Create credential pools for source and target systems in the configuration.xml file to allow job changes at a global level. Each pool has a unique name, defines credentials for both source and target systems, and defines one or more users for each system. When creating a job, after specifying the credential pool by name, Data Mover examines the pool for the source and target system names and user profiles to randomly pick an available user for that job. If multiple ARC or DSA jobs are running that have the same target system, an available user from the pool that is not already being used by other ARC or DSA jobs is selected.
In addition to being able to pick from a pool of users for the specified systems, credential pools enable you to change passwords in one place for all users specified in the pool.
The job.useGroupUserIDPool property is included in the configuration.xml file as shown here:
<property>
<key>job.useGroupUserIdPool</key>
<value>false</value>
<description>Purpose: Use a source or target user from the pool of users. This enables changing password in a single place</description>
</property>
In the following configuration.xml example, a job.useGroupUserIDPool is true and two credential pools have been created.
<property>
<key>job.useGroupUserIdPool</key>
<value>true</value>
<groupPools>
<groupPool>
<name>POOL-1</name>
<system name="system1">
<user>
<name>admin</name>
<password>admin</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<!-- more systems -->
</groupPool>
<groupPool>
<name>POOL-2</name>
<system name="system2">
<user>
<name>dbc</name>
<password>dbc</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<system name="system3">
<user>
<name>user1</name>
<password>pass1</password>
<encrypted_password></encrypted_password>
</user>
<!-- more users -->
</system>
<!-- more systems -->
</groupPool>
</groupPools>
<description>Purpose: Use a source or target user from the pool of users. This enables changing password in a single place.</description>
</property>
In the following example of a job definition, a group user pool is used.<source_tdpid>system1</source_tdpid> <source_user></source_user> <source_password></source_password> <source_userid_pool>POOL-1</source_userid_pool> <target_tdpid>system2</target_tdpid> <target_user></target_user> <target_password></target_password> <target_userid_pool>POOL-1</target_userid_pool>
Usage Notes
- The name reservedUserPool cannot be used when defining a credential pool.
- Trying to specify source_userid_pool or target_userid_pool in the job definition when job.useGroupUserIdPool is set to false in configuration.xml results in an error.
- Trying to provide source_user and source_userid_pool in the same job definition results in a create time error. Only one method may be used for the source system. Data Mover chooses the user for the source system automatically from the specified pool when source_userid_pool is used.
- Trying to provide target_user and target_userid_pool in the same job definition results in a create time error. Only one method may be used for the target system. Data Mover chooses the user for the target system automatically from the specified pool when target_userid_pool is used.
- When source_userid_pool is specified and use_userid_pool is true or when target_userid_pool is specified and use_userid_pool in the same job definition, a create time error occurs.
- Different credential methods may be used for source and target. Providing source_user and target_userid_pool in the same job definition is valid. Providing target_user and source_userid_pool in the same job definition is also valid.
- When providing both source_userid_pool and target_userid_pool in the same job definition, the same credential pool must be used for both. Trying to specify one credential pool for the source and a different one for the target results in a create time error.
- When target_userid_pool is set, Data Mover chooses a user from the pool. If multiple ARC or DSA jobs are running at the same time and target_userid_pool is set and the pool has multiple users for the target system, Data Mover chooses an available user from the pool that is not already being used by other ARC or DSA jobs. This allows multiple ARC or DSA jobs to run at the same time. For Teradata PT API/JDBC jobs, Data Mover may choose the same target user for two or more jobs being run at the same time since there is no problem in multiple users being logged on to a target system at the same time. For ARC or DSA job source users, there are no restrictions to have the same user access the same system; therefore, Data Mover can choose the same user as the source user for different ARC or DSA jobs.
- When running an ARC or DSA job with target_userid_pool set and all target users in the pool are being used by other ARC or DSA tasks, the ARC or DSA task waits for the other tasks to complete and return the user to the pool. When the user is available in the pool, the waiting ARC or DSA task picks up the user.
- All users in the group user pool are marked as available every time the daemon is restarted or the job.useGroupUserIdPool configuration property is modified. Once a user is locked in one group, the same user for the same system in different groups (including in target user ID pool) is locked. Similarly, once a user is unlocked, the same user for the same system in different groups (including in target user ID pool) is unlocked.
- If an ARC or DSA job does not use the pool but defines a target system and target user that have been assigned to a pool, that user is marked unavailable by the pool until the ARC or DSA job is finished.
- If the target user specified in the job definition is part of a pool and that user is being used by another ARC or DSA job that uses the pool, the job fails because ARC and DSA do not allow the same user to logged on to the same target system at the same time.
- The credential pools feature is only available on Teradata systems. However, when running Hadoop jobs, the credential pools feature is still available on the Teradata system when designated as a source or target system. The Hadoop system requires that credentials are provided in the job definition.