# Secure your App using credentials

Username and Password can be used to keep your DBSync Cloud Replication more secured. The below steps should be followed to setup username and password.

* Go to **Install Folder** > **conf** > **tomcat-users.xml**
* **tomcat-users.xml** should be edited by including the below code at the end just before **\</tomcat-users>**

> \<role rolename="manager"/>\
> &#x20;  \<role rolename="tomcat"/>\
> &#x20;  \<role rolename="admin"/>\
> &#x20;  \<role rolename="role1"/>\
> &#x20;  \<role rolename="dbsync"/>\
> &#x20;  \<user username="manager" password="manager" roles="manager"/>\
> &#x20;  \<user username="both" password="tomcat" roles="tomcat,role1"/>\
> &#x20;  \<user username="tomcat" password="tomcat" roles="tomcat"/>\
> &#x20;  \<user username="role1" password="tomcat" roles="role1"/>\
> &#x20;  \<user username="adminuser" password="adminpassword" roles="admin"/>\
> &#x20;  \<user username="repl" password="avankia1" roles="dbsync"/>

* In this code, you need to specify the username and password that you would like to setup for admin role.
* In this example, username is adminuser and password is adminpassword for role admin.

> \<security-constraint>\
> &#x20;  \<web-resource-collection>\
> &#x20;     \<web-resource-name>**admin**\</web-resource-name>\
> &#x20;     \<url-pattern>/\*\</url-pattern>\
> &#x20;                 \<http-method>GET\</http-method>\
> &#x20;               \<http-method>POST\</http-method>\
> &#x20;   \</web-resource-collection>\
> &#x20;   \<auth-constraint>\
> &#x20;     \<role-name>tomcat\</role-name>\
> &#x20;                 \<role-name>**admin**\</role-name>\
> &#x20;   \</auth-constraint>\
> \</security-constraint>\
> \<login-config>\
> &#x20;      \<auth-method>BASIC\</auth-method>\
> \</login-config>
>
> \<security-role>\
> &#x20;    \<role-name>**admin**\</role-name>\
> \</security-role>

* Save these changes and close **web.xml**
* Restart tomcat and try to access DBSync Cloud Replication User Interface.

<br>