Enabling Authorization for Data Change Notification CDB Insertions

(Not applicable to Online Data Proxy) All DCN requests are authorized by checking if the user making the request is in the “SUP DCN User” role within the security configuration of the request’s target package.

Often the DCN user is not a “real” user in the customer’s security systems, but rather an artificial technical user whose credentials are simply a shared secret between the EIS developer writing the DCN client code, and the platform administrator.

If your DCN user is not a "real" user, you may also consider using the PreconfiguredUserLoginModule as an alternative to HTTPS Basic.

In Sybase Control Center, ensure that the MBO package that is the target of DCN uses a security configuration that includes either HTTP Basic authentication or PreconfiguredUser.

Note: Sybase strongly recommends you do not use the "admin" security configuration for MBO packages. Keep your admin users and mobile users separate.
If you are using HTTPS Basic, thensure that the user name specified in the HTTPS Basic authentication response needs is formatted as:
dcnSubject@security_configuration
This format ensures that authentication/authorization happens in the correct security context.
Note: In some ActiveDirectory configurations, the username may have the form user@activeDirectoryDomain. If a DCN user is fred@acme.com, and the security configuration is named "myCustomConfig", then the username specified for DCN request must be "fred@acme.com@myCustomConfig".
If you are using PreconfiguredUser:
1. Stack this module in an appropriate order with your other LoginModules.
2. Set the username and password to something that you can share with the EIS developers who are writing the DCN sending logic, and set the Roles property to "SUP DCN User".
3. Ensure you set Control Flag to sufficient.