Data Mover allows you to create pools of credentials for source and target systems in configuration.xml file to allow job changes at a global level. Each pool has a unique name, defines credentials for both source and target systems, and defines one or more users for each system. When creating a job, you specify the credential pool by name; Data Mover examines the pool for the source and target system names and user profiles, and randomly picks an available user for that job. If multiple ARC jobs are running that have the same target system Data Mover chooses an available user from the pool that is not already being used by other ARC jobs.
In addition to being able to pick from a pool of users for the specified systems, credential pools enable you to change passwords in one place for all users specified in the pool.
With new installations or upgrades to Data Mover Version 14.11 or later, the property job.useGroupUserIDPool is included in the configuration.xml file as shown here:
<property>
<key>job.useGroupUserIdPool</key>
<value>false</value>
<description>Purpose: Use a source or target user from the pool of users. This enables changing password in a single place</description>
</property>
In the following configuration.xml example, a job.useGroupUserIDPool is true and two credential pools have been created.
<property>
<key>job.useGroupUserIdPool</key>
<value>true</value>
<groupPools>
<groupPool>
<name>POOL-1</name>
<system name="system1">
<user>
<name>admin</name>
<password>admin</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<!-- more systems -->
</groupPool>
<groupPool>
<name>POOL-2</name>
<system name="system2">
<user>
<name>dbc</name>
<password>dbc</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<system name="system3">
<user>
<name>user1</name>
<password>pass1</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<!-- more systems -->
</groupPool>
</groupPools>
<description>Purpose: Use a source or target user from the pool of users. This enables changing password in a single place.</description>
</property>
In the following example of a job definition, a group user pool is used.<source_tdpid>system1</source_tdpid> <source_user></source_user> <source_password></source_password> <source_userid_pool>POOL-1</source_userid_pool> <target_tdpid>system2</target_tdpid> <target_user></target_user> <target_password></target_password> <target_userid_pool>POOL-1</target_userid_pool>
Usage Notes
- The name reservedUserPool cannot be used when defining a credential pool.
- Trying to specify source_userid_pool or target_userid_pool in the job definition when job.useGroupUserIdPool is set to false in configuration.xml results in an error.
- Trying to provide source_user and source_userid_pool in the same job definition results in a create time error. Only one method may be used for the source system. Data Mover chooses the user for the source system automatically from the specified pool when source_userid_pool is used.
- Trying to provide target_user and target_userid_pool in the same job definition results in a create time error. Only one method may be used for the target system. Data Mover chooses the user for the target system automatically from the specified pool when target_userid_pool is used.
- When source_userid_pool is specified and use_userid_pool is true or when target_userid_pool is specified and use_userid_pool in the same job definition, a create time error occurs.
- Different credential methods may be used for source and target. Providing source_user and target_userid_pool in the same job definition is valid. Providing target_user and source_userid_pool in the same job definition is also valid.
- When providing both source_userid_pool and target_userid_pool in the same job definition, the same credential pool must be used for both. Trying to specify one credential pool for the source and a different one for the target results in a create time error.
- When target_userid_pool is set, Data Mover chooses a user from the pool. If multiple ARC jobs are being run at the same time and target_userid_pool is set and the pool has multiple users for the target system, Data Mover chooses an available user from the pool that is not already being used by other ARC jobs. This allows multiple ARC jobs to run at the same time. For Teradata PT API/JDBC jobs, Data Mover may choose the same target user for two or more jobs being run at the same time since there is no problem in multiple users being logged in to a target system at the same time. For ARC job source user, there is no restriction to have the same user access the same system; therefore, Data Mover can choose the same user as the source user for different ARC jobs.
- When running an ARC job with target_userid_pool set and all target users in the pool are being used by other ARC tasks, the ARC task waits for the other tasks to complete and return the user to the pool. When the user is available in the pool, the waiting ARC task picks up the user.
- All users in the group user pool are marked as available every time the daemon is restarted or the job.useGroupUserIdPool configuration property is modified. Once a user is locked in one group, the same user for the same system in different groups (including in target user ID pool) is locked. Similarly, once a user is unlocked, the same user for the same system in different groups (including in target user ID pool) is unlocked.
- If an ARC job does not use the pool but defines a target system and target user that have been assigned to a pool, that user will be marked unavailable by the pool until the ARC job is finished.
- If the target user specified in the job definition is part of a pool and that user is being used by another ARC job that uses the pool, the job fails because ARC does not allow the same user to log onto the same target system at the same time.