Page tree
Skip to end of metadata
Go to start of metadata


CAUSE

This is expected behavior.

ORA-39181 is caused by an unprivileged user who tries to export a table with a fine grain access control policiy applied. The table owner is subject to access control and may not be able to export all rows in the table. Only the rows that can be seen by that user are exported. In order to preserve integrity of the table, the user importing the table should have enough privilege to recreate the table with the security policies at import time.

Action: It is strongly recommended that the database administrator handles the export of this table. 

This as an informational message.

VPD and Oracle Label Security are not enforced during DIRECT path export and similarly, database users granted the EXEMPT ACCESS POLICY privilege, either directly or through a database role, are exempt from VPD enforcements. However, the following policy enforcement options remain in effect even when EXEMPT ACCESS POLICY is granted:

* INSERT_CONTROL, UPDATE_CONTROL, DELETE_CONTROL, WRITE_CONTROL, LABEL_UPDATE, and LABEL_DEFAULT

EXEMPT ACCESS POLICY  is a strong privilege and must be granted with care. For example , grant it to the role exp_full_database role as this role is granted to admin users only.

SOLUTION

To avoid this:

 Grant the privilege EXEMPT ACCESS POLICY to the exporting user

       grant EXEMPT ACCESS POLICY to <exporting user>;


 -or-

 Disable the VPD policy.

      DBMS_RLS.ENABLE_POLICY ('object_schema','object_name','policy_name','FALSE');



Didn't find what you are looking for?

  • No labels