Create user IDs - Connect_CDC - aws_mainframe_modernization_service - connect_cdc_mimix_share - Latest

AWS Mainframe Modernization - Data Replication for IBM i

Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
Language
English
Product name
AWS Mainframe Modernization
Title
AWS Mainframe Modernization - Data Replication for IBM i
Copyright
2024
First publish date
2003
Last updated
2024-02-01
Published on
2024-02-01T23:02:31.099696

Create user IDs and authorities required to install, test, and run Connect CDC. Although multiple IDs are described, you can combine their responsibilities under fewer IDs. For example, a single user with the QSECOFR profile along with one other user ID for testing could install, test, and run the product.

  • Connect CDC installation creates the OMNIENT user profile to own the objects initially installed in the product library.

Note: You must not modify the OMNIENT user profile or specify it for any of the users described below or elsewhere in the product.

The OMNIENT user ID is installed with these settings:

USER CLASS . . . . . . . . :   *SECOFR
SPECIAL AUTHORITY  . . . . :   *ALLOBJ
                               *JOBCTL
                               *SPLCTL

After installation is complete, change the password with WRKUSRPRF to a site-specific password. The OMNIENT user id has all the required privileges on the source. It is used for both replication (rep user) and the metabase owner. For a target-only IBM i, a user id with the same privileges should be created for the rep user and metabase owner.

This user profile owns all the metabase objects, including the journal and journal receivers created for the metabase. The user ID is used on connections to the metabase from the Connect CDC processes and Connect CDC Director. 

This user profile also owns objects created using these connections (such as lookup and shadow tables used by Connect CDC Director). 

You specify this user in the Connect CDC Director on the Server Properties tab by checking Rep user after entering the userid.

The Rep user requires the following authorities:

  • Authority to create a collection and create tables in the Connect CDC product library

  • Authority to read the system catalog to retrieve column information from sending and receiving tables

  • *ALLOBJ authorization privileges.

  • This is not required for Copy, since journaling of Copy sending tables is not required.

  • Create or make available an IBM i user profile for the system installer.

  • Make certain you have established a user profile with *SECOFR, *SECADM and *AUDIT permissions with:

  • Privileges to restore objects

  • Privileges to start/stop subsystems

  • All object authority

Note: Precisely advises against using the QSECOFR user.
  • Create a user profile for the metabase owner.

  • Make certain you have established a user profile with DB2 update (insert, update, delete) authority on the target tables.

The target table updater is a user profile, other than the metabase owner, that can sign on to the receiving server, select table and column names from the system catalog, start or end journaling for the receiving table (*ALL authority to the journal), and update the receiving table. This is the replication userid for bi-directional replication.

Note: When adding, updating, or deleting rows on the source table, be sure you are not using the replication user ID (rep user) to make these changes. Change capture ignores changes made by the replication user.
  • Define a LOCALHOST IP connection. This is especially important if you are using remote hosting (described in the Getting Started Guide). Use CFGTCP, Option 10, to view the host definitions.

        The standard for localhost is 127.0.0.1.

  • Similarly, define an INTRA connection.

Note: LOCALHOST, INTRA, and LOOPBACK are all required for Connect CDC.