expdp逻辑导出时遭遇ORA-39181报错的处理

教程发布:风哥 教程分类:ITPUX技术网 更新日期:2022-02-12 浏览学习:842

expdp逻辑导出时遭遇ORA-39181报错的处理:

报错日志:
Processing object type DATABASE_EXPORT/SCHEMA/TYPE/GRANT/OWNER_GRANT/OBJECT_GRANT
. . exported "ORDDATA"."ORDDCM_DOCS" 177.5 KB 9 rows
. . exported "PM"."PRINT_MEDIA" 190.3 KB 4 rows
ORA-39181: Only partial table data may be exported due to fine grain access control on "OE"."PURCHASEOR
DER"
. . exported "OE"."PURCHASEORDER" 243.9 KB 132 rows
. . exported "SYSMAN"."MGMT_HC_VENDOR_SW_SUMMARY" 246.1 KB 2798 rows
. . exported "SH"."FWEEK_PSCAT_SALES_MV" 419.8 KB 11266 rows
. . exported "SYSMAN"."MGMT_IP_SQL_STATEMENTS" 120.2 KB 31 rows

问题描述:
ERROR:
ORA-39181 :only partial table data may be exported due to fine grain access control

This error appears trying to datapump export a table with FGAC policy enabled against it.

When Expdp runs as the schema owner, if fine grained policies are discovered on tables and if the exporting user has unrestricted access, then the entire table data is exported.

This is expected behavior.ORA-39181 is caused by an unprivileged user who tries to export a table with a fine grain access control policiy applied. The table owner is subject to access control and may not be able to export all rows in the table. Only the rows that can be seen by that user are exported. In order to preserve integrity of the table, the user importing the table should have enough privilege to recreate the table with the security policies at import time.

Action: It is strongly recommended that the database administrator handles the export of this table.

This as an informational message.

VPD and Oracle Label Security are not enforced during DIRECT path export and similarly, database users granted the EXEMPT ACCESS POLICY privilege, either directly or through a database role, are exempt from VPD enforcements. However, the following policy enforcement options remain in effect even when EXEMPT ACCESS POLICY is granted:

* INSERT_CONTROL, UPDATE_CONTROL, DELETE_CONTROL, WRITE_CONTROL, LABEL_UPDATE, and LABEL_DEFAULT

EXEMPT ACCESS POLICY is a strong privilege and must be granted with care. For example , grant it to the role exp_full_database role as this role is granted to admin users only.

问题解决:
To avoid this:

Grant the privilege EXEMPT ACCESS POLICY to the exporting user
SQL> grant EXEMPT ACCESS POLICY to system;

Grant succeeded.

-or-

Disable the VPD policy.

本文标签:
网站声明:本文由风哥整理发布,转载请保留此段声明,本站所有内容将不对其使用后果做任何承诺,请读者谨慎使用!
【上一篇】
【下一篇】