IMP非DBA用户导出的dmp数据文件，提示需要DBA

【问题背景】：

    DMP数据库文件在导入时，提示“IMP-00013只有 DBA 才能导入由其他 DBA 导出的文件”，在跟数据提供方确认是用的非DBA用户导出的，而且fromuser，touser的设置正确。

    虽然用户可以通过DBA临时授权能解决导入问题，却使我对这个问题充满疑惑，研究问题的根本原因，从而对oracle用户有了新的了解。

    执行导入dmp文件时候：

    IMP-00013: only a DBA can Import a file Exported by another DBA

    IMP-00000: Import terminated unsuccessfully

    

 【问题原因】

   比较两边用户的角色权限，‘XMISZH’多了‘IMP_FULL_DATABASE，EXP_FULL_DATABASE’权限。

在给导入用户增加‘IMP_FULL_DATABASE’增加授权，解决问题。

 【解决问题步骤】       

一、查询导出数据的用户具有的角色

1、select * from dba_role_privs where grantee='XMISZH';

GRANTEE GRANTED_ROLE ADMIN_OPTION DEFAULT_ROLE 

XMISZH  R_XMISZH NO YES 

XMISZH  IMP_FULL_DATABASE NO YES 

XMISZH  EXP_FULL_DATABASE NO YES 

XMISZH  RESOURCE NO YES 

2、结构

SQL> desc dba_role_privs

 Name                                      Null?    Type

 ----------------------------------------- -------- ----------------------------

 GRANTEE                                            VARCHAR2(30)

 GRANTED_ROLE                              NOT NULL VARCHAR2(30)

 ADMIN_OPTION                                       VARCHAR2(3)

 DEFAULT_ROLE                                       VARCHAR2(3)

3、查看当前用户的角色信息

select * from user_role_privs;

SQL> select * from user_role_privs;

USERNAME                       GRANTED_ROLE                   ADM DEF OS_

------------------------------ ------------------------------ --- --- ---

CBSSDATA                      CONNECT                        NO  YES NO

CBSSDATA                      DBA                            NO  YES NO

CBSSDATA                      RESOURCE                       NO  YES NO

SQL> show user;

USER is "CBSSDATA"

4、结构

SQL> desc user_role_privs

 Name                                      Null?    Type

 ----------------------------------------- -------- ----------------------------

 USERNAME                                           VARCHAR2(30)

 GRANTED_ROLE                                       VARCHAR2(30)

 ADMIN_OPTION                                       VARCHAR2(3)

 DEFAULT_ROLE                                       VARCHAR2(3)

 OS_GRANTED                                         VARCHAR2(3)

二、然后查询角色具有的系统权限 role_sys_privs

1、角色'R_XMISZH'

select * from role_sys_privs where role='R_XMISZH';

  ROLE     PRIVILEGE            ADMIN_OPTION 

  R_XMISZH CREATE PROCEDURE       NO 

  R_XMISZH CREATE DATABASE LINK   NO 

  R_XMISZH SELECT ANY SEQUENCE    NO 

  R_XMISZH SELECT ANY TABLE       NO 

  R_XMISZH CREATE ANY TABLE       NO 

  R_XMISZH SELECT ANY TRANSACTION NO 

  R_XMISZH CREATE VIEW            NO 

  R_XMISZH CREATE ANY INDEX       NO 

  R_XMISZH SELECT ANY DICTIONARY  NO 

2、角色 'RESOURCE'

select * from role_sys_privs where role='RESOURCE';

  ROLE     PRIVILEGE          ADMIN_OPTION 

  RESOURCE CREATE TRIGGER     NO 

  RESOURCE CREATE SEQUENCE    NO 

  RESOURCE CREATE CLUSTER     NO 

  RESOURCE CREATE TYPE        NO 

  RESOURCE CREATE PROCEDURE   NO 

  RESOURCE CREATE TABLE       NO 

  RESOURCE CREATE INDEXTYPE   NO 

  RESOURCE CREATE OPERATOR    NO 

3、角色'EXP_FULL_DATABASE'

select * from role_sys_privs where role='EXP_FULL_DATABASE';

  ROLE PRIVILEGE ADMIN_OPTION 

  EXP_FULL_DATABASE READ ANY FILE GROUP         NO 

  EXP_FULL_DATABASE EXECUTE ANY PROCEDURE       NO 

  EXP_FULL_DATABASE SELECT ANY SEQUENCE         NO 

  EXP_FULL_DATABASE RESUMABLE                   NO 

  EXP_FULL_DATABASE EXECUTE ANY TYPE            NO 

  EXP_FULL_DATABASE BACKUP ANY TABLE            NO 

  EXP_FULL_DATABASE ADMINISTER RESOURCE MANAGER NO 

  EXP_FULL_DATABASE SELECT ANY TABLE            NO 

  

  imp_full_databae 的权限较多，就不一一列举

  

4、结构

SQL> desc role_sys_privs;

 Name                                      Null?    Type

 ----------------------------------------- -------- ----------------------------

 ROLE                                      NOT NULL VARCHAR2(30)

 PRIVILEGE                                 NOT NULL VARCHAR2(40)

 ADMIN_OPTION                                       VARCHAR2(3)

 

 三、比较导出用户'XMISZH'和导入用户'XMISDATA'的角色差别，对导入用户grant相应的“IMP_FULL_DATABASE”角色，解决问题，数据导入成功。

 

SQL> grant imp_full_database to XMISDATA;  

结束语，对于问题的解决不要随意用DBA的最大权限去解决，要去分析问题的原因，才能对事物有更深的了解

=============================================================================================

===================================================================

a、ROLE_SYS_PRIVS    显示授予角色的系统权限

查看数据库的角色

SQL> select distinct role from role_sys_privs;

ROLE

------------------------------

CONNECT

RESOURCE

EXP_FULL_DATABASE

SCHEDULER_ADMIN

DBA

IMP_FULL_DATABASE

b、ROLE_SYS_PRIVS    显示授予角色的系统权限

SQL> desc dba_sys_privs;

 Name                                      Null?    Type

 ----------------------------------------- -------- ----------------------------

 GRANTEE                                   NOT NULL VARCHAR2(30)

 PRIVILEGE                                 NOT NULL VARCHAR2(40)

 ADMIN_OPTION                                       VARCHAR2(3)

 

SQL> select * from dba_sys_privs where grantee='XMIS';

GRANTEE                        PRIVILEGE                                ADM

------------------------------ ---------------------------------------- ---

XMIS                       SELECT ANY TRANSACTION                   NO

XMIS                       CREATE VIEW                              NO

XMIS                       CREATE ANY INDEX                         NO

XMIS                       CREATE SESSION                           NO

XMIS                       ALTER SYSTEM                             NO

c、查询某个用户具有的角色：

select grantee,granted_role from dba_role_privs where grantee='WJW';

查询某个用户具有的系统权限：

select grantee,privilege from dba_sys_privs where grantee='WJW';

查询某个角色中具有什么系统权限：

select privilege from role_sys_privs where role='RESOURCE';

查询某个角色中包含有什么角色

select granted_role from role_role_privs where role='SYSDBA';

转载自：http://blog.sina.com.cn/s/blog_53aed4430101abew.html