oragrant – Printing permissions for a schema¶

Purpose¶

oragrant prints all existing grants in an Oracle database schema. It can also be used to execute these grant statements directly.

Options¶

oragrant supports the following options:

connectstring¶: An Oracle connectstring.

-v <flag>, --verbose <flag>¶: Produces output (on stderr) while the database is read or written. (Valid flag values are false, no, 0, true, yes or 1)

-c <mode>, --color <mode>¶: Should the output (when the -v option is used) be colored? If auto is specified (the default) then the output is colored if stderr is a terminal. Valid modes are yes, no or auto.

-x <connectstring>, --execute <connectstring>¶: When the -x argument is given the SQL script isn’t printed on stdout, but executed in the database specfied as the -x argument.

-k <flag>, --keepjunk <flag>¶: If false (the default), database objects that have $ or SYS_EXPORT_SCHEMA_ in their name will be skipped (otherwise these objects will be included in the output). (Valid flag values are false, no, 0, true, yes or 1)

-i <flag>, --ignore <flag>¶: If true, any exception that occurs while the database is read or written will be ignored. (Valid flag values are false, no, 0, true, yes or 1)

-m <expr>, --mapgrantee <expr>¶: A Python dict or list literal which will be evaluated. If the grantee is not in this list (or dictionary) no grant statement will be returned. If it’s a dictionary and the grantee exists as a key, the privilege will be granted to the user specified as the value instead of the original one. The default is to grant all privileges to the original grantee.

--format <format>¶: If --execute is not given, this determines the output format: Plain SQL (format sql), or PySQL (format pysql) which can be piped into ll.pysql.

--include <regexp>¶: Only include objects in the output if their name contains the regular expression.

--exclude <regexp>¶: Exclude objects from the output if their name contains the regular expression.

Example¶

Grant all privileges that alice has in the schema user@db to bob in user2@db2:

$ oragrant user/pwd@db -x user2/pwd2@db2 -m '{"alice": "bob"}' -v