EXP-IMP privs to users in prod
Date: Thu, 19 Nov 2009 11:48:28 -0500
Message-ID: <5409709395C6884598ADE701EDED9ACD012B8111_at_CINMLVEM17.e2k.ad.ge.com>
Hi guys,
I have a question from a friend, he was told from his manager to give privs to common users to make exports and imports in production (in all databases I have under control we don't allow users to do this even in development).
We are thinking about advantages and disadvantages on this approach, right now we are concerned on disadvantages:
EXP:
- Users will be able to take export of everything they want, including huge tables (50M rows or more).
- If they do this locally (not sure if they have access) they may use all disk space.
- If they do this remotely, a huge export may take hours to complete.
- Performance may be affected for a huge export?
IMP:
- Data may get duplicated easily on tables w/o referential integrity and lack of control on imp operations.
- Users will be able to do exp and imp for tables they have granted accces by using exp_full_database and imp_full_database, including sys and system, check dangerous behaviour:
$ sqlplus "myuser"/mypass
SQL >insert into system.x values (3);
insert into system.x values (3)
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL >insert into other_user.x values (3); insert into other_user.x values (3)
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL >exit
$ sqlplus / as sysdba
SQL >grant imp_full_Database to "myuser";
Grant succeeded.
SQL >exit
$ sqlplus "myuser"/mypass
SQL >insert into other_user.x values (3);
1 row created.
SQL >insert into system.x values (3);
1 row created.
Is there any other disadvantage you can think of?
TIA
Regards,
Gabriel
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Nov 19 2009 - 10:48:28 CST