Re: Any valid security concerns using Data Pump over conventional exp/imp?
- From: Karl Arao <karlarao@xxxxxxxxx>
- To: bwmyers@xxxxxxxxx
- Date: Thu, 2 Sep 2010 19:23:40 +0800
You could explore Sudoers on expdp.. and create particular user that wish to
do the export. I know we had this requirement before where specific OS users
were requesting expdp privileges and the in-house DBA is hesitant (security
concerns). I've forgotten the full details about it, but here's the sample
sudoers file
-------------------------------------------------
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias EXPORT = /oracle/product/10.2/bin/exp,
/oracle/product/10.2/bin/expdp
Cmnd_Alias NO_ORA_BIN = !/oracle/product/10.2/bin/*
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
%ora_exp_users oel11g=NO_ORA_BIN, EXPORT
-------------------------------------------------
Just sharing it to you to explore, but.. I advise you do it first on your
test VMs/environment.
--
Karl Arao
karlarao.wordpress.com
karlarao.tiddlyspot.com
Other related posts: