ful exp/full imp grant lets u select/drop any tables... how to avoid that ?
hello all,
we are trying to do nightly exp as our backup for some schema...and the shell script that we were using have the system password hard coded into the script and we want to avoid that...so i try creating another user who can do exp/imp...and this is what my create user statement looked like...by give full exp/full imp grant...
CREATE USER test
IDENTIFIED BY VALUES 'PASS'
DEFAULT TABLESPACE USERS
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
-- 3 Roles for test
GRANT IMP_FULL_DATABASE TO test;
GRANT CONNECT TO test;
GRANT EXP_FULL_DATABASE TO test;
ALTER USER test DEFAULT ROLE ALL;
-- 1 System Privilege for test
GRANT UNLIMITED TABLESPACE TO test;
but now here is the thing...this user test is able to query every single table in any schema....or drop anything ...how can i prevent that...
all i want to do for test user is to do exp/imp and nothing else....the user can do select on any table but cant alter or drop anything...what grants to give for that ?? just exp/imp ....
or else how can i avoid hard codding the password into my shell script ?? i can have a parfile but then again that will have to have the password...and we r trying to avoid that...