Insufficient privileges in Procedure

Similar Messages

• Insufficient privileges for creating a table in a procedure

  Hello,
  I have a problem with creating a table from within a procedure. The error is
  -1031 : ORA-01031: insufficient privileges
  All objects are owned by the same user, and the procedure is run under that user. This user has CREATE ANY TABLE with Admin Option rights.
  I am working with Oracle 8i.
  Can anybody tell me how I can fix this?
  Thanks, Wouter

  Does the user have the CREATE ANY TABLE privilege granted directly to it, or through a role? Stored procedures by default don't know about any privileges granted through a role.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• AMDP syntax call to external procedure: "SQLScript message: insufficient privilege: Not authorized"

  I am getting the message "SQLScript message: insufficient privilege: Not authorized" in the syntax check in SE24 for an AMDP call to an external procedure which is not located in the default schema (located in schema MYSCHEMA).
  With DB_DBUSER & DB_DBSCHEMA I have confirmed the default user and schema to both be SAPHANAABAP.
  In HANA Studio the owner of schema MYSCHEMA has granted the following privileges:
  grant debug  on schema MYSCHEMA to SAPHANAABAP;
  grant select on schema MYSCHEMA to SAPHANAABAP;
  grant update on schema MYSCHEMA to SAPHANAABAP;
  grant delete on schema MYSCHEMA to SAPHANAABAP;
  grant insert on schema MYSCHEMA to SAPHANAABAP;
  grant attach debugger to SAPHANAABAP;
  What is the missing piece in this puzzle?

  Thanks

• Insufficient privileges upon executing stored procedure

  Hello Gurus,
  i am new to plsql, working on a stored procedure.
  basically, trying to create a temporary table using dynamic sql .. below is my code,upon executing , i am encoutering insufficient privileges error. not sure where i am going wrong. any help is highly appreciated, thanks
  ---------code - successfully compiled----------
  SQL> CREATE OR REPLACE procedure stp_temp (i_table in varchar2)
  2 is
  3 table_creation_stmt varchar2(4000):='';
  4 begin
  5
  6 table_creation_stmt := 'CREATE GLOBAL TEMPORARY TABLE '||i_table|| ' AS select * from TABLE_STGG';
  7 dbms_output.put_line ('Query is :'||table_creation_stmt);
  8 execute immediate table_creation_stmt;
  9 end;
  10 /
  Procedure created.
  SQL> exec stp_temp('table123');
  Query is :CREATE GLOBAL TEMPORARY TABLE table123 AS select * from TABLE_STGG
  BEGIN stp_temp('table123'); END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "E3US9T.STP_TEMP", line 8
  ORA-06512: at line 1
  ------table gets created upon copy/paste from above output ( query is)
  SQL> CREATE GLOBAL TEMPORARY TABLE table123 AS select * from TABLE_STGG;
  Table created.

  Sandeep Thakur wrote:
  Hello Gurus,
  i am new to plsql, working on a stored procedure.
  basically, trying to create a temporary table using dynamic sql .. below is my code,upon executing , i am encoutering insufficient privileges error. not sure where i am going wrong. any help is highly appreciated, thanks
  ---------code - successfully compiled----------
  SQL> CREATE OR REPLACE procedure stp_temp (i_table in varchar2)
  2 is
  3 table_creation_stmt varchar2(4000):='';
  4 begin
  5
  6 table_creation_stmt := 'CREATE GLOBAL TEMPORARY TABLE '||i_table|| ' AS select * from TABLE_STGG';
  7 dbms_output.put_line ('Query is :'||table_creation_stmt);
  8 execute immediate table_creation_stmt;
  9 end;
  10 /
  Procedure created.
  SQL> exec stp_temp('table123');
  Query is :CREATE GLOBAL TEMPORARY TABLE table123 AS select * from TABLE_STGG
  BEGIN stp_temp('table123'); END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "E3US9T.STP_TEMP", line 8
  ORA-06512: at line 1
  ------table gets created upon copy/paste from above output ( query is)
  SQL> CREATE GLOBAL TEMPORARY TABLE table123 AS select * from TABLE_STGG;
  Table created.In addition to what others have posted you may also want to research SQL Injection.
  For example what do you think will happen if I invoke your procedure as follows:
  begin
    stp_temp('bad_table on commit preserve rows as select * from all_users --');
  end;
  /Is it what you want to have happen?
  This is one reason why doing DDL in a stored procedure is a bad idea. Pay particular attention to what SomeoneElse and RP have to say too.
  And, for the record, the SQL and PL/SQL forum is PL/SQL.

• Insufficient privilege while using dynamic sql in procedure

  Hi,
  I am using following script on oracle 10g. and getting unsufficient privs error. please advice.
  SQL> show user
  User is "GRSADM"
  SQL> create or replace procedure grsadm.test_proc as
  a varchar2(2000);
  begin
  a:='CREATE OR REPLACE VIEW
  test_view
  AS SELECT
  ''sadf'' a
  FROM dual';
  execute immediate a;
  end;
  Procedure created.
  SQL> begin
  grsadm.test_proc;
  end;
  begin
  grsadm.test_proc;
  end;
  Error at line 16
  ORA-01031: insufficient privileges
  ORA-06512: at "GRSADM.TEST_PROC", line 9
  ORA-06512: at line 2
  SQL> select * from session_privs
  where privilege like '%VIEW%'
  PRIVILEGE
  CREATE ANY VIEW
  DROP ANY VIEW
  CREATE ANY MATERIALIZED VIEW
  ALTER ANY MATERIALIZED VIEW
  DROP ANY MATERIALIZED VIEW
  5 rows selected.
  Edited by: Ratnesh Sharma on Nov 24, 2011 12:00 PM

  yes it has EXECUTE ANY PROCEDURE priv.
  Following is the list of all the priv this user has.
  PRIVILEGE
  CREATE ANY SQL PROFILE
  DROP ANY SQL PROFILE
  GRANT ANY OBJECT PRIVILEGE
  DEBUG CONNECT SESSION
  RESUMABLE
  ADMINISTER DATABASE TRIGGER
  ADMINISTER RESOURCE MANAGER
  DROP ANY OUTLINE
  DROP ANY CONTEXT
  CREATE ANY CONTEXT
  MANAGE ANY QUEUE
  DROP ANY DIMENSION
  CREATE ANY DIMENSION
  GLOBAL QUERY REWRITE
  DROP ANY INDEXTYPE
  CREATE ANY INDEXTYPE
  DROP ANY OPERATOR
  CREATE ANY OPERATOR
  DROP ANY LIBRARY
  CREATE ANY LIBRARY
  EXECUTE ANY TYPE
  DROP ANY TYPE
  ALTER ANY TYPE
  CREATE ANY TYPE
  DROP ANY DIRECTORY
  CREATE ANY DIRECTORY
  DROP ANY MATERIALIZED VIEW
  ALTER ANY MATERIALIZED VIEW
  CREATE ANY MATERIALIZED VIEW
  ANALYZE ANY
  DROP PROFILE
  CREATE PROFILE
  DROP ANY TRIGGER
  ALTER ANY TRIGGER
  CREATE ANY TRIGGER
  EXECUTE ANY PROCEDURE
  DROP ANY PROCEDURE
  ALTER ANY PROCEDURE
  CREATE ANY PROCEDURE
  CREATE PROCEDURE
  AUDIT ANY
  DROP ANY ROLE
  CREATE ROLE
  DROP PUBLIC DATABASE LINK
  CREATE PUBLIC DATABASE LINK
  CREATE DATABASE LINK
  DROP ANY SEQUENCE
  CREATE ANY SEQUENCE
  DROP ANY VIEW
  CREATE ANY VIEW
  DROP PUBLIC SYNONYM
  CREATE PUBLIC SYNONYM
  DROP ANY SYNONYM
  CREATE ANY SYNONYM
  DROP ANY INDEX
  ALTER ANY INDEX
  CREATE ANY INDEX
  DROP ANY CLUSTER
  CREATE ANY CLUSTER
  DELETE ANY TABLE
  UPDATE ANY TABLE
  INSERT ANY TABLE
  SELECT ANY TABLE
  COMMENT ANY TABLE
  DROP ANY TABLE
  ALTER ANY TABLE
  CREATE ANY TABLE
  DROP ROLLBACK SEGMENT
  CREATE ROLLBACK SEGMENT
  DROP USER
  BECOME USER
  CREATE USER
  UNLIMITED TABLESPACE
  DROP TABLESPACE
  ALTER TABLESPACE
  CREATE TABLESPACE
  CREATE SESSION
  ALTER SYSTEM

• ORA-01031: insufficient privileges in PL/SQL but not in SQL

  I have problem with following situation.
  I switched current schema to another one "ban", and selected 4 rows from "ed"
  alter session set current_schema=ban;
  SELECT * FROM ed.PS WHERE ROWNUM < 5;
  the output is OK, and I get 4 rows like
  ID_S ID_Z
  1000152 1
  1000153 1
  1000154 1
  1000155 1
  but following procedure is compiled with warning
  create or replace
  procedure proc1
  as
  rowcnt int;
  begin
  select count(*) into rowcnt from ed.PS where rownum < 5;
  end;
  "Create procedure, executed in 0.031 sec."
  5,29,PL/SQL: ORA-01031: insufficient privileges
  5,2,PL/SQL: SQL Statement ignored
  ,,Total execution time 0.047 sec.
  Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
  Thanks.
  Message was edited by:
  MattSk

  Privs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
  Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
  <quote>
  What happens when we compile a Definer rights procedure
  When we compile the procedure into the database, a couple of things happen with regards to
  privileges.  We will list them here briefly and then go into more detail:
  q    All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
  are verified for existence. Names are resolved via the standard scoping rules as they apply to the
  definer of the procedure.
  q    All of the objects it accesses are verified to ensure that the required access mode will be
  available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
  has the ability to UPDATE T without use of any ROLES.
  q    A dependency between this procedure and the referenced objects is setup and maintained. If
  this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
  If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
  resolve T into a fully qualified referenced.  T is an ambiguous name in the database - there may be
  many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
  synonyms will be resolved to their base objects and the schema name will be associated with the
  object as well. It does this name resolution using the rules for the currently logged in user (the
  definer). That is, it will look for an object owned by this user called T and use that first (this
  includes private synonyms), then it will look at public synonyms and try to find T and so on.
  Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
  attempting to access T is permitted.   In this case, if we as the definer of the procedure either
  owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
  procedure will compile.  If we do not have access to an object called T by a direct grant - the
  procedure P will fail compilation.  So, when the object (the stored procedure that references T) is
  compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
  the procedure, store the binary code for the procedure and set up a dependency between this
  procedure and this object T.  This dependency is used to invalidate the procedure later - in the
  event something happens to T that necessitates the stored procedures recompilation.  For example,
  if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
  mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
  we ALTER T ADD  some column, Oracle can invalidate all of the dependent procedures. This will cause
  them to be recompiled automatically upon their next execution.
  What is interesting to note is not only what is stored but what is not stored when we compile the
  object. Oracle does not store the exact privilege that was used to get access to T. We only know
  that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
  to:
  q    A grant given to the definer of the procedure (grant select on T to user)
  q    A grant to public on T (grant select on T to public)
  q    The user having the SELECT ANY TABLE privilege
  The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
  cause the procedure P to become invalid. If all three privileges were in place when the procedure
  was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
  before it is executed again. Since all three privileges were in place when we created the procedure
  - it will compile successfully (until we revoke all three that is). This recompilation will happen
  automatically the next time that the procedure is executed.
  Now that the procedure is compiled into the database and the dependencies are all setup, we can
  execute the procedure and be assured that it knows what T is and that T is accessible. If something
  happens to either the table T or to the set of base privileges available to the definer of this
  procedure that might affect our ability to access T -- our procedure will become invalid and will
  need to be recompiled.
  This leads into why ROLES are not enabled during the compilation and execution of a stored
  procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
  only that you are. Any change to your privileges that might cause access to T to go away will cause
  the procedure to become invalid and necessitate its recompilation. Without roles - that means only
  'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
  roles - it greatly expands the number of times we would invalidate this procedure. If some role
  that was granted to some role that was granted to this user was modified, this procedure might go
  invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
  fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
  that roles did give us privileges in stored objects. Now, most any time anything was revoked from
  ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
  -- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
  and suddenly your entire database must be recompiled! Consider the impact of revoking some system
  privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
  it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
  PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
  procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
  in the database would constantly become invalid due to small changes in permissions. Since one of
  the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
  for performance.
  Also consider that roles may be
  q    Non-default: If I have a non-default role and I enable it and I compile a procedure that
  relies on those privileges, when I log out I no longer have that role -- should my procedure become
  invalid -- why? Why not? I could easily argue both sides.
  q    Password Protected: if someone changes the password on a ROLE, should everything that might
  need that role be recompiled?  I might be granted that role but not knowing the new password - I
  can no longer enable it. Should the privileges still be available?  Why or Why not?  Again, arguing
  either side of this is easy. There are cases for and against each.
  The bottom line with respect to roles in procedures with Definer rights are:
  q    You have thousands or tens of thousands of end users. They don't create stored objects (they
  should not). We need roles to manage these people. Roles are designed for these people (end users).
  q    You have far fewer application schema's (things that hold stored objects). For these we want
  to be explicit as to exactly what privileges we need and why. In security terms this is called the
  concept of 'least privileges', you want to specifically say what privilege you need and why you
  need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
  to be explicit since the number of development schemas is SMALL (but the number of end users is
  large)...
  q    Having the direct relationship between the definer and the procedure makes for a much more
  efficient database. We recompile objects only when we need to, not when we might need to. It is a
  large efficiency enhancement.
  </quote>

• Unable to schedule a workbook - Insufficient Privileges

  I'm trying to set up a user so that they can schedule workbooks.
  After the user goes through the workbook wizard, a Database Error - ORA-01031: insufficient privilege is displayed.
  The following privileges have been granted to the user:
  CREATE PROCEDURE
  CREATE TABLE
  CREATE VIEW
  EXECUTE ANY PROCEDURE
  UNLIMITED TABLESPACE
  EXECUTE ON SYS.DBMS_JOB
  SELECT ON SYS.V_$PARAMETER
  The scheduled reports are supposed to be created in the user's schema.
  The version of Discoverer that I am using is 10g (10.1.2.3)
  I've verified that the DBMS_JOB package is already installed on the database.

  Hi
  These is the script I normally use:
  accept username prompt'Enter Username: '
  accept pword prompt'Enter Password: '
  create user &username identified by &password;
  grant connect, resource to &&username;
  grant analyze any to &&username;
  grant create procedure, create sequence to &&username;
  grant create session, create table, create view to &&username;
  grant execute any procedure to &&username;
  grant global query rewrite to &&username;
  grant select any table, unlimited tablespace to &&username;
  grant execute on sys.dbms_job to &&username;
  grant select on sys.v_$parameter to &&username;
  There are several grants in my list that aren't in yours.
  For a start, the user needs CREATE ANY PROCEDURE not CREATE PROCEDURE as the procedure they will be creating will exist in the EUL owner's schema, not their own.
  Try this one first and see what happens. If you still don't get success do the other grants from my script. I'm sure scheduling will then work.
  Best wishes
  Michael

• ORA-01031: insufficient privileges

  Hi Everyone,
  I am facing a weird scenario. In this I am creating a test user and after creating and granting the required privilieges I am executing a procedure in this user.
  The steps are as follows:
  SQL> REM ***
  SQL> connect sys/**** as sysdba
  Connected.
  SQL> REM ****
  SQL> REM grant privileges to the test user
  SQL> grant connect, resource, create table, create view, alter session,
  2 create sequence, create session, create procedure to tester ;
  Grant succeeded.
  SQL> grant unlimited tablespace to tester ;
  Grant succeeded.
  SQL> grant execute on dbms_lock to tester ;
  Grant succeeded.
  SQL> grant create any procedure to tester ;
  Grant succeeded.
  SQL>
  SQL> connect tester/tester
  ERROR:
  ORA-01031: insufficient privileges
  Warning: You are no longer connected to ORACLE.
  SQL> set serveroutput on
  SQL> REM ******
  SQL> declare
  <block of code>
  SP2-0640: Not connected
  SQL> SQL>
  I am executing this process in loop for about 4 times and each time the test user is connected successfully in 1st and 4th run while in 2nd and 3rd run it throws privileges error? Any idea why this error is ocurring?

  SQL> create user test identified by test ;
  User created.
  SQL> grant connect, resource, create table, create view, alter session,create sequence, create session, create procedure to test;
  Grant succeeded.
  SQL> conn test/test ;
  Connected.
  SQL>

• Insufficient privileges using execute immediate in after logon trigger

  I have an after logon trigger that executes a package/procedure in the schema it was created in.
  One of the procedures runs the following:
  EXECUTE IMMEDIATE 'AUDIT INSERT TABLE, UPDATE TABLE, DELETE TABLE, EXECUTE PROCEDURE BY ' || USER;
  The procedure is throwing an insufficient privileges error when executing this.
  However - the schema owner has audit any and audit system privileges and - the statement works fine independently.
  When I login as another user this issue arises. The package/procedure are created with definers rights... So - i'm not sure why this is happenening.
  Any help is appreciated.

  privileges acquired via ROLE do NOT apply within named PL/SQL procedures.
  SQL> SET ROLE NONE
  SQL> --issue AUDIT again now                                                                                                                                                                                                                                                               

• You have insufficient privileges for the current operation-Getting error running OAF page in R12

  I have a custom OAF page in R11 which is working fine.
  Same page is giving below errors in R12.
  Any suggestions how to resolve this issue..please advice.
  [167]:STATEMENT:[fnd.framework.webui.OAPageSecurity]:MAC validation status = false   
  [167]:STATEMENT:[fnd.framework.webui.OAPageSecurity]:Request parameters validation status = false   
  [167]:ERROR:[fnd.framework.webui.OAPageSecurity]:You cannot run a page which is not SelfSecured when the MAC fails.   
  [169]:ERROR:[fnd.common.Message.auto_log]:FNDFND_INSUFF_PRIVILEGES   
  [169]:ERROR:[fnd.framework.OAException]:You have insufficient privileges for the current operation. Please contact your System Administrator.   
  [170]:EVENT:[fnd.framework.webui.OAPageContextImpl]:OAF LOG: Event : Redirect Page, in: oracle.apps.fnd.framework.webui.OAPageContextImpl: OA.jsp?akRegionCode=FNDDIALOGPAGE&akRegionApplicationId=0&transactionid=817211813&oapc=10&oas=YyMjRI6buFwrYehD8b25iQ..&retainAM=Y&addBreadCrumb=S&OAMC=G   
  [170]:PROCEDURE:[fnd.profiles.Profiles]:getProfileOptionValue:  name=JTF_PF_MASTER_ENABLED; levelID=10001; levelValue=0; levelValueApplID=0   
  [170]:EVENT:[jtf.activity.CorePageObject]: PATBE START currentPageObject : PAT STATUS:false   
  [170]:EVENT:[jtf.activity.CorePageObject]: PATBE END currentPageObject : return factory.dummyProxyUser():   
  [322]:EXCEPTION:[fnd.framework.webui.OAPageBean]:java.lang.NullPointerException   
  Thanks in Advance
  Sridevi K

  Hi Sridevi,
  The custom page is a selfsecured page?
  ie, it will be accessed without login?
  What is the profile option fnd_debuging_level 's value set to.
  I Could see one your other thread
  Re: You have insufficient privileges for the current Operation error
  you mentioned that you did tried setting the profile options
  Framework Validation Level
  FND Function Validation LEvel
  FND Validation Level
  to none, still you are facing the issue,
  At what level you tried the profile options.
  Thanks,
  With regards,
  Kali.
  OSSi.    

• Insufficient privilege error when executing DBMS_ERRLOG through PLSQL

  Hi,
  I shall be grateful if any one of you give me the solution at the earliest.
  I have 2 schemas like A & B those are running on Oracle 10g rel2.
  As per my buz req' I need to create DML Error log table for 'A.T1' table in B schema using DBMS_ERRORLOG package.
  I have granted direct SELECT on A.T1 to B (...not through ROLE as it doesn't work in plsql)
  The problem is when i'm running the procedure,
  DBMS_ERRLOG.CREATE_ERROR_LOG('A.T1', 'err_T1', 'B');
  in SQL*Plus of B schema, it's creating the error log table successfully.
  But the same will get failed when i run this error log procedure with in a procedure owned by B schema.
  It throws 'ORA-01031: insufficient privileges'...
  I hope this is related to privilege issue which is working fine in SQL*Plus but NOT in PLSQL stored procedure.
  Awaiting your earliest reply.
  Thanks.
  - Ela

  Hi,
  It's not an issue with direct privilege. Actually the package is working when i execute it with in a ananymous block, but the same get fails when execute it through procedures...
  Even we have given COMMENT ANY TABLE priv to the schema and that too didn't work out.
  awaiting your reply.
  -Saravanan

• Execute immediate on DBMS_METADATA.GET_DDL with error of ORA-01031: insufficient privileges

  I want to mirror a schema to a existing schema by creating DDL and recreate on the other schema with same name.
  I wrote the code below:
  create or replace
  PROCEDURE                                    SCHEMA_A."MAI__DWHMIRROR"
  AS
  v_sqlstatement CLOB:='bos';
  str varchar2(3999);
  BEGIN
    select
      replace(
        replace(replace(
        replace(DBMS_METADATA.GET_DDL('TABLE','XXXX','SCHEMA_A'),'(CLOB)',''),';','')
      ,'SCHEMA_A'
      ,'SCHEMA_B'
    into v_sqlstatement
    from dual;
    select  CAST(v_sqlstatement AS VARCHAR2(3999)) into str from dual;
    execute immediate ''||str;
  END;
  And Executing this block with below code:
  set serveroutput on
  begin
  SCHEMA_A.MAI__DWHMIRROR;
  end;
  But still getting the following error code:
  Error report:
  ORA-01031: insufficient privileges
  ORA-06512: at "SCHEMA_A.MAI__DWHMIRROR", line 47
  ORA-06512: at line 2
  01031. 00000 -  "insufficient privileges"
  *Cause:    An attempt was made to change the current username or password
             without the appropriate privilege. This error also occurs if
             attempting to install a database without the necessary operating
             system privileges.
             When Trusted Oracle is configure in DBMS MAC, this error may occur
             if the user was granted the necessary privilege at a higher label
             than the current login.
  *Action:   Ask the database administrator to perform the operation or grant
             the required privileges.
             For Trusted Oracle users getting this error although granted the
             the appropriate privilege at a higher label, ask the database
             administrator to regrant the privilege at the appropriate label.

  user5199319 wrote:
  USER has DBA Role
  when all  else fails Read The Fine Manual
  DBMS_METADATA

• Loadjava "Insufficient privileges" problem

  I am attempting to use loadjava (8.1.7) to load some classes into another schema. It works fine, until I add the -grant option. Then, I get an "insufficient privileges" error. The target schema owner has the RESOURCE role, and I've granted EXECUTE ANY TYPE, EXECUTE ANY PROCEDURE, CREATE ANY TYPE, CREATE ANY PROCEDURE, etc., with and without the WITH ADMIN OPTION suffix, directly to both the creating account and the schema owner, all to no avail.
  Any ideas would be appreciated.

  Insufficient privileges is a rather generic problem. In this case in may be referring to java privileges. I suggest you read up on DBMS_JAVA.GRANT_PERMISSION and see what privileges are necessary to run your JSP.
  Cheers, APC

• ORA-01031: insufficient privileges problem

  Hi all,
  I am trying to create the below procedure in the BOLMIN schema which in turn selects data from the tables of VALMIN schema. and I get ORA-01031: insufficient privileges error.
  CREATE OR REPLACE PROCEDURE BOLMIN.prcs_load_data
  IS
  BEGIN
  FOR c
  IN (SELECT DISTINCT AL4.GOAL_TEXT,
  AL5.RESPONSE_TEXT,
  AL7.SAMPLE_ID,
  AL7.ACADEMY_NAME,
  AL8.NAME
  FROM VALMIN.USER_PROFILE AL3,
  VALMIN.STUDENT_GOALS AL4,
  VALMIN.STUDENT_QUESTION_DETAILS AL5,
  VALMIN.STUDENT_QUESTION_RESPONSE AL6,
  VALMIN.SAMPLE AL7,
  VALMIN.NAME AL8
  WHERE ( AL3.GOAL_ID = AL4.GOAL_ID(+)
  AND AL3.USER_ID = AL6.USER_ID(+)
  AND AL6.QUESTION_TYPE_SUB_ID = AL5.QUESTION_TYPE_SUB_ID(+)
  AND AL7.NAME_ID = AL8.NAME_ID(+)))
  LOOP
  NULL;
  END LOOP;
  END;
  I checked the grants of each of the VALMIN schema tables involved in the associated sql query & they all have SELECT grant (to BOLMIN schema). Also, the SQL query itself, when executed in BOLMIN schema runs perfectly fine. The problem is occurring only when I enclose the query in a procedure. Isn't that weird? or am I missing something here? Any help regarding this issue is appreciated. Thanks.
  The BOLMIN schema as CREATE PROCEDURE privilege as I have already created other procedures for other purposes.
  Thanks,
  Sirisha
  Edited by: siri_me on Oct 2, 2010 9:23 AM

  siri_me wrote:
  All Roles are disabled in PL/SQL and explicit privileges are needed right from creating procedures to the accessing the underlying tables.WRONG. Roles are disabled in definer rights stored objects - stored procedures, functions, packages triggers. Stored procedures, functions, packages with authid current user and anonymous PL/SQL block honor roles.
  SY.

• Insufficient privileges in my own schema?

  Can anyone tell me why the anonymous block works and the procedure does not? Thanks in advance.
  SQL>
  SQL> declare
  2 lv_DDL_stmt varchar2(1000);
  3 BEGIN
  4 lv_DDL_stmt := 'create table my_table as select * from dual';
  5 EXECUTE IMMEDIATE lv_DDL_stmt;
  6 lv_DDL_stmt := 'drop table my_table';
  7 EXECUTE IMMEDIATE lv_DDL_stmt;
  8 end;
  9 /
  PL/SQL procedure successfully completed.
  SQL>
  SQL> CREATE OR REPLACE PROCEDURE Pr_my_table IS
  2
  3 e_no_such_table EXCEPTION;
  4 PRAGMA EXCEPTION_INIT (e_no_such_table, -942);
  5 lv_DDL_stmt varchar2(1000);
  6
  7 BEGIN
  8
  9 lv_DDL_stmt := 'create table my_table as select * from dual';
  10 EXECUTE IMMEDIATE lv_DDL_stmt;
  11
  12 lv_DDL_stmt := 'drop table my_table';
  13 EXECUTE IMMEDIATE lv_DDL_stmt;
  14
  15 EXCEPTION
  16 When e_no_such_table Then
  17 dbms_output.put_line('No such table defined. DDL statement = '|| lv_DDL_stmt );
  18 When Others Then
  19 Raise;
  20
  21 END Pr_my_table;
  22 /
  Procedure created.
  SQL> exec Pr_my_table;
  BEGIN Pr_my_table; END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "DBA_WEB.PR_MY_TABLE", line 19
  ORA-06512: at line 1
  SQL>

  user12068504 wrote:
  Thanks for the input everyone. It turns out that create table was granted via a role and not explicitly....not really surprising, considering the responses you got :)