Scribd
Upload
286 views

Imp Scripts

This document contains scripts for monitoring Oracle Data Pump imports and exports, checking roles and privileges granted to a user, and listing system privilege and role grants. The scripts use Oracle data dictionary views like DBA_USERS, DBA_ROLE_PRIVS, and DBA_SYS_PRIVS to show users, roles, privileges and their relationships.

Uploaded by

shubhrobhattacharya
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
286 views

Imp Scripts

This document contains scripts for monitoring Oracle Data Pump imports and exports, checking roles and privileges granted to a user, and listing system privilege and role grants. The scripts use Oracle data dictionary views like DBA_USERS, DBA_ROLE_PRIVS, and DBA_SYS_PRIVS to show users, roles, privileges and their relationships.

Uploaded by

shubhrobhattacharya
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

SCRIPTS REQUIRED:-

SCRIPT TO CHECK THE STATUS OF IMPORT


------------------------------------------
SELECT
SUBSTR(sql_text, INSTR(sql_text,'INTO "'),30) table_name
, rows_processed
, ROUND( (sysdate-TO_DATE(first_load_time,'yyyy-mm-dd hh24:mi:ss'))*24*60,1) min
utes
, TRUNC(rows_processed/((sysdate-to_date(first_load_time,'yyyy-mm-dd hh24:mi:ss'
))*24*60)) rows_per_minute
FROM sys.v_$sqlarea
WHERE
sql_text like 'INSERT %INTO "%'
AND command_type = 2
AND open_versions > 0;
which shows you the current table in which the import is inserting rows. It seem
ed our import was inserting over more then 18 million rows.

Monitoring Oracle Data Pump import performance is simple


-------------------------------------------------------------
select
substr(sql_text,instr(sql_text,'into "'),30) table_name,
rows_processed, round((sysdate-to_date(first_load_time,'yyyy-mm-dd hh24:mi:ss
'))*24*60,1) minutes,
trunc(rows_processed/((sysdate-to_date(first_load_time,'yyyy-mm-dd hh24:mi:ss
'))*24*60)) rows_per_minute
from
sys.v_$sqlarea
where
sql_text like 'insert %into "%' and command_type = 2 and open_versions > 0;

SCRIPT TO CHECK THE STATUS OF EXPORT

SCRIPT TO CHECK THE ROLES AND PRIVILEDGES GRANTED TO A USER.


-------------------------------------------------------------------
Users to roles and system privileges
---------------------------------------
This is a script that shows the hierarchical relationship between system privile
ges, roles and users. It makes use of Oracles connect by SQL idiom. Vladimir Gab
zovski notifies me, that the following script doesn't run on 8.1 (ORA-01472). I
want to thank him for pointing this out.
select
lpad(' ', 2*level) || granted_role "User, his roles and privileges"
from
(
/* THE USERS */
select
null grantee,
username granted_role
from
dba_users
where
username like upper('%&enter_username%')
/* THE ROLES TO ROLES RELATIONS */
union
select
grantee,
granted_role
from
dba_role_privs
/* THE ROLES TO PRIVILEGE RELATIONS */
union
select
grantee,
privilege
from
dba_sys_privs
)
start with grantee is null
connect by grantee = prior granted_role;

System privileges to roles and users


---------------------------------------
This is also possible the other way round: showing the system privileges in rela
tion to roles that have been granted this privilege and users that have been gra
nted either this privilege or a role:
select
lpad(' ', 2*level) || c "Privilege, Roles and Users"
from
(
/* THE PRIVILEGES */
select
null p,
name c
from
system_privilege_map
where
name like upper('%&enter_privliege%')
/* THE ROLES TO ROLES RELATIONS */
union
select
granted_role p,
grantee c
from
dba_role_privs
/* THE ROLES TO PRIVILEGE RELATIONS */
union
select
privilege p,
grantee c
from
dba_sys_privs
)
start with p is null
connect by p = prior c;
Object privileges
---------------------------------------
select
case when level = 1 then own || '.' || obj || ' (' || typ || ')' else
lpad (' ', 2*(level-1)) || obj || nvl2 (typ, ' (' || typ || ')', null)
end
from
(
/* THE OBJECTS */
select
null p1,
null p2,
object_name obj,
owner own,
object_type typ
from
dba_objects
where
owner not in
('SYS', 'SYSTEM', 'WMSYS', 'SYSMAN','MDSYS','ORDSYS','XDB', 'WKSYS', 'EX
FSYS',
'OLAPSYS', 'DBSNMP', 'DMSYS','CTXSYS','WK_TEST', 'ORDPLUGINS', 'OUTLN')
and object_type not in ('SYNONYM', 'INDEX')
/* THE OBJECT TO PRIVILEGE RELATIONS */
union
select
table_name p1,
owner p2,
grantee,
grantee,
privilege
from
dba_tab_privs
/* THE ROLES TO ROLES/USERS RELATIONS */
union
select
granted_role p1,
granted_role p2,
grantee,
grantee,
null
from
dba_role_privs
)
start with p1 is null and p2 is null
connect by p1 = prior obj and p2 = prior own;

Determine Roles and System/Table Privileges Granted to Roles


---------------------------------------------------------------------
To determine which Roles and System/Table Privileges have been granted to Roles
like %OLAP% consider running this script.
This script was run on a clean 11.1.0.6 Instance
set lines 110 pages 1000 ver off
col role for a22
col pv for a75 hea 'PRIVILEGE OR ROLE'
bre on role on type skip 1
define rolecheck = 'OLAP'
select role, 'ROL' type, granted_role pv
from role_role_privs where role like '%&rolecheck%' union
select role, 'PRV' type, privilege pv
from role_sys_privs where role like '%&rolecheck%' union
select role, 'OBJ' type,
max(decode(privilege,'WRITE','WRITE,'))||max(decode(privilege,'READ','READ'))||
max(decode(privilege,'EXECUTE','EXECUTE'))||max(decode(privilege,'SELECT','SELEC
T'))||
max(decode(privilege,'DELETE',',DELETE'))||max(decode(privilege,'UPDATE',',UPDAT
E'))||
max(decode(privilege,'INSERT',',INSERT'))||' ON '||object_type||' "'||a.owner||'
.'||table_name||'"' pv
from role_tab_privs a, dba_objects b
where role like '%&rolecheck%' and a.owner=b.owner and a.table_name=b.object_nam
e
group by a.owner,table_name,object_type,role union
select role, '---' type, 'this is an empty role ---' pv from dba_roles
where not role in (select distinct role from role_role_privs) and
not role in (select distinct role from role_sys_privs) and
not role in (select distinct role from role_tab_privs) and role like '%&rolechec
k%'
group by role order by role, type, pv;
ROLE.............TYP PRIVILEGE OR ROLE
---------------- --- -----------------------------------------------------------
----------------
OLAPI_TRACE_USER OBJ EXECUTE ON PACKAGE "SYS.DBMS_XSOQ"
.....................EXECUTE ON PACKAGE "SYS.DBMS_XSOQ_UTIL"
.....................EXECUTE ON PACKAGE BODY "SYS.DBMS_XSOQ"
.....................EXECUTE ON PACKAGE BODY "SYS.DBMS_XSOQ_UTIL"
.....................SELECT ON SEQUENCE "SYS.OLAPI_HISTORY_SEQ"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_IFACE_OBJEC
T_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_IFACE_OP_HI
STORY"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_MEMORY_HEAP
_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_MEMORY_OP_H
ISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "SYS.OLAPI_SESSION_HIS
TORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.GV_KSMHP"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.GV_OLAPI_IFACE_OBJ
ECT_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.GV_OLAPI_IFACE_OP_
HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.GV_OLAPI_MEMORY_OP
_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.GV_OLAPI_SESSION_H
ISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.V_OLAPI_IFACE_OBJE
CT_HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.V_OLAPI_IFACE_OP_H
ISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.V_OLAPI_MEMORY_OP_
HISTORY"
.....................SELECT,DELETE,UPDATE,INSERT ON VIEW "SYS.V_OLAPI_SESSION_HI
STORY"
OLAP_DBA.........OBJ SELECT ON SEQUENCE "OLAPSYS.XML_LOADID_SEQUENCE"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "OLAPSYS.CWM2$_AW_NEXT
_TEMP_CUST_MEAS"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "OLAPSYS.CWM2$_AW_TEMP
_CUST_MEAS_MAP"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "OLAPSYS.CWM2$_TEMP_VA
LUES"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "OLAPSYS.XML_LOAD_LOG"
.....................SELECT,DELETE,UPDATE,INSERT ON TABLE "OLAPSYS.XML_LOAD_RECO
RDS"

If you examine the DBA_TAB_PRIVS view, you will see that hr is shown as being th
e grantor of the privilege:
--------------------------------------------------------------------------------
----------------------------------------
SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS WHERE TA
BLE_NAME = 'EMPLOYEES' and OWNER = 'HR';

Listing All System Privilege Grants


--------------------------------------------------------------------------------
----------------------------------------
The following query returns all system privilege grants made to roles and users:
SELECT * FROM DBA_SYS_PRIVS;
GRANTEE PRIVILEGE ADM
-------------- --------------------------------- ---
SECURITY_ADMIN ALTER PROFILE YES
SECURITY_ADMIN ALTER USER YES
SECURITY_ADMIN AUDIT ANY YES
SECURITY_ADMIN AUDIT SYSTEM YES
SECURITY_ADMIN BECOME USER YES
SECURITY_ADMIN CREATE PROFILE YES
SECURITY_ADMIN CREATE ROLE YES
SECURITY_ADMIN CREATE USER YES
SECURITY_ADMIN DROP ANY ROLE YES
SECURITY_ADMIN DROP PROFILE YES
SECURITY_ADMIN DROP USER YES
SECURITY_ADMIN GRANT ANY ROLE YES
SWILLIAMS CREATE SESSION NO
JWARD CREATE SESSION NO
Listing All Role Grants
--------------------------------------------------------------------------------
----------------------------------------
The following query returns all the roles granted to users and other roles:
SELECT * FROM DBA_ROLE_PRIVS;
GRANTEE GRANTED_ROLE ADM
------------------ ------------------------------------ ---
SWILLIAMS SECURITY_ADMIN NO
Listing Object Privileges Granted to a User
--------------------------------------------------------------------------------
----------------------------------------
The following query returns all object privileges (not including column-specific
privileges) granted to the specified user:
SELECT TABLE_NAME, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE GRANTEE = 'JWARD';
TABLE_NAME PRIVILEGE GRANTABLE
----------- ------------ ----------
EMP SELECT NO
EMP DELETE NO

To list all the column-specific privileges that have been granted, use the follo
wing query:
--------------------------------------------------------------------------------
----------------------------------------
SELECT GRANTEE, TABLE_NAME, COLUMN_NAME, PRIVILEGE
FROM DBA_COL_PRIVS;
GRANTEE TABLE_NAME COLUMN_NAME PRIVILEGE
----------- ------------ ------------- --------------
SWILLIAMS EMP ENAME INSERT
SWILLIAMS EMP JOB INSERT
JWARD EMP NAME INSERT
JWARD EMP JOB INSERT
Listing the Current Privilege Domain of Your Session
--------------------------------------------------------------------------------
----------------------------------------
The following query lists all roles currently enabled for the issuer:
SELECT * FROM SESSION_ROLES;

If swilliams has enabled the security_admin role and issues this query, Oracle r
eturns the following information:
ROLE
------------------------------
SECURITY_ADMIN

The following query lists all system privileges currently available in the issue
r's security domain, both from explicit privilege grants and from enabled roles:
SELECT * FROM SESSION_PRIVS;

If swilliams has the security_admin role enabled and issues this query, Oracle r
eturns the following results:
PRIVILEGE
----------------------------------------
AUDIT SYSTEM
CREATE SESSION
CREATE USER
BECOME USER
ALTER USER
DROP USER
CREATE ROLE
DROP ANY ROLE
GRANT ANY ROLE
AUDIT ANY
CREATE PROFILE
ALTER PROFILE
DROP PROFILE

If the security_admin role is disabled for swilliams, the first query would have
returned no rows, while the second query would only return a row for the CREATE
SESSION privilege grant.
Listing Roles of the Database
--------------------------------------------------------------------------------
----------------------------------------
The DBA_ROLES data dictionary view can be used to list all roles of a database a
nd the authentication used for each role. For example, the following query lists
all the roles in the database:
SELECT * FROM DBA_ROLES;
ROLE PASSWORD
---------------- --------
CONNECT NO
RESOURCE NO
DBA NO
SECURITY_ADMIN YES
Listing Information About the Privilege Domains of Roles
--------------------------------------------------------------------------------
----------------------------------------
The ROLE_ROLE_PRIVS, ROLE_SYS_PRIVS, and ROLE_TAB_PRIVS data dictionary views co
ntain information on the privilege domains of roles.
For example, the following query lists all the roles granted to the system_admin
role:
--------------------------------------------------------------------------------
----------------------------------------
SELECT GRANTED_ROLE, ADMIN_OPTION FROM ROLE_ROLE_PRIVS WHERE ROLE = 'SYSTEM_ADMI
N';
GRANTED_ROLE ADM
---------------- ----
SECURITY_ADMIN NO

The following query lists all the system privileges granted to the security_admi
n role:
--------------------------------------------------------------------------------
----------------------------------------
SELECT * FROM ROLE_SYS_PRIVS WHERE ROLE = 'SECURITY_ADMIN';
ROLE PRIVILEGE ADM
----------------------- ----------------------------- ---
SECURITY_ADMIN ALTER PROFILE YES
SECURITY_ADMIN ALTER USER YES
SECURITY_ADMIN AUDIT ANY YES
SECURITY_ADMIN AUDIT SYSTEM YES
SECURITY_ADMIN BECOME USER YES
SECURITY_ADMIN CREATE PROFILE YES
SECURITY_ADMIN CREATE ROLE YES
SECURITY_ADMIN CREATE USER YES
SECURITY_ADMIN DROP ANY ROLE YES
SECURITY_ADMIN DROP PROFILE YES
SECURITY_ADMIN DROP USER YES
SECURITY_ADMIN GRANT ANY ROLE YES

The following query lists all the object privileges granted to the security_admi
n role:
--------------------------------------------------------------------------------
----------------------------------------
SELECT TABLE_NAME, PRIVILEGE FROM ROLE_TAB_PRIVS WHERE ROLE = 'SECURITY_ADMIN';
TABLE_NAME PRIVILEGE
--------------------------- ----------------
AUD$ DELETE
AUD$ SELECT

You might also like