
	Home > Ask the Oracle Database / Applications Experts > Questions & Answers > Roles used for transferring data provide too many privileges

Ask The Oracle Expert: Questions & Answers

EMAIL THIS

Roles used for transferring data provide too many privileges

EXPERT RESPONSE FROM: Dan Norris

		Pose a Question

		Other Oracle Categories

		Meet all Oracle Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 19 November 2004
We are required to follow very strict security guidelines for our production databases. One of those guidelines states that a schema owner cannot have create session privileges, except when updating structures. Any user that can connect to the database cannot own any objects. Normally this is not a problem. We have one schema owner, and all users are granted specific access (through roles) to objects in that schema.
Here's my problem: we need to transfer data from one computer to another (not connected via a network) on a regular basis. We have worked out a process, using export and import, to do this. The user running this process must be able to connect to the database. However, this person cannot own any tables. In order to export and import from and to a different schema, they must have exp_full_database and imp_full_database roles. These roles provide way too many privileges (for example, create any table). Is there any other way around this? Any advice is appreciated!

Any user that is able to create tables in another schema will likely have too much privileges for the environment you're describing. Your standard is admirable, but it seems almost too restrictive to get the work done.

The only other potential solution for your problem (which has several restrictions of its own) is to use a logical standby database on one of the hosts. This may or may not work for you depending on your requirements. The logical standby database can be "fed" from archived redo logs. So, instead of doing an export on your primary and copying that file to the secondary server, copy the archived redo logs. Once they are restored to the secondary system, they can be applied to update the secondary server.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Oracle database security
	How to enable remote Oracle OS authentication with OS_AUTHENT_PREFIX
	Oracle delivers database fixes in Critical Patch Update
	How to use DBMS_CRYPTO package for Oracle password encryption/hashing
	How to decrypt an Oracle password using John the Ripper and checkpwd
	How to use the CREATE SESSION command to track Oracle database logins
	How to troubleshoot Oracle critical patch updates using OPatch
	Can I automate Oracle patching when installing Oracle Standard Edition?
	Is it possible to automate Oracle CPUs for a DoD project?
	Three steps to help improve Oracle database security
	Tips for auditing and securing database backups in Oracle

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Oracle White Papers: Fusion Middleware

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy