However, every trace indicated that jobs throw the ORA-28031 exception (maximum of 148 enabled roles exceeded).
The only role with such a number of roles was the SYS account. Apparently a job process during a piece of its lifetime is run on the SYS privileges. So the processes had been started and almost immediately terminated. And this actually explains everything. The only mystery left was why the SYS account get so many roles.
I am not sure of the exact scenario, but:
- we have on these databases the quite numerous quantity of custom roles and exactly those roles were assigned to the SYS account
- the migration was done with the Data Pump tools
- the import was done on the SYS privileges and apparently then all those roles were assigned
- there was no explicit operation of assigning those roles to the SYS schema
- it is possible in the impdp parameters there was added the exclusion of default roles, which are enabled on the SYS by default
No comments:
Post a Comment