oragrant – Printing permissions for a schema
Purpose
oragrant prints all existing grants in an Oracle database schema. It can also be used to execute these grant statements directly.
Options
oragrant supports the following options:
- -v <flag>, --verbose <flag>
Produces output (on stderr) while the database is read or written. (Valid flag values are
false
,no
,0
,true
,yes
or1
)
- -c <mode>, --color <mode>
Should the output (when the
-v
option is used) be colored? Ifauto
is specified (the default) then the output is colored if stderr is a terminal. Valid modes areyes
,no
orauto
.
- -x <connectstring>, --execute <connectstring>
When the
-x
argument is given the SQL script isn’t printed on stdout, but executed in the database specfied as the-x
argument.
- -k <flag>, --keepjunk <flag>
If false (the default), database objects that have
$
orSYS_EXPORT_SCHEMA_
in their name will be skipped (otherwise these objects will be included in the output). (Valid flag values arefalse
,no
,0
,true
,yes
or1
)
- -i <flag>, --ignore <flag>
If true, any exception that occurs while the database is read or written will be ignored. (Valid flag values are
false
,no
,0
,true
,yes
or1
)
- -m <expr>, --mapgrantee <expr>
A Python
dict
orlist
literal which will be evaluated. If the grantee is not in this list (or dictionary) no grant statement will be returned. If it’s a dictionary and the grantee exists as a key, the privilege will be granted to the user specified as the value instead of the original one. The default is to grant all privileges to the original grantee.
- --format <format>
If
--execute
is not given, this determines the output format: Plain SQL (formatsql
), or PySQL (formatpysql
) which can be piped intoll.pysql
.
- --include <regexp>
Only include objects in the output if their name contains the regular expression.
- --thick <flag>
If true, use
oracledb
s thick mode. (Valid flag values arefalse
,no
,0
,true
,yes
or1
)
- --config_dir <directory>
In
oracledb
s thin mode, specify the directory that contains thetnsnames.ora
file. This can be used if “Connect Descriptor Strings” fromtnsnames.ora
must be used buttnsnames.ora
can’t be found in its default location.
Example
Grant all privileges that alice
has in the schema user@db
to bob
in
user2@db2
:
$ oragrant user/pwd@db -x user2/pwd2@db2 -m '{"alice": "bob"}' -v