If you don’t get alerts regularly from Oracle Support you may have missed this notice:
If you conducted an import or export of an Oracle10g Release 2 or 11g Release 1 database prior to September 11, 2009, you should follow the instructions in My Oracle Support Knowledge Document 1055539.1 to verify the privileges in your database. This is because a missing step in several OracleMetaLink notes published before 11 September 2009 means that target instance schemas created by following the instructions in them may have an additional privilege that was not present in the source instance, and which may therefore need to be removed. See Knowledge Document 985520.1 for full Critical Patch Update Information.
Anyone who has performed an export or an import recently should absolutely read this note. Below, I have included Oracle’s test to see if you may be affected by the issue. This is straight off of note 1055539.1 mentioned above:
To determine whether this extra privilege exists on your target system, use SQL*Plus to connect to the database as SYSDBA and run the following command:
[code language=”plain”]SQL> select grantee, privilege from dba_sys_privs where privilege = ‘EXEMPT ACCESS POLICY’;[/code]
The following output indicates that the SYSTEM account has the additional privilege:
SYSTEM EXEMPT ACCESS POLICY
Workaround or Resolution
To remove the exempt access policy privilege from your target instance schema, connect to the database as SYSDBA from SQL*Plus and run the following command:
[code language=”plain”]SQL> revoke EXEMPT ACCESS POLICY from system;[/code]
Please contact Oracle Support Services if you have any questions or concerns.