oragrant – Printing permissions for a schema

Purpose

oragrant prints all existing grants in an Oracle database schema. It can also be used to execute these grant statements directly.

Options

oragrant supports the following options:

connectstring

An Oracle connectstring.

-v <flag>, --verbose <flag>

Produces output (on stderr) while the database is read or written. (Valid flag values are false, no, 0, true, yes or 1)

-c <mode>, --color <mode>

Should the output (when the -v option is used) be colored? If auto is specified (the default) then the output is colored if stderr is a terminal. Valid modes are yes, no or auto.

-x <connectstring>, --execute <connectstring>

When the -x argument is given the SQL script isn’t printed on stdout, but executed in the database specfied as the -x argument.

-k <flag>, --keepjunk <flag>

If false (the default), database objects that have $ or SYS_EXPORT_SCHEMA_ in their name will be skipped (otherwise these objects will be included in the output). (Valid flag values are false, no, 0, true, yes or 1)

-i <flag>, --ignore <flag>

If true, any exception that occurs while the database is read or written will be ignored. (Valid flag values are false, no, 0, true, yes or 1)

-m <expr>, --mapgrantee <expr>

A Python dict or list literal which will be evaluated. If the grantee is not in this list (or dictionary) no grant statement will be returned. If it’s a dictionary and the grantee exists as a key, the privilege will be granted to the user specified as the value instead of the original one. The default is to grant all privileges to the original grantee.

--format <format>

If --execute is not given, this determines the output format: Plain SQL (format sql), or PySQL (format pysql) which can be piped into ll.pysql.

--include <regexp>

Only include objects in the output if their name contains the regular expression.

--exclude <regexp>

Exclude objects from the output if their name contains the regular expression.

--thick <flag>

If true, use oracledbs thick mode. (Valid flag values are false, no, 0, true, yes or 1)

--config_dir <directory>

In oracledbs thin mode, specify the directory that contains the tnsnames.ora file. This can be used if “Connect Descriptor Strings” from tnsnames.ora must be used but tnsnames.ora can’t be found in its default location.

Example

Grant all privileges that alice has in the schema user@db to bob in user2@db2:

$ oragrant user/pwd@db -x user2/pwd2@db2 -m '{"alice": "bob"}' -v