Required Roles for Data PumpExport and Import Operations Many Data Pump Export and Import operations require the user to have the DATAPUMP_EXP_FULL_DATABASE role and/or the DATAPUMP_IMP_FULL_DATABASE role. These roles are automatically defined for Oracle databases when you run the standard scripts that are part of database creation. (Note that although the names of these roles contain the word FULL, these roles are actually required for all export and import modes, not only Full mode.) The DATAPUMP_EXP_FULL_DATABASE role affects only export operations. The DATAPUMP_ IMP_FULL_DATABASE role affects import operations and operations that use the Import SQLFILE parameter. These roles allow users performing exports and imports to do the following:
Perform the operation outside the scope of their schema
Monitor jobs that were initiated by another user
Export objects (such as tablespace definitions) and import objects (such as directory definitions) that unprivileged users cannot reference
These are powerful roles. Database administrators should use caution when granting these roles to users. Although the SYSschema does not have either of these roles assigned to it, all security checks performed by Data Pump that require these roles also grant access to the SYS schema. Default Locations for Dump, Log, and SQL Files On UNIX and Windows NT systems, a default directory object, DATA_PUMP_DIR, is created at database creation or whenever the database dictionary is upgraded. By default, it is available only toprivileged users. (The user SYSTEMhas read and write access to the DATA_PUMP_DIRdirectory, by default.) If you are not a privileged user, then before you can run Data Pump Export or Data Pump Import, a directory object must be created by a database administrator (DBA) or by any user with the CREATE ANY DIRECTORYprivilege. After a directory is created, the user creating the directory object must grant READor WRITEpermission on the directory to other users. For example, to allow the Oracle database to read and write files on behalf of user hrin the directory named by dpump_ dir1, the DBA must execute the following command: SQL> GRANT READ, WRITE ON DIRECTORY dpump_dir1 TO hr;