Just something I ran into as a beware for anyone migrating from 11.2 or earlier with datapump - I'm not sure if the same would apply to a DBUA migration but I imagine it would as well.
I just did an upgrade from 11.2.0.3 to 19.3 using datapump over network link, and found something out that was missed in initial testing, as the application admin did not test as an ordinary user but just tested the programs that populate the database, reports etc.
The application that users connect with assigns a role to the user logging in, and runs some embedded SQL like this: “_SET ROLE <ROLE_NAME> IDENTIFIED BY <ROLEPWD>_” - so when users went to log in as normal users they got an ORA- 01031 insufficient privileges error.
I was stymied by why they could not log in with the application since they had all the necessary roles assigned, then noticed I could not assign the role as a default role without it just reverting to NO, so I had the developer check the code in the application and when a user was created it assigned several roles, with all but one being set as default roles, that was the password authenticated role being set in the application when the user logs in.
When I saw this I assumed the role was not originally created with the password in uppercase, so I did an ALTER ROLE ROLE_NAME IDENTIFIED BY <ROLEPWD> with the ROLEPWD in all uppercase and it solved the issue.
What I found strange was I was testing the SET ROLE command in a session with lowercase version of the password and it was still returning an ORA-01979 missing or invalid password for role.. error - so I am assuming when they created the role originally they must have used an initial uppercase password or some strange combination of lower and upper caps.
I am curious if there is some way to see the original role password, I imagine it is encrypted in the dump file the same as it is in the DDL for the role on the 11.2 database - I am just curious more than anything, since the issue has been since solved.