Dears,
In this blog let us take a look @ list of all privileges that were granted to DATAPUMP_EXP_FULL_DATABASE & DATAPUMP_IMP_FULL_DATABASE roles.
I was in search for this to determine which of this 2 is a super role...
IMP_FULL_DATABASE or DATAPUMP_IMP_FULL_DATABASE
EXP_FULL_DATABASE or DATAPUMP_EXP_FULL_DATABASE
The result is the DATAPUMP roles above were granted with *P_FULL_DATABASE role. So it is obvious that the DATAPUMP_IMP/EXP_FULL_DATABASE is a super role.
SQL> show con_name
CON_NAME
SQL> select * from dba_role_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
SQL> select * from dba_sys_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
SQL> select * from dba_role_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
SQL> select * from dba_sys_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
14 rows selected.
Case 2: In a pdb..
CON_NAME
SQL> select * from dba_role_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
SQL> select * from dba_sys_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
SQL> select * from dba_role_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
SQL> select * from dba_sys_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
14 rows selected.
Thank you for your visit to the blog.
Thanks again!
In this blog let us take a look @ list of all privileges that were granted to DATAPUMP_EXP_FULL_DATABASE & DATAPUMP_IMP_FULL_DATABASE roles.
I was in search for this to determine which of this 2 is a super role...
IMP_FULL_DATABASE or DATAPUMP_IMP_FULL_DATABASE
EXP_FULL_DATABASE or DATAPUMP_EXP_FULL_DATABASE
The result is the DATAPUMP roles above were granted with *P_FULL_DATABASE role. So it is obvious that the DATAPUMP_IMP/EXP_FULL_DATABASE is a super role.
Case 1: In a root container...
SQL> show con_name
CON_NAME
------------------------------
CDB$ROOT
SQL> select * from dba_role_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
---------------------------------------- ------------------------------ --- --- ---
DATAPUMP_EXP_FULL_DATABASE EXP_FULL_DATABASE NO YES YES
SQL> select * from dba_sys_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
---------------------------------------- ------------------------------ --- ---
DATAPUMP_EXP_FULL_DATABASE CREATE TABLE NO YES
DATAPUMP_EXP_FULL_DATABASE CREATE SESSION NO YES
SQL> select * from dba_role_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
---------------------------------------- ------------------------------ --- --- ---
DATAPUMP_IMP_FULL_DATABASE EXP_FULL_DATABASE NO YES YES
DATAPUMP_IMP_FULL_DATABASE IMP_FULL_DATABASE NO YES YES
SQL> select * from dba_sys_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
---------------------------------------- ------------------------------ --- ---
DATAPUMP_IMP_FULL_DATABASE GRANT ANY OBJECT PRIVILEGE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER RESOURCE COST NO YES
DATAPUMP_IMP_FULL_DATABASE GRANT ANY ROLE NO YES
DATAPUMP_IMP_FULL_DATABASE CREATE SESSION NO YES
DATAPUMP_IMP_FULL_DATABASE AUDIT ANY NO YES
DATAPUMP_IMP_FULL_DATABASE EXECUTE ANY OPERATOR NO YES
DATAPUMP_IMP_FULL_DATABASE GRANT ANY PRIVILEGE NO YES
DATAPUMP_IMP_FULL_DATABASE SELECT ANY TABLE NO YES
DATAPUMP_IMP_FULL_DATABASE AUDIT SYSTEM NO YES
DATAPUMP_IMP_FULL_DATABASE CREATE PROFILE NO YES
DATAPUMP_IMP_FULL_DATABASE DELETE ANY TABLE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER USER NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER PROFILE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER DATABASE NO YES
14 rows selected.
Case 2: In a pdb..
SQL> show con_name;
CON_NAME
------------------------------
PDB2
SQL> select * from dba_role_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
---------------------------------------- ------------------------------ --- --- ---
DATAPUMP_EXP_FULL_DATABASE EXP_FULL_DATABASE NO YES YES
SQL> select * from dba_sys_privs where grantee='DATAPUMP_EXP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
---------------------------------------- ------------------------------ --- ---
DATAPUMP_EXP_FULL_DATABASE CREATE TABLE NO YES
DATAPUMP_EXP_FULL_DATABASE CREATE SESSION NO YES
SQL> select * from dba_role_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE GRANTED_ROLE ADM DEF COM
---------------------------------------- ------------------------------ --- --- ---
DATAPUMP_IMP_FULL_DATABASE EXP_FULL_DATABASE NO YES YES
DATAPUMP_IMP_FULL_DATABASE IMP_FULL_DATABASE NO YES YES
SQL> select * from dba_sys_privs where grantee='DATAPUMP_IMP_FULL_DATABASE';
GRANTEE PRIVILEGE ADM COM
---------------------------------------- ------------------------------ --- ---
DATAPUMP_IMP_FULL_DATABASE GRANT ANY OBJECT PRIVILEGE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER RESOURCE COST NO YES
DATAPUMP_IMP_FULL_DATABASE GRANT ANY ROLE NO YES
DATAPUMP_IMP_FULL_DATABASE CREATE SESSION NO YES
DATAPUMP_IMP_FULL_DATABASE AUDIT ANY NO YES
DATAPUMP_IMP_FULL_DATABASE EXECUTE ANY OPERATOR NO YES
DATAPUMP_IMP_FULL_DATABASE GRANT ANY PRIVILEGE NO YES
DATAPUMP_IMP_FULL_DATABASE SELECT ANY TABLE NO YES
DATAPUMP_IMP_FULL_DATABASE AUDIT SYSTEM NO YES
DATAPUMP_IMP_FULL_DATABASE CREATE PROFILE NO YES
DATAPUMP_IMP_FULL_DATABASE DELETE ANY TABLE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER USER NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER PROFILE NO YES
DATAPUMP_IMP_FULL_DATABASE ALTER DATABASE NO YES
14 rows selected.
Thank you for your visit to the blog.
Thanks again!
No comments:
Post a Comment