Cannot drop PDB - insufficient privileges
I created a PDB, and then tried to drop it. I cannot drop it, I get "insufficient privileges" error. Here is the SQL session :
==============================================
-bash-4.1$ ./sqlplus system/manager1
SQL*Plus: Release 12.1.0.1.0 Production on Thu Sep 18 07:28:53 2014
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Last Successful login time: Thu Sep 18 2014 07:25:13 -07:00
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> create pluggable database test002 admin user test2 identified by test2 file_name_convert=('/u01/app/testuser/oradata/orcl/pdbseed', '/u01/app/testuser/oradata/orcl/test002');
Pluggable database created.
SQL> drop pluggable database test002 including datafiles;
drop pluggable database test002 including datafiles
ERROR at line 1:
ORA-01031: insufficient privileges
==============================================
I gave sysdba privileges to user "system", as follows :
SQL> grant sysdba to system;
Grant succeeded.
but still get the same error.
However, if I login as "sysdba", I can drop the PDB. I cannot use "sysdba" user for a number of reasons. I need to login as some other user. Any ideas?
2639137 wrote:
I created a PDB, and then tried to drop it. I cannot drop it, I get "insufficient privileges" error. Here is the SQL session :
I gave sysdba privileges to user "system", as follows :
SQL> grant sysdba to system;
Grant succeeded.
but still get the same error.
Yes - as the exception says user 'system' does NOT have sufficient privileges to drop a PDB.
That grant of sysdba is ONLY for the current container which is the root.
Oracle 12c is NOT Oracle 11g - the multitenant architecture has SIGNIFICANT differences from previous versions in MANY areas especially in creating/managing users and granting privileges.
The default container for grants is whatever the current container is. If you want the grant to cover ALL containers then you need to specify that.
See the CONTAINER clause for the GRANT statement in the docs
GRANT
CONTAINER Clause
If the current container is a pluggable database (PDB):
Specify CONTAINER = CURRENT to locally grant a system privilege, object privilege, or role to a user or role. The privilege or role is granted to the user or role only in the current PDB.
If the current container is the root:
Specify CONTAINER = CURRENTto locally grant a system privilege, object privilege, or role to a common user or common role. The privilege or role is granted to the user or role only in the root.
Specify CONTAINER = ALL to commonly grant a system privilege, object privilege on a common object, or role, to a common user or common role.
If you omit this clause, then CONTAINER = CURRENT is the default.
See that last statement?
Similar Messages
-
Dear All,
I created one table like
create table cls_lrn_tab_unique (F_no number unique UK_F_NO );
after performing some operations I want to delete the same.
At that time i got following error. Please help me and tell what is the reason for the error.
ORA-00604 error occured at recursive level1
ORA-20123 Insufficient privileges: you cannot drop table cls_lrn_tab_unique TABLE,
ORA-06512 at line no 2
Thanks and Regards
Prasad26bffcad-f9a2-4dcf-afa0-e1e33d0281bf wrote:
Dear All,
I created one table like
create table cls_lrn_tab_unique (F_no number unique UK_F_NO );
after performing some operations I want to delete the same.
At that time i got following error. Please help me and tell what is the reason for the error.
ORA-00604 error occured at recursive level1
ORA-20123 Insufficient privileges: you cannot drop table cls_lrn_tab_unique TABLE,
ORA-06512 at line no 2
Thanks and Regards
Prasad
ORA-20123 is a localized/customized error code & message; therefore any solution depends upon what is unique inside your DB now.
I suspect that some sort of TRIGGER exists, which throws posted error, but this is just idle speculation on my part.
How do I ask a question on the forums?
https://forums.oracle.com/message/9362002#9362002 -
When trying to install the latest version of iTunes, I keep receiving the error message "Cannot install due to insufficient privileges, logon as administrator". I am absolutelutely logged on as the administrator. Help!!
Don't know if this will you but i fixed my issues with upgrading to 10.5.3.3 on Windows 7 you can access the steps i took here with an explanation of the problems i was having. https://discussions.apple.com/message/17374864#17374864
-
i can't update my itunes and it shows me this message: The installer has insufficient privileges to access this directory: C:/program files/itunes. The installation cannot continue. Log on as administrator or contact your system administrator
Hello PamelaFox14,
Thank you for using Apple Support Communities.
It sounds like you need to log in as the administrator to update the iTunes application properly.
Take a look at this article named:
Trouble installing iTunes or QuickTime for Windows
http://support.apple.com/kb/HT1926
This section in particular:
1. Make sure you have administrator account access
To install iTunes or QuickTime software, you need to be logged in as an administrator on the computer. If you're not sure if you have administrator account access, you may find this Microsoft article helpful:
Windows 7: How do I log on as an administrator?
Otherwise, refer to the Help documentation from Microsoft, contact your IT department, or visitsupport.microsoft.com for more information.
All the best,
Sterling -
Hi All,
We are installing AIA FP 11.1.1.7 on SOA Suite 11.1.1.7(no patch has been applied, after SOA Suite ODI 11.1.1.7 is installed on it) this is for AIA Comms 11.4 PIP. Below error can be seen in oracle inventory logs while installing AIA FP11.1.1.7 -
BUILD FAILED
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/AIAExecuteDriver.xml:223: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/AIAExecuteDriver.xml:65: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/AIDExecuteDP_temp_2130290318.xml:12: The following error occurred while executing this line:
/u02/app/Oracle/Middleware/AIAHOME/Infrastructure/Install/AID/lib/AIDConfigurationLibraryTasks.xml:298: java.sql.SQLSyntaxErrorException: ORA-01031: insufficient privileges
Also before this i can see,
[exec] Command FAILED, Reason: JPS-04201: Cannot grant permission(s). Grant already exists for grantee [GranteeEntry: codeSource=file:${soa.oracle.home}/soa/modules/oracle.soa.ext_11.1.1/classes/oracle/apps/aia/core/util/- principals=[]].
[exec]
[exec] WARNING!!! Grant already exists for grantee.
[exec] No stack trace available.
[exec] Disconnected from weblogic server: AdminServer
[delete] Deleting: /u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/keyFile
[delete] Deleting: /u02/app/Oracle/Middleware/AIAHOME/aia_instances/DEVAIA/tmp/propFile
Also,
In processFieldStringXREF Admin Password
In processFieldStringJMSDB Temporary Tablespcae
In processFieldStringInvalid Database Schema name - Is this an error
In processFieldStringAIA Lifecycle Port
In processFieldStringAIADB SYS. USER
In processFieldStringInvalid Database Schema name
In processFieldStringJMSDB Default Tablespcae
In processFieldStringXREF SYS. USER
do anyone had idea on it, we are installing on Solaris SPARC machine.
Thanks and Warm Regards,
RR -
Trying to download ITunes latest version on my Windows XP and I get this message: "The installer has insufficient privileges to access this directory: C:\Program Files\ITunes. The installation cannot continue. Log on as administrator or contact your system administrator." HELP?
Hello PamelaFox14,
Thank you for using Apple Support Communities.
It sounds like you need to log in as the administrator to update the iTunes application properly.
Take a look at this article named:
Trouble installing iTunes or QuickTime for Windows
http://support.apple.com/kb/HT1926
This section in particular:
1. Make sure you have administrator account access
To install iTunes or QuickTime software, you need to be logged in as an administrator on the computer. If you're not sure if you have administrator account access, you may find this Microsoft article helpful:
Windows 7: How do I log on as an administrator?
Otherwise, refer to the Help documentation from Microsoft, contact your IT department, or visitsupport.microsoft.com for more information.
All the best,
Sterling -
Cannot restore TM backup of iPhoto Library - insufficient privileges
This seems to be a long-standing problem. I am experiencing problems caused by Apple's lousy implementation of user-defined places in iPhoto 11 and cannot afford to test whether reducing the radius of a place that overlaps one hundred or so other user-defined places will solve the problem, because, if it doesn't -- in versions prior to iPhoto 9.4 doing that caused all photos assigned to the overlapped places to be reassigned to the overlapping place, and the only way to undo the damage was to manually assign them to the correct places -- I cannot restore a previous version of iPhoto Library from a Time Machine backup. When I try to, I receive an error message about having insufficient privileges.
Has anybody received a solution to this problem? I have not been impressed with Apple Care. First-level support usually just piddles around creating a new user account in which to try to recreate the problem, and when the case finally is escalated, the agent usually ends up referring the problem to "Engineering", never to be heard from again.
Regards,
RichardSee Pondini's TM FAQs, for starters.
-
I've had iTunes on my PC forever. Because recent updates have aborted with the message:"The installer has insufficient privileges to access this directory... Log on as administrator," I am now attempting to download a fresh copy from the Apple website. Same message! I am logged on as administrator. I can download, then attempt to run by right-clicking on the installer and selecting, "Run as administrator" but that gets me only to the same point (and message) as attempting to install directly from the internet. I've never seen this message with any other download. What gives?
What's the precise name of the directory being mentioned? (Give the full file path, please.)
-
Cannot upgrade to itunes 9: insufficient privileges
i downloaded the itunes 9, when i click on the .exe file to install, it seemed to go through the process but then a box comes up saying:
the installer has insufficient privileges to modify this file: C:\Program Files\itunes\Acknowledgements.rtf. when i click ok it responds with a box titled Problem with Shortcut:
Fatal error during installation.
i tried uninstalling itunes but the same insufficient privileges box comes up when i tried. so, no itunes whatsoever. so ridiculious. i also tried opening it under administrator but the same privileges box comes up. can anyone help me?the installer has insufficient privileges to modify this file: C:\Program Files\itunes\Acknowledgements.rtf. when i click ok it responds with a box titled Problem with Shortcut:
... by any chance, are you using a French language version of Windows on that PC, hvandero? -
Insufficient privileges when creating user logged in as SYS
Hi,
I'm working on 11.1.0.6.0 Enterprise Edition, Advanced Security options, Label Security a and Database Vault installed. (for testing purposes)
I'm creating a new user being logged as SYS using this sentence:
CREATE USER "HR_DIRECTOR" PROFILE "DEFAULT" IDENTIFIED BY "*******" DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" ACCOUNT UNLOCK;
However, the command fails with the message "Failed to commit: ORA-01031: insufficient privileges . You do not have enough privileges to perform this operation. You must have the appropriate system and object privileges to create, edit, or drop database objects or objects outside of your schema."
Please note that I'm working on a fresh DB install and I have also installed Database Vault in this instance for testing purposes, but still haven't configured any realm or command rules on it.
Is it possible Vault is the reason why I am not able to create a new user?
Thanks and Regards,
LeandroHi, It seems I've found it.
After you install Database Vault and associate it with your SID, SYS user is revoked the CREATE USER system privilege.
Only a user with the DV_ACCTMGR role may create, alter or drop a user. This is done in order to separate responsabilities in your database. A SYS user cannot grant himself this role or the DV_OWNER role.
(If interested, check page 10-4 from http://www.oracle.com/pls/db111/to_toc?pathname=server.111/b31222/toc.htm)
Regards,
Leandro -
Insufficient privileges - Split Partitioned IOT
Hi,
Can someone help me figuring this out. I'm trying to do a SPLIT PARTITION in a stored procedure.
SQL> select * from v$version where rownum = 1;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bi
1 row selected.This is my sample table:
SQL> CREATE TABLE tab (
period NUMBER(13) NOT NULL,
check_id VARCHAR2(4) NOT NULL,
opkr_number NUMBER(7) NOT NULL
,CONSTRAINT tab_pk PRIMARY KEY (period, check_id, opkr_number)
ORGANIZATION INDEX COMPRESS 2
PARTITION BY LIST (period)
PARTITION tab_p72 VALUES(72),
PARTITION tab_p73 VALUES(73),
PARTITION tab_rest VALUES(DEFAULT));
Table created.And I want to do this in my procedure:
SQL> ALTER TABLE tab SPLIT PARTITION tab_rest VALUES(74) INTO (PARTITION tab_p74, PARTITION tab_rest);
Table altered.
SQL> ALTER TABLE tab DROP PARTITION tab_p74;
Table altered.This attempt won't work:
SQL> CREATE OR REPLACE PROCEDURE myproc
AS
BEGIN
EXECUTE IMMEDIATE 'ALTER TABLE tab SPLIT PARTITION tab_rest VALUES(74) INTO (PARTITION tab_p74, PARTITION tab_rest)';
END;
Procedure created.
SQL> exec myproc
ORA-01031: insufficient privileges
ORA-06512: at "XQL_STIK.MYPROC", line 4
ORA-06512: at line 1Only if I put in AUTHID CURRENT_USER, it will. And this what I just cannot figure out.
SQL> CREATE OR REPLACE PROCEDURE myproc2
AUTHID CURRENT_USER
AS
BEGIN
EXECUTE IMMEDIATE 'ALTER TABLE tab SPLIT PARTITION tab_rest VALUES(74) INTO (PARTITION tab_p74, PARTITION tab_rest)';
END;
Procedure created.
SQL> exec myproc2
PL/SQL procedure successfully completed.
SQL> ALTER TABLE tab DROP PARTITION tab_p74;
Table altered.It cannot be the ALTER TABLE privilege.
SQL> create or replace procedure myproc3
as
begin
execute immediate 'ALTER TABLE tab ADD x NUMBER';
end;
Procedure created.
SQL> exec myproc3
PL/SQL procedure successfully completed.
SQL> DROP TABLE tab PURGE;
Table dropped.Can anyone see what I'm missing?
Edit: I can even do this, so it must have to do with the SPLIT (And this being an IOT)
SQL> CREATE OR REPLACE PROCEDURE myproc4
AS
BEGIN
EXECUTE IMMEDIATE 'ALTER TABLE tab DROP PARTITION tab_rest';
EXECUTE IMMEDIATE 'ALTER TABLE tab ADD PARTITION tab_p74 VALUES(74)';
END;
Procedure created.
SQL> exec myproc4
PL/SQL procedure successfully completed.Best regards
Peter
Edited by: Peter Gjelstrup on Feb 3, 2010 4:34 AM
- Added DROP/ADD exampleHi Herald,
and Centinul.
Thanks for that metalink. Looked promising, but I'm not sure. It seems that I can use ALTER SESSION, even in a SP.
SQL> CREATE OR REPLACE PROCEDURE myproc5
AS
BEGIN
EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_LANGUAGE = american';
END;
Procedure created.
SQL> select value
from nls_session_parameters
where parameter = 'NLS_LANGUAGE';
VALUE
DANISH
1 row selected.
SQL> set role none;
Set role complete.
SQL> exec myproc5
PL/SQL procedure successfully completed.
SQL> select value
from nls_session_parameters
where parameter = 'NLS_LANGUAGE';
VALUE
AMERICAN
1 row selected.
SQL> select * from session_privs
order by 1;
PRIVILEGE
CREATE MATERIALIZED VIEW
UNLIMITED TABLESPACE
2 rows selected.
SQL> set role all;
Set role complete.
SQL> select * from session_privs
order by 1;
PRIVILEGE
ALTER SESSION
CREATE CLUSTER
CREATE INDEXTYPE
CREATE MATERIALIZED VIEW
CREATE OPERATOR
CREATE PROCEDURE
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE TRIGGER
CREATE TYPE
CREATE VIEW
UNLIMITED TABLESPACE
14 rows selected.Hmm..
Edit:
[Bug:1548539|https://support.oracle.com/CSP/main/article?cmd=show&type=BUG&id=1548539]
Seems to indicate that CREATE TABLE is the thing I'm looking for.
This seems to be consistent with what Bartek has.
Can anyone confirm, by running some of my original test case with and without CREATE TABLE privilege?
I'm sorry for asking for this final confirmation, unfortunately it would be quite painful for me to have some privileged user do that for me.
Regards
Peter
Edited by: Peter on Feb 3, 2010 8:50 AM
- Maybe CREATE TABLE? -
CTX_CD ADD_COLUMN - insufficient privileges?
I'm trying to execute the following code:
drop index myuser.table_search_index;
exec ctx_ddl.drop_preference('TABLE_CDSTORE');
exec ctx_cd.drop_cdstore('TABLE_CDSTORE');
exec ctx_ddl.create_preference('TABLE_CDSTORE','USER_DATASTORE');
exec ctx_ddl.set_attribute('TABLE_CDSTORE','PROCEDURE','MYUSER.CDSTORE$2');
exec ctx_cd.Create_CDstore('TABLE_CDSTORE','TABLE_SEARCH');
exec ctx_cd.Add_Column('TABLE_CDSTORE','COLUMN1_NAME');
exec ctx_cd.Add_Column('TABLE_CDSTORE','COLUMN2_NAME');
exec ctx_cd.Add_Column('TABLE_CDSTORE','COLUMN3_NAME');
exec ctx_cd.Add_Column('TABLE_CDSTORE','COLUMN4_NAME');
When it gets to the first "Add_Column" command, I get an "Insufficient Privileges" error.
ORA-01031: insufficient privileges
ORA-06512: at "MYUSER.CTX_CD", line 316
ORA-06512: at "MYUSER.CTX_CD", line 446
ORA-06512: at "MYUSER.CTX_CD", line 819
ORA-06512: at line 1
I'm running this in TOAD as MYUSERI think I figured it out - I was using an older version of CTX_CD that apprently wasn't designed for 10g even though it would compile and even appeared to work properly sometimes. Once I swapped it out for the version suppled HERE , everything ran fine.
Of course, when I tried to create my second index on a completely different table, I'm getting a new error:
ORA-29879: cannot create multiple domain indexes on a column list using same indextype
Which I now have to figure out. -
ORA-01031: insufficient privileges in PL/SQL but not in SQL
I have problem with following situation.
I switched current schema to another one "ban", and selected 4 rows from "ed"
alter session set current_schema=ban;
SELECT * FROM ed.PS WHERE ROWNUM < 5;
the output is OK, and I get 4 rows like
ID_S ID_Z
1000152 1
1000153 1
1000154 1
1000155 1
but following procedure is compiled with warning
create or replace
procedure proc1
as
rowcnt int;
begin
select count(*) into rowcnt from ed.PS where rownum < 5;
end;
"Create procedure, executed in 0.031 sec."
5,29,PL/SQL: ORA-01031: insufficient privileges
5,2,PL/SQL: SQL Statement ignored
,,Total execution time 0.047 sec.
Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
Thanks.
Message was edited by:
MattSkPrivs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
<quote>
What happens when we compile a Definer rights procedure
When we compile the procedure into the database, a couple of things happen with regards to
privileges. We will list them here briefly and then go into more detail:
q All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
are verified for existence. Names are resolved via the standard scoping rules as they apply to the
definer of the procedure.
q All of the objects it accesses are verified to ensure that the required access mode will be
available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
has the ability to UPDATE T without use of any ROLES.
q A dependency between this procedure and the referenced objects is setup and maintained. If
this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
resolve T into a fully qualified referenced. T is an ambiguous name in the database - there may be
many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
synonyms will be resolved to their base objects and the schema name will be associated with the
object as well. It does this name resolution using the rules for the currently logged in user (the
definer). That is, it will look for an object owned by this user called T and use that first (this
includes private synonyms), then it will look at public synonyms and try to find T and so on.
Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
attempting to access T is permitted. In this case, if we as the definer of the procedure either
owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
procedure will compile. If we do not have access to an object called T by a direct grant - the
procedure P will fail compilation. So, when the object (the stored procedure that references T) is
compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
the procedure, store the binary code for the procedure and set up a dependency between this
procedure and this object T. This dependency is used to invalidate the procedure later - in the
event something happens to T that necessitates the stored procedures recompilation. For example,
if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
we ALTER T ADD some column, Oracle can invalidate all of the dependent procedures. This will cause
them to be recompiled automatically upon their next execution.
What is interesting to note is not only what is stored but what is not stored when we compile the
object. Oracle does not store the exact privilege that was used to get access to T. We only know
that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
to:
q A grant given to the definer of the procedure (grant select on T to user)
q A grant to public on T (grant select on T to public)
q The user having the SELECT ANY TABLE privilege
The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
cause the procedure P to become invalid. If all three privileges were in place when the procedure
was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
before it is executed again. Since all three privileges were in place when we created the procedure
- it will compile successfully (until we revoke all three that is). This recompilation will happen
automatically the next time that the procedure is executed.
Now that the procedure is compiled into the database and the dependencies are all setup, we can
execute the procedure and be assured that it knows what T is and that T is accessible. If something
happens to either the table T or to the set of base privileges available to the definer of this
procedure that might affect our ability to access T -- our procedure will become invalid and will
need to be recompiled.
This leads into why ROLES are not enabled during the compilation and execution of a stored
procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
only that you are. Any change to your privileges that might cause access to T to go away will cause
the procedure to become invalid and necessitate its recompilation. Without roles - that means only
'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
roles - it greatly expands the number of times we would invalidate this procedure. If some role
that was granted to some role that was granted to this user was modified, this procedure might go
invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
that roles did give us privileges in stored objects. Now, most any time anything was revoked from
ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
-- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
and suddenly your entire database must be recompiled! Consider the impact of revoking some system
privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
in the database would constantly become invalid due to small changes in permissions. Since one of
the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
for performance.
Also consider that roles may be
q Non-default: If I have a non-default role and I enable it and I compile a procedure that
relies on those privileges, when I log out I no longer have that role -- should my procedure become
invalid -- why? Why not? I could easily argue both sides.
q Password Protected: if someone changes the password on a ROLE, should everything that might
need that role be recompiled? I might be granted that role but not knowing the new password - I
can no longer enable it. Should the privileges still be available? Why or Why not? Again, arguing
either side of this is easy. There are cases for and against each.
The bottom line with respect to roles in procedures with Definer rights are:
q You have thousands or tens of thousands of end users. They don't create stored objects (they
should not). We need roles to manage these people. Roles are designed for these people (end users).
q You have far fewer application schema's (things that hold stored objects). For these we want
to be explicit as to exactly what privileges we need and why. In security terms this is called the
concept of 'least privileges', you want to specifically say what privilege you need and why you
need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
to be explicit since the number of development schemas is SMALL (but the number of end users is
large)...
q Having the direct relationship between the definer and the procedure makes for a much more
efficient database. We recompile objects only when we need to, not when we might need to. It is a
large efficiency enhancement.
</quote> -
ORA-01031 SYSMAN Insufficient Privileges Creating a new user
I have installed Oracle 11g R2 onto Windows 7 64bit
I then created a new database, at the end it moaned about the service and listener was not running or allocated to each other and also there was no web admin tool available.
To resolve this I managed to use Net Configuration Assistant to get the listener sorted.
I then had to run:
set ORACLE_HOSTNAME=localhost
set ORACLE_SID=mydb
set ORACLE_UNQNAME=mydb
I then ran
emca -config dbcontrol db -repos recreate
This gave me the web admin tool to create a new user.
I logged in as SYSMAN tried to create a new user and got the "ORA-01031 Insufficient Privileges, you do not have enough privileges to perform this operation." error
Can someone please help.
ThanksIt isn't that simple. As SYSMAN used for 11.2.0.3 database control:
orcl> select privilege from user_sys_privs;
PRIVILEGE
CREATE PUBLIC SYNONYM
SELECT ANY DICTIONARY
UNLIMITED TABLESPACE
ALTER SESSION
orcl>but as SYSMAN used for 12.1 Cloud Control:SQL> select privilege from user_sys_privs;
PRIVILEGE
ALTER USER
DROP USER
CREATE SESSION
CREATE PUBLIC SYNONYM
CREATE JOB
CREATE MATERIALIZED VIEW
SELECT ANY DICTIONARY
CREATE TABLE
ALTER SESSION
CREATE USER
CREATE SYNONYM
DROP PUBLIC SYNONYM
MANAGE SCHEDULER
CREATE VIEW
CREATE DATABASE LINK
15 rows selected.
SQL>so you have to be a bit careful when you give a yes/no answer.
Edited by: JohnWatson on Nov 12, 2012 11:38 AM
Forgot to include a quote: this is replying to the question about whether SYSMAN can create users. -
You have insufficient privileges for the current operation-Getting error running OAF page in R12
I have a custom OAF page in R11 which is working fine.
Same page is giving below errors in R12.
Any suggestions how to resolve this issue..please advice.
[167]:STATEMENT:[fnd.framework.webui.OAPageSecurity]:MAC validation status = false
[167]:STATEMENT:[fnd.framework.webui.OAPageSecurity]:Request parameters validation status = false
[167]:ERROR:[fnd.framework.webui.OAPageSecurity]:You cannot run a page which is not SelfSecured when the MAC fails.
[169]:ERROR:[fnd.common.Message.auto_log]:FNDFND_INSUFF_PRIVILEGES
[169]:ERROR:[fnd.framework.OAException]:You have insufficient privileges for the current operation. Please contact your System Administrator.
[170]:EVENT:[fnd.framework.webui.OAPageContextImpl]:OAF LOG: Event : Redirect Page, in: oracle.apps.fnd.framework.webui.OAPageContextImpl: OA.jsp?akRegionCode=FNDDIALOGPAGE&akRegionApplicationId=0&transactionid=817211813&oapc=10&oas=YyMjRI6buFwrYehD8b25iQ..&retainAM=Y&addBreadCrumb=S&OAMC=G
[170]:PROCEDURE:[fnd.profiles.Profiles]:getProfileOptionValue: name=JTF_PF_MASTER_ENABLED; levelID=10001; levelValue=0; levelValueApplID=0
[170]:EVENT:[jtf.activity.CorePageObject]: PATBE START currentPageObject : PAT STATUS:false
[170]:EVENT:[jtf.activity.CorePageObject]: PATBE END currentPageObject : return factory.dummyProxyUser():
[322]:EXCEPTION:[fnd.framework.webui.OAPageBean]:java.lang.NullPointerException
Thanks in Advance
Sridevi KHi Sridevi,
The custom page is a selfsecured page?
ie, it will be accessed without login?
What is the profile option fnd_debuging_level 's value set to.
I Could see one your other thread
Re: You have insufficient privileges for the current Operation error
you mentioned that you did tried setting the profile options
Framework Validation Level
FND Function Validation LEvel
FND Validation Level
to none, still you are facing the issue,
At what level you tried the profile options.
Thanks,
With regards,
Kali.
OSSi.
Maybe you are looking for
-
New iMac or new Mac Mini... and iPhoto Library separate drive?
I have a 2007 iMac Intel Core Duo 2.4Ghz (4 meg RAM) with a hard drive in need of repair, according to Disk Utility (and repeated by DriveGenius 3.) The Repair option is not available. I have had occasional difficulty with this particular Mac, and
-
How to covert Spool to HTML and then send it via email
Hi I have a report that runs in the background and then converts the ALV report to PDF and emails it as attachment. I need it to convert in HTML instead of PDF. Here is my code... * CALL_ALV form call_alv. perform build_field_catalog using field_t
-
Macbook Pro, TV, HDMI cord
I've connected my Macbook Pro (OS X 10.8.5) to my TV using an HDMI cord before, but it isn't working for me now. When plugged in, the airplay mirroring box is checked. Under System Preferences > Displays, only two tabs are given: display and color. P
-
How to skip delete on logical standby
Dear guys and gurus, On next month i will have plan to delete history data on my Primary database, but i still want to keep them in logical standby as the data warehouse. So, how can i skip delete statement from primary database apply to logical stan
-
This seems to be recent. I open Safari and the address appears, but the home page doesn't load (MSN). If I click the RELOAD button in the header it loads fine. If I clear the CACHE, I get maybe 3 successful openings and then it's back to blank. Any i