AllExperts > Experts 
Search      

Oracle

Volunteer
Answers to thousands of questions
 Home · More Questions · Answer Library  · Encyclopedia ·
More Oracle Answers
Question Library

Ask a question about Oracle
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About Peter Choi
Expertise
I am a senior Oracle DBA, PeopleSoft Administrator and Project Manager with 10 years experience. I have been working with PeopleSoft (HRMS 5, 7, 7.x and 8.9), Oracle RDBMS (7.3 - 10gR2) on various Unix and Windows platforms, and some Oracle Application Server (9i/10gR2). I also have experience with the configuration and administration of BEA`s Tuxedo and WebLogic for PeopleSoft 8.x.

 
   

You are here:  Experts > Computing/Technology > Oracle > Oracle > export security

Topic: Oracle


Expert: Peter Choi
Date: 6/21/2008
Subject: export security

Question
QUESTION: Hi Peter,

If i have dump file from other schema i can easily create newuser and write imp newuser/password
file=c:dump.dmp full=y
I ask about a sucirty or a way to prevent  import the dmp file until it has authority in any how ?

thanks alot  


ANSWER: Hi Sawsan,

Oracle assumes the individual taking the backup will be responsible for securing the dump file. You're right, if your backup dump file is left in the open (e.g. on a network drive, or copied to a CD-R) then someone who is Oracle savvy will be able to restore the dmp file to an oracle database with their own schema.

One way to prevent import in your database environments would be to remove IMPORT access to your users. DBAs may retain that privileges.

Hope this helps.

Peter

---------- FOLLOW-UP ----------

QUESTION: Thanks For Answer me fast ,
But in our system there is permission to users to make export for them data by system and put those
dump files  in operating system folder and if their data crash they can easy drop user and export
the user from dumps files by also system because you said there is no way to prevents them from
import those dump files to other schema ,I think that if i but those dump files  into   data base  
table they can't  get dump  files
so please tell me how with documents

regards  

Answer
Hi Sawsan,

I was referring to the Oracle ROLES (DBA_ROLES, USER_ROLES) that are associated and granted to individual Oracle user accounts. Some organizations choose to grant the privileges (such as IMPORT and EXPORT) to an Oracle users. This can be repetitive if I have many users. So to simplify security management, your DBA/Oracle administrator would create ROLES within the database. The privileges would be assigned to the roles and the roles then assigned to the specific user.

Reference: http://www.adp-gmbh.ch/ora/misc/users_roles_privs.html
http://www.techonthenet.com/oracle/grant_revoke.php

You can in theory lock down what tables your users may have access to by not permitting them SELECT privileges.

Hope this helps.

Peter  

Add to this Answer    Ask a Question



  Rate this Answer
   Was this answer helpful?
Not at allDefinitely              
   12345  

     
About Us | Advertise on This Site | User Agreement | Privacy Policy | Help
Copyright  © 2008 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.