Along with DBMS_REPCAT_AUTH, use the DBMS_REPCAT_ADMIN package to create administrator accounts for replication. This section explains how to do so.
The DBMS_REPCAT_ADMIN package is created when the Oracle database is installed. The dbmsrepc.sql script (found in the built-in packages source directory, as described in Chapter 1) contains the source code for this package's specification. This script is called by catrep.sql, which must be run to install the advanced replication packages. The wrapped sql script prvtrepc.sql creates the public synonym DBMS_REPCAT_ADMIN. No EXECUTE privileges are granted on DBMS_REPCAT_ADMIN; only the owner (SYS) and those with the EXECUTE ANY PROCEDURE system privilege may execute the package.
Table 15.2 lists the programs in DBMS_REPCAT_ADMIN
Name | Description | Use in SQL? |
---|---|---|
Grants privileges required to administer any replication group at the current site | No | |
(Oracle8) | Grants privileges required to administer any replication schema at the current site | No |
Grants privileges required to administer the replication group for which the user is the schema owner | No | |
(Oracle8) | Grants privileges required to administer the replication schema for which the user is the schema owner | No |
Revokes privileges required to administer all replication groups | No | |
(Oracle8) | Revokes privileges required to administer all replication schemas | No |
Revokes privileges required to administer the replication group for which the user is the schema owner | No | |
(Oracle8) | Revokes privileges required to administer the replication schema for which the user is the schema owner. | No |
The DBMS_REPCAT_ADMIN package may raise exception ORA-1917 if the specified user does not exist.
NOTE: Oracle8 documents only the REPGROUP procedures, although the REPSCHEMA procedures also exist. The functionality is identical.
Advanced replication also requires an account to maintain the environment. The replication administrator account (usually REPADMIN) performs tasks such as quiescing the environment, adding and removing master sites, and creating replication groups. For example, you'll use DBMS_REPCAT's ADMIN.GRANT_ADMIN_ANY_REPGROUP procedure to set up the replication administrator account to maintain all replication groups in your environment. You can also configure an account to control exactly one schema in a replication group with the GRANT_ADMIN_REPGROUP procedure. The recipient of this grant will be able to perform administrative tasks on objects it owns within a replication group; the account will not be able to administer objects it does not own. Because of this restriction, it usually makes sense to create administrative accounts for a specific group only if it is a single schema replication group and the administrative account is the schema account.
In most cases, the DBA opts for using a single replication administrator account over creating administrative accounts for every replication group.
The GRANT_ADMIN_REPGROUP procedure grants the privileges required to administer a replication group for which the user is the schema owner. The specification is,
PROCEDURE DBMS_REPCAT_ADMIN.GRANT_ADMIN_REPGROUP (userid IN VARCHAR2);
where userid is the Oracle userid for whom you are granting privileges.
DBMS_REPCAT_ADMIN.GRANT_ADMIN.REPGROUP may raise exception ORA-1917 if the specified user does not exist.
This call configures the SPROCKET account to administer its objects in a replication group:
BEGIN DBMS_REPCAT_ADMIN.GRANT_ADMIN_REPGROUP('SPROCKET'); END;
This approach is most viable when the name of the replication group is the same as the name of the schema, and when all objects in the replication group belong to that schema.
The REVOKE_ADMIN_REPGROUP procedure revokes the privileges required to administer the replication group for which the user is the schema owner. The specification is:
PROCEDURE DBMS_REPCAT_ADMIN.REVOKE_ADMIN_REPGROUP (userid IN VARCHAR2);
where userid is the Oracle userid for whom you are revoking privileges.
DBMS_REPCAT_ADMIN.REVOKE_ADMIN_REPGROUP may raise exception ORA-1917 if the specified user does not exist.
The GRANT_ADMIN_ANY_REPGROUP procedure grants the privileges required to administer any replication group at the current site. The specification is,
PROCEDURE DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP (userid IN VARCHAR2);
where userid is the Oracle userid for whom you are granting privileges.
DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP may raise exception ORA-1917 if the specified user does not exist.
The following call supplies the REPADMIN account with privileges to perform maintenance operations on all replication groups at the site:
BEGIN DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP('REPADMIN'); END;
NOTE: Be sure to set up a replication administrator account at every master site of a multimaster replication environment. In addition, administration will be easiest if you use the same account name in all locations.
The REVOKE_ADMIN_ANY_REPGROUP procedure revokes the privileges required to administer any replication group at the current site. The specification is,
PROCEDURE DBMS_REPCAT_ADMIN.REVOKE_ADMIN_ANY_REPGROUP (userid IN VARCHAR2);
where userid is the Oracle userid for whom you are revoking privileges.
DBMS_REPCAT_ADMIN.REVOKE_ANY_REPGROUP may raise exception ORA-1917 if the specified user does not exist.
This call revokes replication administrator privileges from the REPADMIN account:
BEGIN DBMS_REPCAT_ADMIN.REVOKE_ADMIN_ANY_REPGROUP('REPADMIN'); END;
15.1 DBMS_REPCAT_AUTH: Setting Up Administrative Accounts | 15.3 DBMS_REPCAT: Replication Environment Administration |
Copyright (c) 2000 O'Reilly & Associates. All rights reserved.