Re: exporting

From: MJ Mody <emjay.mody_at_gmail.com>
Date: Thu, 11 Feb 2016 08:23:46 -0600
Message-Id: <A4DA192A-E380-4956-8B66-E09DAE655E48_at_gmail.com>

Echoing earlier comments from another post about use of ANY privileges. If your organization has an internal audit function or has an annual exercise with external auditors to audit your databases, this will most likely end up as a finding. A reasoning is this introduces additional threat vectors to a db.

A recommendation for such is to grant explicit privileges.

grant read, write on directory <dir_name> to user1; grant read, write on directory <dir_name> to user2;

Cheers

> On Feb 11, 2016, at 8:10 AM, Ruel, Chris <Chris.Ruel_at_lfg.com> wrote:
>
> Brian,
>
> It’s pretty straight forward. If you do not want to give the exporting user privileges to create their owner directories:
>
> grant create any directory to <exporting_user>;
>
> You can create the directory as a DBA/privilieged user and then grant permissions on it:
>
> Privileged User> create or replace directory my_datapump_dir as ‘<location>’;
>
> Privileged User> grant all on directory my_datapump_dir to <exporting_user>;
>
> --beside ALL, you can also grant READ or WRITE.
>
> Hope that helps,
>
> Chris..
>
>
> _____________________________________________________________________
> Chris Ruel * Oracle Database Administrator * Lincoln Financial Group
> cruel_at_lfg.com * Desk:317.759.2172 * Cell 317.523.8482
>
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Zelli, Brian
> Sent: Thursday, February 11, 2016 7:58 AM
> To: oracle-l (oracle-l_at_freelists.org)
> Subject: exporting
>
> I am trying to export a user’s schema in 11g. I have the script set up to run. It errors because of the directory.
> I can’t create the directory for that particular user because of insufficient privs.
>
> When I run it as system and specify the schema, it isn’t exporting. How do I get the create priv for that user?
>
> Brian
>
>
>
> This email message may contain legally privileged and/or confidential information. If you are not the intended recipient(s), or the employee or agent responsible for the delivery of this message to the intended recipient(s), you are hereby notified that any disclosure, copying, distribution, or use of this email message is prohibited. If you have received this message in error, please notify the sender immediately by e-mail and delete this email message from your computer. Thank you.
> Notice of Confidentiality: **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is privileged, confidential,
> or subject to copyright belonging to the Lincoln National Corporation family of
> companies. This E-mail is intended solely for the use of the individual or entity to
> which it is addressed. If you are not the intended recipient of this E-mail, you are
> hereby notified that any dissemination, distribution, copying, or action taken in
> relation to the contents of and attachments to this E-mail is strictly prohibited
> and may be unlawful. If you have received this E-mail in error, please notify the
> sender immediately and permanently delete the original and any copy of this E-mail
> and any printout. Thank You.**

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Feb 11 2016 - 15:23:46 CET

This message: [ Message body ]
Next message: John Hallas: "RE: Accidental Use of Oracle Active Data Guard"
Previous message: Dimensional DBA: "RE: Oracle Heap memory usage by listener"
In reply to: Ruel, Chris: "RE: exporting"
Next in thread: Zelli, Brian: "Re: exporting"
Maybe reply: Zelli, Brian: "Re: exporting"
Maybe reply: Niall Litchfield: "Re: exporting"
Maybe reply: Yusuf: "Re: exporting"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message