Many Data Pump Export and Import operations require the user to have the DATAPUMP_EXP_FULL_DATABASE
role and/or the DATAPUMP_IMP_FULL_DATABASE
role. These roles are automatically defined for Oracle databases when you run the standard scripts that are part of database creation. (Note that although the names of these roles contain the word FULL, these roles actually apply to any privileged operations in any export or import mode, not only Full mode.)
The DATAPUMP_EXP_FULL_DATABASE
role affects only export operations. The DATAPUMP_IMP_FULL_DATABASE
role affects import operations and operations that use the Import SQLFILE
parameter. These roles allow users performing exports and imports to do the following:
Perform the operation outside the scope of their schema
Monitor jobs that were initiated by another user
Export objects (such as tablespace definitions) and import objects (such as directory definitions) that unprivileged users cannot reference
These are powerful roles. Database administrators should use caution when granting these roles to users.
Although the SYS
schema does not have either of these roles assigned to it, all security checks performed by Data Pump that require these roles also grant access to the SYS
schema.
If you receive an ORA-39181: Only Partial Data Exported Due to Fine Grain Access Control
error message, then see the My Oracle Support note 422480.1 at http://support.oracle.com
for information about security during an export of table data with fine-grained access control policies enabled.
Oracle Database Security Guide for more information about predefined roles in an Oracle Database installation