The following SQL script, when run as user SYS, will generate an ordered script to recreate all the java grants, and java policies, assigned to users. It does not generate any SYS Java roles or Public privileges, as these are tightly related to JVM version.

 

spool setjvmprivs.sql
set echo off
set feedback off
set heading off
set linesize 80
set pagesize 1000
column stmt format a70 word_wrapped
select 'exec '||stmt
from (select seq, 'dbms_java.grant_permission('''||grantee||''','''|| type_schema||':'||type_name||''','''||name||''','''||action|| ''');' stmt 
            from dba_java_policy 
            where grantee not in ('JAVADEBUGPRIV', 'JAVASYSPRIV', 'JAVAUSERPRIV', 'JAVA_ADMIN', 'JAVA_DEPLOY', 'SYS', 'PUBLIC') and type_name!='oracle.aurora.rdbms.security.PolicyTablePermission'
      union all
      select seq,'dbms_java.grant_policy_permission('''||a.grantee||''','''|| u.name||''','''||permition||''','''||action||''');' stmt
      from sys.user$ u,
           (select seq, grantee,
                   to_number(substr(name,1,instr(name,':')-1)) userid,
                   substr(name,instr(name,':')+1,instr(name,'#') -
                          instr(name,':')-1) permition,
                   substr(name,instr(name,'#')+1 ) action
            from dba_java_policy
            where grantee not in ('JAVADEBUGPRIV', 'JAVASYSPRIV',
                                  'JAVAUSERPRIV', 'JAVA_ADMIN', 'JAVA_DEPLOY',
                                  'SYS', 'PUBLIC') and
                  type_name =
                      'oracle.aurora.rdbms.security.PolicyTablePermission') a
      where u.user#=userid) order by seq;
column stmt clear
set pagesize 24
set heading on
spool off


When executed, this script will generate output like:

exec dbms_java.grant_permission('SCOTT','SYS:java.io.FilePermission','temp\output.txt','read,write);
exec dbms_java.grant_permission('SCOTT','SYS:java.net.SocketPermission','www.oracle.com','resolve');
exec dbms_java.grant_permission('SCOTT','SYS:java.net.SocketPermission','*','connect,resolve');
exec dbms_java.grant_policy_permission('SCOTT','SCOTT','MyPermission','*');
exec dbms_java.grant_permission('OTHER','SCOTT:MyPermission','queseyo.*','');

To restore these java privileges, simply execute the resultant output script (setjvmprivs.sql) as SYS, AFTER you have reloaded all the Java objects as described above.
Recommended Posts

Start typing and press Enter to search