User account access requirements

When you configure a CDC Replication instance, you are prompted for the name of the database you want CDC Replication to connect to and the user name and password of the user that has access to this database.

The following tables indicates the operating system and database user account requirements necessary to successfully install, configure and run CDC Replication. User account requirements for supported middleware targets such as the CDC Replication Engine for InfoSphere® DataStage® are also listed.

CDC Replication administration Operating system user account requirements Database user account requirements
Management Console

You must set up a new, or decide on an existing Windows account that you will use to install, configure, or upgrade Management Console.

N/A
Access Server

You must set up a new, or decide on an existing Windows, UNIX, or Linux® account that you will use to install, configure, or upgrade Access Server.

UNIX and Linux installations of Access Server require the following additional steps before you can log in to Management Console:
  • Start Access Server.
  • Create an Access Server user account with the dmcreateuser command.
N/A
CDC Replication replication engine Operating system user account requirements Database user account requirements
CDC Replication Engine for Db2® Database
  • Windows—You must set up a new, or decide on an existing Windows account that you will use to install, configure, or upgrade CDC Replication.
  • UNIX—You must set up a new, or decide on an existing UNIX account that you will use to install, configure, or upgrade the CDC Replication software. You can install the CDC Replication software in the directory of your choice, however, it must be owned by the UNIX account.
Note the following before you install or upgrade IBM® Data Replication - CDC Replication software on LinuxUNIXLinux or UNIX:
  • Do not install or upgrade IBM Data Replication - CDC Replication as a root user.
  • The installation directory requires file system permissions of 700 if you plan to use the same user account to install the product, create and configure instances, or upgrade the product.
  • The installation directory requires file system permissions of 770 if you plan to use different user accounts to install the product, create and configure instances, or upgrade the product.
You must have a DB2® user account with system administrator (SYSADM) or database administrator (DBADM) privileges for the CDC Replication Engine for Db2 Database to connect to your DB2 database.
CDC Replication Engine for Db2 for i

When using CDC Replication with a DB2 for i database, you need to verify that all user profiles used to run the CDC Replication Engine for Db2 for i and start mirroring jobs have sufficient authorities to access journals and journal receivers that are used by the product. The D_MIRROR user profile is created during product installation and is reserved for IBM Data Replication. You should not log on with this user profile. You can also create and customize a user profile which gives you flexibility and control over security.

The user-configured user profile can be specified as the value for parameter USER in the CHGJOBD command issued for all job description objects found in the product library. To start the product TCP listener for a non-D_MIRROR user profile, the command STRDMTCP should not be used to start the listener.

N/A

CDC Replication Engine for InfoSphere DataStage
  • Windows—You must set up a new, or decide on an existing Windows account that you will use to install, configure, or upgrade the CDC Replication software.
  • UNIX—You must set up a new, or decide on an existing UNIX account that you will use to install, configure, or upgrade the CDC Replication software. You can install the CDC Replication software in the directory of your choice, however, it must be owned by the UNIX account.
Note the following before you install or upgrade IBM Data Replication - CDC Replication software on LinuxUNIXLinux or UNIX:
  • Do not install or upgrade IBM Data Replication - CDC Replication as a root user.
  • The installation directory requires file system permissions of 700 if you plan to use the same user account to install the product, create and configure instances, or upgrade the product.
  • The installation directory requires file system permissions of 770 if you plan to use different user accounts to install the product, create and configure instances, or upgrade the product.

N/A

CDC Replication Engine for Microsoft SQL Server

You must set up a new, or decide on an existing Windows account that you will use to install, configure, or upgrade the CDC Replication software.

If you plan on using SQL authentication to allow the CDC Replication Engine for Microsoft SQL Server to connect to your Microsoft SQL Server database, you must create a user account with SQL authentication that has the following privileges for the Microsoft SQL Server instance:
  • If you are using the CDC Replication Engine for Microsoft SQL Server as a source of replicated data, you have a choice of specifying sysadmin privileges for the user account, using built-in stored procedures to trust the source database, or providing the CDC Replication user with the db_owner role mapped to the replicated source database and the public role mapped to the distribution database. See Required database user accounts and schemas for more details.
  • If you are using the CDC Replication Engine for Microsoft SQL Server as a target of replicated data, at minimum you must specify db_owner privileges for the database and bulkadmin as the server role. If you prefer, you can also specify sysadmin privileges for the user account.
CDC Replication Engine for Netezza® Technology

You must set up a new, or decide on an existing Linux account that you will use to install, configure, or upgrade the CDC Replication software. You can install the CDC Replication software in the directory of your choice, however, it must be owned by the Linux account.

Note the following before you install or upgrade IBM Data Replication - CDC Replication software on LinuxUNIXLinux or UNIX:
  • Do not install or upgrade IBM Data Replication - CDC Replication as a root user.
  • The installation directory requires file system permissions of 700 if you plan to use the same user account to install the product, create and configure instances, or upgrade the product.
  • The installation directory requires file system permissions of 770 if you plan to use different user accounts to install the product, create and configure instances, or upgrade the product.
If the ROWSETLIMIT value for your Netezza user account is set too low, replication performance will be affected. In order for CDC Replication to perform, the minimum acceptable value for ROWSETLIMIT is 1,000,000. To achieve optimum performance, you should set this value to zero (which makes the value unlimited).
CDC Replication Engine for Oracle databases You must set up a new, or decide on an existing UNIX account that you will use to install, configure, or upgrade the CDC Replication software. You can install the CDC Replication software in the directory of your choice, however, it must be owned by the UNIX account.
Note the following before you install or upgrade IBM Data Replication - CDC Replication software on LinuxUNIXLinux or UNIX:
  • Do not install or upgrade IBM Data Replication - CDC Replication as a root user.
  • The installation directory requires file system permissions of 700 if you plan to use the same user account to install the product, create and configure instances, or upgrade the product.
  • The installation directory requires file system permissions of 770 if you plan to use different user accounts to install the product, create and configure instances, or upgrade the product.

Create a user account for the Oracle instance.

Before installing the CDC Replication software, make sure you review the specific grants required by the Oracle DBA. Use the sample ora-createuser.sql SQL script located in the installation directory to create an Oracle user with all the necessary DBA privileges that are required.

Optionally, you can create a user account that has read-only database connection to the source database. Specify that you want read only access and provide this user name when installing and configuring the CDC Replication software. Read-only database connection to the source database indicates that the user can only view data or mirror subscribed tables. The user cannot change any information. If you use a read-only user, you should also ensure you have enabled supplemental logging at the database table level, prior to installing and configuring the CDC Replication software.

Note: If you plan to use a read-only database connection, ensure that you have the DBMS_FLASHBACK Oracle supplied package installed. By default, this package is installed when you create an Oracle database and run the CATPROC.SQL script. No further action is required for this package. For more information about this package, refer to your Oracle documentation.

If your database instance is managed by Oracle Automatic Storage Manager (ASM), then you should already have an Oracle account for the ASM instance to which you want to connect. CDC Replication Engine for Oracle databases requires a user name and password so that it can connect to the ASM instance that corresponds to the node in the cluster. The ASM user must have SYSDBA privileges in order to log into ASM.

CDC Replication Engine for Db2 for z/OS® A z/OS user id must be created for the CDC Replication Engine for Db2 for z/OS instance to run under. When defining this user id, make sure to define an OMVS segment. This user id will become the owner of the IBM Data Replication for Db2 for z/OS metadata in IBM DB2 for z/OS and must have the SYSCTRL privilege (Member CHCGRNTA in the sample library can be used to grant this privilege).

The user account must also have:

  • SELECT authority for all tables to be replicated on the source database
  • INSERT, UPDATE, DELETE & SELECT authority for all tables that will be replicated on the target database.

You must have a DB2 user account for CDC Replication to connect to your DB2 database. The user account must have:

  • SELECT authority for all tables to be replicated on the source database
  • INSERT, UPDATE, DELETE & SELECT authority for all tables that will be replicated on the target database.

These authorities can be assigned explicitly, or implicitly by virtue of having one of these privileges over the higher level resource.