Database Reference
In-Depth Information
Step 2. Granting Access to the Directory
You need to grant permissions on the database directory object to a user that wants to use Data Pump. Use the
GRANT
statement to allocate the appropriate privileges. If you want a user to be able to read from and write to the directory,
you must grant security access. This example grants access to the directory object to a user named
MV_MAINT
:
SQL> grant read, write on directory dp_dir to mv_maint;
All directory objects are owned by the
SYS
user. If you're using a user account that has the DBA role granted to it,
then you have the requisite read/write privileges on any directory objects. I usually perform Data Pump jobs with a
user that has the DBA granted to it (so that I don't need to bother with granting access).
SeCUrItY ISSUeS WIth the OLD eXp UtILItY
the idea behind creating directory objects and then granting specific I/O access to the physical storage location
is that you can more securely administer which users have the capability to generate read and write activities
when normally they wouldn't have permissions. With the legacy
exp
utility, any user that has access to the tool by
default has access to write or read a file to which the owner (usually
oracle
) of the Oracle binaries has access.
It's conceivable that a malicious non-
oracle
OS user can attempt to run the
exp
utility to purposely overwrite a
critical database file. For example, the following command can be run by any non-
oracle
OS user with execute
access to the
exp
utility:
$ exp heera/foo file=/oradata04/SCRKDV12/users01.dbf
the
exp
process runs as the
oracle
OS user and therefore has read and write OS privileges on any
oracle
-
owned data files. In this
exp
example, if the
users01.dbf
file is a live database data file, it's overwritten and
rendered worthless. this can cause catastrophic damage to your database.
to prevent such issues, with Oracle Data pump you first have to create a database object directory that maps to
a specific directory and then additionally assign read and write privileges to that directory per user. thus, Data
pump doesn't have the security problems that exist with the old
exp
utility.
Step 3. Taking an Export
When the directory object and grants are in place, you can use Data Pump to export information from a database. The
simple example in this section shows how to export a table. Later sections in this chapter describe in detail the various
ways in which you can export data. The point here is to work through an example that will provide a foundation for
understanding more complex topics that follow.
As a non-
SYS
user, create a table, and populate it with some data:
SQL> create table inv(inv_id number);
SQL> insert into inv values (123);
Next, as a non-
SYS
user, export the table. This example uses the previously created directory, named
DP_DIR
. Data
Pump uses the directory path specified by the directory object as the location on disk to which to write the dump file
and log file:
$ expdp mv_maint/foo directory=dp_dir tables=inv dumpfile=exp.dmp logfile=exp.log
