Fail to logon with SYS user: ORA-01031: insufficient privileges

Similar Messages

• Execute immediate on DBMS_METADATA.GET_DDL with error of ORA-01031: insufficient privileges

  I want to mirror a schema to a existing schema by creating DDL and recreate on the other schema with same name.
  I wrote the code below:
  create or replace
  PROCEDURE                                    SCHEMA_A."MAI__DWHMIRROR"
  AS
  v_sqlstatement CLOB:='bos';
  str varchar2(3999);
  BEGIN
    select
      replace(
        replace(replace(
        replace(DBMS_METADATA.GET_DDL('TABLE','XXXX','SCHEMA_A'),'(CLOB)',''),';','')
      ,'SCHEMA_A'
      ,'SCHEMA_B'
    into v_sqlstatement
    from dual;
    select  CAST(v_sqlstatement AS VARCHAR2(3999)) into str from dual;
    execute immediate ''||str;
  END;
  And Executing this block with below code:
  set serveroutput on
  begin
  SCHEMA_A.MAI__DWHMIRROR;
  end;
  But still getting the following error code:
  Error report:
  ORA-01031: insufficient privileges
  ORA-06512: at "SCHEMA_A.MAI__DWHMIRROR", line 47
  ORA-06512: at line 2
  01031. 00000 -  "insufficient privileges"
  *Cause:    An attempt was made to change the current username or password
             without the appropriate privilege. This error also occurs if
             attempting to install a database without the necessary operating
             system privileges.
             When Trusted Oracle is configure in DBMS MAC, this error may occur
             if the user was granted the necessary privilege at a higher label
             than the current login.
  *Action:   Ask the database administrator to perform the operation or grant
             the required privileges.
             For Trusted Oracle users getting this error although granted the
             the appropriate privilege at a higher label, ask the database
             administrator to regrant the privilege at the appropriate label.

  user5199319 wrote:
  USER has DBA Role
  when all  else fails Read The Fine Manual
  DBMS_METADATA

• Resolving problem with ORA-01031: insufficient privileges

  hello i just to write a few word about my installation of oracle database 9i
  My installation is on a Red Hat AS3
  I have a problem with the error :ORA-01031: insufficient privileges
  The one who read this know what about i tell.
  The authorization is only for the user which Group is DBA as you can read everywhere.
  but me when i tried groupadd dba => it tells group already exist.
  but i can't find the group dba in the file /etc/group.
  So i tried to make my user 'oracle' works with the 'already group exist' dba .
  useradd -g dba oracle
  but when i tried to start the database i create i have the message. : ORA-01031: insufficient privileges
  i tried to add manualy the group dba to /etc/group (as i can read in websites)
  and add a user manualy (/etc/passwd).
  But does works.
  I try all i can during 1 days long.
  I was really upset because nothing that i read work.
  finaly I go to the RedHat Menu (things i don't really do normaly on LINUX) and go to 'SYSTEM SETTINGS' and choose 'User and Group'
  Here i can see my user 'Oracle' I get the property of the user .
  there is a tab group ( 'select the group that the user will be member of:')
  None of them where name DBA so i decidied to select all of them and tried.
  MAGIC!!! then it works!!!
  ps: after when i see the list of the group I saw that one of them is named 'SYS' . I really think that it is the one group i had to select. but don't know.
  Now It is working for me so... And good luck for you. bye.

  Errors
  ORA-01031 "insufficient privileges"
  Symptoms
  During database upgrade phase using DBUA , it fails with error
  ORA-1031 Insufficient privileges
  Connection from sqlplus also fails with same error
  $ sqlplus /nolog
  SQLPLUS "conn / as sysdba"
  ORA-1031 Insufficient privileges
  Changing the REMOTE_LOGIN_PASSWORDFILE to SHARED / NONE does not make differen
  Cause
  ORACLE_HOME owner oramigts is part of OS group "dba" ,but config.s shows group "g680"
  The 'OSDBA' and 'OSOPER' groups are chosen at installation time and usually both default to the group 'dba'.
  These groups are compiled into the 'oracle' executable and so are the same for all databases running from a given ORACLE_HOME directory.
  The actual groups being used for OSDBA and OSOPER can be checked thus:
  cd $ORACLE_HOME/rdbms/lib
  cat config.[cs]
  Solution
  To implement the solution, please execute the following steps:
  1. Checked the ORACLE_HOME owner.
  echo $ORACLE_HOME
  /h02/app/oracle/product/9.2.0_64
  cd / h02/app/oracle/product/
  ls -l
  drwxr-xr-x 58 oramigts dba 1024 Jan 2 2004 9.2.0_64
  2.ORACLE_HOME software owner "oramigts" is part of group "dba"
  3.Checked file $ORACLE_HOME/rdbms/lib/config.s
  [If your platform has config.c:
  Due to the way different compilers under different architectures generate
  assembler code, it's not possible to give a universal rule.]
  It shows dba group as "g680" where software owner is part of "dba" group
  You can more find detail on config.s / config.c in the following doc.
  Note 50507.1 SYSDBA and SYSOPER Privileges in Oracle
  4. Modified the config.s for correct group.
  .ascii "g680\0"
  to
  .ascii "dba\0"
  7. mv config.o config.o.bak
  8. make -f ins_rdbms.mk config.o ioracle
  9. Checked the file config.o is created at $ORACLE_HOME/rdbms/lib
  10. Connected / as sysdba thru Sqlplus from 9.2 Home, which connected sucessfully.

• ORA-01031: insufficient privileges when connecting by SQL PLUS 8.0 with sys

  From client, I use SQL PLUS 8.0 to connect to server: sys/password@MYDB1 as sysdba
  The error always raises “ORA-01031: insufficient privileges”
  I have done:
  - Set: remote_login_passwordfile=exclusive in tnsname.ora file
  - Uncomment: SQLNET.AUTHENTICATION_SERVICES in “sqlnet.ora” file
  Also on this client:
  to use SQL PLUS 8.0 to connect to server: manager/password@MYDB1. To connect normally
  to use PLSQL Deverloper (it is the same oracle_home with SQL PLUS 8.0) to connect to database normally with user sys.
  To use Enterprise manager console (it is other oracle_home with SQL PLUS 8.0) to connect to database normally with user sys
  Please, help me to solve this trouble

  THIS IS CONTENT OF SQLNET.ora CLIENT
  # copyright (c) 1996 by the Oracle Corporation
  # NAME
  # sqlnet.ora
  # FUNCTION
  # Oracle Network Client startup parameter file example
  # NOTES
  # This file contains examples and instructions for defining all
  # Oracle Network Client parameters. It should be possible to read
  # this file and setup a Client by uncommenting parameter definitions
  # and substituting values. The comments should provide enough
  # explanation to enable a reasonable user to manage his TNS connections
  # without having to resort to 'real' documentation.
  # SECTIONS
  # ONames Client
  # Namesctl
  # Native Naming Adpaters
  # MODIFIED
  # skanjila 06/06/97 - Correct default for Automatic_IPC
  # eminer 05/15/97 - Add the relevant onrsd parameters.
  # asriniva 04/23/97 - Merge with version from doc
  # ggilchri 03/31/97 - mods
  # bvasudev 02/07/97 - Change sqlnet.authentication_services documentation
  # bvasudev 11/25/96 - Merge sqlnet.ora transport related parameters
  # asriniva 11/12/96 - Revise with new OSS parameters.
  # asriniva 11/05/96 - Add ANO parameters.
  # - ONames Client ----------------------------------------------------
  #names.default_domain = world
  #Syntax: domain-name
  #Default: NULL
  # Indicates the domain from which the client most often requests names. When
  # this parameter is set the default domain name (for example, US.ACME), the
  # domain name will be automatically appended to any unqualified name in an
  # ONAmes request (query, register, deregister, etc). Any name which contains
  # an unescaped dot ('.') will not have the default domain appended. Simple
  # names may be qualified with a trailing dot (for example 'rootserver.').
  #names.initial_retry_timeout = 30
  #Syntax: 1-600 seconds
  #Default: 15 (OSD)
  # Determines how long a client will wait for a response from a Names Server
  # before reiterating the request to the next server in the preferred_servers
  # list.
  #names.max_open_connections = 3
  #Syntax: 3-64
  #Default: ADDRS in preferred_servers
  # Determines how many connections an ONames client may have open at one time.
  # Clients will ordinarily keep connections to servers open once they are
  # established until the operation (or session in namesctl) is complete. A
  # connection will be opened whenever needed, and if the maximum would be
  # exceeded the least recently used connection will be closed.
  #names.message_pool_start_size = 10
  #Syntax: 3-256
  #Default: 10
  # Determines the initial number of messages allocated in the client's message
  # pool. This pool provides the client with pre-allocated messages to be used
  # for requests to ONames servers. Messages which are in the pool and unused
  # may be reused. If a message is needed and no free messages are available in
  # the pool more will be allocated.
  #names.preferred_servers = (address_list =
  # (address=(protocol=ipc)(key=n23))
  # (address=(protocol=tcp)(host=nineva)(port=1383))
  # (address=(protocol=tcp)(host=cicada)(port=1575))
  #Syntax: ADDR_LIST
  #Default: Well-Known (OSD)
  # Specifies a list of ONames servers in the client's region; requests will be
  # sent to each ADDRESS in the list until a response is recieved, or the list
  # (and number of retries) is exhausted.
  # Addresses of the following form specify that messages to the ONames server
  # should use Oracle Remote Operations (RPC):
  # (description =
  # (address=(protocol=tcp)(host=nineva)(port=1383))
  # (connect_data=(rpc=on))
  #names.request_retries = 2
  #Syntax: 1-5
  #Default: 1
  # Specifies the number of times the client should try each server in the list
  # of preferred_servers before allowing the operation to fail.
  #names.directory_path
  #Syntax: <adapter-name>
  #Default: TNSNAMES,ONAMES,HOSTNAME
  # Sets the (ordered) list of naming adaptors to use in resolving a name.
  # The default is as shown for 3.0.2 of sqlnet onwards. The default was
  # (TNSNAMES, ONAMES) before that. The value can be presented without
  # parentheses if only a single entry is being specified. The parameter is
  # recognized from version 2.3.2 of sqlnet onward. Acceptable values include:
  # TNSNAMES -- tnsnames.ora lookup
  # ONAMES -- Oracle Names
  # HOSTNAME -- use the hostname (or an alias of the hostname)
  # NIS -- NIS (also known as "yp")
  # CDS -- OSF DCE's Cell Directory Service
  # NDS -- Novell's Netware Directory Service
  # - Client Cache (ONRSD) ---------------------------------------------
  names.addresses = (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
  Syntax: ADDR
  Default: (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
  Address on which the client cache listens (is available to clients).
  Any valid TNS address is allowed. The default should be used if at
  all possible; clients have this entry hardwired as the first line
  of their server-list file (sdns.ora). If the address is set to a
  non-default value the client's preferred_servers parameter should
  be set to include the client-cache address first.
  names.authority_required = False
  Syntax: T/F
  Default: False
  Determines whether system querys (for the root etc) require Authoritative
  answers.
  names.auto_refresh_expire = 259200
  Syntax: Number of seconds, 60-1209600
  Default: 259200
  This is the amount of time (in seconds) the server will cache the addresses
  of servers listed in server-list file (sdns.ora). When this time expires the
  server will issue another query to the servers in those regions to refresh
  the data.
  names.auto_refresh_retry = 180
  Syntax: Number of seconds, 60-3600
  Default: sec.     180
  This set how often the server will retry when the auto_refresh query fails.
  names.cache_checkpoint_file = cache.ckp
  Syntax: filename
  Default: $ORACLE_HOME/network/names/ckpcch.ora
  Specifies the name of the operating system file to which the Names Server
  writes its foreign data cache.
  names.cache_checkpoint_interval = 7200
  Syntax: Number of seconds, 10-259200
  Default: 0 (off)
  Indicates the interval at which a Names Server writes a checkpoint of its
  data cache to the checkpoint file.
  names.default_forwarders=
  (FORWARDER_LIST=
  (FORWARDER=
  (NAME= rootserv1.world)
  (ADDRESS=(PROTOCOL=tcp)(PORT=42100)(HOST=roothost))))
  Syntax: Name-Value/address_list
  Default: NULL
  A list (in NV form) of the addresses of other servers which should be used to
  forward querys while in default_forwarder (slave) mode. NAME is the global
  names for the server to which forwards whould be directed, and ADDRESS is its
  address.
  names.default_forwarders_only = True
  Syntax: T/F
  Default: False
  When set to true this server will use the servers listed in default_forwarders
  to forward all operations which involve data in foreign regions. Otherwise it
  will use the servers defined in the server-list file (sdns.ora) in addition
  to any defined in the default_forwarders parameter.
  names.log_directory = /oracle/network/log
  Syntax: directory
  Default: $ORACLE_HOME/network/log
  Indicates the name of the directory where the log file for Names Server
  operational events are written.
  names.log_file = names.log
  Syntax: filename
  Default: names.log
  The name of the output file to which Names Server operational events are
  written.
  names.log_stats_interval = 3600
  Syntax: Number of seconds, 10-ub4max
  Default: sec.     0 (off)
  Specifies the number of seconds between statistical entries in log file.
  names.log_unique = False
  Syntax: T/F
  Default: False
  If set to true the server will guarantee that the log file will have a unique
  name which will not overwrite any existing files (note that log files are
  appended to, so log information will not be lost if log_unique is not true).
  names.max_open_connections = 10
  Syntax: 3-64
  Default: 10
  Specifies the number of connections that the Names Server can have open at any
  given time. The value is generated as the value 10 or the sum of one
  connection for listening, five for clients, plus one for each foreign domain
  defined in the local administrative region, whichever is greater. Any
  operation which requires the server to open a network connection will use
  an already open connection if it is available, or will open a connection
  if not. Higher settings will save time and cost network resources; lower
  settings save network resources, cost time.
  names.max_reforwards = 2
  Syntax: 1-15
  Default: 2
  The maximum number of times the server will attempt to forward a certain
  operation.
  names.message_pool_start_size = 24
  Syntax: 3-256
  Default: 10
  Determines the initial number of messages allocated in the server's message
  pool. This pool provides the server with pre-allocated messages to be used
  for incoming or outgoing messages (forwards). Messages which are in the pool
  and unused may be reused. If a message is needed and no free messages are
  available in the pool more will be allocated.
  names.no_modify_requests = False
  Syntax: T/F
  Default: False
  If set to true, the server will refuse any operations which modify the
  data in its region (it will still save foreign info in the cache which is
  returned from foreign querys).
  names.password = 625926683431AA55
  Syntax: encrypted string
  Default: NULL
  If set the server will require that the user provide a password in his
  namesctl session (either with sqlnet.ora:namesctl.server_password or 'set
  password') in order to do 'sensitive' operations, like stop, restart, reload.
  This parameter is generally set in encrypted form, so it can not be set
  manually.
  names.reset_stats_interval = 3600
  Syntax: 10-ub4max
  Default: 0 (off)
  Specifies the number of seconds during which the statistics collected by the
  Names Servers should accumulate. At the frequency specified, they are reset
  to zero. The default value of 0 means never reset statistics.
  names.trace_directory = /oracle/network/trace
  Syntax: directory
  Default: $ORACLE_HOME/network/trace
  Indicates the name of the directory to which trace files from a Names Server
  trace session are written.
  names.trace_file = names.trc
  Syntax: filename
  Default: names.trc
  Indicates the name of the output file from a Names Server trace session.
  names.trace_func # NA
  Syntax: T/F
  Default: False
  Internal mechanism to control tracing by function name.
  names.trace_level = ADMIN
  Syntax: T/F
  Default: False
  Syntax: {OFF,USER,ADMIN,0-16}
  Default: OFF (0)
  Indicates the level at which the Names Server is to be traced.
  Available Values:
       0 or OFF - No trace output
       4 or USER - User trace information
       10 or ADMIN - Administration trace information
       16 or SUPPORT - WorldWide Customer Support trace information
  names.trace_mask = (200,201,202,203,205,206,207)
  Syntax: list of numbers
  Default: NULL
  Internal mechanism to control trace behavior.
  names.trace_unique = True
  Syntax: T/F
  Default: False
  Indicates whether each trace file has a unique name, allowing multiple trace
  files to coexist. If the value is set to ON, a process identifier is appended
  to the name of each trace file generated.
  # - Namesctl ---------------------------------------------------------
  #namesctl.trace_directory = /oracle/network/trace
  #Syntax: directory
  #Default: $ON/trace
  # Indicates the name of the directory to which trace files from a namesctl
  # trace session are written.
  #namesctl.trace_file = namesctl.trc
  #Syntax: filename
  #Default: namesctl.trc
  # Indicates the name of the output file from a namesctl trace session.
  #namesctl.trace_func # NA
  #Syntax: word list
  #Default: NULL
  # Internal mechanism to control tracing by function name.
  #namesctl.trace_level = ADMIN
  #Syntax: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  # Indicates the level at which the namesctl is to be traced.
  # Available Values:
  #     0 or OFF - No trace output
  #     4 or USER - User trace information
  #     10 or ADMIN - Administration trace information
  #     16 or SUPPORT - WorldWide Customer Support trace information
  #namesctl.trace_mask # NA
  #Syntax: number list
  #Default: NULL
  # Internal mechanism to control trace behavior.
  #namesctl.trace_unique = True
  #Syntax: T/F
  #Default: False
  # Indicates whether each trace file has a unique name, allowing multiple trace
  # files to coexist. If the value is set to ON, a process identifier is appended
  # to the name of each trace file generated.
  #namesctl.no_initial_server = False
  #Syntax: T/F
  #Default: False
  # If set to TRUE namesctl will suppress any error messages when namesctl is
  # unable to connect to a default names server.
  #namesctl.internal_use = True
  #Syntax: T/F
  #Default: False
  # If set to true namesctl will enable a set of internal undocumented commands.
  # All internal commands are preceded by an underscore ('_') in order to
  # distinguish them as internal. Without going into details, the commands
  # enabled are:
  # adddata createname deletename
  # fullstatus ireplacedata newttlname
  # pause                 remove_data renamename
  # replacedata start                 walk*
  # There are also a set of names server variables which may be set when
  # namesctl is in internal mode:
  # authorityrequired autorefresh*
  # cachecheckpoint_interval cachedump
  # defaultautorefresh_expire defaultautorefresh_retry
  # defaultforwarders_only forwardingdesired
  # maxreforwards modifyops_enabled
  # nextcache_checkpoint nextcache_flush
  # nextstat_log nextstat_reset
  # reload                         request_delay
  # restart                        shutdown
  #namesctl.noconfirm = True
  #Syntax: T/F
  #Default: False
  # When set to TRUE namesctl will suppress the confirmation prompt when
  # sensitive operations (stop, restart, reload) are requested. This is
  # quite helpful when using namesctl scripts.
  #namesctl.server_password = mangler
  #Syntax: string
  #Default: NULL
  # Automatically sets the password for the names server in order to perform
  # sensitive operations (stop, restart, reload). The password may also be
  # set manually during a namesctl session using 'set password'.
  #namesctl.internal_encrypt_password = False
  #Syntax: T/F
  #Default: True
  # When set to TRUE namesctl will not encrypt the password when it is sent to
  # the names server. This would enable an unencrypted password to be set in
  # names.ora:names.server_password
  # - Native Naming Adpaters -------------------------------------------
  #names.dce.prefix = /.:/subsys/oracle/names
  #Syntax: DCE cell name
  #Default: /.:/subsys/oracle/names
  #Specifies the DCE cell (prefix) to use for name lookup.
  #names.nds.name_context = personnel.acme
  #Syntax: NDS name
  #Default: (OSD?)
  # Specifies the default NDS name context in which to look for the name to
  # be resolved.
  #names.nis.meta_map # NA
  # Syntax: filename
  # Default: sqlnet.maps
  # Specifies the file to be used to map NIS attributes to an NIS mapname.
  # Currently unused.
  # - Advanced Networking Option Authentication Adapters ----------------
  #sqlnet.authentication_services
  # Syntax: A single value or a list from {beq, none, all, kerberos5,
  #       cybersafe, securid, identitx}
  # Default: NONE
  # Enables one or more authentication services. To enable
  # authentication via the Oracle Security Server, use (beq, oss). If
  # the Advanced Networking Option has been installed with Kerberos5
  # support, using (beq, kerberos5) would enable authentication via
  # Kerberos.
  sqlnet.authentication_services=(beq, oss)
  ## Parmeters used with Kerberos adapter.
  #sqlnet.kerberos5_cc_name
  # Syntax: Any valid pathname.
  # Default: /tmp/krb5cc_<uid>
  # The Kerberos credential cache pathname.
  #sqlnet.kerberos5_cc_name=/tmp/mycc
  #sqlnet.kerberos5_clockskew
  # Syntax: Any positive integer.
  # Default: 300
  # The acceptable difference in the number of seconds between when a
  # credential was sent and when it was received.
  #sqlnet.kerberos5_clockskew=600
  #sqlnet.kerberos5_conf
  # Syntax: Any valid pathname.
  # Default: /krb5/krb.conf
  # The Kerberos configuration pathname.
  #sqlnet.kerberos5_conf=/tmp/mykrb.conf
  #sqlnet.kerberos5_realms
  # Syntax: Any valid pathname
  # Default: /krb5/krb.realms
  # The Kerberos host name to realm translation file.
  #sqlnet.kerberos5_realms=/tmp/mykrb.realms
  #sqlnet.kerberos5_keytab
  # Syntax: Any valid pathname.
  # Default: /etc/v5srvtab
  # The Kerberos secret key file.
  #sqlnet.kerberos5_keytab=/tmp/myv5srvtab
  #sqlnet.authentication_kerberos5_service
  # Syntax: Any string.
  # Default: A default is not provided.
  # The Kerberos service name.
  #sqlnet.authentication_kerberos5_service=acme
  ## Parmeters used with CyberSAFE adapter.
  #sqlnet.authentication_gssapi_service
  # Syntax: A correctly formatted service principal string.
  # Default: A default is not provided.
  # The CyberSAFE service principal
  #sqlnet.authentication_gssapi_service=acme/[email protected]
  ## Parmeters used with Identix adapter.
  #sqlnet.identix_fingerprint_method
  # Syntax: Must be oracle.
  # Default: A default is not provided.
  # The Identix authentication server method
  #sqlnet.identix_fingerprint_method=oracle
  #sqlnet.identix_fingerprint_database
  # Syntax: Any string.
  # Default: A default is not provided.
  # The Identix authentication server TNS alias
  #sqlnet.identix_fingerprint_database=ofm
  #sqlnet.identix_fingerprint_database_user
  # Syntax: Any string
  # Default: A default is not provided.
  # The Identix authentication service well known username.
  #sqlnet.identix_fingerprint_database_user=ofm_client
  #sqlnet.identix_fingerprint_database_password
  # Syntax: Any string
  # Default: A default is not provided.
  # The Identix authentication service well known password.
  #sqlnet.identix_fingerprint_database_password=ofm_client
  # - Advanced Networking Option Network Security -------------------------
  #sqlnet.crypto_checksum_client
  #sqlnet.crypto_checksum_server
  #sqlnet.encryption_client
  #sqlnet.encryption_server
  # These four parameters are used to specify whether a service (e.g.
  # crypto-checksumming or encryption) should be active:
  # Each of the above parameters defaults to ACCEPTED.
  # Each of the above parameters can have one of four possible values:
  # value          meaning
  # ACCEPTED     The service will be active if the other side of the
  #          connection specifies "REQUESTED" or REQUIRED" and
  #          there is a compatible algorithm available on the other
  #          side; it will be inactive otherwise.
  # REJECTED     The service must not be active, and the connection
  #          will fail if the other side specifies "REQUIRED".
  # REQUESTED     The service will be active if the other side specifies
  #          "ACCEPTED", "REQUESTED", or "REQUIRED" and there is a
  #          compatible algorithm available on the other side; it
  #          will be inactive otherwise.
  # REQUIRED     The service must be active, and the connection will
  #          fail if the other side specifies "REJECTED" or if there
  #          is no compatible algorithm on the other side.
  #sqlnet.crypto_checksum_types_client
  #sqlnet.crypto_checksum_types_server
  #sqlnet.encryption_types_client
  #sqlnet.encryption_types_server
  # These parameters control which algorithms will be made available for
  # each service on each end of a connection:
  # The value of each of these parameters can be either a parenthesized
  # list of algorithm names separated by commas or a single algorithm
  # name.
  # Encryption types can be: RC4_40, RC4_56, RC4_128, DES, DES40
  # Encryption defaults to all the algorithms.
  # Crypto checksum types can be: MD5
  # Crypto checksum defaults to MD5.
  #sqlnet.crypto_seed ="4fhfguweotcadsfdsafjkdsfqp5f201p45mxskdlfdasf"
  #sqlnet.crypto_checksum_server = required
  #sqlnet.encryption_server = required
  # - Oracle Security Server ---------------------------------------------
  #oss.source.my_wallet
  # Syntax: A properly formatted NLNV list.
  # Default: Platform specific. Unix: $HOME/oracle/oss
  # The method for retrieving and storing my identity.
  #oss.source.my_wallet
  # =(source
  # =(method=file)
  # (method_data=/dve/asriniva/oss/wallet)
  #oss.source.location
  # Syntax: A properly formatted NLNV list.
  # Default: Oracle method, oracle_security_service/oracle_security_service@oss
  # The method for retrieving encrypted private keys.
  #oss.source.location
  # =(source
  # =(method=oracle)
  # (method_data=
  # (sqlnet_address=andreoss)
  # - Sqlnet(v2.x) and Net3.0 Client ------------------------------------------
  # In the following descriptions, the term "client program" could mean
  # either sqlplus, svrmgrl or any other OCI programs written by users
  #trace_level_client = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the client program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  #     4 or USER - User trace information
  #      10 or ADMIN - Administration trace information
  #     16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #trace_directory_client = /oracle/network/trace
  #Possible values: Any valid directory path with write permission
  #Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
  # site)
  #Purpose: Indicates the name of the directory to which trace files from
  # the client execution are written.
  #Supported since: v2.0
  #trace_file_client = /oracle/network/trace/cli.trc
  #Possible values: Any valid file name
  #Default:     $ORACLE_HOME/network/trace/cli.trc ($ORACLE_HOME =
  #          /oracle at customer site)
  #Purpose: Indicates the name of the file to which the execution trace
  # of the client is written to.
  #Supported since: v2.0
  #trace_unique_client = ON
  #Possible values: {ON, OFF}
  #Default: OFF
  #Purpose: Used to make each client trace file have a unique name to
  #     prevent each trace file from being overwritten by successive
  #     runs of the client program
  #Supported since: v2.0
  #log_directory_client = /oracle/network/log
  #Possible values: Any valid directory pathname
  #Default: $ORACLE_HOME/network/log ($ORACLE_HOME = /oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which the client log file
  #     is written to.
  #Supported since: v2.0
  #log_file_client = /oracle/network/log/sqlnet.log
  #Possible values: This is a default value, u cannot change this
  #Default: $ORACLE_HOME/network/log/sqlnet.log ($ORACLE_HOME=/oracle in
  # customer site)
  #Purpose: Indicates the name of the log file from a client program
  #Supported since: v2.0
  #log_directory_server = /oracle/network/trace
  #Possible values: Any valid diretcory path with write permission
  #Default: $ORACLE_HOME/network/trace ( $ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which log files from the
  #      server are written
  #Supported since: v2.0
  #trace_directory_server = /oracle/network/trace
  #Possible values: Any valid directory path with write permission
  #Default: $ORACLE_HOME/network_trace ( $ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which trace files from
  # the server are written
  #Supported since: v2.0
  #trace_file_server = /orace/network/trace/svr_<pid>.trc
  #Possible values: Any valid filename
  #Default: $ORACLE_HOME/network/trace/svr_<pid>.trc where <pid? stands for
  # the process id of the server on UNIX systems
  #Purpose: Indicates the name of the file to which the execution trace of
  # the server program is written to.
  #Supported since: v2.0
  #trace_level_server = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the server program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  # 4 or USER - User trace information
  # 10 or ADMIN - Administration trace information
  # 16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #use_dedicated_server = ON
  #Possible values: {OFF,ON}
  #Default:      OFF
  #Purpose: Forces the listener to spawn a dedicated server process for
  #     sessions from this client program.
  #Supported since: v2.0
  #use_cman = TRUE
  #Possible values: {TRUE, FALSE}
  #Default:     FALSE
  #Purpose:
  #Supported since: v3.0
  #tnsping.trace_directory = /oracle/network/trace
  #Possible values: Any valid directory pathname
  #Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the directory to which the execution trace from
  #     the tnsping program is to be written to.
  #Supported since: v2.0
  #tnsping.trace_level = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the server program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  # 4 or USER - User trace information
  # 10 or ADMIN - Administration trace information
  # 16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #sqlnet.expire_time = 10
  #Possible values: 0-any valid positive integer! (in minutes)
  #Default: 0 minutes
  #Recommended value: 10 minutes
  #Purpose: Indicates the time interval to send a probe to verify the
  #     client session is alive (this is used to reclaim watseful
  #     resources on a dead client)
  #Supported since: v2.1
  #sqlnet.client_registration = <unique_id>
  #Possible values:
  #Default: OFF
  #Purpose: Sets a unique identifier for the client machine. This
  #     identifier is then passed to the listener with any connection
  #     request and will be included in the Audit Trail. The identifier
  #     can be any alphanumeric string up to 128 characters long.
  #Supported since: v2.3.2
  #bequeath_detach = YES
  #Possible values: {YES,NO}
  #Default: NO
  #Purpose: Turns off signal handling on UNIX systems. If signal handling
  #     were not turned off and if client programs written by users make
  #     use of signal handling they could interfere with Sqlnet/Net3.
  #Supported since: v2.3.3
  #automatic_ipc = OFF
  #Possible values: {ON,OFF}
  #Default: OFF
  #Purpose: Force a session to use or not to use IPC addresses on the
  #     client's node.
  #Supported since: v2.0
  #disable_oob = ON
  #Possible values: {ON,OFF}
  #Default: OFF
  #Purpose: If the underlying transport protocol (TCP, DECnet,...) does
  # not support Out-of-band breaks, then disable out-of-band
  #     breaks
  #Supported since: v2.0
  #

• "Create User" gives ORA-01031: insufficient privileges for user sys

  I am on Oracle 11g db, 11.1.0.6 and login successfully using sys/password as sysdba. This login is successful.
  [oracle@RH5-32-OR bin]$ ./sqlplus sys/abcd1234 as sysdba
  SQL*Plus: Release 11.1.0.6.0 - Production on Thu Jan 21 06:06:51 2010
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
  With the Partitioning, Oracle Label Security, OLAP, Data Mining,
  Oracle Database Vault and Real Application Testing options
  However, I cannot create a new user, getting error about insufficient privileges. I though since this is a sys login with role DBA, it should be allowed to create user.
  I also logged in to enterprise manager console using the same credentials, and navigated to: Security->Sys.
  - Under the system tab, and can see "Create User" granted.
  - Under the role tab, there is DBA granted.
  SQL> create user myuser identified globally;
  create user myuser identified globally
  ERROR at line 1:
  ORA-01031: insufficient privileges
  Where to check for previleges? And how to debug. I am really very surprised.
  Thanks.

  I don't have first hand experience of using Database Vault myself, but according the manual the default setup prevents SYSDBA from creating users when Database Vault is enabled (which I would guess is the case based on the banner posted above) This behaviour can be modified by the Vault administrator.
  http://download.oracle.com/docs/cd/B28359_01/server.111/b31222/db_objects.htm#BEIJIFGA

• Ctxsys.context index creation :ORA-01031: insufficient privileges on sys.XMLType

  Hi,
  in the following enviroment:
  Oracle9i Enterprise Edition Release 9.0.1.1.1 - Production
  With the Partitioning option
  JServer Release 9.0.1.1.1 - Production
  On an MS 2K box
  I experience the following problem:
  if I create a table
  create table test(c type);
  where type is varchar2 o clob I then succesfully issue this
  command:
  create index test_ctx on test(c) indextype is ctxsys.context;
  but if type is sys.XMLType I get :
  ORA-01031: insufficient privileges.
  Any suggestion
  Thanks
  Alex

  Under user sys as sysdba the following happens:
  SQL> create table test(c XMLType);
  Table created.
  SQL> create index test_ctx on test(c) indextype is
  ctxsys.context;
  create index test_ctx on test(c) indextype is ctxsys.context
  ERROR at line 1:
  ORA-29855: error occurred in the execution of ODCIINDEXCREATE
  routine
  ORA-20000: Oracle Text error:
  DRG-50857: oracle error in drixtab.create_index_tables
  ORA-00955: name is already used by an existing object
  ORA-06512: at "CTXSYS.DRUE", line 157
  ORA-06512: at "CTXSYS.TEXTINDEXMETHODS", line 176

• Check database with error "ORA-01031: insufficient privileges"

  Dear Gurus,
          I ran "Check database" in DB13 but I got error "ORA-01031: insufficient privileges"
  BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
  BR0301E SQL error -1031 at location BrDbdiffRead-1, SQL statement:
  'PREPARE stmt_5 STATEMENT FROM'
  'SELECT OBJNAME FROM "SAPSR3".DBDIFF WHERE DBSYS IN ('ORACLE', ' ') AND OBJTYPE = 'TABL' AND DIFFKIND IN ('02', '61', '99') ORDER BY OBJNAME'
  ORA-01031: insufficient privileges
  BR0806I End of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.37.00
         Note I try to execute sapdba_role.sql (with command "sqlplus /nolog @sapdba_role.sql SR3") as Note 134592 both login 'oradev' and 'devadm' but it seem to do nothing (not found sapdba_role.log)
        Please advice.
  Best regards,
  Choosak B.
  Ps.
  detailed log of /oracle/DEV/sapcheck/cecxekdh.chk
  BR0801I BRCONNECT 7.00 (40)
  BR0477I Oracle pfile /oracle/DEV/102_64/dbs/initDEV.ora created from spfile /oracle/DEV/102_64/dbs/spfileDEV.ora
  BR0805I Start of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.30.53
  BR0484I BRCONNECT log file: /oracle/DEV/sapcheck/cecxekdh.chk
  BR0101I Parameters
  Name                           Value
  oracle_sid                     DEV
  oracle_home                    /oracle/DEV/102_64
  oracle_profile                 /oracle/DEV/102_64/dbs/initDEV.ora
  sapdata_home                   /oracle/DEV
  sap_profile                    /oracle/DEV/102_64/dbs/initDEV.sap
  system_info                    devadm/oradev sapdev SunOS 5.10 Generic_142900-03 sun4v
  oracle_info                    DEV 10.2.0.4.0 8192 7465 94896497 sapdev UTF8 UTF8
  sap_info                       701 SAPSR3 0002LK0003DEV0011N11827599290015Maintenance_ORA
  make_info                      sun_64 OCI_102 Feb 21 2009
  command_line                   brconnect -u / -jid CHECK20100331123000 -c -f check
  alert_log                      /oracle/DEV/saptrace/background/alert_DEV.log
  BR0280I BRCONNECT time stamp: 2010-03-31 12.30.56
  BR0813I Schema owners found in database DEV:
  DBSNMP, DIP, OPS$DEVADM, OPS$ORADEV, OPS$SAPSERVICEDEV, ORACLE_OCM, OUTLN, SAPSR3*, SYS, SYSTEM,
  TSMSYS
  BR0118I Tablespaces and data files
  Tablespace     Status     File                                               Status     Id.        Size      MaxSize     IncrSize  BlkSize      Device  Type  Link
  PSAPSR3        ONLINE+    /oracle/DEV/sapdata2/sr3_1/sr3.data1               ONLINE+     4   2411732992  10485760000     20971520     8192    16777219  FILE  NOLINK
  SYSTEM         ONLINE+    /oracle/DEV/sapdata1/system_1/system.data1         SYSTEM+     1   1017126912  10485760000     20971520     8192    16777219  FILE  NOLINK
  BR0119I Redo log files
  File                                          Status  Group       Size       Device  Type  Link
  /oracle/DEV/origlogA/log_g11m1.dbf            INUSE      1    52429312     16777218  FILE  NOLINK
  /oracle/DEV/mirrlogA/log_g11m2.dbf            INUSE      1    52429312     16777218  FILE  NOLINK
  /oracle/DEV/origlogB/log_g12m1.dbf            INUSE      2    52429312     16777218  FILE  NOLINK
  /oracle/DEV/mirrlogB/log_g12m2.dbf            INUSE      2    52429312     16777218  FILE  NOLINK
  /oracle/DEV/origlogA/log_g13m1.dbf            INUSE      3    52429312     16777218  FILE  NOLINK
  /oracle/DEV/mirrlogA/log_g13m2.dbf            INUSE      3    52429312     16777218  FILE  NOLINK
  /oracle/DEV/origlogB/log_g14m1.dbf            INUSE      4    52429312     16777218  FILE  NOLINK
  /oracle/DEV/mirrlogB/log_g14m2.dbf            INUSE      4    52429312     16777218  FILE  NOLINK
  BR0120I Control files
  File                                                Size       Device  Type  Link
  /oracle/DEV/origlogA/cntrl/cntrlDEV.dbf         15024128     16777218  FILE  NOLINK
  /oracle/DEV/origlogB/cntrl/cntrlDEV.dbf         15024128     16777218  FILE  NOLINK
  /oracle/DEV/sapdata1/cntrl/cntrlDEV.dbf         15024128     16777219  FILE  NOLINK
  BR0982I Database disk volumes
  Directory / Raw disk                          Device      Total[KB]      Free[KB]    Used[%]   MaxNeed[KB]   MaxMiss[KB]
  /oracle/DEV/102_64                          16777218     480700086     404332206      15.89             0             0
  /oracle/DEV                                 16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/mirrlogA                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/mirrlogB                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/origlogA                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/origlogB                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/sapdata1                        16777219     591212116     404332206      31.61     240019884             0
  /oracle/DEV/sapdata2                        16777219     591212116     404332206      31.61     240019884             0
  /oracle/DEV/sapdata3                        16777219     591212116     404332206      31.61     240019884             0
  /oracle/DEV/sapdata4                        16777219     591212116     404332206      31.61     240019884             0
  /oracle/DEV/saparch                         16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/sapbackup                       16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/sapcheck                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/sapreorg                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/saptrace                        16777218     480700086     404332206      15.89             0             0
  /oracle/DEV/oraarch                         16777218     480700086     404332206      15.89             0             0
  BR0280I BRCONNECT time stamp: 2010-03-31 12.31.29
  BR0814I Number of tables in schema of owner SAPSR3: 74582
  BR0836I Number of info cube tables found for owner SAPSR3: 49
  BR0814I Number of tables/partitions in schema of owner SYS: 625/189
  BR0814I Number of tables/partitions in schema of owner SYSTEM: 134/27
  BR0280I BRCONNECT time stamp: 2010-03-31 12.32.28
  BR0815I Number of indexes in schema of owner SAPSR3: 89159
  BR0815I Number of indexes/partitions in schema of owner SYS: 678/199
  BR0815I Number of indexes/partitions in schema of owner SYSTEM: 175/32
  BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
  BR0816I Number of segments in schema of owner DBSNMP: 25
  BR0816I Number of segments in schema of owner OPS$DEVADM: 1
  BR0816I Number of segments in schema of owner OUTLN: 9
  BR0816I Number of segments/LOBs in schema of owner SAPSR3: 168369/2314
  BR0816I Number of segments/LOBs in schema of owner SYS: 1831/87
  BR0816I Number of segments/LOBs in schema of owner SYSTEM: 353/22
  BR0816I Number of segments in schema of owner TSMSYS: 4
  BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
  BR0961I Number of conditions found in DBCHECKORA: 118
  BR0983I Tablespace fragmentation
  Tablespace    Files   Tables  Indexes    Extents     Total[KB]   Used[%]     Free[KB]   FreeExt.   MaxSize[KB]   MaxAlloc[KB]   Used[%]       Free[KB]       Largest[KB]
  PSAPSR3          16    74248    88689     209864     54138880     94.51      2970752        240     163840000+     109701120+    31.23+     112671872+       9246720:7966720:7946240:7905280:7905280+
  PSAPSR3701       14        0        0          0     54466560      0.00     54465664         20     143360000+      88893440+     0.00+     143359104+       9021440:8192000:8192000:8192000:8192000+
  PSAPSR3701X       4      310      445      12190     68342784     94.20      3962240          7      68342784              0     94.20        3962240        1298432:1191936:979968:163776:163776
  PSAPSR3USR        1       24       25         51        51200      6.50        47872          1      10240000+      10188800+     0.03+      10236672+      10188800+:47872:0:0:0
  PSAPTEMP          1        0        0          0      1433600      0.00      1433600          0      10240000+       8806400+     0.00+      10240000+       8806400+:0:0:0:0
  PSAPUNDO          1        0        0          0      7823360      0.00      7823296        406      10240000+       2416640+     0.00+      10239936+       2416640+:2041792:1814464:1433536:603072
  SYSAUX            1      254      284       2059       307200     93.35        20416         16      10240000+       9932800+     2.80+       9953216+       9932800+:13248:3072:1024:640
  SYSTEM            1      505      569       2926       993280     98.91        10816          2      10240000+       9246720+     9.59+       9257536+       9246720+:10176:640:0:0
  Total:           39    75341    90012     227090    187556864     62.29     70734656        692     426742784      239185920     27.38      309920576       60157952:19463744:18936384:17695616:16864768
  BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
  BR0301E SQL error -1031 at location BrDbdiffRead-1, SQL statement:
  'PREPARE stmt_5 STATEMENT FROM'
  'SELECT OBJNAME FROM "SAPSR3".DBDIFF WHERE DBSYS IN ('ORACLE', ' ') AND OBJTYPE = 'TABL' AND DIFFKIND IN ('02', '61', '99') ORDER BY OBJNAME'
  ORA-01031: insufficient privileges
  BR0806I End of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.37.00
  BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
  BR0804I BRCONNECT terminated with errors

  Hi,
         It solved after change permission of directory that sapdba_role.sql kept to oradev:dba after that it can write sapdba_role.log.
        Thank you for your guideline.
        Now, I can ran 'Check database' via DB13 without that error.
  Best regards,
  Choosak B.

• Getting ORA-01031: Insufficient privileges when connecting as sys as sysdba

  Hi There,
  I am running Linux AS version 4, oracle 102.0.1, and logginging as oracle user which belongs to dba group. I got error "ORA-01031: Insufficient privileges" when trying to connect as sys user to bring up database. I wondered what is causing the error. Here is an example
  oracle-dev>sqlplus /nolog
  SQL>conn as sys/oracle@dev as sysdba
  ERROR:
  ORA-01031: Insufficient privileges
  Any suggestions would be greatly appreciated. Thanks again.
  Rich,

  Did you create a password file ?
  http://download-uk.oracle.com/docs/cd/B19306_01/server.102/b15658/admin_ora.htm#sthref142
  Message was edited by:
  Paul M.
  BTW, the syntax is
  SQL>conn sys/oracle@dev as sysdba

• Error with fullonline_backup (ORA-01031: insufficient privileges)

  Hi experts,
  we are facing problem during sap fullonline + redolog backup. while wholeonline+redolog backup working fine.
  please see the detail.
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.40
  BR0063I 35 of 35 files processed - 117460.273 of 117460.273 MB done
  BR0204I Percentage done: 100.00%, estimated end time: 16:06
  BR0001I **************************************************
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.40
  BR0317I 'Alter tablespace SYSTEM end backup' successful
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.42
  BR0530I Cataloging backups of all database files...
  BR0278E Command output of 'SHELL=/bin/sh /oracle/R3P/102_64/bin/rman nocatalog':
  Recovery Manager: Release 10.2.0.4.0 - Production on Thu Dec 22 16:06:42 2011
  Copyright (c) 1982, 2007, Oracle.  All rights reserved.
  RMAN>
  RMAN> connect target *
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  ORA-01031: insufficient privileges
  RMAN> **end-of-file**
  RMAN>
  host command complete
  RMAN> 2> 3> 4> 5> 6> 7> 8> 9> 10> 11> 12> 13> 14> 15> 16> 17> 18> 19> 20> 21> 22> 23> 24> 25> 26> 27> 28> 29> 30> 31> 32> 33> 34> 35> 36> 37>
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  RMAN-03002: failure of catalog command at 12/22/2011 16:06:42
  RMAN-06171: not connected to target database
  RMAN>
  Recovery Manager complete.
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.42
  BR0279E Return code from 'SHELL=/bin/sh /oracle/R3P/102_64/bin/rman nocatalog': 1
  BR0536E RMAN call for database instance R3P failed
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.42
  BR0532E Cataloging backups of all database files failed
  BR0056I End of database backup: behmnbjo.fnt 2011-12-22 16.06.42
  BR0280I BRBACKUP time stamp: 2011-12-22 16.06.42
  BR0054I BRBACKUP terminated with errors
  Regards
  Imran Khan

  Hi,
  i dont think is due to authorization issue. There's a different between "FULL" and "WHOLE" database online backup.
  Full database backup : Will backup all the databasee files (Inclusing datafiles, online redolog files and the control files) and do the catalog. So that we can use this as the referance backup and we can do the incremental backup.
  Whole database backup : Will backup all the databasee files (Inclusing datafiles, online redolog files and the control files). We can't use this for the incremental backup.
  As you see from the log, full database online backup is calling RMAN. FYI, backup your system with "Whole" is equally good unless you want to to use incremental backup.
  Thanks,
  Nicholas Chang
  Edited by: Nicholas Chang on Dec 23, 2011 12:03 AM

• FAILED - ORA-01031: insufficient privileges

  Hi All,
  When i am executing the procedure i am getting below error
  FAILED - ORA-01031: insufficient privileges.
  My procedure is given below.
  create or replace procedure SAM (start_date_key number,end_date_key number) as
  varstdt number:=start_date_key;
  varendt number:=end_date_key;
  MSG varchar2(3456);
  varTblnm varchar2(3250);
  varDtkey varchar2(3250);
  v_chck number(9);
  varSQLstmt varchar2(2340);
  begin
  for r1 in (select table_name from Sales_table where table_name='SALES')
  loop
  varTblnm := r1.table_name;
  varSQLstmt := 'create table '||varTblnm||'_'||varendt||' as select * from '||varTblnm;
  execute immediate varSQLstmt;
  end loop;
  EXCEPTION
  WHEN NO_DATA_FOUND THEN
  NULL;
  WHEN OTHERS THEN
  MSG := 'FAILED - '||SUBSTR (SQLERRM, 1, 200);
  dbms_output.put_line('Error ' ||MSG );
  commit;
  RAISE;
  end SAM;
  please let me know if there are any mistakes in the code.

  please let me know if there are any mistakes in the code.r1.table_name will always be equal to SALES. Therefore vartblnm will always be SALES. Is what you want?
  start_date_key and v_chck are never used.
  Then you attempt to create multiple tables, all called SALES_ suffixed with the value passed for end_date_key. You can't create several tables with the same name.
  end_date_key and varendt are numeric. You should cast them as varchar and test them before trying to use them as part of a file name. What if the number passed is negative? Or fractional?
  To commit within a procedure is an awful bug.
  Your WHEN OTHERS clause may be hiding the information needed to debug the code. Get rid if it.
  There are no comments anywhere.
  On what line does the error occur?

• ORA-01031: insufficient privileges for "SYS.DBMS_TRANSACTION"...FIX???

  Connected to Oracle Database 11g Enterprise Edition Release 11.1.0.7.0
  Connected as SYS
  SQL> exec admin.admin_dba_main.KILL_ORPH_2PHASE_COMMITS();
  begin admin.admin_dba_main.KILL_ORPH_2PHASE_COMMITS(); end;
  ORA-01031: insufficient privileges
  ORA-06512: at "SYS.DBMS_TRANSACTION", line 88
  ORA-06512: at "ADMIN.ADMIN_DBA_MAIN", line 52I create this as the sys user but the owner of it is a schema called admin that owns several of our DBA scripts. The ADMIN schema has the DBA role, but as far I understand it, the SYS.DBMS_TRANSACTION needs to be run as either SYS or a SYSDBA user.
  What am I missing here. What permission do I have to grant to get this working?

  Hello,
  This post is duplicated:
  ORA-01031: insufficient privileges for "SYS.DBMS_TRANSACTION"...FIX???
  Best regards,
  Jean-Valentin

• MCOD and DB13 (ORA-01031: insufficient privileges)

  Hello Oracle experts,
  I have a problem with a MCOD installation.
  Situation:
  I have an Oracle Real Application Cluster with two database instances (DE1_1 and DE1_2). In database 1 (DE1_1) there are running two SAP systems (DE1 and DE2).
  In database 2 (DE1_2) there are running also two SAP systems (QE1 and QE2).
  DE1: SAPSR3     (DE1_1 )
  DE2: SAPSR4     (DE1_1)
  QE1: SAPSR5     (DE1_2)
  QE2: SAPSR6     (DE1_2)
  DE1 has been the first installation. The next one´s have been DE2 (SAPSR4), QE1 (SAPSR5) and QE2 (SAPSR6).
  Complication:
  Transaction DB13 is making trouble in the systems DE2, QE1 and QE2.
  There is a pop-up containing this information:
  SQL Errorcode: 1.031
  SELECT beg, funct, sysid, obj, rc, ende, actid,  line FROM sap_sdbah
  WHERE beg BETWEEN  '20110416000000' AND '20110524235959' AND sysid =  'DE1'
  ORA-01031: insufficient privileges
  I can confirm this popup and reach the DBA Planning Calendar. In the message window there are two error messages:
  - An error occurred when processing system DE2
  - Function ORA_LOG_READ failed with return code = Other error
  Only in the first system (DE1) there are no problems when calling DB13!
  Solution:
  I already checked the following notes:
  Note 134592 - Importing the SAPDBA role (sapdba_role.sql)
  --> I executed the script from the note.
  Note 834917 - Oracle Database 10g: New database role SAPCONN
  --> I executed the script from the note.
  And checked this:
  SQL> select grantee, granted_role from dba_role_privs
  where granted_role in ('SAPDBA', 'SAPCONN');
  GRANTEE                        GRANTED_ROLE
  SYS                            SAPDBA
  OPS$SAPSERVICEDE2              SAPDBA
  OPS$SAPSERVICEQE1              SAPDBA
  OPS$QE1ADM                     SAPDBA
  SAPSR6                         SAPCONN
  OPS$ORADE1                     SAPDBA
  SAPSR5                         SAPCONN
  OPS$QE2ADM                     SAPDBA
  OPS$SAPSERVICEQE2              SAPDBA
  SYS                            SAPCONN
  OPS$DE1ADM                     SAPDBA
  GRANTEE                        GRANTED_ROLE
  SAPSR3                         SAPCONN
  OPS$SAPSERVICEDE1              SAPDBA
  SAPSR4                         SAPCONN
  SYSTEM                         SAPDBA
  OPS$DE2ADM                     SAPDBA
  16 rows selected.
  Is it correct that there is only ONE ORA<SID>?
  The rest is correct regarding the note.
  Note 1028220 - ORA-01031: Insufficient privileges despite SAPCONN role
  Checked this statement:
  SQL> select grantee, granted_role, default_role from dba_role_privs
  where grantee = 'SAPSR6';
  GRANTEE                        GRANTED_ROLE                   DEF
  SAPSR6                         SAPCONN                        YES
  It´s correct regarding the note.
  Note 91216 - BRBACKUP/SAPDBA: ORA-01031 Insufficient privileges
  Checked it!
  Note 400241 - Problems with ops$ or sapr3 connect to Oracle
  SQL> SELECT OWNER, TABLE_OWNER, TABLE_NAME FROM DBA_SYNONYMS
  WHERE SYNONYM_NAME = 'SAPUSER';
  OWNER                          TABLE_OWNER
  TABLE_NAME
  OPS$SAPSERVICEDE1              OPS$DE1ADM
  SAPUSER
  OPS$SAPSERVICEDE2              OPS$DE2ADM
  SAPUSER
  OPS$SAPSERVICEQE1              OPS$QE1ADM
  SAPUSER
  OWNER                          TABLE_OWNER
  TABLE_NAME
  OPS$SAPSERVICEQE2              OPS$QE2ADM
  SAPUSER
  It´s correct regarding the note.
  Note 113747 - Permissions for DBA tools BR*Tools and SAPDBA
  Permissons for BR*Tools are adjusted regarding this note.
  It is still not working!!
  Any further suggestions? I don´t know exactly what to configure in a MCOD database. Maybe I forgot one thingu2026
  Thank you in advance and kind regards,
  Geraldine

  Well, it's up to you whether or not you consider that a problem.
  And it seems SAP doesn't.
  The solution for your ORA-01031 probably will be:
  In the schema of Oracle user SAPSR3 there are tables SDBAH and SDBAD. Grant full access to Oracle users SAPSR4/5/6.
  But afterwards you may encounter another error message.
  You have been warned.
  Not sure if this is documented anywhere.
  And as I wrote, I doubt that it is worth the effort...
  It always seemed SAP did not really like nor support MCOD installations. So by now we haven't any of them left.
  regards

• BRBACKUP: ORA-01031: insufficient privileges

  Hello,
  where I try to make a online control file backup test, with command "brback -u / -d disk -t online -m 0 -c", it comes always the error message:
  root@odrt88:/oracle/IH3/102_64/cpu/CPUJul2006 > su - oraih3
  odrt88:oraih3 51> brbackup -u / -d disk -t online -m 0 -c
  BR0051I BRBACKUP 7.00 (11)
  BR0055I Start of database backup: bdtsqfrg.pnd 2006-10-16 15.08.04
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0301W SQL error -1031 at location BrbDbLogOpen-5
  ORA-01031: insufficient privileges
  BR0324W Insertion of database log header failed
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0319I Control file copy created: /oracle/IH3/sapbackup/cntrlIH3.dbf 12664832
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0301W SQL error -1031 at location BrDbfInfoGet-30
  ORA-01031: insufficient privileges
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0301W SQL error -1031 at location BrDbfInfoGet-31
  ORA-01031: insufficient privileges
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0301E SQL error -1031 at location BrComprDurGet-1
  ORA-01031: insufficient privileges
  BR0314E Collection of information on database files failed
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0301W SQL error -1031 at location BrbDbLogOpen-5
  ORA-01031: insufficient privileges
  BR0324W Insertion of database log header failed
  BR0056I End of database backup: bdtsqfrg.pnd 2006-10-16 15.08.04
  BR0280I BRBACKUP time stamp: 2006-10-16 15.08.04
  BR0054I BRBACKUP terminated with errors
  The system is Netweaver 2004s SR1 Enterprise Portal on Oracle 10.2.0.2.0 on SLES 9(SP3 x86_64).
  I have check the user and group. <sapid>adm belongs to groups sapsys, oper, dba, sapinst and ora<dbsid> belongs to dba, oper, sapinst.
  Is there anybody has idea? Any answer is appreciated!
  Rongfeng

  I'm facing the same error when trying to backup the DB with brtools :
  <i>BR0280I BRBACKUP time stamp: 2007-07-13 14.26.48
  BR0301E SQL error -1017 at location BrDbConnect-2
  ORA-01017: invalid username/password; logon denied
  BR0310E Connect to database instance H40 failed
  BR0280I BRBACKUP time stamp: 2007-07-13 14.26.49
  BR0301E SQL error -1017 at location BrDbConnect-2
  ORA-01017: invalid username/password; logon denied
  BR0310E Connect to database instance H40 failed</i>
  I used the sapdba_role.sql for oracle 9 and got same errors too:
  <i>old   1: grant ALL on &User..DBAOBJL to sapdba
  new   1: grant ALL on SAPR3.DBAOBJL to sapdba
  grant ALL on SAPR3.DBAOBJL to sapdba
  ERROR at line 1:
  ORA-00942: table or view does not exist
  old   1: grant ALL on &User..DBAPHAL to sapdba
  new   1: grant ALL on SAPR3.DBAPHAL to sapdba
  grant ALL on SAPR3.DBAPHAL to sapdba
  ERROR at line 1:
  ORA-00942: table or view does not exist
  old   1: grant ALL on &User..DBAGRP to sapdba
  new   1: grant ALL on SAPR3.DBAGRP to sapdba
  grant ALL on SAPR3.DBAGRP to sapdba
  ERROR at line 1:
  ORA-00942: table or view does not exist
  old   1: grant ALL on &User..DBAERR to sapdba
  new   1: grant ALL on SAPR3.DBAERR to sapdba
  grant ALL on SAPR3.DBAERR to sapdba
  ERROR at line 1:
  ORA-00942: table or view does not exist
  old   1: grant ALL on &User..DBATRIAL to sapdba
  new   1: grant ALL on SAPR3.DBATRIAL to sapdba
  grant ALL on SAPR3.DBATRIAL to sapdba
  ERROR at line 1:
  ORA-00942: table or view does not exist</i>
  All other has Granted succeefully.
  System info :
  R/3 4.0B
  Oracle9.0.1.0
  Win2K3
  Brtools 6.40
  SIDadm user is in all important groups.
  Any suggestions?
  Thanks in advance,
  Zacharias

• ORA-01031: insufficient privileges in PL/SQL but not in SQL

  I have problem with following situation.
  I switched current schema to another one "ban", and selected 4 rows from "ed"
  alter session set current_schema=ban;
  SELECT * FROM ed.PS WHERE ROWNUM < 5;
  the output is OK, and I get 4 rows like
  ID_S ID_Z
  1000152 1
  1000153 1
  1000154 1
  1000155 1
  but following procedure is compiled with warning
  create or replace
  procedure proc1
  as
  rowcnt int;
  begin
  select count(*) into rowcnt from ed.PS where rownum < 5;
  end;
  "Create procedure, executed in 0.031 sec."
  5,29,PL/SQL: ORA-01031: insufficient privileges
  5,2,PL/SQL: SQL Statement ignored
  ,,Total execution time 0.047 sec.
  Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
  Thanks.
  Message was edited by:
  MattSk

  Privs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
  Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
  <quote>
  What happens when we compile a Definer rights procedure
  When we compile the procedure into the database, a couple of things happen with regards to
  privileges.  We will list them here briefly and then go into more detail:
  q    All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
  are verified for existence. Names are resolved via the standard scoping rules as they apply to the
  definer of the procedure.
  q    All of the objects it accesses are verified to ensure that the required access mode will be
  available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
  has the ability to UPDATE T without use of any ROLES.
  q    A dependency between this procedure and the referenced objects is setup and maintained. If
  this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
  If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
  resolve T into a fully qualified referenced.  T is an ambiguous name in the database - there may be
  many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
  synonyms will be resolved to their base objects and the schema name will be associated with the
  object as well. It does this name resolution using the rules for the currently logged in user (the
  definer). That is, it will look for an object owned by this user called T and use that first (this
  includes private synonyms), then it will look at public synonyms and try to find T and so on.
  Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
  attempting to access T is permitted.   In this case, if we as the definer of the procedure either
  owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
  procedure will compile.  If we do not have access to an object called T by a direct grant - the
  procedure P will fail compilation.  So, when the object (the stored procedure that references T) is
  compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
  the procedure, store the binary code for the procedure and set up a dependency between this
  procedure and this object T.  This dependency is used to invalidate the procedure later - in the
  event something happens to T that necessitates the stored procedures recompilation.  For example,
  if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
  mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
  we ALTER T ADD  some column, Oracle can invalidate all of the dependent procedures. This will cause
  them to be recompiled automatically upon their next execution.
  What is interesting to note is not only what is stored but what is not stored when we compile the
  object. Oracle does not store the exact privilege that was used to get access to T. We only know
  that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
  to:
  q    A grant given to the definer of the procedure (grant select on T to user)
  q    A grant to public on T (grant select on T to public)
  q    The user having the SELECT ANY TABLE privilege
  The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
  cause the procedure P to become invalid. If all three privileges were in place when the procedure
  was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
  before it is executed again. Since all three privileges were in place when we created the procedure
  - it will compile successfully (until we revoke all three that is). This recompilation will happen
  automatically the next time that the procedure is executed.
  Now that the procedure is compiled into the database and the dependencies are all setup, we can
  execute the procedure and be assured that it knows what T is and that T is accessible. If something
  happens to either the table T or to the set of base privileges available to the definer of this
  procedure that might affect our ability to access T -- our procedure will become invalid and will
  need to be recompiled.
  This leads into why ROLES are not enabled during the compilation and execution of a stored
  procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
  only that you are. Any change to your privileges that might cause access to T to go away will cause
  the procedure to become invalid and necessitate its recompilation. Without roles - that means only
  'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
  roles - it greatly expands the number of times we would invalidate this procedure. If some role
  that was granted to some role that was granted to this user was modified, this procedure might go
  invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
  fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
  that roles did give us privileges in stored objects. Now, most any time anything was revoked from
  ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
  -- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
  and suddenly your entire database must be recompiled! Consider the impact of revoking some system
  privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
  it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
  PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
  procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
  in the database would constantly become invalid due to small changes in permissions. Since one of
  the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
  for performance.
  Also consider that roles may be
  q    Non-default: If I have a non-default role and I enable it and I compile a procedure that
  relies on those privileges, when I log out I no longer have that role -- should my procedure become
  invalid -- why? Why not? I could easily argue both sides.
  q    Password Protected: if someone changes the password on a ROLE, should everything that might
  need that role be recompiled?  I might be granted that role but not knowing the new password - I
  can no longer enable it. Should the privileges still be available?  Why or Why not?  Again, arguing
  either side of this is easy. There are cases for and against each.
  The bottom line with respect to roles in procedures with Definer rights are:
  q    You have thousands or tens of thousands of end users. They don't create stored objects (they
  should not). We need roles to manage these people. Roles are designed for these people (end users).
  q    You have far fewer application schema's (things that hold stored objects). For these we want
  to be explicit as to exactly what privileges we need and why. In security terms this is called the
  concept of 'least privileges', you want to specifically say what privilege you need and why you
  need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
  to be explicit since the number of development schemas is SMALL (but the number of end users is
  large)...
  q    Having the direct relationship between the definer and the procedure makes for a much more
  efficient database. We recompile objects only when we need to, not when we might need to. It is a
  large efficiency enhancement.
  </quote>

• Error while Creating Master Repository: ORA-01031: insufficient Privileges

  Hi,
  I'm trying to install ODI into my VM.
  I have done the installation and while creating Master Repository, I'm getting following error:
  ORA-01031: insufficient Privileges
  I'm using Oracle & have created user as ODI_MASTER with Admin Privileges.
  I'll be using it to load metadata onto planning (Version 11.1.2)
  Is there anything that I'm missing out on.
  Jitendra.

  Seems missing grants on the user you are using to create Master Repository.
  you are using Oracle .. grant connect, resource to <your_user>. These two rolesa have sufficient access to db to create the master repository.
  execuute the sql from sys user
  Regards,
  Amit
  Edited by: amitgupta1202 on 20 Aug, 2009 10:42 PM