Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Source database privileges

 

PrivilegePurposeRevokable
alter user dbvrep quota unlimited on USERSdbvrep schema stores repository tables and needs quota on the tablespace that you provided.NO
grant create session to dbvrepdbvrep needs to be able to log on to the source database.NO
grant create table to dbvrepdbvrep schema creates internal tables for our internal data dictionaryNO
grant create view to dbvrepdbvrep schema creates views for our internal data dictionaryNO
grant create procedure to dbvrepdbvrep schema creates procedures for our internal data dictionaryNO
grant create sequence to dbvrepdbvrep schema creates sequences for our internal data dictionaryNO
grant alter database

...

to dbvrepduring initial setup db supplemental logging is added.After initial setup (all.sh), can be revoked
grant alter system

...

to dbvrepalter system switch logfilereplicate will work without this grant, but in some special cases may take longer to send a file (does not usually happen)
grant select, flashback on sys.col$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)

NO

grant select, flashback on sys.tab$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.obj$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.user$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.ind$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant execute on dbms_flashback to dbvrepto get current SCNNO
grant select on v_$log to dbvrepThe dbvrep schema needs to be able to view the Oracle Data Dictionary views to gain information regarding the redologs and archivelogsNO
grant select on v_$thread to dbvrepSame as v_$log grants aboveNO
grant select on v_$logfile to dbvrepSame as v_$log grants aboveNO
grant select on v_$archived_log to dbvrepSame as v_$log grants aboveNO
grant select on v_$database_incarnation to dbvrepdbvrep needs to obtain current resetlogs instantiation and SCNNO
grant select on v_$database to dbvrepdbvrep needs to obtain current resetlogs instantiation and SCNNO
grant select on v_$transaction to dbvrepMonitoring of opened transactionsNO
grant select on gv_$transaction to dbvrepMonitoring of opened transactionsNO

grant select on gv_$asm_client

Detection if ASM is used, and what ASM instanceNO
grant alter, select

...

, flashback on replicated tablesalter needed for adding supplemental logging

select and flashback can be revoked after LOAD instantiation method (or if it is not used)

alter table can be revoked after initial phase - all.sh script is run

grant alter any table to dbvrep

Needed for adding supplemental logging to newly created objects by DDL replication

ONLY granted when DDL replication enabled.

grant lock any table to dbvrepPrepare needs some safe point in time, when there are no transactions over the tables. In DDL replication needs obtain locks for newly created objectsONLY granted when DDL replication enabled.

 

Target database privileges

...