否則將追究法律責任。

相關文章