...
Source database privileges
| Privilege | Purpose | Revokable |
|---|---|---|
| alter user dbvrep quota unlimited on USERS | dbvrep schema stores repository tables and needs quota on the tablespace that you provided. | NO |
| grant create session to dbvrep | dbvrep needs to be able to log on to the source database. | NO |
| grant create table to dbvrep | dbvrep schema creates internal tables for our internal data dictionary | NO |
| grant create view to dbvrep | dbvrep schema creates views for our internal data dictionary | NO |
| grant create procedure to dbvrep | dbvrep schema creates procedures for our internal data dictionary | NO |
| grant create sequence to dbvrep | dbvrep schema creates sequences for our internal data dictionary | NO |
| grant alter database |
...
| to dbvrep | during initial setup db supplemental logging is added. | After initial setup (all.sh), can be revoked |
| grant alter system |
...
| to dbvrep | alter system switch logfile | replicate will work without this grant, but in some special cases may take longer to send a file (does not usually happen) |
| grant select, flashback on sys.col$ to dbvrep | to load our internal dictionary (we need to translate object and column ids to names and datatypes) | NO |
| grant select, flashback on sys.tab$ to dbvrep | to load our internal dictionary (we need to translate object and column ids to names and datatypes) | NO |
| grant select, flashback on sys.obj$ to dbvrep | to load our internal dictionary (we need to translate object and column ids to names and datatypes) | NO |
| grant select, flashback on sys.user$ to dbvrep | to load our internal dictionary (we need to translate object and column ids to names and datatypes) | NO |
| grant select, flashback on sys.ind$ to dbvrep | to load our internal dictionary (we need to translate object and column ids to names and datatypes) | NO |
| grant execute on dbms_flashback to dbvrep | to get current SCN | NO |
| grant select on v_$log to dbvrep | The dbvrep schema needs to be able to view the Oracle Data Dictionary views to gain information regarding the redologs and archivelogs | NO |
| grant select on v_$thread to dbvrep | Same as v_$log grants above | NO |
| grant select on v_$logfile to dbvrep | Same as v_$log grants above | NO |
| grant select on v_$archived_log to dbvrep | Same as v_$log grants above | NO |
| grant select on v_$database_incarnation to dbvrep | dbvrep needs to obtain current resetlogs instantiation and SCN | NO |
| grant select on v_$database to dbvrep | dbvrep needs to obtain current resetlogs instantiation and SCN | NO |
| grant select on v_$transaction to dbvrep | Monitoring of opened transactions | NO |
| grant select on gv_$transaction to dbvrep | Monitoring of opened transactions | NO |
grant select on gv_$asm_client | Detection if ASM is used, and what ASM instance | NO |
| grant alter, select |
...
| , flashback on replicated tables | alter needed for adding supplemental logging | select and flashback can be revoked after LOAD instantiation method (or if it is not used) alter table can be revoked after initial phase - all.sh script is run |
grant alter any table to dbvrep | Needed for adding supplemental logging to newly created objects by DDL replication | ONLY granted when DDL replication enabled. |
| grant lock any table to dbvrep | Prepare needs some safe point in time, when there are no transactions over the tables. In DDL replication needs obtain locks for newly created objects | ONLY granted when DDL replication enabled. |
Target database privileges
...