Basically, DBA is not allowed to export and import data under database vault environment even you have granted EXP_FULL_DATABASE or IMP_FULL_DATABASE role. And must be got the error message with ORA-31625 and ORA-01031 when using data pump utility to export and import data under DBV environment.
Here show the example that allow the system user to using data pump utility, for details please refer to the oracle database vault administration online document.
A. To authorise the user using data pump utility to export and import all schema data.
For #1 and #2 , kindly please login as SYS
#1. Grant BECOME USER, EXP_FULL_DATABASE and IMP_FULL_DATABASE role
GRANT BECOME USER TO SYSTEM;
GRANT EXP_FULL_DATABASE TO SYSTEM;
GRANT IMP_FULL_DATABASE TO SYSTEM;
#2. verify the above roles are granted to the user
SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE='SYSTEM'
AND GRANTED_ROLE IN ('BECOME USER','EXP_FULL_DATABASE','IMP_FULL_DATABASE');
For #3, kindly please login as database vault owner
#3. authorise system using data pump utility
EXEC DBMS_MACADM.AUTHORIZE_DATAPUMP_USER('SYSTEM');
#4. verify the privileges
SELECT * FROM DVSYS.DBA_DV_DATAPUMP_AUTH WHERE GRANTEE = 'SYSTEM';
B. Revoke the privileges and the role are granted to authorise user using data pump utility to export and import all schema data.
For #1 and #2 , kindly please login as SYS
#1. Revoke BECOME USER, EXP_FULL_DATABASE and IMP_FULL_DATABASE role
REVOKE BECOME USER FROM SYSTEM;
REVOKE EXP_FULL_DATABASE FROM SYSTEM;
REVOKE IMP_FULL_DATABASE FROM SYSTEM;
#2. verify the above roles are granted to the user
SELECT * FROM DBA_ROLE_PRIVS WHERE GRANTEE='SYSTEM'
AND GRANTED_ROLE IN ('BECOME USER','EXP_FULL_DATABASE','IMP_FULL_DATABASE');
For #3, kindly please login as database vault owner
#3. authorise system using data pump utility
EXEC DBMS_MACADM.UNAUTHORIZE_DATAPUMP_USER('SYSTEM');
#4. verify the privileges
SELECT * FROM DVSYS.DBA_DV_DATAPUMP_AUTH WHERE GRANTEE = 'SYSTEM';
Reference:
