一直對 DATAPUMP_EXP_FULL_DATABASE 和 DATAPUMP_IMP_FULL_DATABASE 這兩個權限有誤解,以為是導全庫的時候才需要這個權限,翻了文檔後才知道,不是的.
Many Data Pump Export and Import operations require the user to have the DATAPUMP_EXP_FULL_DATABASE role and/or the DATAPUMP_IMP_FULL_DATABASE role. These roles are automatically defined for Oracle databases when you run the standard scripts that are part of database creation. (Note that although the names of these roles contain the word FULL, these roles are actually required for all export and import modes, not only Full mode.)
我們可以從$ORACLE_HOME/rdbms/admin/catdpb.sql 一窺該權限的全貌。
-- $ORACLE_HOME/rdbms/admin/catdpb.sql
...
Rem NAME
Rem catdpb.sql - Main install script for all DataPump package body
Rem components
...
-------------------------------------------------------------------------
Rem Set up application roles to to be enabled for privileged users
-------------------------------------------------------------------------
CREATE ROLE datapump_exp_full_database;
CREATE ROLE datapump_imp_full_database;
GRANT exp_full_database TO datapump_exp_full_database;
Rem Following grant needed for fgac test in dpx3f2
GRANT create table TO datapump_exp_full_database;
GRANT create session TO datapump_exp_full_database;
GRANT alter resource cost TO datapump_imp_full_database;
GRANT alter user TO datapump_imp_full_database;
GRANT audit any TO datapump_imp_full_database;
GRANT audit system TO datapump_imp_full_database;
GRANT create session TO datapump_imp_full_database;
GRANT alter profile TO datapump_imp_full_database;
GRANT create profile TO datapump_imp_full_database;
GRANT delete any table TO datapump_imp_full_database;
GRANT execute any operator TO datapump_imp_full_database;
GRANT grant any privilege TO datapump_imp_full_database;
GRANT grant any object privilege TO datapump_imp_full_database;
GRANT grant any role TO datapump_imp_full_database;
GRANT imp_full_database TO datapump_imp_full_database;
GRANT select any table TO datapump_imp_full_database;
GRANT alter database TO datapump_imp_full_database;
Rem The following grant is needed to make loopback network jobs work right
Rem Since the application role makes it disappear otherwise.
GRANT exp_full_database TO datapump_imp_full_database;
GRANT export full database TO dba;
GRANT import full database TO dba;
GRANT datapump_exp_full_database TO dba;
GRANT datapump_imp_full_database TO dba;
Rem DataPump roles are not documented so also grant them to old exp/imp roles
Rem Following grant needed for fgac test in dpx3f2
GRANT create table TO exp_full_database;
GRANT create session TO exp_full_database;
GRANT alter resource cost TO imp_full_database;
GRANT alter user TO imp_full_database;
GRANT audit any TO imp_full_database;
GRANT audit system TO imp_full_database;
GRANT create session TO imp_full_database;
GRANT alter profile TO imp_full_database;
GRANT create profile TO imp_full_database;
GRANT delete any table TO imp_full_database;
GRANT execute any operator TO imp_full_database;
GRANT grant any privilege TO imp_full_database;
GRANT grant any object privilege TO imp_full_database;
GRANT grant any role TO imp_full_database;
GRANT select any table TO imp_full_database;
GRANT alter database TO imp_full_database;
-------------------------------------------------------------------------
-- Public view defs (DBA_/USER_*) go here.
-------------------------------------------------------------------------
-- Fixed (virtual) View Declarations, Synonyms, and Grants
CREATE OR REPLACE VIEW SYS.V_$DATAPUMP_JOB AS
SELECT * FROM SYS.V$DATAPUMP_JOB;
CREATE OR REPLACE PUBLIC SYNONYM V$DATAPUMP_JOB FOR SYS.V_$DATAPUMP_JOB;
GRANT SELECT ON SYS.V_$DATAPUMP_JOB TO SELECT_CATALOG_ROLE;
CREATE OR REPLACE VIEW SYS.V_$DATAPUMP_SESSION AS
SELECT * FROM SYS.V$DATAPUMP_SESSION;
CREATE OR REPLACE PUBLIC SYNONYM V$DATAPUMP_SESSION FOR
SYS.V_$DATAPUMP_SESSION;
GRANT SELECT ON SYS.V_$DATAPUMP_SESSION TO SELECT_CATALOG_ROLE;
CREATE OR REPLACE VIEW SYS.GV_$DATAPUMP_JOB AS
SELECT * FROM SYS.GV$DATAPUMP_JOB;
CREATE OR REPLACE PUBLIC SYNONYM GV$DATAPUMP_JOB FOR SYS.GV_$DATAPUMP_JOB;
GRANT SELECT ON SYS.GV_$DATAPUMP_JOB TO SELECT_CATALOG_ROLE;
CREATE OR REPLACE VIEW SYS.GV_$DATAPUMP_SESSION AS
SELECT * FROM SYS.GV$DATAPUMP_SESSION;
CREATE OR REPLACE PUBLIC SYNONYM GV$DATAPUMP_SESSION FOR
SYS.GV_$DATAPUMP_SESSION;
GRANT SELECT ON SYS.GV_$DATAPUMP_SESSION TO SELECT_CATALOG_ROLE;
版權聲明:本文為CSDN部落客「weixin_33681778」的原創文章,遵循CC 4.0 BY-SA版權協定,轉載請附上原文出處連結及本聲明。
原文連結:https://blog.csdn.net/weixin_33681778/article/details/91671303