[Chapter 15] 15.2 DBMS_REPCAT_ADMIN: Setting Up More Administrator AccountsChapter 15Advanced Replication 15.2 DBMS_REPCAT_ADMIN: Setting Up More Administrator AccountsAlong with DBMS_REPCAT_AUTH, use the DBMS_REPCAT_ADMIN package to create administrator accounts for replication. This section explains how to do so. 15.2.1 Getting Started with DBMS_REPCAT_ADMINThe DBMS_REPCAT_ADMIN package is created when the Oracle database is installed. The dbmsrepc.sql script (found in the built-in packages source directory, as described in Chapter 1) contains the source code for this package's specification. This script is called by catrep.sql, which must be run to install the advanced replication packages. The wrapped sql script prvtrepc.sql creates the public synonym DBMS_REPCAT_ADMIN. No EXECUTE privileges are granted on DBMS_REPCAT_ADMIN; only the owner (SYS) and those with the EXECUTE ANY PROCEDURE system privilege may execute the package.15.2.1.1 DBMS_REPCAT_ADMIN programsTable 15.2 lists the programs in DBMS_REPCAT_ADMINTable 15.2: DBMS_REPCAT_ADMIN Program NameDescriptionUse in SQL?GRANT_ADMIN_ANY_REPGROUPGrants privileges required to administer any replication group at the current site NoGRANT_ADMIN_ANY_REPSCHEMA(Oracle8)Grants privileges required to administer any replication schema at the current siteNoGRANT_ADMIN_REPGROUPGrants privileges required to administer the replication group for which the user is the schema ownerNoGRANT_ADMIN_REPSCHEMA(Oracle8)Grants privileges required to administer the replication schema for which the user is the schema ownerNoREVOKE_ADMIN_ANY_REPGROUPRevokes privileges required to administer all replication groupsNoREVOKE_ADMIN_ANY_REPSCHEMA(Oracle8)Revokes privileges required to administer all replication schemasNoREVOKE_ADMIN_REPGROUPRevokes privileges required to administer the replication group for which the user is the schema ownerNoREVOKE_ADMIN_REPSCHEMA(Oracle8)Revokes privileges required to administer the replication schema for which the user is the schema owner.No15.2.1.2 DBMS_REPCAT_ADMIN exceptionsThe DBMS_REPCAT_ADMIN package may raise exception ORA-1917 if the specified user does not exist.NOTE: Oracle8 documents only the REPGROUP procedures, although the REPSCHEMA procedures also exist. The functionality is identical.15.2.2 Creating and Dropping Replication Administrator AccountsAdvanced replication also requires an account to maintain the environment. The replication administrator account (usually REPADMIN) performs tasks such as quiescing the environment, adding and removing master sites, and creating replication groups. For example, you'll use DBMS_REPCAT's ADMIN.GRANT_ADMIN_ANY_REPGROUP procedure to set up the replication administrator account to maintain all replication groups in your environment. You can also configure an account to control exactly one schema in a replication group with the GRANT_ADMIN_REPGROUP procedure. The recipient of this grant will be able to perform administrative tasks on objects it owns within a replication group; the account will not be able to administer objects it does not own. Because of this restriction, it usually makes sense to create administrative accounts for a specific group only if it is a single schema replication group and the administrative account is the schema account.In most cases, the DBA opts for using a single replication administrator account over creating administrative accounts for every replication group.15.2.2.1 The DBMS_REPCAT_ADMIN.GRANT_ADMIN_REPGROUP procedureThe GRANT_ADMIN_REPGROUP procedure grants the privileges required to administer a replication group for which the user is the schema owner. The specification is,PROCEDURE DBMS_REPCAT_ADMIN.GRANT_ADMIN_REPGROUP (userid IN VARCHAR2);where userid is the Oracle userid for whom you are granting privileges.15.2.2.1.1 ExceptionsDBMS_REPCAT_ADMIN.GRANT_ADMIN.REPGROUP may raise exception ORA-1917 if the specified user does not exist.15.2.2.1.2 ExampleThis call configures the SPROCKET account to administer its objects in a replication group:BEGIN DBMS_REPCAT_ADMIN.GRANT_ADMIN_REPGROUP('SPROCKET'); END;This approach is most viable when the name of the replication group is the same as the name of the schema, and when all objects in the replication group belong to that schema.15.2.2.2 The DBMS_REPCAT_ADMIN.REVOKE_ADMIN_REPGROUP procedureThe REVOKE_ADMIN_REPGROUP procedure revokes the privileges required to administer the replication group for which the user is the schema owner. The specification is:PROCEDURE DBMS_REPCAT_ADMIN.REVOKE_ADMIN_REPGROUP (userid IN VARCHAR2);where userid is the Oracle userid for whom you are revoking privileges.15.2.2.2.1 ExceptionsDBMS_REPCAT_ADMIN.REVOKE_ADMIN_REPGROUP may raise exception ORA-1917 if the specified user does not exist.15.2.2.3 The DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP procedureThe GRANT_ADMIN_ANY_REPGROUP procedure grants the privileges required to administer any replication group at the current site. The specification is,PROCEDURE DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP (userid IN VARCHAR2);where userid is the Oracle userid for whom you are granting privileges.15.2.2.3.1 ExceptionsDBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP may raise exception ORA-1917 if the specified user does not exist.15.2.2.3.2 ExampleThe following call supplies the REPADMIN account with privileges to perform maintenance operations on all replication groups at the site:BEGIN DBMS_REPCAT_ADMIN.GRANT_ADMIN_ANY_REPGROUP('REPADMIN'); END;NOTE: Be sure to set up a replication administrator account at every master site of a multimaster replication environment. In addition, administration will be easiest if you use the same account name in all locations.15.2.2.4 The DBMS_REPCAT_ADMIN.REVOKE_ADMIN_ANY_REPGROUP procedureThe REVOKE_ADMIN_ANY_REPGROUP procedure revokes the privileges required to administer any replication group at the current site. The specification is,PROCEDURE DBMS_REPCAT_ADMIN.REVOKE_ADMIN_ANY_REPGROUP (userid IN VARCHAR2);where userid is the Oracle userid for whom you are revoking privileges.15.2.2.4.1 ExceptionsDBMS_REPCAT_ADMIN.REVOKE_ANY_REPGROUP may raise exception ORA-1917 if the specified user does not exist.15.2.2.4.2 ExampleThis call revokes replication administrator privileges from the REPADMIN account:BEGIN DBMS_REPCAT_ADMIN.REVOKE_ADMIN_ANY_REPGROUP('REPADMIN'); END;15.1 DBMS_REPCAT_AUTH: Setting Up Administrative Accounts15.3 DBMS_REPCAT: Replication Environment Administration Copyright (c) 2000 O'Reilly & Associates. All rights reserved.