Grant DBA role
Hi, i have experienced many time that when you give dba role to any schema it should get the privilege of Create any on all object. but it is not the case after giving dba privilege to schema i have to give create any privilege to that schema though DBA role have that Facility, why is it so.
Regards
Vikas Chopkar
Are you talking about the default role named DBA? If so, that role should rarely be granted to anyone. Either way, on my database it has the privileges you say it doesn't.
SQL> SELECT * FROM DBA_SYS_PRIVS WHERE GRANTEE='DBA' ORDER BY PRIVILEGE;
GRANTEE PRIVILEGE ADM
DBA ADMINISTER ANY SQL TUNING SET YES
DBA ADMINISTER DATABASE TRIGGER YES
DBA ADMINISTER RESOURCE MANAGER YES
DBA ADMINISTER SQL TUNING SET YES
DBA ADVISOR YES
DBA ALTER ANY CLUSTER YES
DBA ALTER ANY DIMENSION YES
DBA ALTER ANY EVALUATION CONTEXT YES
DBA ALTER ANY INDEX YES
DBA ALTER ANY INDEXTYPE YES
DBA ALTER ANY LIBRARY YES
DBA ALTER ANY MATERIALIZED VIEW YES
DBA ALTER ANY OUTLINE YES
DBA ALTER ANY PROCEDURE YES
DBA ALTER ANY ROLE YES
DBA ALTER ANY RULE YES
DBA ALTER ANY RULE SET YES
DBA ALTER ANY SEQUENCE YES
DBA ALTER ANY SQL PROFILE YES
DBA ALTER ANY TABLE YES
DBA ALTER ANY TRIGGER YES
DBA ALTER ANY TYPE YES
DBA ALTER DATABASE YES
DBA ALTER PROFILE YES
DBA ALTER RESOURCE COST YES
DBA ALTER ROLLBACK SEGMENT YES
DBA ALTER SESSION YES
DBA ALTER SYSTEM YES
DBA ALTER TABLESPACE YES
DBA ALTER USER YES
DBA ANALYZE ANY YES
DBA ANALYZE ANY DICTIONARY YES
DBA AUDIT ANY YES
DBA AUDIT SYSTEM YES
DBA BACKUP ANY TABLE YES
DBA BECOME USER YES
DBA CHANGE NOTIFICATION YES
DBA COMMENT ANY TABLE YES
DBA CREATE ANY CLUSTER YES
DBA CREATE ANY CONTEXT YES
DBA CREATE ANY DIMENSION YES
DBA CREATE ANY DIRECTORY YES
DBA CREATE ANY EVALUATION CONTEXT YES
DBA CREATE ANY INDEX YES
DBA CREATE ANY INDEXTYPE YES
DBA CREATE ANY JOB YES
DBA CREATE ANY LIBRARY YES
DBA CREATE ANY MATERIALIZED VIEW YES
DBA CREATE ANY OPERATOR YES
DBA CREATE ANY OUTLINE YES
DBA CREATE ANY PROCEDURE YES
DBA CREATE ANY RULE YES
DBA CREATE ANY RULE SET YES
DBA CREATE ANY SEQUENCE YES
DBA CREATE ANY SQL PROFILE YES
DBA CREATE ANY SYNONYM YES
DBA CREATE ANY TABLE YES
DBA CREATE ANY TRIGGER YES
DBA CREATE ANY TYPE YES
DBA CREATE ANY VIEW YES
DBA CREATE CLUSTER YES
DBA CREATE DATABASE LINK YES
DBA CREATE DIMENSION YES
DBA CREATE EVALUATION CONTEXT YES
DBA CREATE EXTERNAL JOB YES
DBA CREATE INDEXTYPE YES
DBA CREATE JOB YES
DBA CREATE LIBRARY YES
DBA CREATE MATERIALIZED VIEW YES
DBA CREATE OPERATOR YES
DBA CREATE PROCEDURE YES
DBA CREATE PROFILE YES
DBA CREATE PUBLIC DATABASE LINK YES
DBA CREATE PUBLIC SYNONYM YES
DBA CREATE ROLE YES
DBA CREATE ROLLBACK SEGMENT YES
DBA CREATE RULE YES
DBA CREATE RULE SET YES
DBA CREATE SEQUENCE YES
DBA CREATE SESSION YES
DBA CREATE SYNONYM YES
DBA CREATE TABLE YES
DBA CREATE TABLESPACE YES
DBA CREATE TRIGGER YES
DBA CREATE TYPE YES
DBA CREATE USER YES
DBA CREATE VIEW YES
DBA DEBUG ANY PROCEDURE YES
DBA DEBUG CONNECT SESSION YES
DBA DELETE ANY TABLE YES
DBA DEQUEUE ANY QUEUE YES
DBA DROP ANY CLUSTER YES
DBA DROP ANY CONTEXT YES
DBA DROP ANY DIMENSION YES
DBA DROP ANY DIRECTORY YES
DBA DROP ANY EVALUATION CONTEXT YES
DBA DROP ANY INDEX YES
DBA DROP ANY INDEXTYPE YES
DBA DROP ANY LIBRARY YES
DBA DROP ANY MATERIALIZED VIEW YES
DBA DROP ANY OPERATOR YES
DBA DROP ANY OUTLINE YES
DBA DROP ANY PROCEDURE YES
DBA DROP ANY ROLE YES
DBA DROP ANY RULE YES
DBA DROP ANY RULE SET YES
DBA DROP ANY SEQUENCE YES
DBA DROP ANY SQL PROFILE YES
DBA DROP ANY SYNONYM YES
DBA DROP ANY TABLE YES
DBA DROP ANY TRIGGER YES
DBA DROP ANY TYPE YES
DBA DROP ANY VIEW YES
DBA DROP PROFILE YES
DBA DROP PUBLIC DATABASE LINK YES
DBA DROP PUBLIC SYNONYM YES
DBA DROP ROLLBACK SEGMENT YES
DBA DROP TABLESPACE YES
DBA DROP USER YES
DBA ENQUEUE ANY QUEUE YES
DBA EXECUTE ANY CLASS YES
DBA EXECUTE ANY EVALUATION CONTEXT YES
DBA EXECUTE ANY INDEXTYPE YES
DBA EXECUTE ANY LIBRARY YES
DBA EXECUTE ANY OPERATOR YES
DBA EXECUTE ANY PROCEDURE YES
DBA EXECUTE ANY PROGRAM YES
DBA EXECUTE ANY RULE YES
DBA EXECUTE ANY RULE SET YES
DBA EXECUTE ANY TYPE YES
DBA EXPORT FULL DATABASE YES
DBA FLASHBACK ANY TABLE YES
DBA FORCE ANY TRANSACTION YES
DBA FORCE TRANSACTION YES
DBA GLOBAL QUERY REWRITE YES
DBA GRANT ANY OBJECT PRIVILEGE YES
DBA GRANT ANY PRIVILEGE YES
DBA GRANT ANY ROLE YES
DBA IMPORT FULL DATABASE YES
DBA INSERT ANY TABLE YES
DBA LOCK ANY TABLE YES
DBA MANAGE ANY FILE GROUP YES
DBA MANAGE ANY QUEUE YES
DBA MANAGE FILE GROUP YES
DBA MANAGE SCHEDULER YES
DBA MANAGE TABLESPACE YES
DBA MERGE ANY VIEW YES
DBA ON COMMIT REFRESH YES
DBA QUERY REWRITE YES
DBA READ ANY FILE GROUP YES
DBA RESTRICTED SESSION YES
DBA RESUMABLE YES
DBA SELECT ANY DICTIONARY YES
DBA SELECT ANY SEQUENCE YES
DBA SELECT ANY TABLE YES
DBA SELECT ANY TRANSACTION YES
DBA UNDER ANY TABLE YES
DBA UNDER ANY TYPE YES
DBA UNDER ANY VIEW YES
DBA UPDATE ANY TABLE YES
Similar Messages
-
Hi
DB 11g
One user has GRANT ANY ROLE privilege, and when it's trying to grant "DBA" role... it's throwing insufficient privilege... where in case of ' IMP_FULL_DATABASE" & " SELECT_CATALOG_ROLE" it's went fine... why not DBA role .???Hi,
It seems that there is a little confusing among some Oracle documentations. According to [url http://download-west.oracle.com/docs/cd/A87860_01/doc/server.817/a76956/privs.htm#15013] Managing User Privileges and Roles since Oracle 8i documentation, the roles CONNECT, RESOURCE and DBA are automatically defined for Oracle databases as part of database creation. On the other hand, there is a note:
"Note: The previous three roles are provided to maintain compatibility with previous versions of Oracle and may not be created automatically in future versions of Oracle. Oracle Corporation recommends that you design your own roles for database security, rather than relying on these roles"
Now, according to [url http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/authoriz.htm#i1007401]Oracle 10g documentation:
"5.2.7 Predefined Roles
The following roles are defined automatically for Oracle Database:
* CONNECT
* RESOURCE
* DBA
* EXP_FULL_DATABASE
* IMP_FULL_DATABASE
These roles are provided for backward compatibility to earlier versions of Oracle Database and can be modified in the same manner as any other role in an Oracle database.
Note: Each installation should create its own roles and assign only those privileges that are needed, thus retaining detailed control of the privileges in use. This process also removes any need to adjust existing roles, privileges, or procedures whenever Oracle Database changes or removes roles that Oracle Database defines. For example, the CONNECT role now has only one privilege: CREATE SESSION. Both CONNECT and RESOURCE roles will be deprecated in future Oracle versions."
In resume, the CONNECT and RESOURCE roles will be deprecated in future Oracle versions, but there is nothing about DBA role.
Cheers
Legatti -
Is there a way to create a role like DBA role?
is there a way to create a role just like DBA role?
Karl wrote:
thanks for the reply.
yes, i know the command. but i still have concerns.
DBA role come with oracle product, and it is very powerful. our client wants to have a role just like DBA role, but with the following excluded from it
DELETE_CATALOG_ROLE
GRANT ANY ROLEThen simply do NOT issue those two GRANT -
Hi,
Using oracle 10g I am facing problem and I do not know what I have done to my database.
When I create user while logon as SYSTEM and I want to grant dba to that user I am getting this message that 'No such role exit'. When I see under roles I can see only two roles
1. AQ_Administrator_Role
2 MGMT_USER
No other roles are seen. Please help me how I can get back all roles and preveliges for system and for sys also as same is the case with sys.
Thanks.User sys, unless something is out of sorts with the database catalog, and sys has to connect with the sysdba role.
If you switch user to the oracle software (install) owner, should also be able to
connect / as sysdba; -
DBA role and system privileges
I created a new user (PIPPO) with the default dba role in my db.
I know that the dba_role has the SELECT ANY TABLE and INSERT ANY TABLE system privileges.
I expeperienced that if I select a table of another schema on a simple sqlplus session everything is OK, but if I select the same table on the same manner in a PL/SQL procedure or in the creation of a wiew, both owned by PIPPO, the error message is that the table not exists...
So I have to grant SELECT and INSERT on the tables I want to my user PIPPO.
Does anyone tell me if this is normal or strange?
ThanksThis is normal. To access other schema's table you need to have direct grant not through roles. DBA is a role.
-
Is it possible to break dba role into
new dba
back up dba
dba operator
etc. SO that a single dba does not have all super
privileges ?
Thanks
- SatyajeetYou can certainly create new roles that have fewer privs than DBA and grant those roles to different folks. That's probably the easiest approach.
Justin -
Select Granted By Role Doesn't Work
Oracle 11.1.0.7.0 running on AIX
This is crazy I don't know why it is happening or even how it is happening but when I grant a role to a user they still cannot select from the granted tables & views.
CREATE ROLE RETROMAN_USERS NOT IDENTIFIED
GRANT SELECT ON YBP.DDA_STATUS_CODES TO RETROMAN_USERS
GRANT SELECT ON YBP.DEMAND_DRIVEN_ACTIVITY TO RETROMAN_USERS
GRANT SELECT ON YBP.V_DDA_STATUS_CODES TO RETROMAN_USERS
GRANT SELECT ON YBP.V_DEMAND_DRIVEN_ACTIVITY TO RETROMAN_USERS
GRANT RETROMAN_USERS TO SABEL WITH ADMIN OPTION
GRANT RETROMAN_USERS TO CKING
GRANT RETROMAN_USERS TO FCROWELL
GRANT RETROMAN_USERS TO HCAMPBELL
GRANT RETROMAN_USERS TO LJOHNSON
GRANT RETROMAN_USERS TO RWILLIAMS
GRANT RETROMAN_USERS TO LMONTCALM
When I try to Select * from ybp.Demand_Driven_Activity as hcampbell I get a "table or view does not exist" error. where other users can get results using the same query. Any ideas? I am completely out of them. I am not a DBA and our company doesn't employ a DBA - scary huh. Any help would be greatly appreciated.
ScottOK, the user cannot select from the table...
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 07:51:33 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from ybp.demand_driven_activity;
select * from ybp.demand_driven_activity
ERROR at line 1:
ORA-00942: table or view does not exist-----
Let's grant the role and verify that the role is assigned and what privileges it has.
oracle@qa:/home/oracle
$ sqlplus sabel@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 07:53:21 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> grant retroman_users to hcampbell;
Grant succeeded.
SQL> select * from DBA_ROLE_PRIVS where grantee = 'HCAMPBELL';
GRANTEE GRANTED_ROLE ADM DEF
HCAMPBELL YBPREGUSER NO YES
HCAMPBELL OOPS NO YES
HCAMPBELL YBPENDUSER NO YES
HCAMPBELL RETROMAN_USERS NO NO-----
The role does exist (I think) and has the following permissions
SQL> set linesize 132
SQL> Select * from role_tab_privs Where role = 'RETROMAN_USERS';
ROLE OWNER TABLE_NAME COLUMN_NAME
PRIVILEGE GRA
RETROMAN_USERS YBP DEMAND_DRIVEN_ACTIVITY
SELECT NO
RETROMAN_USERS YBP V_DEMAND_DRIVEN_ACTIVITY
SELECT NO
RETROMAN_USERS YBP DDA_STATUS_CODES
SELECT NO
ROLE OWNER TABLE_NAME COLUMN_NAME
PRIVILEGE GRA
RETROMAN_USERS YBP V_DDA_STATUS_CODES
SELECT NO
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options-----
sys can't see the role though - but that may be normal...
$ sqlplus sys@devorcl as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:30:34 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> Select * from role_tab_privs Where role = 'RETROMAN_USERS';
no rows selected-----
The user still cannot select from the table
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:39:46 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from ybp.demand_driven_activity;
select * from ybp.demand_driven_activity
ERROR at line 1:
ORA-00942: table or view does not exist-----
let's try to make it a default role....
$ sqlplus sabel@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:42:59 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> ALTER USER HCAMPBELL DEFAULT ROLE YBPREGUSER, OOPS, YBPENDUSER, retroman_users;
User altered.
SQL> exit-----
after the user logs out and then back on, now user can access the table.
oracle@qa:/home/oracle
$ sqlplus hcampbell@devorcl
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Aug 22 08:47:57 2012
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> Select Count(1) from ybp.demand_driven_activity;
COUNT(1)
161295If I remove the retroman_users from the default role I can still access the table until I log out and then back in so it must have something to do with default roles. I don't know why I didn't see this before but the other users that were granted the retroman_users role and could access the table had their default role set to ALL. Sorry, I didn't give you all the information that you needed to help me, this might have helped:
CREATE USER HCAMPBELL
IDENTIFIED BY h
DEFAULT TABLESPACE DATASMALL
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK
-- 4 Roles for HCAMPBELL
GRANT YBPREGUSER TO HCAMPBELL
GRANT OOPS TO HCAMPBELL
GRANT YBPENDUSER TO HCAMPBELL
GRANT RETROMAN_USERS TO HCAMPBELL
ALTER USER HCAMPBELL DEFAULT ROLE YBPREGUSER, OOPS, YBPENDUSERI guess I need to read more about Default Roles. Sorry for my belligerent responses. -
PDB_DBA has DBA role, but no quota on tablespace
Hi all,
I have weird situation and I can't find in doco why is that:
I have created PDB with role DBA for admin user, I can see that PDB_DBA role has DBA role. I can create table in admin user schema, but can't insert rows there, as there are no quota on tablespace. If I grant DBA to admin user directly- I can insert rows - so, I got "quota unlimited" as part of DBA role:
SQL> conn / as sysdba
Connected.
SQL> create pluggable database P1 admin user a identified by a roles=(dba);
Pluggable database created.
SQL> alter session set container=P1;
Session altered.
SQL> alter pluggable database P1 open;
Pluggable database altered.
SQL> create table a.t(id integer);
Table created.
SQL> insert into a.t values(1);
insert into a.t values(1)
ERROR at line 1:
ORA-01950: no privileges on tablespace 'SYSTEM'
SQL> select * from dba_role_privs where grantee = 'A';
GRANTEE
GRANTED_ROLE ADM DEL DEF COM
A
PDB_DBA YES NO YES NO
SQL> select granted_role from dba_role_privs where grantee = 'PDB_DBA';
GRANTED_ROLE
DBA
SQL>
SQL> grant dba to a;
Grant succeeded.
SQL> insert into a.t values(1);
1 row created.
SQL> revoke dba from a;
Revoke succeeded.
SQL> insert into a.t values(1);
1 row created.
SQL>What is the full version of Oracle 12c that you are using?
That does seem odd. Especially since revoking the direct grant leaves the privilege intact which could only come from the role.
What happens if you bounce the DB after the initial INSERT failure? Does it continue to fail if the direct grant isn't made?
Also - did you specify FILE_NAME_CONVERT as an init parameter?
If you have a MOS account I suggest you search to see if there are any bugs related to PDB privileges.
There have been some known issues with the whole PDB metadata link thing. System tables only exist in the root and the PDBs only have metadata links to the actual system entries. It's possible that the metadata link didn't get created or propagated properly after the PDB was created.
That is why I ask if you can try bouncing the database to see if the problem still persists.
The other, related, test to try is to first create the PDB (no other action at all such as grants, users, or anything). Then open the PDB and then shut it all down.
When you restart the entire DB and open the PDB then perform your test and see if you get the same results. The intent of that test is to see if the metadata entries are properly created and propogated AFTER the PDB actually exists.
Unfortunately (for you at least for now) there are so many nuances to the whole multitenant thing in the way privileges (among other things) work it will be a while until they all get sorted out.
Many of those are the management of privileges (roles, grants, etc) for PDBs given that some PDBs aren't open at the time the privilege change is made. If a PDB isn't open and you modify a common privilege there won't be any replication to that PDB and you will later have to update that PDBs privileges manually. -
I have some problems understanding DBA role. I have DBA privs on a database (I'm a developer, not a DBA). Because of a privacy problem, I have not to select data in only one table of the database. A solution could be to encrypt rows of this table... This will be the last choice, because in this case I will have to rewrite some applications. So, I'm trying to create a new role in which I have all privileges except SELECT ANY TABLE. Then I will have to lose my DBA privs. During ordinary operations necessary to mantain my applications (like backup, import and export and so on...), I will have DBA privs granted again from the privacy manager only for the period necessary to mantain the site. After this period I have to sign a paper in which I declare I have not seen the records of that table. As you can imagine, this solution is very bad (during that period I can create 1000 users with dba privs...), but seems to be fine to the privacy manager.
Now my problem is: after creating the role DBA_WSAT that is the DBA role without select any table, I can connect as sysdba again... Why? Which is the privilege that enable a user to connect as sysdba? Any suggestions will be appreciated to solve this bad situation...
Thank you very much.
Ste.You probably have an entry in the password file that needs to be removed if you are no longer a DBA.
Have you considered auditing access to this sensitive table, either in addition to the current proposal or instead of it? That would be far more secure than signing the piece of paper periodically.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
REVOKE insert on tables from use with DBA role
Hi
I have two users with DBA role granted. I want to remove insert/update capabilities of a certain tables from one of the users but keep the DBA role. Is this possible ?
ThanksNo.
Do not even think about messing with the DBA role!!
You cannot grant global privileges through a role, then ungrant select privileges from an individual.
What you need to do is to crate your own local DBA-like role (or roles). Grant the global privileges all DBAs need to your own DBA-like role and grant that to the DBAs. Then grant privileges on the tables to various roles and grant them to the individual DBAs. That way you can exclude the privileges you do not want to grant.
But, ultimately, you need to be able to trust your DBA to follow procedures, rules, and instructions. If you cannot, perhaps he should not be a DBA. -
Error while granting BPMOrganizationAdmin role to SOAOperator.
Error Starting While starting SOA server. Please advise.
<Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.services.organization> <BEA-000000> <Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
ORABPEL-10513
Cannot get application roles from application identified by "{0}".
An error occurred while getting application roles from application identified by "soa-infra".
The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10510
Application role not found.
Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
>
<Mar 5, 2015 12:56:08 PM EST> <Error> <oracle.bpm.common> <BEA-000000> <Exception
BPM-70692
Exception
exception.70692.type: error
exception.70692.severity: 2
exception.70692.name: Error while granting BPMOrganizationAdmin role to SOAOperator.
exception.70692.description: Error occured while granting the application role BPMOrganizationAdmin to application role SOAOperator.
exception.70692.fix: In the policy store, please add SOAOperator role as a member of BPMOrganizationAdmin role, if it is not already present.
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:324)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:29)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10513
Cannot get application roles from application identified by "{0}".
An error occurred while getting application roles from application identified by "soa-infra".
The underlying APIs threw an exception. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:920)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
Caused By: ORABPEL-10510
Application role not found.
Application role "BPMOrganizationAdmin" could not be found for application identified by "soa-infra".
Check if the application role exists in the repository associated with the application. Check the error stack and fix the cause of the error. Contact Oracle Support Services if error is not fixable.
at oracle.tip.pc.services.identity.jps.JpsProvider$9.run(JpsProvider.java:2338)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRoleEntry(JpsProvider.java:2333)
at oracle.tip.pc.services.identity.jps.JpsProvider.access$000(JpsProvider.java:169)
at oracle.tip.pc.services.identity.jps.JpsProvider$1.run(JpsProvider.java:917)
at oracle.tip.pc.services.identity.jps.JpsProvider.lookupAppRole(JpsProvider.java:913)
at oracle.bpm.bpmn.engine.runtime.DeploymentDescriptorUtil.grantBPMOrganizationAdminRoleToSOAOperator(DeploymentDescriptorUtil.java:294)
at oracle.bpm.bpmn.engine.service.BPMNServiceEngine.stateChanged(BPMNServiceEngine.java:578)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.notifyListeners(FabricLifecycle.java:46)
at oracle.integration.platform.blocks.mesh.FabricLifecycle.setState(FabricLifecycle.java:30)
at oracle.integration.platform.blocks.mesh.MeshImpl.postDeployInit(MeshImpl.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at oracle.integration.platform.metrics.PhaseEventAspect.invoke(PhaseEventAspect.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy307.postDeployInit(Unknown Source)
at oracle.integration.platform.kernel.FabricKernelInitializerServlet$1.run(FabricKernelInitializerServlet.java:555)
at oracle.integration.platform.blocks.executor.WorkManagerExecutor$1.run(WorkManagerExecutor.java:120)
at weblogic.work.j2ee.J2EEWorkManager$WorkWithListener.run(J2EEWorkManager.java:183)
at weblogic.work.DaemonWorkThread.run(DaemonWorkThread.java:30)
>Hi user,
Can you give us some information on the version you are using and your security setup? Are you using an external security provider? Because to me it sounds that you are using an external LDAP server.
Antonis -
Hi friends,
I created a role in oracle 10 and can be granted to user one by one. it works.
But I try to grant the role to all users and get error.
my code as (copy and modify from OTN)
====
DECLARE
l_schema VARCHAR2(30) := 'SCHEMA_OWNER';
BEGIN
FOR i IN (SELECT USERNAME
FROM all_users
WHERE username not in ('SYS','SYSTEM','OUTLN','DMSYS','TSMSYS','XDB','CTXSYS','WMSYS','DBSNMP','DIP','OLAP','OLAPSYS','MDSYS','EXFSYS','MDSYS'))
LOOP
BEGIN
EXECUTE IMMEDIATE 'GRANT USERS_SELECT ||' TO i.USERNAME;
EXCEPTION
WHEN OTHERS THEN
NULL;
END;
END LOOP;
END;
ORA-06550: line 10, column 41:
PLS-00103: Encountered the symbol "TO" when expecting one of the following:
* & = - + ; < / > at in is mod remainder not rem return
returning <an exponent (**)> <> or != or ~= >= <= <> and or
like LIKE2_ LIKE4_ LIKEC_ between into using || multiset bulk
member SUBMULTISET_
The symbol "* was inserted before "TO" to continue.
SQL>
I double check syntax is OK. what is wrong?
Thanks for help!
JimTry:
EXECUTE IMMEDIATE 'GRANT RAC_SELECT TO '|| i.USERNAME;And remove this part, which is for 99.99% a bug:
EXCEPTION
WHEN OTHERS THEN
NULL;
ENDOnly catch errors you expect... -
Performance tab not working in Enterprise Manager for user with dba role
Database: 11g2
New to Oracle. Don't want share SYS user account among dbas. Tried to create user with dba role to perform all tasks.
1. Removed DBMS_JOB, DBMS_LOB, UTL_FILE, UTL_HTTP, UTL_SMTP, and UTL_TCP from PUBLIC
2. Created user dbauser1 with dba role
3. Log in as dbauser1 in Enterprise Manager
After click Performance tab, it just went straight to "Database Login" page. No error message.
Any suggestions or advice will be appreciated.
piaomaHi Gourav,
This is the wsdl url:
http://hostname:8000/sap/bc/srt/wsdl/bndg_E04711310A0E55F1A0E3005056B03D6F/wsdl11/allinone/ws_policy/document?sap-client=450
Kind Regards,
Richard -
Hi,
I recently saw that the DBA role is missing from one of our databases and the connect privileges are revoked from almost all schemas in the database. I tried investing about how this. Initially I went to check the dba_audit_trail,unfortunately it's empty. Secondly I tried using log miner to analyse redo logs for last 5 days in short intervals. Analysing from V$LOGMNR_CONTENTS using a "DROP" filter on operation column,but still couldn't get anything. Can anyone suggest any other way to investigate this.If you had access to a database of the same version you could use the scripts from Pete Finnigan (http://www.petefinnigan.com/tools.htm) to see what privileges are given to the DBA role and re-create the role.
On metalink there is Note: 1068678.6 How to Recreate DBA Role if Dropped. Last revision is 26-Nov-2002 and only mentions version 8.X. -
DBA role cannot update a table
SQL> select * from v$version;
BANNER
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL> show user
USER is "JIMMYB"
SQL> select granted_role from dba_role_privs where grantee ='JIMMYB';
GRANTED_ROLE
CTXAPP
DBA
SQL> select user_seq, person_id from cmis.users
2 where last_name = 'ZIGGY';
USER_SEQ PERSON_ID
12788 1246277
SQL> update cmis.users
2 set
3 person_id = 10991
4 where user_seq = 12788;
update cmis.users
ERROR at line 1:
ORA-00942: table or view does not existHow can the DBA role not be allowed to update this table?I'm not sure what I am missing here. I've never encountered this before.
SQL> desc cmis.users
Name Null? Type
USER_SEQ NOT NULL NUMBER
PERSON_ID NUMBER ENCRYPT
USERNAME VARCHAR2(50) ENCRYPT
PREFIX VARCHAR2(10)
FIRST_NAME VARCHAR2(100) ENCRYPT
MIDDLE_NAME VARCHAR2(100) ENCRYPT
LAST_NAME VARCHAR2(100) ENCRYPT
SUFFIX VARCHAR2(12)
EMAIL_ADDRESSS VARCHAR2(1000) ENCRYPT
USER_STATUS_SEQ NUMBERI can't imagine it has anything to do with transparent data encryption.
Maybe you are looking for
-
Medruck script Item line changes
Hi how to track changes in item line when ever changes are made in item level in which strucutre or special fields it stores tht value.
-
Anyone been able to get OS Image Capture to remote trigger Canon EOS DLSR?
Hi I am connecting my Canon EOS 50D DLSR to a MacBook using USB. I am able to copy photos off the camera's memory card, however the built in OS X Image Capture software refuses to remote trigger the camera to take a picture. I need to try get it work
-
X.400 instead of SMTP Protocol and Javamail API
We have developed a workflow application on Domino 5.0.7. The SmartHost is "MS Exchange Server", because the application will only be accessed by browsers, we are using javaagent to send the email notifications. Due to some domain restrictions on MS
-
Hello! I have a strange situation: I use smsj api (http://smsj.sourceforge.net/ - with some changes) to send binary sms to a midlet using UCP/EMI. When i send a binary message the message is not dispalyed(is not received) on Nokia phones (i tested on
-
I have downloader adobe reader for linux. How do I install it?
I have downloaded adobe reader for linux. How do I install it and set it up?