Privileges required

Dbvisit Replicate creates a user (also called a schema) with a small repository in the source and target database to keep track of the replication. 

The database grants and privileges required by Dbvisit Replicate are generated automatically by running the setup wizard. The setup wizard generates all the necessary scripts that create a new database users and grant all the privileges needed. This means it is very easy to review what actual privileges are necessary prior to actually executing the scripts and issuing the privileges. 

The following database privileges are required for Dbvisit Replicate:

Source database privileges

 

PrivilegePurposeRevokable
alter user dbvrep quota unlimited on USERSdbvrep schema stores repository tables and needs quota on the tablespace that you provided.NO
grant create session to dbvrepdbvrep needs to be able to log on to the source database.NO
grant create table to dbvrepdbvrep schema creates internal tables for our internal data dictionaryNO
grant create view to dbvrepdbvrep schema creates views for our internal data dictionaryNO
grant create procedure to dbvrepdbvrep schema creates procedures for our internal data dictionaryNO
grant create sequence to dbvrepdbvrep schema creates sequences for our internal data dictionaryNO
grant alter database to dbvrepduring initial setup db supplemental logging is added.After initial setup (all.sh), can be revoked
grant alter system to dbvrepalter system switch logfilereplicate will work without this grant, but in some special cases may take longer to send a file (does not usually happen)
grant select, flashback on sys.col$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)

NO

grant select, flashback on sys.tab$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.obj$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.user$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant select, flashback on sys.ind$ to dbvrepto load our internal dictionary (we need to translate object and column ids to names and datatypes)NO
grant execute on dbms_flashback to dbvrepto get current SCNNO
grant select on v_$log to dbvrepThe dbvrep schema needs to be able to view the Oracle Data Dictionary views to gain information regarding the redologs and archivelogsNO
grant select on v_$thread to dbvrepSame as v_$log grants aboveNO
grant select on v_$logfile to dbvrepSame as v_$log grants aboveNO
grant select on v_$archived_log to dbvrepSame as v_$log grants aboveNO
grant select on v_$database_incarnation to dbvrepdbvrep needs to obtain current resetlogs instantiation and SCNNO
grant select on v_$database to dbvrepdbvrep needs to obtain current resetlogs instantiation and SCNNO
grant select on v_$transaction to dbvrepMonitoring of opened transactionsNO
grant select on gv_$transaction to dbvrepMonitoring of opened transactionsNO

grant select on gv_$asm_client

Detection if ASM is used, and what ASM instanceNO
grant alter, select, flashback on replicated tablesalter needed for adding supplemental logging

select and flashback can be revoked after LOAD instantiation method (or if it is not used)

alter table can be revoked after initial phase - all.sh script is run

grant alter any table to dbvrep

Needed for adding supplemental logging to newly created objects by DDL replication

ONLY granted when DDL replication enabled.

grant lock any table to dbvrepPrepare needs some safe point in time, when there are no transactions over the tables. In DDL replication needs obtain locks for newly created objectsONLY granted when DDL replication enabled.

Target database privileges

  • grant create session
  • grant create table
  • grant create view
  • grant create sequence
  • grant create procedure
  • grant execute on dbms_flashback
  • grant select on v_$database
  • grant select on v_$mystat
  • grant select on v_$session
  • grant select on v_$lock
  • grant select on sys.user$
  • grant alter system
  • grant alter session
  • grants to insert, update and delete on replicated tables only

DDL replication

If DDL replication is enabled then the following grants are also performed: 

Source database

  • grant alter any table
  • grant lock any table

Target database

  • grant select any table
  • grant update any table
  • grant insert any table
  • grant delete any table
  • grant create any table
  • grant alter any table
  • grant drop any table
  • grant create any index
  • grant alter any index
  • grant drop any index
  • grant create any view
  • grant drop any view

Â