Command-level security
In the previous chapters, we discussed GoldenGate's command-line interface (GGSCI) in detail, conveying many useful commands, some of which are information only, while others change or add to the configuration. This could be deemed as a security risk, allowing users to misconfigure or even delete valid processes, potentially breaking your GoldenGate environment.
To avoid this risk, GoldenGate has a security feature that protects the environment at the command level. Here, users are restricted in the commands that they can execute from GGSCI.
The CMDSEC file
To enable Command-level security (CLS), we must first create a CMDSEC file in the GoldenGate Home directory. This text file should be created by the user responsible for the central administration of GoldenGate (normally oracle). It contains the security rules and controls that allow users to have access to certain GGSCI commands. Secondly, we must create additional OS users that wish to access GGSCI, such as the ogg_user...
