ORA-01039:Insufficient Privileges on the Underlying Objects of the View
Hi,
I have a Query where it is using (SELECT name from v$DATABASE as a Inline View).
But when my running the Explain Plan in Toad it is giving the Error as
'ORA-01039:Insufficient Privileges on the Underlying Objects of the View'
Any help will be appreciable
Thanks and Regards
you need SELECT ANY DICTIONARY privelage Below is a small demonstration.
First iam connecting as a SYSDBA and doing an explain plan on v$database.
SQL*Plus: Release 9.2.0.1.0 - Production on Mon Sep 1 12:36:53 2008
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
Enter user-name: akivadba/akivadba@akivatst as sysdba
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> set linesize 250
SQL>
SQL> explain plan for select * from v$database
2 /
Explained.
SQL> select * from table(dbms_xplan.display)
2 /
PLAN_TABLE_OUTPUT
Plan hash value: 735420252
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | 100 | 77200 | 0 (0)| 00:00:01 |
| 1 | MERGE JOIN CARTESIAN| | 100 | 77200 | 0 (0)| 00:00:01 |
|* 2 | FIXED TABLE FULL | X$KCCDI | 1 | 710 | 0 (0)| 00:00:01 |
| 3 | BUFFER SORT | | 100 | 6200 | 0 (0)| 00:00:01 |
| 4 | FIXED TABLE FULL | X$KCCDI2 | 100 | 6200 | 0 (0)| 00:00:01 |
Predicate Information (identified by operation id):
2 - filter("DI"."INST_ID"=USERENV('INSTANCE'))
16 rows selected.No problem till now every thing is fine. Now iam connecting as a normal user and doing the same.
SQL> connect
Enter user-name: sysadm/sysadm@akivatst
Connected.
SQL>
SQL> explain plan for select * from v$database
2 /
explain plan for select * from v$database
ERROR at line 1:
ORA-01039: insufficient privileges on underlying objects of the viewLook i got the insufficient privileges error. Now let me grant the required privileges.
SQL> connect
Enter user-name: akivadba/akivadba@akivatst as sysdba
Connected.
SQL> GRANT SELECT ANY DICTIONARY TO SYSADM
2 /
Grant succeeded.Now connect back to the user and try again.
SQL> connect
Enter user-name: sysadm/sysadm@akivatst
Connected.
SQL> explain plan for select * from v$database
2 /
Explained.
SQL> select * from table(dbms_xplan.display)
2 /
PLAN_TABLE_OUTPUT
Plan hash value: 735420252
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
| 0 | SELECT STATEMENT | | 100 | 77200 | 0 (0)| 00:00:01 |
| 1 | MERGE JOIN CARTESIAN| | 100 | 77200 | 0 (0)| 00:00:01 |
|* 2 | FIXED TABLE FULL | X$KCCDI | 1 | 710 | 0 (0)| 00:00:01 |
| 3 | BUFFER SORT | | 100 | 6200 | 0 (0)| 00:00:01 |
| 4 | FIXED TABLE FULL | X$KCCDI2 | 100 | 6200 | 0 (0)| 00:00:01 |
Predicate Information (identified by operation id):
2 - filter("DI"."INST_ID"=USERENV('INSTANCE'))
16 rows selected.
SQL>Thanks,
Karthick.
Edited by: karthick_arp on Sep 1, 2008 12:21 AM
Similar Messages
-
ORA-01039: insufficient privileges... on EXPLAIN PLAN but OK when run
I get
ORA-01039: insufficient privileges on underlying objects of the viewwhen I use EXPLAIN PLAN but if I actually run the SQL it is fine!
SQL> explain plan for select * from ifsinfo.gscdb_xref;
explain plan for select * from ifsinfo.gscdb_xref
ERROR at line 1:
ORA-01039: insufficient privileges on underlying objects of the view
SQL>select * from ifsinfo.gscdb_xref;
GSCDB_COMPANY COMPANY VARCHAR2
GSCDB_COMPANY NAME VARCHAR2
GSCDB_COMPANY ADDRESS1 VARCHAR2
GSCDB_COMPANY ADDRESS2 VARCHAR2
GSCDB_COMPANY ZIP_CODE VARCHAR2
GSCDB_COMPANY CITY VARCHAR2
GSCDB_COMPANY COUNTY VARCHAR2
GSCDB_COMPANY STATE VARCHAR2
GSCDB_COMPANY COUNTRY_DB VARCHAR2
GSCDB_COMPANY GSCDB_LAST_UPDATE VARCHAR2
GSCDB_CUSTOMER CUSTOMER_ID VARCHAR2
GSCDB_CUSTOMER NAME VARCHAR2
GSCDB_CUSTOMER ADDRESS_ID VARCHAR2
:...in which case (providing the SQLs in question are SELECT statements) you may be better off with DBMS_SQL.PARSE rather than explain plan.
-
How can I get the underlying object from the ObjectReference
Dear friends,
I think this question has been asked a couple of times. But, I am still wondering if anybody has found an answer to it. Maybe this is some common need ...
I would like to get the underlying object for which the ObjectReference is
a mirror For example, I have a class Customer in my application, and I can get an ObjectReference through JDI during runtime. But how can I get the target VM's object which is a real instance of Customer, by which I can invoke methods defined in Customer?
Thank you so much for any input!
SunnyDayI'll preface this response by admitting this far from an elegant solution, but I did write a function addressing this question, mostly as an exercise.
If passed an object with an InTextFrame property (Pgf, AFrame, Cell, Fn) that resides in an open document, the function will return the Doc object. Otherwise, it returns undefined.
function getParentDoc(testObj) {
//Get object for current page
try { var curPage = testObj.InTextFrame.FrameParent.PageFramePage; }
catch(er) {return;}
//Step backwards to first page in document
var prevPage = curPage.PagePrev;
while (prevPage.ObjectValid())
curPage = prevPage;
prevPage = prevPage.PagePrev;
//Compare with first pages of open documents
var testDoc = app.FirstOpenDoc;
while (testDoc.ObjectValid())
if (curPage.id==testDoc.FirstBodyPageInDoc.id) return testDoc;
testDoc = testDoc.NextOpenDocInSession;
return;
To your PPS: Rather than seeing the native framework grow bloated to address additional features, I would love to see Adobe and other developers publish libraries of useful functions and class extensions. -
Resolving problem with ORA-01031: insufficient privileges
hello i just to write a few word about my installation of oracle database 9i
My installation is on a Red Hat AS3
I have a problem with the error :ORA-01031: insufficient privileges
The one who read this know what about i tell.
The authorization is only for the user which Group is DBA as you can read everywhere.
but me when i tried groupadd dba => it tells group already exist.
but i can't find the group dba in the file /etc/group.
So i tried to make my user 'oracle' works with the 'already group exist' dba .
useradd -g dba oracle
but when i tried to start the database i create i have the message. : ORA-01031: insufficient privileges
i tried to add manualy the group dba to /etc/group (as i can read in websites)
and add a user manualy (/etc/passwd).
But does works.
I try all i can during 1 days long.
I was really upset because nothing that i read work.
finaly I go to the RedHat Menu (things i don't really do normaly on LINUX) and go to 'SYSTEM SETTINGS' and choose 'User and Group'
Here i can see my user 'Oracle' I get the property of the user .
there is a tab group ( 'select the group that the user will be member of:')
None of them where name DBA so i decidied to select all of them and tried.
MAGIC!!! then it works!!!
ps: after when i see the list of the group I saw that one of them is named 'SYS' . I really think that it is the one group i had to select. but don't know.
Now It is working for me so... And good luck for you. bye.Errors
ORA-01031 "insufficient privileges"
Symptoms
During database upgrade phase using DBUA , it fails with error
ORA-1031 Insufficient privileges
Connection from sqlplus also fails with same error
$ sqlplus /nolog
SQLPLUS "conn / as sysdba"
ORA-1031 Insufficient privileges
Changing the REMOTE_LOGIN_PASSWORDFILE to SHARED / NONE does not make differen
Cause
ORACLE_HOME owner oramigts is part of OS group "dba" ,but config.s shows group "g680"
The 'OSDBA' and 'OSOPER' groups are chosen at installation time and usually both default to the group 'dba'.
These groups are compiled into the 'oracle' executable and so are the same for all databases running from a given ORACLE_HOME directory.
The actual groups being used for OSDBA and OSOPER can be checked thus:
cd $ORACLE_HOME/rdbms/lib
cat config.[cs]
Solution
To implement the solution, please execute the following steps:
1. Checked the ORACLE_HOME owner.
echo $ORACLE_HOME
/h02/app/oracle/product/9.2.0_64
cd / h02/app/oracle/product/
ls -l
drwxr-xr-x 58 oramigts dba 1024 Jan 2 2004 9.2.0_64
2.ORACLE_HOME software owner "oramigts" is part of group "dba"
3.Checked file $ORACLE_HOME/rdbms/lib/config.s
[If your platform has config.c:
Due to the way different compilers under different architectures generate
assembler code, it's not possible to give a universal rule.]
It shows dba group as "g680" where software owner is part of "dba" group
You can more find detail on config.s / config.c in the following doc.
Note 50507.1 SYSDBA and SYSOPER Privileges in Oracle
4. Modified the config.s for correct group.
.ascii "g680\0"
to
.ascii "dba\0"
7. mv config.o config.o.bak
8. make -f ins_rdbms.mk config.o ioracle
9. Checked the file config.o is created at $ORACLE_HOME/rdbms/lib
10. Connected / as sysdba thru Sqlplus from 9.2 Home, which connected sucessfully. -
ORA-01031: insufficient privileges While Trying to Create a Trigger
Hi
I am trying to create a trigger on one of the table in the database schema :
CREATE OR REPLACE TRIGGER Trigger_Name
BEFORE INSERT ON table_name
FOR EACH ROW
---Trigger Body...
However I am getting the following error : ORA-01031: insufficient privileges
I have tried to check the status of the trigger with the following script :
SELECT object_name
FROM dba_objects
WHERE object_type = 'TRIGGER'
AND status = 'INVALID';
and it is showing its status as "INVALID".
Can anybody please suggest me how to proceed on this?Hi,
If the trigger exists than you have privilieges to create trigger but you need some privilieges needed to compile it.
Check all commands and objects you are referring to inside trigger body. Maybe you are trying select table without proper priviliege...?
Bartek -
DB13: ORA-01031: insufficient privileges
Hello All,
I entered the t-code DB13 and I have the following error: ORA-01031: insufficient privileges, which I re-searched on the OSS for support and I found this note: Note 1028220 - ORA-01031: Insufficient privileges despite SAPCONN role, which I have verfied all the permssions and roles. Still no luck on accessingt he DB13 t-codes. I tried to execute this SQL Script that is being executed by Db13 in OS using SQL Plus. i still get the same error. I am not sure what permission I am missing here. Could you please tell me what I am exactly missing here.
SELECT beg, funct, sysid, obj, rc, ende, actid,
line FROM sap_sdbah WHERE beg BETWEEN
'20090105000000' AND '20090210235959' AND sysid =
'BIQ'
SQL> select grantee, granted_role, default_role
2 from dba_role_privs
3 where grantee = 'SAPSR3';
GRANTEE GRANTED_ROLE DEF
SAPSR3 SAPCONN YES
I did run this script: sapconn_role.sql to set the permission correctly. No luck.
Note: I logged to the system as <SID>adm user.
Thanks in Advance
Thanks
KumarHi Stefan,
I just compared my BIQ System which is giving problem with accessing DB13 with BIP (production system) which works fine.
My BIQ has total rows: 2353 when I execute this SQL Script that you posted. Where as BIP gave me: 2383 rows selected.
Also BIP has the following output:
O$SURESH-LOCAL\SAPSERVICEBIP SAPUSER O$SURESH-LOCAL\BIPADM SAPUSER
PUBLIC SAP$KSMSP SYS SAP_$KSMSP
PUBLIC SAP$KCBFWAIT SYS SAP_$KCBFWAIT
PUBLIC SAP$BH SYS SAP_$BH
PUBLIC SAP_SDBAH SAPSR3 SDBAH
PUBLIC SAP_SDBAD SAPSR3 SDBAD
PUBLIC SAP_MLICHECK SAPSR3 MLICHECK
PUBLIC SAP_SAPLIKEY SAPSR3 SAPLIKEY
PUBLIC SAP_DBAML SAPSR3 DBAML
PUBLIC SAP_DBARCL SAPSR3 DBARCL
PUBLIC SAP_DBAFID SAPSR3 DBAFID
PUBLIC SAP_DBAEXTL SAPSR3 DBAEXTL
PUBLIC SAP_DBAREOL SAPSR3 DBAREOL
PUBLIC SAP_DBABARL SAPSR3 DBABARL
PUBLIC SAP_DBADFL SAPSR3 DBADFL
PUBLIC SAP_DBAOPTL SAPSR3 DBAOPTL
PUBLIC SAP_DBASPAL SAPSR3 DBASPAL
PUBLIC SAP_DBABD SAPSR3 DBABD
PUBLIC SAP_DBABL SAPSR3 DBABL
PUBLIC SAP_DBATL SAPSR3 DBATL
PUBLIC SAP_DBAOBJL SAPSR3 DBAOBJL
PUBLIC SAP_DBAPHAL SAPSR3 DBAPHAL
PUBLIC SAP_DBAGRP SAPSR3 DBAGRP
PUBLIC SAP_DBAERR SAPSR3 DBAERR
PUBLIC SAP_DBATRIAL SAPSR3 DBATRIAL
PUBLIC SAP_SVERS SAPSR3 SVERS
PUBLIC SAP_TGORA SAPSR3 TGORA
PUBLIC SAP_IGORA SAPSR3 IGORA
PUBLIC SAP_TSORA SAPSR3 TSORA
PUBLIC SAP_TAORA SAPSR3 TAORA
PUBLIC SAP_IAORA SAPSR3 IAORA
PUBLIC SAP_DD02L SAPSR3 DD02L
PUBLIC SAP_DD09L SAPSR3 DD09L
PUBLIC SAP_DDNTT SAPSR3 DDNTT
PUBLIC SAP_DBCHK SAPSR3 DBCHK
PUBLIC SAP_DBDIFF SAPSR3 DBDIFF
PUBLIC SAP_DBSTATC SAPSR3 DBSTATC
PUBLIC SAP_DBSTATTORA SAPSR3 DBSTATTORA
PUBLIC SAP_DBSTATIORA SAPSR3 DBSTATIORA
PUBLIC SAP_DBSTATHORA SAPSR3 DBSTATHORA
PUBLIC SAP_DBSTAIHORA SAPSR3 DBSTAIHORA
PUBLIC SAP_DBCHECKORA SAPSR3 DBCHECKORA
PUBLIC SAP_DBMSGORA SAPSR3 DBMSGORA
and BIQ has the following output:
O$SURESH-LOCAL\SAPSERVICEBIQ SAPUSER O$SURESH-LOCAL\BIQADM SAPUSER
PUBLIC SAP$KSMSP SYS SAP_$KSMSP
PUBLIC SAP$KCBFWAIT SYS SAP_$KCBFWAIT
PUBLIC SAP$BH SYS SAP_$BH
PUBLIC SAP_SDBAH SAPSR3DB SDBAH
PUBLIC SAP_SDBAD SAPSR3DB SDBAD
PUBLIC SAP_DBSTATC SAPSR3DB DBSTATC
PUBLIC SAP_DBSTATTORA SAPSR3DB DBSTATTORA
PUBLIC SAP_DBSTATIORA SAPSR3DB DBSTATIORA
PUBLIC SAP_DBSTATHORA SAPSR3DB DBSTATHORA
PUBLIC SAP_DBSTAIHORA SAPSR3DB DBSTAIHORA
PUBLIC SAP_DBCHECKORA SAPSR3DB DBCHECKORA
PUBLIC SAP_DBMSGORA SAPSR3DB DBMSGORA
The owner for BIQ has SAPSR3DB (which is Java schema) not sure how that happen. Where as BIP seems like fine with SAPSR3 schema owner. Looks like I need to change the owner ship of the tables from SAPSR3DB to SAPSR3 of those above BIQ tables. How do you change the owner ship for above rows?
My next question would be, what I do to those missing values in BIQ?
Please advice.
Thanks in Advance.
Kumar -
I'm using SYSTEM user but
HDBSTUDIO continues on triggering this error when I try to export the catalog:
SAP DBTech JDBC: [258]: insufficient privilege: Can't export objects in schema DARTEL_TRANSPORTES. Can't export procedure DARTEL_TRANSPORTES.PAL_TRIPLE_SMOOTH_WRAPPER. user has no privilege on the underlying objects
When trying to grant the SYSTEM user to that particular object I get a new error : Could not modify user 'SYSTEM'. Several issues occurred
Have anyone have struggled with this error before, any help will be highly appreciated
Kind Regardsrev 69 too
tomorrow I will have the webex and let you know
Something happenned after my customer change the suse's server IP, I had to perform a re-installation of SAP Business One only
We were supposed to install using the hostname but no one of the installers let me use the hostname
so it Kind of forced me to use the IP.
After asking Support about that one of the specialists told me that he prefers to use IP instead of the hostname. So I used IP.
Maybe this changed something I cannot detect yet. but tomorrow we'll see.
KR -
Compile via object browser gives ORA-01031 insufficient privileges but...
Hello,
Last week I upgraded my APEX version from 2.2 to 3.01; I didn't find any problems up to now. Via the home>SQL Workshop>object browser screen, packages then edit package I modified a package. When I hit the 'compile' button, I got the message: ORA-01031: insufficient privileges.
When I do 'alter package <package_name> compile [body]' via the home>SQL workshop>SQL commands screen the package is compile succesfully.
To me this looks like a bug... same (apex) user, same priviliges...
Has anybody an idea why I can't compile via the object browser screen, receiving the ORA-01031 message, but why I can compile the same package via sql-commands screen.
The user I am logged on with in APEX is the owner of the package.
Thanks in advance for your assistance.
best regards,
Jan.
Message was edited by: jan
J. HulsingLinda,
Connect as SYSTEM and:
grant create procedure to XXXXXXX;
...where XXXXXXX is the schema name. A DBA would need to do this, of course.
Scott -
Not able to Start the oracle db error "ORA-01031: insufficient privileges"
Hi experts,
I have oracle 11g setup on so solaris. i changed the db_cache_size
& processes values and stopped the DB services after that i am not able to start the oracle DB. Listener is running.
when i start the db server its giving the below error(startup.log)
./dbstart: Starting up database "orcl"
Mon Sep 27 04:31:08 MDT 2010
SQL*Plus: Release 11.1.0.7.0 - Production on Mon Sep 27 04:31:08 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL> ERROR:
ORA-01031: insufficient privileges
SQL> ORA-01031: insufficient privileges
SQL>
./dbstart: Database instance "orcl" warm started.
Please help me to ressolve this issue.
Thanks
Krishnayes, password file is there in /etc/passwd
here are the contents:
root:x:0:0:Super-User:/:/sbin/sh
lroot:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:/bin/false
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:/bin/false
lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/false
uucp:x:5:5:uucp Admin:/usr/lib/uucp:/bin/false
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:/bin/false
nobody:x:60001:60001:Nobody:/:/bin/false
noaccess:x:60002:60002:No Access User:/:/bin/false
nobody4:x:65534:65534:SunOS 4.x Nobody:/:/bin/false
itunix:x:50000:14:IT Unix Account:/export/home/itunix:/bin/csh
hharika:x:765:38:Harpal Harika:/export/home/hharika:/bin/csh
prsingh:x:795:38:Pradeep Singh:/export/home/prsingh:/bin/csh
mmir:x:1229:21:Mir Monis Ali:/export/home/mmir:/bin/csh
bogunnai:x:1207:21:Bose Ogunnaike:/export/home/bogunnai:/bin/ksh
mpokala:x:2117:21:Mahesh Pokala:/export/home/mpokala:/bin/ksh
apopov:x:2385:38:Anton Popov:/export/home/apopov:/bin/csh
kkeith:x:2629:227:Kevin Keith:/home/kkeith:/usr/bin/ksh
sshd:x:22:22:SSH Privsep:/var/empty:/bin/false
patrol:x:2784:10:Patrol User:/opt/bmc:/usr/bin/ksh
smmsp:x:25:25:Sendmail Submission user:/none:/bin/false
ldap:x:50001:1002::/export/home/ldap:/bin/sh
perfuser:x:884:268::/export/home/perfuser:/bin/csh
webservd:x:80:80::/home/webservd:/bin/pfsh
oracle:x:156:40:Oracle Software Owner:/export/home/oracle:/bin/bash
perfuser_idc:x:64383:1::/home/perfuser_idc:/bin/sh
idc_perf:x:64384:292::/home/idc_perf:/bin/sh -
ORA-13773: insufficient privileges to select data from the cursor cache
We are trying to create STS using the below query:
exec sys.dbms_sqltune.create_sqlset(sqlset_name => 'TEST_STS', -
sqlset_owner => 'SCOTT');
The below procedure will load sql starting with 'select /*MY_CRITICAL_SQL*/%' from cursor cache into STS TEST_STS.
DECLARE
stscur dbms_sqltune.sqlset_cursor;
BEGIN
OPEN stscur FOR
SELECT VALUE(P)
FROM TABLE(dbms_sqltune.select_cursor_cache(
'sql_text like ''select /*MY_CRITICAL_SQL*/%''',
null, null, null, null, null, null, 'ALL')) P;
dbms_sqltune.load_sqlset(sqlset_name => 'TEST_STS',
populate_cursor => stscur,
sqlset_owner => 'SCOTT');
END;
We were getting the following error: ORA-13761: invalid filter
After granting the below privileges to the user we are getting the below error:
Err msg:
ERROR at line 1:
ORA-13773: insufficient privileges to select data from the cursor cache
ORA-06512: at "SYS.DBMS_SQLTUNE", line 2957
ORA-06512: at line 10
For SQL Tuning Sets:
GRANT ADMINISTER ANY SQL TUNING SET TO scott;
For Managing SQL Profiles:
GRANT CREATE ANY SQL PROFILE TO scott;
GRANT ALTER ANY SQL PROFILE TO scott;
GRANT DROP ANY SQL PROFILE TO scott;
For SQL Tuning Advisor:
GRANT ADVISOR TO scott;
Others:
GRANT SELECT ON V_$SQL TO SCOTT;
GRANT SELECT ON V_$SQLAREA TO SCOTT;
GRANT SELECT ON V$SQLAREA_PLAN_HASH TO SCOTT;
GRANT SELECT ON V_$SQLSTATS TO SCOTT;
grant select on sys.DBA_HIST_BASELINE to SCOTT;
grant select on sys.DBA_HIST_SQLTEXT to SCOTT;
grant select on sys.DBA_HIST_SQLSTAT to SCOTT;
grant select on sys.DBA_HIST_SQLBIND to SCOTT;
grant select on sys.DBA_HIST_OPTIMIZER_ENV to SCOTT;
grant select on sys.DBA_HIST_SNAPSHOT to SCOTT;
Any info from your end to resolve the issue will be of great help.
ThanksWhat is the alert log reporting. Are you seeing any other errors than these in the alert log too?
-
ORA-01031: insufficient privileges , what's the fix?
[oracle@ora-lab2 ~]$ sqlplus /nolog
SQL*Plus: Release 11.1.0.6.0 - Production on Fri Sep 18 14:01:43 2009
Copyright (c) 1982, 2007, Oracle. All rights reserved.
SQL> connect /as sysdba;
ERROR:
ORA-01031: insufficient privileges
SQL> connect sys/test as sysdba;
Connected.
SQL> show parameter remote
NAME TYPE VALUE
remote_dependencies_mode string TIMESTAMP
remote_listener string
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean TRUE
remote_os_roles boolean FALSE
result_cache_remote_expiration integer 0
[oracle@ora-lab2 ~]$ rman
Recovery Manager: Release 11.1.0.6.0 - Production on Fri Sep 18 14:02:24 2009
Copyright (c) 1982, 2007, Oracle. All rights reserved.
RMAN> connect target;
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
ORA-01031: insufficient privileges
RMAN> connect target sys/test@prim01;
connected to target database: PRIM01 (DBID=2934738896)
RMAN> exit
Recovery Manager complete.
[oracle@ora-lab2 admin]$ cat sqlnet.ora
NAMES.DIRECTORY_PATH= (TNSNAMES)
SQLNET.AUTHENTICATION_SERVICE= (NONE)
#NAMES.DEFAULT_DOMAIN = WORLD
TRACE_LEVEL_CLIENT = OFF
SQLNET.EXPIRE_TIME = 30Pavan Kumar wrote:
Refer to http://www.psoug.org/reference/net_services.html
Pavan - please note that Dan Morgan's Library is no longer hosted at psoug. Your reference is to an archive copy which is still available but no longer maintained.
Please change your links to replace www.psoug.org with www.morganslibrary.com to get thye latest information from Dan's wonderful resource. The correct link would be http://www.morganslibrary.com/reference/net_services.html -
ORA-01031: insufficient privileges problem
Hi all,
I am trying to create the below procedure in the BOLMIN schema which in turn selects data from the tables of VALMIN schema. and I get ORA-01031: insufficient privileges error.
CREATE OR REPLACE PROCEDURE BOLMIN.prcs_load_data
IS
BEGIN
FOR c
IN (SELECT DISTINCT AL4.GOAL_TEXT,
AL5.RESPONSE_TEXT,
AL7.SAMPLE_ID,
AL7.ACADEMY_NAME,
AL8.NAME
FROM VALMIN.USER_PROFILE AL3,
VALMIN.STUDENT_GOALS AL4,
VALMIN.STUDENT_QUESTION_DETAILS AL5,
VALMIN.STUDENT_QUESTION_RESPONSE AL6,
VALMIN.SAMPLE AL7,
VALMIN.NAME AL8
WHERE ( AL3.GOAL_ID = AL4.GOAL_ID(+)
AND AL3.USER_ID = AL6.USER_ID(+)
AND AL6.QUESTION_TYPE_SUB_ID = AL5.QUESTION_TYPE_SUB_ID(+)
AND AL7.NAME_ID = AL8.NAME_ID(+)))
LOOP
NULL;
END LOOP;
END;
I checked the grants of each of the VALMIN schema tables involved in the associated sql query & they all have SELECT grant (to BOLMIN schema). Also, the SQL query itself, when executed in BOLMIN schema runs perfectly fine. The problem is occurring only when I enclose the query in a procedure. Isn't that weird? or am I missing something here? Any help regarding this issue is appreciated. Thanks.
The BOLMIN schema as CREATE PROCEDURE privilege as I have already created other procedures for other purposes.
Thanks,
Sirisha
Edited by: siri_me on Oct 2, 2010 9:23 AMsiri_me wrote:
All Roles are disabled in PL/SQL and explicit privileges are needed right from creating procedures to the accessing the underlying tables.WRONG. Roles are disabled in definer rights stored objects - stored procedures, functions, packages triggers. Stored procedures, functions, packages with authid current user and anonymous PL/SQL block honor roles.
SY. -
ORA-01031: insufficient privileges in PL/SQL but not in SQL
I have problem with following situation.
I switched current schema to another one "ban", and selected 4 rows from "ed"
alter session set current_schema=ban;
SELECT * FROM ed.PS WHERE ROWNUM < 5;
the output is OK, and I get 4 rows like
ID_S ID_Z
1000152 1
1000153 1
1000154 1
1000155 1
but following procedure is compiled with warning
create or replace
procedure proc1
as
rowcnt int;
begin
select count(*) into rowcnt from ed.PS where rownum < 5;
end;
"Create procedure, executed in 0.031 sec."
5,29,PL/SQL: ORA-01031: insufficient privileges
5,2,PL/SQL: SQL Statement ignored
,,Total execution time 0.047 sec.
Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
Thanks.
Message was edited by:
MattSkPrivs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
<quote>
What happens when we compile a Definer rights procedure
When we compile the procedure into the database, a couple of things happen with regards to
privileges. We will list them here briefly and then go into more detail:
q All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
are verified for existence. Names are resolved via the standard scoping rules as they apply to the
definer of the procedure.
q All of the objects it accesses are verified to ensure that the required access mode will be
available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
has the ability to UPDATE T without use of any ROLES.
q A dependency between this procedure and the referenced objects is setup and maintained. If
this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
resolve T into a fully qualified referenced. T is an ambiguous name in the database - there may be
many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
synonyms will be resolved to their base objects and the schema name will be associated with the
object as well. It does this name resolution using the rules for the currently logged in user (the
definer). That is, it will look for an object owned by this user called T and use that first (this
includes private synonyms), then it will look at public synonyms and try to find T and so on.
Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
attempting to access T is permitted. In this case, if we as the definer of the procedure either
owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
procedure will compile. If we do not have access to an object called T by a direct grant - the
procedure P will fail compilation. So, when the object (the stored procedure that references T) is
compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
the procedure, store the binary code for the procedure and set up a dependency between this
procedure and this object T. This dependency is used to invalidate the procedure later - in the
event something happens to T that necessitates the stored procedures recompilation. For example,
if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
we ALTER T ADD some column, Oracle can invalidate all of the dependent procedures. This will cause
them to be recompiled automatically upon their next execution.
What is interesting to note is not only what is stored but what is not stored when we compile the
object. Oracle does not store the exact privilege that was used to get access to T. We only know
that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
to:
q A grant given to the definer of the procedure (grant select on T to user)
q A grant to public on T (grant select on T to public)
q The user having the SELECT ANY TABLE privilege
The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
cause the procedure P to become invalid. If all three privileges were in place when the procedure
was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
before it is executed again. Since all three privileges were in place when we created the procedure
- it will compile successfully (until we revoke all three that is). This recompilation will happen
automatically the next time that the procedure is executed.
Now that the procedure is compiled into the database and the dependencies are all setup, we can
execute the procedure and be assured that it knows what T is and that T is accessible. If something
happens to either the table T or to the set of base privileges available to the definer of this
procedure that might affect our ability to access T -- our procedure will become invalid and will
need to be recompiled.
This leads into why ROLES are not enabled during the compilation and execution of a stored
procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
only that you are. Any change to your privileges that might cause access to T to go away will cause
the procedure to become invalid and necessitate its recompilation. Without roles - that means only
'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
roles - it greatly expands the number of times we would invalidate this procedure. If some role
that was granted to some role that was granted to this user was modified, this procedure might go
invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
that roles did give us privileges in stored objects. Now, most any time anything was revoked from
ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
-- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
and suddenly your entire database must be recompiled! Consider the impact of revoking some system
privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
in the database would constantly become invalid due to small changes in permissions. Since one of
the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
for performance.
Also consider that roles may be
q Non-default: If I have a non-default role and I enable it and I compile a procedure that
relies on those privileges, when I log out I no longer have that role -- should my procedure become
invalid -- why? Why not? I could easily argue both sides.
q Password Protected: if someone changes the password on a ROLE, should everything that might
need that role be recompiled? I might be granted that role but not knowing the new password - I
can no longer enable it. Should the privileges still be available? Why or Why not? Again, arguing
either side of this is easy. There are cases for and against each.
The bottom line with respect to roles in procedures with Definer rights are:
q You have thousands or tens of thousands of end users. They don't create stored objects (they
should not). We need roles to manage these people. Roles are designed for these people (end users).
q You have far fewer application schema's (things that hold stored objects). For these we want
to be explicit as to exactly what privileges we need and why. In security terms this is called the
concept of 'least privileges', you want to specifically say what privilege you need and why you
need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
to be explicit since the number of development schemas is SMALL (but the number of end users is
large)...
q Having the direct relationship between the definer and the procedure makes for a much more
efficient database. We recompile objects only when we need to, not when we might need to. It is a
large efficiency enhancement.
</quote> -
Oracle does not start automatically ORA-01031: insufficient privileges
Hi,
OS WS2008R2.
ORACLE 11gR2.
Oracle Instance does not start with oracle services but if i stop and restart the services it comes up clean.
Moreover if i change service ownership to Domain\Administrator it again works well.
Checked registery and all ok. No error in alert.log. Only clue found in Oradim.log.
ORADIM.LOG....
C:\Oracle\Ora11g\bin\oradim.exe -startup -sid ptdb -usrpwd * -log oradim.log -nocheck 0
Thu Nov 15 15:16:15 2012
ORA-01031: insufficient privileges
Please help
Thanks1- startup type- Auto
2- Group to user- ORA_DBA
3 - you can check log on tab in the service properties and set the username and password who responsible about this services
As i already stated 3 works. but i want it to work under Local System and not under any user.
Thanks -
ORA-01031: insufficient privileges when connecting by SQL PLUS 8.0 with sys
From client, I use SQL PLUS 8.0 to connect to server: sys/password@MYDB1 as sysdba
The error always raises “ORA-01031: insufficient privileges”
I have done:
- Set: remote_login_passwordfile=exclusive in tnsname.ora file
- Uncomment: SQLNET.AUTHENTICATION_SERVICES in “sqlnet.ora” file
Also on this client:
to use SQL PLUS 8.0 to connect to server: manager/password@MYDB1. To connect normally
to use PLSQL Deverloper (it is the same oracle_home with SQL PLUS 8.0) to connect to database normally with user sys.
To use Enterprise manager console (it is other oracle_home with SQL PLUS 8.0) to connect to database normally with user sys
Please, help me to solve this troubleTHIS IS CONTENT OF SQLNET.ora CLIENT
# copyright (c) 1996 by the Oracle Corporation
# NAME
# sqlnet.ora
# FUNCTION
# Oracle Network Client startup parameter file example
# NOTES
# This file contains examples and instructions for defining all
# Oracle Network Client parameters. It should be possible to read
# this file and setup a Client by uncommenting parameter definitions
# and substituting values. The comments should provide enough
# explanation to enable a reasonable user to manage his TNS connections
# without having to resort to 'real' documentation.
# SECTIONS
# ONames Client
# Namesctl
# Native Naming Adpaters
# MODIFIED
# skanjila 06/06/97 - Correct default for Automatic_IPC
# eminer 05/15/97 - Add the relevant onrsd parameters.
# asriniva 04/23/97 - Merge with version from doc
# ggilchri 03/31/97 - mods
# bvasudev 02/07/97 - Change sqlnet.authentication_services documentation
# bvasudev 11/25/96 - Merge sqlnet.ora transport related parameters
# asriniva 11/12/96 - Revise with new OSS parameters.
# asriniva 11/05/96 - Add ANO parameters.
# - ONames Client ----------------------------------------------------
#names.default_domain = world
#Syntax: domain-name
#Default: NULL
# Indicates the domain from which the client most often requests names. When
# this parameter is set the default domain name (for example, US.ACME), the
# domain name will be automatically appended to any unqualified name in an
# ONAmes request (query, register, deregister, etc). Any name which contains
# an unescaped dot ('.') will not have the default domain appended. Simple
# names may be qualified with a trailing dot (for example 'rootserver.').
#names.initial_retry_timeout = 30
#Syntax: 1-600 seconds
#Default: 15 (OSD)
# Determines how long a client will wait for a response from a Names Server
# before reiterating the request to the next server in the preferred_servers
# list.
#names.max_open_connections = 3
#Syntax: 3-64
#Default: ADDRS in preferred_servers
# Determines how many connections an ONames client may have open at one time.
# Clients will ordinarily keep connections to servers open once they are
# established until the operation (or session in namesctl) is complete. A
# connection will be opened whenever needed, and if the maximum would be
# exceeded the least recently used connection will be closed.
#names.message_pool_start_size = 10
#Syntax: 3-256
#Default: 10
# Determines the initial number of messages allocated in the client's message
# pool. This pool provides the client with pre-allocated messages to be used
# for requests to ONames servers. Messages which are in the pool and unused
# may be reused. If a message is needed and no free messages are available in
# the pool more will be allocated.
#names.preferred_servers = (address_list =
# (address=(protocol=ipc)(key=n23))
# (address=(protocol=tcp)(host=nineva)(port=1383))
# (address=(protocol=tcp)(host=cicada)(port=1575))
#Syntax: ADDR_LIST
#Default: Well-Known (OSD)
# Specifies a list of ONames servers in the client's region; requests will be
# sent to each ADDRESS in the list until a response is recieved, or the list
# (and number of retries) is exhausted.
# Addresses of the following form specify that messages to the ONames server
# should use Oracle Remote Operations (RPC):
# (description =
# (address=(protocol=tcp)(host=nineva)(port=1383))
# (connect_data=(rpc=on))
#names.request_retries = 2
#Syntax: 1-5
#Default: 1
# Specifies the number of times the client should try each server in the list
# of preferred_servers before allowing the operation to fail.
#names.directory_path
#Syntax: <adapter-name>
#Default: TNSNAMES,ONAMES,HOSTNAME
# Sets the (ordered) list of naming adaptors to use in resolving a name.
# The default is as shown for 3.0.2 of sqlnet onwards. The default was
# (TNSNAMES, ONAMES) before that. The value can be presented without
# parentheses if only a single entry is being specified. The parameter is
# recognized from version 2.3.2 of sqlnet onward. Acceptable values include:
# TNSNAMES -- tnsnames.ora lookup
# ONAMES -- Oracle Names
# HOSTNAME -- use the hostname (or an alias of the hostname)
# NIS -- NIS (also known as "yp")
# CDS -- OSF DCE's Cell Directory Service
# NDS -- Novell's Netware Directory Service
# - Client Cache (ONRSD) ---------------------------------------------
names.addresses = (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
Syntax: ADDR
Default: (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
Address on which the client cache listens (is available to clients).
Any valid TNS address is allowed. The default should be used if at
all possible; clients have this entry hardwired as the first line
of their server-list file (sdns.ora). If the address is set to a
non-default value the client's preferred_servers parameter should
be set to include the client-cache address first.
names.authority_required = False
Syntax: T/F
Default: False
Determines whether system querys (for the root etc) require Authoritative
answers.
names.auto_refresh_expire = 259200
Syntax: Number of seconds, 60-1209600
Default: 259200
This is the amount of time (in seconds) the server will cache the addresses
of servers listed in server-list file (sdns.ora). When this time expires the
server will issue another query to the servers in those regions to refresh
the data.
names.auto_refresh_retry = 180
Syntax: Number of seconds, 60-3600
Default: sec. 180
This set how often the server will retry when the auto_refresh query fails.
names.cache_checkpoint_file = cache.ckp
Syntax: filename
Default: $ORACLE_HOME/network/names/ckpcch.ora
Specifies the name of the operating system file to which the Names Server
writes its foreign data cache.
names.cache_checkpoint_interval = 7200
Syntax: Number of seconds, 10-259200
Default: 0 (off)
Indicates the interval at which a Names Server writes a checkpoint of its
data cache to the checkpoint file.
names.default_forwarders=
(FORWARDER_LIST=
(FORWARDER=
(NAME= rootserv1.world)
(ADDRESS=(PROTOCOL=tcp)(PORT=42100)(HOST=roothost))))
Syntax: Name-Value/address_list
Default: NULL
A list (in NV form) of the addresses of other servers which should be used to
forward querys while in default_forwarder (slave) mode. NAME is the global
names for the server to which forwards whould be directed, and ADDRESS is its
address.
names.default_forwarders_only = True
Syntax: T/F
Default: False
When set to true this server will use the servers listed in default_forwarders
to forward all operations which involve data in foreign regions. Otherwise it
will use the servers defined in the server-list file (sdns.ora) in addition
to any defined in the default_forwarders parameter.
names.log_directory = /oracle/network/log
Syntax: directory
Default: $ORACLE_HOME/network/log
Indicates the name of the directory where the log file for Names Server
operational events are written.
names.log_file = names.log
Syntax: filename
Default: names.log
The name of the output file to which Names Server operational events are
written.
names.log_stats_interval = 3600
Syntax: Number of seconds, 10-ub4max
Default: sec. 0 (off)
Specifies the number of seconds between statistical entries in log file.
names.log_unique = False
Syntax: T/F
Default: False
If set to true the server will guarantee that the log file will have a unique
name which will not overwrite any existing files (note that log files are
appended to, so log information will not be lost if log_unique is not true).
names.max_open_connections = 10
Syntax: 3-64
Default: 10
Specifies the number of connections that the Names Server can have open at any
given time. The value is generated as the value 10 or the sum of one
connection for listening, five for clients, plus one for each foreign domain
defined in the local administrative region, whichever is greater. Any
operation which requires the server to open a network connection will use
an already open connection if it is available, or will open a connection
if not. Higher settings will save time and cost network resources; lower
settings save network resources, cost time.
names.max_reforwards = 2
Syntax: 1-15
Default: 2
The maximum number of times the server will attempt to forward a certain
operation.
names.message_pool_start_size = 24
Syntax: 3-256
Default: 10
Determines the initial number of messages allocated in the server's message
pool. This pool provides the server with pre-allocated messages to be used
for incoming or outgoing messages (forwards). Messages which are in the pool
and unused may be reused. If a message is needed and no free messages are
available in the pool more will be allocated.
names.no_modify_requests = False
Syntax: T/F
Default: False
If set to true, the server will refuse any operations which modify the
data in its region (it will still save foreign info in the cache which is
returned from foreign querys).
names.password = 625926683431AA55
Syntax: encrypted string
Default: NULL
If set the server will require that the user provide a password in his
namesctl session (either with sqlnet.ora:namesctl.server_password or 'set
password') in order to do 'sensitive' operations, like stop, restart, reload.
This parameter is generally set in encrypted form, so it can not be set
manually.
names.reset_stats_interval = 3600
Syntax: 10-ub4max
Default: 0 (off)
Specifies the number of seconds during which the statistics collected by the
Names Servers should accumulate. At the frequency specified, they are reset
to zero. The default value of 0 means never reset statistics.
names.trace_directory = /oracle/network/trace
Syntax: directory
Default: $ORACLE_HOME/network/trace
Indicates the name of the directory to which trace files from a Names Server
trace session are written.
names.trace_file = names.trc
Syntax: filename
Default: names.trc
Indicates the name of the output file from a Names Server trace session.
names.trace_func # NA
Syntax: T/F
Default: False
Internal mechanism to control tracing by function name.
names.trace_level = ADMIN
Syntax: T/F
Default: False
Syntax: {OFF,USER,ADMIN,0-16}
Default: OFF (0)
Indicates the level at which the Names Server is to be traced.
Available Values:
0 or OFF - No trace output
4 or USER - User trace information
10 or ADMIN - Administration trace information
16 or SUPPORT - WorldWide Customer Support trace information
names.trace_mask = (200,201,202,203,205,206,207)
Syntax: list of numbers
Default: NULL
Internal mechanism to control trace behavior.
names.trace_unique = True
Syntax: T/F
Default: False
Indicates whether each trace file has a unique name, allowing multiple trace
files to coexist. If the value is set to ON, a process identifier is appended
to the name of each trace file generated.
# - Namesctl ---------------------------------------------------------
#namesctl.trace_directory = /oracle/network/trace
#Syntax: directory
#Default: $ON/trace
# Indicates the name of the directory to which trace files from a namesctl
# trace session are written.
#namesctl.trace_file = namesctl.trc
#Syntax: filename
#Default: namesctl.trc
# Indicates the name of the output file from a namesctl trace session.
#namesctl.trace_func # NA
#Syntax: word list
#Default: NULL
# Internal mechanism to control tracing by function name.
#namesctl.trace_level = ADMIN
#Syntax: {OFF,USER,ADMIN,0-16}
#Default: OFF (0)
# Indicates the level at which the namesctl is to be traced.
# Available Values:
# 0 or OFF - No trace output
# 4 or USER - User trace information
# 10 or ADMIN - Administration trace information
# 16 or SUPPORT - WorldWide Customer Support trace information
#namesctl.trace_mask # NA
#Syntax: number list
#Default: NULL
# Internal mechanism to control trace behavior.
#namesctl.trace_unique = True
#Syntax: T/F
#Default: False
# Indicates whether each trace file has a unique name, allowing multiple trace
# files to coexist. If the value is set to ON, a process identifier is appended
# to the name of each trace file generated.
#namesctl.no_initial_server = False
#Syntax: T/F
#Default: False
# If set to TRUE namesctl will suppress any error messages when namesctl is
# unable to connect to a default names server.
#namesctl.internal_use = True
#Syntax: T/F
#Default: False
# If set to true namesctl will enable a set of internal undocumented commands.
# All internal commands are preceded by an underscore ('_') in order to
# distinguish them as internal. Without going into details, the commands
# enabled are:
# adddata createname deletename
# fullstatus ireplacedata newttlname
# pause remove_data renamename
# replacedata start walk*
# There are also a set of names server variables which may be set when
# namesctl is in internal mode:
# authorityrequired autorefresh*
# cachecheckpoint_interval cachedump
# defaultautorefresh_expire defaultautorefresh_retry
# defaultforwarders_only forwardingdesired
# maxreforwards modifyops_enabled
# nextcache_checkpoint nextcache_flush
# nextstat_log nextstat_reset
# reload request_delay
# restart shutdown
#namesctl.noconfirm = True
#Syntax: T/F
#Default: False
# When set to TRUE namesctl will suppress the confirmation prompt when
# sensitive operations (stop, restart, reload) are requested. This is
# quite helpful when using namesctl scripts.
#namesctl.server_password = mangler
#Syntax: string
#Default: NULL
# Automatically sets the password for the names server in order to perform
# sensitive operations (stop, restart, reload). The password may also be
# set manually during a namesctl session using 'set password'.
#namesctl.internal_encrypt_password = False
#Syntax: T/F
#Default: True
# When set to TRUE namesctl will not encrypt the password when it is sent to
# the names server. This would enable an unencrypted password to be set in
# names.ora:names.server_password
# - Native Naming Adpaters -------------------------------------------
#names.dce.prefix = /.:/subsys/oracle/names
#Syntax: DCE cell name
#Default: /.:/subsys/oracle/names
#Specifies the DCE cell (prefix) to use for name lookup.
#names.nds.name_context = personnel.acme
#Syntax: NDS name
#Default: (OSD?)
# Specifies the default NDS name context in which to look for the name to
# be resolved.
#names.nis.meta_map # NA
# Syntax: filename
# Default: sqlnet.maps
# Specifies the file to be used to map NIS attributes to an NIS mapname.
# Currently unused.
# - Advanced Networking Option Authentication Adapters ----------------
#sqlnet.authentication_services
# Syntax: A single value or a list from {beq, none, all, kerberos5,
# cybersafe, securid, identitx}
# Default: NONE
# Enables one or more authentication services. To enable
# authentication via the Oracle Security Server, use (beq, oss). If
# the Advanced Networking Option has been installed with Kerberos5
# support, using (beq, kerberos5) would enable authentication via
# Kerberos.
sqlnet.authentication_services=(beq, oss)
## Parmeters used with Kerberos adapter.
#sqlnet.kerberos5_cc_name
# Syntax: Any valid pathname.
# Default: /tmp/krb5cc_<uid>
# The Kerberos credential cache pathname.
#sqlnet.kerberos5_cc_name=/tmp/mycc
#sqlnet.kerberos5_clockskew
# Syntax: Any positive integer.
# Default: 300
# The acceptable difference in the number of seconds between when a
# credential was sent and when it was received.
#sqlnet.kerberos5_clockskew=600
#sqlnet.kerberos5_conf
# Syntax: Any valid pathname.
# Default: /krb5/krb.conf
# The Kerberos configuration pathname.
#sqlnet.kerberos5_conf=/tmp/mykrb.conf
#sqlnet.kerberos5_realms
# Syntax: Any valid pathname
# Default: /krb5/krb.realms
# The Kerberos host name to realm translation file.
#sqlnet.kerberos5_realms=/tmp/mykrb.realms
#sqlnet.kerberos5_keytab
# Syntax: Any valid pathname.
# Default: /etc/v5srvtab
# The Kerberos secret key file.
#sqlnet.kerberos5_keytab=/tmp/myv5srvtab
#sqlnet.authentication_kerberos5_service
# Syntax: Any string.
# Default: A default is not provided.
# The Kerberos service name.
#sqlnet.authentication_kerberos5_service=acme
## Parmeters used with CyberSAFE adapter.
#sqlnet.authentication_gssapi_service
# Syntax: A correctly formatted service principal string.
# Default: A default is not provided.
# The CyberSAFE service principal
#sqlnet.authentication_gssapi_service=acme/[email protected]
## Parmeters used with Identix adapter.
#sqlnet.identix_fingerprint_method
# Syntax: Must be oracle.
# Default: A default is not provided.
# The Identix authentication server method
#sqlnet.identix_fingerprint_method=oracle
#sqlnet.identix_fingerprint_database
# Syntax: Any string.
# Default: A default is not provided.
# The Identix authentication server TNS alias
#sqlnet.identix_fingerprint_database=ofm
#sqlnet.identix_fingerprint_database_user
# Syntax: Any string
# Default: A default is not provided.
# The Identix authentication service well known username.
#sqlnet.identix_fingerprint_database_user=ofm_client
#sqlnet.identix_fingerprint_database_password
# Syntax: Any string
# Default: A default is not provided.
# The Identix authentication service well known password.
#sqlnet.identix_fingerprint_database_password=ofm_client
# - Advanced Networking Option Network Security -------------------------
#sqlnet.crypto_checksum_client
#sqlnet.crypto_checksum_server
#sqlnet.encryption_client
#sqlnet.encryption_server
# These four parameters are used to specify whether a service (e.g.
# crypto-checksumming or encryption) should be active:
# Each of the above parameters defaults to ACCEPTED.
# Each of the above parameters can have one of four possible values:
# value meaning
# ACCEPTED The service will be active if the other side of the
# connection specifies "REQUESTED" or REQUIRED" and
# there is a compatible algorithm available on the other
# side; it will be inactive otherwise.
# REJECTED The service must not be active, and the connection
# will fail if the other side specifies "REQUIRED".
# REQUESTED The service will be active if the other side specifies
# "ACCEPTED", "REQUESTED", or "REQUIRED" and there is a
# compatible algorithm available on the other side; it
# will be inactive otherwise.
# REQUIRED The service must be active, and the connection will
# fail if the other side specifies "REJECTED" or if there
# is no compatible algorithm on the other side.
#sqlnet.crypto_checksum_types_client
#sqlnet.crypto_checksum_types_server
#sqlnet.encryption_types_client
#sqlnet.encryption_types_server
# These parameters control which algorithms will be made available for
# each service on each end of a connection:
# The value of each of these parameters can be either a parenthesized
# list of algorithm names separated by commas or a single algorithm
# name.
# Encryption types can be: RC4_40, RC4_56, RC4_128, DES, DES40
# Encryption defaults to all the algorithms.
# Crypto checksum types can be: MD5
# Crypto checksum defaults to MD5.
#sqlnet.crypto_seed ="4fhfguweotcadsfdsafjkdsfqp5f201p45mxskdlfdasf"
#sqlnet.crypto_checksum_server = required
#sqlnet.encryption_server = required
# - Oracle Security Server ---------------------------------------------
#oss.source.my_wallet
# Syntax: A properly formatted NLNV list.
# Default: Platform specific. Unix: $HOME/oracle/oss
# The method for retrieving and storing my identity.
#oss.source.my_wallet
# =(source
# =(method=file)
# (method_data=/dve/asriniva/oss/wallet)
#oss.source.location
# Syntax: A properly formatted NLNV list.
# Default: Oracle method, oracle_security_service/oracle_security_service@oss
# The method for retrieving encrypted private keys.
#oss.source.location
# =(source
# =(method=oracle)
# (method_data=
# (sqlnet_address=andreoss)
# - Sqlnet(v2.x) and Net3.0 Client ------------------------------------------
# In the following descriptions, the term "client program" could mean
# either sqlplus, svrmgrl or any other OCI programs written by users
#trace_level_client = ADMIN
#Possible values: {OFF,USER,ADMIN,0-16}
#Default: OFF (0)
#Purpose: Indicates the level at which the client program
# is to be traced.
# Available Values:
# 0 or OFF - No Trace output
# 4 or USER - User trace information
# 10 or ADMIN - Administration trace information
# 16 or SUPPORT - Worldwide Customer Support trace information
#Supported since: v2.0
#trace_directory_client = /oracle/network/trace
#Possible values: Any valid directory path with write permission
#Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
# site)
#Purpose: Indicates the name of the directory to which trace files from
# the client execution are written.
#Supported since: v2.0
#trace_file_client = /oracle/network/trace/cli.trc
#Possible values: Any valid file name
#Default: $ORACLE_HOME/network/trace/cli.trc ($ORACLE_HOME =
# /oracle at customer site)
#Purpose: Indicates the name of the file to which the execution trace
# of the client is written to.
#Supported since: v2.0
#trace_unique_client = ON
#Possible values: {ON, OFF}
#Default: OFF
#Purpose: Used to make each client trace file have a unique name to
# prevent each trace file from being overwritten by successive
# runs of the client program
#Supported since: v2.0
#log_directory_client = /oracle/network/log
#Possible values: Any valid directory pathname
#Default: $ORACLE_HOME/network/log ($ORACLE_HOME = /oracle at customer
# site)
#Purpose: Indicates the name of the directory to which the client log file
# is written to.
#Supported since: v2.0
#log_file_client = /oracle/network/log/sqlnet.log
#Possible values: This is a default value, u cannot change this
#Default: $ORACLE_HOME/network/log/sqlnet.log ($ORACLE_HOME=/oracle in
# customer site)
#Purpose: Indicates the name of the log file from a client program
#Supported since: v2.0
#log_directory_server = /oracle/network/trace
#Possible values: Any valid diretcory path with write permission
#Default: $ORACLE_HOME/network/trace ( $ORACLE_HOME=/oracle at customer
# site)
#Purpose: Indicates the name of the directory to which log files from the
# server are written
#Supported since: v2.0
#trace_directory_server = /oracle/network/trace
#Possible values: Any valid directory path with write permission
#Default: $ORACLE_HOME/network_trace ( $ORACLE_HOME=/oracle at customer
# site)
#Purpose: Indicates the name of the directory to which trace files from
# the server are written
#Supported since: v2.0
#trace_file_server = /orace/network/trace/svr_<pid>.trc
#Possible values: Any valid filename
#Default: $ORACLE_HOME/network/trace/svr_<pid>.trc where <pid? stands for
# the process id of the server on UNIX systems
#Purpose: Indicates the name of the file to which the execution trace of
# the server program is written to.
#Supported since: v2.0
#trace_level_server = ADMIN
#Possible values: {OFF,USER,ADMIN,0-16}
#Default: OFF (0)
#Purpose: Indicates the level at which the server program
# is to be traced.
# Available Values:
# 0 or OFF - No Trace output
# 4 or USER - User trace information
# 10 or ADMIN - Administration trace information
# 16 or SUPPORT - Worldwide Customer Support trace information
#Supported since: v2.0
#use_dedicated_server = ON
#Possible values: {OFF,ON}
#Default: OFF
#Purpose: Forces the listener to spawn a dedicated server process for
# sessions from this client program.
#Supported since: v2.0
#use_cman = TRUE
#Possible values: {TRUE, FALSE}
#Default: FALSE
#Purpose:
#Supported since: v3.0
#tnsping.trace_directory = /oracle/network/trace
#Possible values: Any valid directory pathname
#Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
# site)
#Purpose: Indicates the directory to which the execution trace from
# the tnsping program is to be written to.
#Supported since: v2.0
#tnsping.trace_level = ADMIN
#Possible values: {OFF,USER,ADMIN,0-16}
#Default: OFF (0)
#Purpose: Indicates the level at which the server program
# is to be traced.
# Available Values:
# 0 or OFF - No Trace output
# 4 or USER - User trace information
# 10 or ADMIN - Administration trace information
# 16 or SUPPORT - Worldwide Customer Support trace information
#Supported since: v2.0
#sqlnet.expire_time = 10
#Possible values: 0-any valid positive integer! (in minutes)
#Default: 0 minutes
#Recommended value: 10 minutes
#Purpose: Indicates the time interval to send a probe to verify the
# client session is alive (this is used to reclaim watseful
# resources on a dead client)
#Supported since: v2.1
#sqlnet.client_registration = <unique_id>
#Possible values:
#Default: OFF
#Purpose: Sets a unique identifier for the client machine. This
# identifier is then passed to the listener with any connection
# request and will be included in the Audit Trail. The identifier
# can be any alphanumeric string up to 128 characters long.
#Supported since: v2.3.2
#bequeath_detach = YES
#Possible values: {YES,NO}
#Default: NO
#Purpose: Turns off signal handling on UNIX systems. If signal handling
# were not turned off and if client programs written by users make
# use of signal handling they could interfere with Sqlnet/Net3.
#Supported since: v2.3.3
#automatic_ipc = OFF
#Possible values: {ON,OFF}
#Default: OFF
#Purpose: Force a session to use or not to use IPC addresses on the
# client's node.
#Supported since: v2.0
#disable_oob = ON
#Possible values: {ON,OFF}
#Default: OFF
#Purpose: If the underlying transport protocol (TCP, DECnet,...) does
# not support Out-of-band breaks, then disable out-of-band
# breaks
#Supported since: v2.0
#
Maybe you are looking for
-
Iphoto not opening, "iPhoto cannot be opened because of a problem"
iPhoto not opening does the below mean anything to anyone ? Process: iPhoto [988] Path: /Applications/iPhoto.app/Contents/MacOS/iPhoto Identifier: com.apple.iPhoto Version: ??? Build Info: iPhotoProject-9020170000
-
I am about to leave my employment, but I want to still be able to get patches for Oracle 11g on Linux at home. I don't want to pay too much for it, though! Am I correct to think that a single-year, 1 Named User Plus purchase of Oracle Personal Editio
-
How to Setup Internet Expenses in Jdeveloper10.1.2
Hi, We have an installed internet Expenses application on a Unix machine. We would like to setup the same as a development environment in Jdeveloper. I couldn't find any documentation related to this on metalink and we are running out of options. Are
-
How can I tell what version ipad I have
How can I tell what version ipad I have it's a 32GB WiFi / Cellular and version number begins with MD52
-
Computer locks up, screen is gibberish, kernel panics
Hi, Recently I updated to 10.6.7. Now I have this new fun problem. A few, actually. Sometimes, my computer will freeze entirely except for the mouse, for 10 seconds, and then the mouse also locks up, for another 5 seconds, and then I can use my co