on 01-18-2021 7:22 AM
For a replicated database environment, what is the recommended approach to replicate database user, to ensure that a user created in a consolidated database, gets replicated to remote databases?
To add new users, you would use SQL Remote Passthrough Mode. Here is an example:
passthrough for subscription to p;
grant connect to u1 identified by ...;
passthrough stop;
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, that table would then need to contain the password. I would really not do that. Is is possible to set the grant with a hashed string
GRANT CONNECT user1 identified by encrypted 'HASHED STRING'
If so, then I don't see the problem adding it to helper table.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PASSTHROUGH allows for operations to be defined at the consolidated to be sent to all remotes subscribed to a given publication or to the consolidated if initiated by a remote. If initiated by a remote, the operation is not sent to other remotes. For that requirement, you could use a table that is replicated that contains the operations and then using EXECUTE IMMEDIATE to run on each node or as a PASSTHROUGH at the consolidated once it replicates to that node.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PASSTHROUGH allows for operations to be defined at the consolidated to be sent to all remotes subscribed to a given publication or to the consolidated if initiated by a remote. If initiated by a remote, the operation is not sent to other remotes. For that requirement, you could use a table that is replicated that contains the operations and then using EXECUTE IMMEDIATE to run on each node or as a PASSTHROUGH at the consolidated once it replicates to that node.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chris,
Yes, we've tried that approach. However, in an environment with one consolidated database, and two or more remote databases, we run in to a problem if the password is changed at the remote site.
Changes can only be performed at the consolidated database. We need to also to add/change users on the remote databases.
Scenario 1: Change password of existing user on remote database
1. A: GRANT CONNECT TO U1 IDENTIFIED BY HELLO (add and or
2. DB REMOTE triggers and adds user to remote databases.
3. B: GRANT CONNECT TO UI IDENFITIED BY HELLO123 (change password)
4. The change is replicated from database B to A, but database C will never get the new passord.
Scenario 2: Similar if you create a user on a remote database it will only be replicated to the consolidated database, not to the other remote.
1. B: GRANT CONNECT TO U2 IDENTIFIED BY QWERTY
2. DB REMOTE triggers and add user to database
Database C will never receive the GRANT message to add the user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
8 | |
8 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.