In order to export the source code or DDL for any object Lure connects to the database using the owner schema of those objects. In other words when exporting a schema Lure requires the password for this schema (user) to be specified in the connect properties file.
In order to export roles (and the privileges granted to these roles) Lure will iterate through all users for which passwords are specified in the connect property file and then:
Since the Lure import command internally (as a first step) also exports the database source code, all privilege requirements as outlined in the above sectionare also required for import. This section lists additional requirements by import.
As a general rule Lure uses a database user (schema) to import/export its own objects. It is therefore a requirement that schemas that are being synchronized have the necessary system privileges to create these objects, e.g. CREATE TABLE, CREATE VIEW etc.
Since Lure is able to synchronize system privileges as well it is only necessary to add these privileges to the source database schema. These privileges will then be exported (from the source schema) and imported to the target database schema as a first step before Lure will use this user to import (create) any objects.
Lure uses a different approach for importing object privileges. Since in general it is not safe to grant the GRANT ANY OBJECT PRIVILEGE privilege to ordinary users, Lure imports object privileges as follows:
In addition to the above scenario there are a few other system privileges that Lure may require during import but where Lure does not expect these privileges to be granted to the user/schema being imported. Lure will iterate through all usernames/passwords that are specified in the connect property file in order to determine which of these users have the necessary system privileges. Lure will then use these users with special privileges to execute the required import changes.
The following table lists all system privileges that Lure may need and that it will use if granted to any of the users for which passwords are specified in the connect property file:
|System Privilege||Used for|
|CREATE USER||To create a user during import when the user does not exist at the time of import.|
|CREATE ROLE||To create a role on import.|
|ALTER USER||To add tablespace allocations to a user.|
|GRANT ANY ROLE||To grant a role to a user.|
|GRANT ANY PRIVILEGE||To grant a system privilege to a user.|
|GRANT ANY OBJECT PRIVILEGE||To grant object privileges to users in the case where the object owner password is not specified.|
|SELECT ANY DICTIONARY||If roles are synchronized then this privilege is required to extract all information relating to the privileges granted to a role during export.|