Help Center> Data Replication Service> Best Practices> Real-Time Synchronization> From On-premises Oracle to GaussDB Primary/Standby> Preparations
Updated on 2024-01-02 GMT+08:00
View PDF

Preparations

Permissions Required for UGO

  • The permission check for the source database must be passed. Table 1 lists the permissions that need to be checked when the source database type is Oracle.
    Table 1 Required checks

    Checked Item

    Description

    Mandatory

    DBMS_METADATA

    Permission to retrieve metadata from the Oracle database dictionary. This permission is used to obtain the DDL of schema objects.

    Yes

    Dynamic View

    Permission to access various dynamic performance views. This permission is used to obtain basic database information.

    Yes

    Schema Objects

    Permission to check schema objects to be evaluated. At least one object needs to be evaluated.

    Yes

    DBA

    DBA permission required for subsequent operations.

    No

    If Check Result is Alarm, some objects could not be collected because of permissions, but the evaluation project can still be created successfully.
  • When connecting to the target database, you must have the permissions needed to create, delete, and modify databases objects, such as schemas, tables, programs, indexes, users, functions, and views. For details, see Viewing the Permission Check Report.
  • You have the permissions needed to create an evaluation project. For details, see Permission Management.

For more information about permissions required for UGO, see Here.

Permissions Required for DRS

  • The permissions required by DRS for connecting to the Oracle database must meet the following requirements to ensure smooth data synchronization:
    • Full synchronization requires the following permissions: CREATE SESSION, SELECT ANY DICTIONARY, and SELECT for a single table (GRANT SELECT ON <userName.tbName> to drsUser).
    • Full+incremental synchronization and incremental synchronization:
      • Oracle 12c or later in tenant mode:

        To synchronize a container database (CDB) of Oracle 12c or later, you must have the following permissions: CREATE SESSION, SELECT ANY DICTIONARY, SELECT for a single table (GRANT SELECT ON <userName.tbName> to drsUser), EXECUTE_CATALOG_ROLE, SELECT ANY TRANSACTION, and LOGMINING.

        To synchronize a pluggable database (PDB) of Oracle 12c or later, you must have the following permissions: CREATE SESSION, SELECT ANY DICTIONARY, SELECT for a single table (GRANT SELECT ON <userName.tbName> to drsUser), EXECUTE_CATALOG_ROLE, SELECT ANY TRANSACTION, LOGMINING, and CREATE SESSION, SELECT ANY DICTIONARY, EXECUTE_CATALOG_ROLE, SELECT ANY TRANSACTION, LOGMINING and SET CONTAINER (GRANT SET CONTAINER TO <userName> CONTAINER=ALL) permissions for a CDB.

      • Oracle 12c or later in non-tenant mode:

        You must have the following permissions: CREATE SESSION, SELECT ANY DICTIONARY, SELECT for a single table (GRANT SELECT ON <userName.tbName> to drsUser), EXECUTE_CATALOG_ROLE, SELECT ANY TRANSACTION, and LOGMINING.

      • To synchronize a database of Oracle 11g or earlier, you must have the following permissions: CREATE SESSION, SELECT ANY DICTIONARY, SELECT for a single table (GRANT SELECT ON <userName.tbName> to drsUser), EXECUTE_CATALOG_ROLE, and SELECT ANY TRANSACTION.
    • During incremental synchronization, enable PK, UI, or ALL supplemental logging for the source Oracle database at the database level or table level. If supplemental logging is enabled at table level, enable supplemental logging again after you rebuild or rename tables. During the synchronization, ensure that the preceding settings are always enabled.
    • Oracle 12c or later does not support incremental synchronization using accounts whose ORACLE_MAINTAINED is Y (except system/sys), because accounts with this attribute do not have the permission to parse logs.
  • The permissions required by DRS for connecting to the GaussDB database must meet the following requirements to ensure smooth data synchronization:
    • Database-level permissions: Log in to the postgres base database as user root or user DATABASE with the Sysadmin role, and grant the CREATE and CONNECT permissions to user DATABASE.

      Statement: GRANT CREATE, CONNECT ON DATABASE <database> TO <user>

    • Schema-level permissions: Log in to the database as user root or user DATABASE with the Sysadmin role, or the owner of the database, and grant the CREATE and USAGE permissions of the schema to the user.

      Statement: GRANT CREATE, USAGE ON SCHEMA <schema> TO <user>

    • Table-level permissions: Log in to the database as user root or user DATABASE with the Sysadmin role, or the owner of the database, and grant the DML permission for tables in the schema to the user. (The SELECT permission is required only for tables without primary keys.)

      Statement for granting the DML permission on all tables in the schema: GRANT SELECT, UPDATE, INSERT, DELETE, INDEX, ALTER ON ALL TABLES IN SCHEMA <schema> TO <user>

      Statement for granting the DML permission on a specified table in the schema: GRANT SELECT, UPDATE, INSERT, DELETE, INDEX, ALTER ON TABLE <schema.table> TO <user>

For more information about permissions required for DRS, see Here.

Network Settings

Plan the network properly to ensure that the source Oracle database can be accessed by UGO and DRS.