Insufficient privileges on an ORA_DBA account

Similar Messages

• "Insufficient privileges"-error when starting database when on network

  Hi
  I have an Oracle 9.2.0.5 database installed on my laptop (Windows 2000 Prof), but I have a small problem.
  When I'm plugged in to the company's network, I can start the database normally.
  However, when I'm not connected to the company network, i.e. only logged in locally on my laptop, then I get an ORA-01031 Insufficient Privileges error when I start the database. Therefor, I can't do anything.
  When I'm plugged into the company network, start the database, and then unplug my laptop, I can still connect to the database. So I guess it checks some userrights only when it starts the database.
  I checked the user account settings, and my user is a local administrator, and is in the ORA_DBA usergroup.
  Does someone know which setting I have to change?

  You can install MS Loopback Adapter on your system and assign an IP Address to the loopback adapter. You should then be able to work even when not connected to the network.
  Mudassar Choudhry.

• ORA-01031: insufficient privileges in PL/SQL but not in SQL

  I have problem with following situation.
  I switched current schema to another one "ban", and selected 4 rows from "ed"
  alter session set current_schema=ban;
  SELECT * FROM ed.PS WHERE ROWNUM < 5;
  the output is OK, and I get 4 rows like
  ID_S ID_Z
  1000152 1
  1000153 1
  1000154 1
  1000155 1
  but following procedure is compiled with warning
  create or replace
  procedure proc1
  as
  rowcnt int;
  begin
  select count(*) into rowcnt from ed.PS where rownum < 5;
  end;
  "Create procedure, executed in 0.031 sec."
  5,29,PL/SQL: ORA-01031: insufficient privileges
  5,2,PL/SQL: SQL Statement ignored
  ,,Total execution time 0.047 sec.
  Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
  Thanks.
  Message was edited by:
  MattSk

  Privs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
  Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
  <quote>
  What happens when we compile a Definer rights procedure
  When we compile the procedure into the database, a couple of things happen with regards to
  privileges.  We will list them here briefly and then go into more detail:
  q    All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
  are verified for existence. Names are resolved via the standard scoping rules as they apply to the
  definer of the procedure.
  q    All of the objects it accesses are verified to ensure that the required access mode will be
  available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
  has the ability to UPDATE T without use of any ROLES.
  q    A dependency between this procedure and the referenced objects is setup and maintained. If
  this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
  If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
  resolve T into a fully qualified referenced.  T is an ambiguous name in the database - there may be
  many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
  synonyms will be resolved to their base objects and the schema name will be associated with the
  object as well. It does this name resolution using the rules for the currently logged in user (the
  definer). That is, it will look for an object owned by this user called T and use that first (this
  includes private synonyms), then it will look at public synonyms and try to find T and so on.
  Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
  attempting to access T is permitted.   In this case, if we as the definer of the procedure either
  owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
  procedure will compile.  If we do not have access to an object called T by a direct grant - the
  procedure P will fail compilation.  So, when the object (the stored procedure that references T) is
  compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
  the procedure, store the binary code for the procedure and set up a dependency between this
  procedure and this object T.  This dependency is used to invalidate the procedure later - in the
  event something happens to T that necessitates the stored procedures recompilation.  For example,
  if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
  mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
  we ALTER T ADD  some column, Oracle can invalidate all of the dependent procedures. This will cause
  them to be recompiled automatically upon their next execution.
  What is interesting to note is not only what is stored but what is not stored when we compile the
  object. Oracle does not store the exact privilege that was used to get access to T. We only know
  that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
  to:
  q    A grant given to the definer of the procedure (grant select on T to user)
  q    A grant to public on T (grant select on T to public)
  q    The user having the SELECT ANY TABLE privilege
  The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
  cause the procedure P to become invalid. If all three privileges were in place when the procedure
  was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
  before it is executed again. Since all three privileges were in place when we created the procedure
  - it will compile successfully (until we revoke all three that is). This recompilation will happen
  automatically the next time that the procedure is executed.
  Now that the procedure is compiled into the database and the dependencies are all setup, we can
  execute the procedure and be assured that it knows what T is and that T is accessible. If something
  happens to either the table T or to the set of base privileges available to the definer of this
  procedure that might affect our ability to access T -- our procedure will become invalid and will
  need to be recompiled.
  This leads into why ROLES are not enabled during the compilation and execution of a stored
  procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
  only that you are. Any change to your privileges that might cause access to T to go away will cause
  the procedure to become invalid and necessitate its recompilation. Without roles - that means only
  'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
  roles - it greatly expands the number of times we would invalidate this procedure. If some role
  that was granted to some role that was granted to this user was modified, this procedure might go
  invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
  fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
  that roles did give us privileges in stored objects. Now, most any time anything was revoked from
  ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
  -- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
  and suddenly your entire database must be recompiled! Consider the impact of revoking some system
  privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
  it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
  PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
  procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
  in the database would constantly become invalid due to small changes in permissions. Since one of
  the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
  for performance.
  Also consider that roles may be
  q    Non-default: If I have a non-default role and I enable it and I compile a procedure that
  relies on those privileges, when I log out I no longer have that role -- should my procedure become
  invalid -- why? Why not? I could easily argue both sides.
  q    Password Protected: if someone changes the password on a ROLE, should everything that might
  need that role be recompiled?  I might be granted that role but not knowing the new password - I
  can no longer enable it. Should the privileges still be available?  Why or Why not?  Again, arguing
  either side of this is easy. There are cases for and against each.
  The bottom line with respect to roles in procedures with Definer rights are:
  q    You have thousands or tens of thousands of end users. They don't create stored objects (they
  should not). We need roles to manage these people. Roles are designed for these people (end users).
  q    You have far fewer application schema's (things that hold stored objects). For these we want
  to be explicit as to exactly what privileges we need and why. In security terms this is called the
  concept of 'least privileges', you want to specifically say what privilege you need and why you
  need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
  to be explicit since the number of development schemas is SMALL (but the number of end users is
  large)...
  q    Having the direct relationship between the definer and the procedure makes for a much more
  efficient database. We recompile objects only when we need to, not when we might need to. It is a
  large efficiency enhancement.
  </quote>

• 8.1.6 install fails with Error 1321 Installer has insufficient privileges -

  Adobe Reader “Check for Updates” identifies “Adobe Reader 8.1.6 (CPSID_49167)” as “Available”.
  Installation fails with “Error 1321.The Installer has insufficient privileges to modify the file C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.api.”
  Reboot tries to complete install adding unwanted desktop icon, but CPSID_49167 still shows as “Available” and MSI29706>LOG(s) show above error.
  XP SP3 Home, IE7, Adobe Reader 8.1.5

  Thanx kashifMohd,
  Downloaded the fix, vetted it, and before creating a new Administrator account used the following recipe with success:
  1. Ran downloaded fix with usual Admin Account and got the “Error 1321 for Search.api.” as before, but now there is a pop-up asking "Retry" or "Cancel" that did not appear when using "Get Updates" function from running Adobe Reader. Replied "Cancel".
  2. Rebooted, and disabled Kaspersky Anti-Virus.
  3. Again ran downloaded fix with usual Admin Account and got Error 1321 for different file: "C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins3d\3difr.x3d" with pop-up asking "Retry" or "Cancel".
  4. Clicked "Retry" this time and installation completed successfully.
  Thanx again.

• Oracle does not start automatically ORA-01031: insufficient privileges

  Hi,
  OS WS2008R2.
  ORACLE 11gR2.
  Oracle Instance does not start with oracle services but if i stop and restart the services it comes up clean.
  Moreover if i change service ownership to Domain\Administrator it again works well.
  Checked registery and all ok. No error in alert.log. Only clue found in Oradim.log.
  ORADIM.LOG....
  C:\Oracle\Ora11g\bin\oradim.exe -startup -sid ptdb -usrpwd * -log oradim.log -nocheck 0
  Thu Nov 15 15:16:15 2012
  ORA-01031: insufficient privileges
  Please help
  Thanks

  1- startup type- Auto
  2- Group to user- ORA_DBA
  3 - you can check log on tab in the service properties and set the username and password who responsible about this services
  As i already stated 3 works. but i want it to work under Local System and not under any user.
  Thanks

• Insufficient privileges when creating user logged in as SYS

  Hi,
  I'm working on 11.1.0.6.0 Enterprise Edition, Advanced Security options, Label Security a and Database Vault installed. (for testing purposes)
  I'm creating a new user being logged as SYS using this sentence:
  CREATE USER "HR_DIRECTOR" PROFILE "DEFAULT" IDENTIFIED BY "*******" DEFAULT TABLESPACE "USERS" TEMPORARY TABLESPACE "TEMP" ACCOUNT UNLOCK;
  However, the command fails with the message "Failed to commit: ORA-01031: insufficient privileges . You do not have enough privileges to perform this operation. You must have the appropriate system and object privileges to create, edit, or drop database objects or objects outside of your schema."
  Please note that I'm working on a fresh DB install and I have also installed Database Vault in this instance for testing purposes, but still haven't configured any realm or command rules on it.
  Is it possible Vault is the reason why I am not able to create a new user?
  Thanks and Regards,
  Leandro

  Hi, It seems I've found it.
  After you install Database Vault and associate it with your SID, SYS user is revoked the CREATE USER system privilege.
  Only a user with the DV_ACCTMGR role may create, alter or drop a user. This is done in order to separate responsabilities in your database. A SYS user cannot grant himself this role or the DV_OWNER role.
  (If interested, check page 10-4 from http://www.oracle.com/pls/db111/to_toc?pathname=server.111/b31222/toc.htm)
  Regards,
  Leandro

• Insufficient privilege: Not authorized at ptime/query/checker/query_check.cc on hdbsequence

  Hi All,
  I am currently trying to create a table (TOPIC) and a sequence (SEQ_TOPIC_ID) in HCP, and a XSJS service on top of it to insert a entry to the table.
  In my XS project, I placed a TOPIC.hdbtable and SEQ_TOPIC_ID.hdbsequence in it. Both table and sequence are generated correctly in my trial account schema in the hana db.
  Then,in order to grant the access to the table and sequence , I also placed a file model_access.hdbrole in the project folder.
  The content looks like follow:
  role i065831trial.bubuwork.TopicCenter::model_access {
      application privilege: i065831trial.bubuwork.TopicCenter::Basic;
      sql object i065831trial.bubuwork.TopicCenter::TOPIC : SELECT,INSERT;
      sql object i065831trial.bubuwork.TopicCenter::SEQ_TOPIC_ID : SELECT, DROP;
  The issue is, when I call the XSJS service from the web url, I will facing below error:
  Error while executing query: [dberror(Connection.prepareStatement): 258 - insufficient privilege: Not authorized at ptime/query/checker/query_check.cc:2547]
  the role has been granted to my account, and I am able to insert to the table TOPIC without sequence with above role setting, but If I try to read the SEQ_TOPIC_ID, an insufficient privilege will shown up.
  My question is: Is following line correct to grant the privilege to a role for sequence ? It does not seem to work for sequence  !
  sql object i065831trial.bubuwork.TopicCenter::SEQ_TOPIC_ID : SELECT, DROP;
  Thanks very much!

  Thanks Thomas for your reply, firstly I tried to embed my sequence in the insert SQL, as the problem happened. I pulled out the sequence into a single query string, like blow:
  var select_topic_next_val = "select \"i065831trial.bubuwork.TopicCenter::SEQ_TOPIC_ID\".nextval as seqid from dummy";
  function close(closables) {
      var closable; 
      var i; 
      for (i = 0; i < closables.length; i++) { 
                closable = closables[i]; 
                if(closable) { 
                          closable.close(); 
  function insertTopic(xargs){
      var connection = $.db.getConnection(); 
      var statement = null;
      var resultSet = null;
      try{
          //get next sequence id
          statement = connection.prepareStatement(select_topic_next_val);
          resultSet = statement.executeQuery();
          while(resultSet.next()){
              var seqId = resultSet.getString(1);
              break;
  //        statement = connection.prepareStatement(insert_topic_sql);
  //        statement.setString(1,seqId);
  //        statement.setString(2,xargs.owner);
  //        statement.setString(3,xargs.approver);
  //        statement.setString(4,xargs.name);
  //        statement.setString(5,xargs.status);
  //        statement.setString(6,xargs.description);
  //        //statement.setTimestamp(6,xargs.lastModify);
  //        statement.setTimestamp(7,null);
  //        statement.setDate(8,xargs.begda);
  //        statement.setDate(9,xargs.endda);
  //        statement.setString(10,xargs.keyword);
  //        statement.executeUpdate();
      }finally { 
          close([resultSet, statement, connection]); 

• Loadjava "Insufficient privileges" problem

  I am attempting to use loadjava (8.1.7) to load some classes into another schema. It works fine, until I add the -grant option. Then, I get an "insufficient privileges" error. The target schema owner has the RESOURCE role, and I've granted EXECUTE ANY TYPE, EXECUTE ANY PROCEDURE, CREATE ANY TYPE, CREATE ANY PROCEDURE, etc., with and without the WITH ADMIN OPTION suffix, directly to both the creating account and the schema owner, all to no avail.
  Any ideas would be appreciated.

  Insufficient privileges is a rather generic problem. In this case in may be referring to java privileges. I suggest you read up on DBMS_JAVA.GRANT_PERMISSION and see what privileges are necessary to run your JSP.
  Cheers, APC

• Not able to Start the oracle db error "ORA-01031: insufficient privileges"

  Hi experts,
  I have oracle 11g setup on so solaris. i changed the db_cache_size
  & processes values and stopped the DB services after that i am not able to start the oracle DB. Listener is running.
  when i start the db server its giving the below error(startup.log)
  ./dbstart: Starting up database "orcl"
  Mon Sep 27 04:31:08 MDT 2010
  SQL*Plus: Release 11.1.0.7.0 - Production on Mon Sep 27 04:31:08 2010
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  SQL> ERROR:
  ORA-01031: insufficient privileges
  SQL> ORA-01031: insufficient privileges
  SQL>
  ./dbstart: Database instance "orcl" warm started.
  Please help me to ressolve this issue.
  Thanks
  Krishna

  yes, password file is there in /etc/passwd
  here are the contents:
  root:x:0:0:Super-User:/:/sbin/sh
  lroot:x:0:0:Super-User:/:/sbin/sh
  daemon:x:1:1::/:
  bin:x:2:2::/usr/bin:/bin/false
  sys:x:3:3::/:
  adm:x:4:4:Admin:/var/adm:/bin/false
  lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/false
  uucp:x:5:5:uucp Admin:/usr/lib/uucp:/bin/false
  nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
  listen:x:37:4:Network Admin:/usr/net/nls:/bin/false
  nobody:x:60001:60001:Nobody:/:/bin/false
  noaccess:x:60002:60002:No Access User:/:/bin/false
  nobody4:x:65534:65534:SunOS 4.x Nobody:/:/bin/false
  itunix:x:50000:14:IT Unix Account:/export/home/itunix:/bin/csh
  hharika:x:765:38:Harpal Harika:/export/home/hharika:/bin/csh
  prsingh:x:795:38:Pradeep Singh:/export/home/prsingh:/bin/csh
  mmir:x:1229:21:Mir Monis Ali:/export/home/mmir:/bin/csh
  bogunnai:x:1207:21:Bose Ogunnaike:/export/home/bogunnai:/bin/ksh
  mpokala:x:2117:21:Mahesh Pokala:/export/home/mpokala:/bin/ksh
  apopov:x:2385:38:Anton Popov:/export/home/apopov:/bin/csh
  kkeith:x:2629:227:Kevin Keith:/home/kkeith:/usr/bin/ksh
  sshd:x:22:22:SSH Privsep:/var/empty:/bin/false
  patrol:x:2784:10:Patrol User:/opt/bmc:/usr/bin/ksh
  smmsp:x:25:25:Sendmail Submission user:/none:/bin/false
  ldap:x:50001:1002::/export/home/ldap:/bin/sh
  perfuser:x:884:268::/export/home/perfuser:/bin/csh
  webservd:x:80:80::/home/webservd:/bin/pfsh
  oracle:x:156:40:Oracle Software Owner:/export/home/oracle:/bin/bash
  perfuser_idc:x:64383:1::/home/perfuser_idc:/bin/sh
  idc_perf:x:64384:292::/home/idc_perf:/bin/sh

• ORA-01031: insufficient privileges when running adgrants_nt PATCH 6510214

  Hi all,
  I need to clone an Oracle Applications R12 from production to development, so for that I am using Metalink document ID 406982.1 (C;loning Oracle Applications Release 12 with Rapid Clone).
  In the document, the step 3 is to "Apply the latest AD patch" and the things get hotter here, since when trying to apply the patch, the pre req is to run the script adgrants_nt.sql, it returns an error (ORA-01031: insufficient privileges) and aborts.
  After some searching in google and metalink and OTN forums, the solution was to create an ora_dba group and add the user to that group and set sqlnet.ora to use NTS. I did all that and the error does not go away.
  so, what can I do to complete the clone process?
  thank you very much,
  Hassane Cabir

  hi Hassane;
  I need to clone an Oracle Applications R12 from production to development, so for that I am using Metalink document ID 406982.1 (C;loning Oracle Applications Release 12 with Rapid Clone).If your release 12.0.6 then i belive you can pass AD patch part
  In the document, the step 3 is to "Apply the latest AD patch" and the things get hotter here, since when trying to apply the patch, the pre req is to run the script adgrants_nt.sql, it returns an error (ORA-01031: insufficient privileges) and aborts.You try to apply this patch your production, so then be sure patch folder has r/w permisson to your application user(for instance applmgr) then try again please
  After some searching in google and metalink and OTN forums, the solution was to create an ora_dba group and add the user to that group and set sqlnet.ora to use NTS. I did all that and the error does not go away.You dont need to create one other group,issue is:
  su - applmgr(your apps user)
  id
  uid=1002(oracle) gid=1010(dba)
  it gives you your user's group (for instance dba,install etc)
  then issue chown -R applmgr:dba /u01.......(your patch location)
  I suggest change your entery on sqlnet.ora file
  Regard
  Helios

• Insufficient privileges after creating new files

  I have a PowerBook G4 that I sometimes start-up off an external Firewire drive. The Internal HD is locked-down admin-wise as it's a company laptop but sometimes I need to run my own apps that aren't on the internal HD (i.e. Photo Rescue, Aperture, etc).
  When I work on/create a jpeg image while running Photoshop (start-up and PS running off the external FWHD) I save the image onto the PowerBook internal HD inside the Shared Folder.
  Later when I boot-up the laptop via the Internal HD I can open these jpeg files but cannot modify them due to Insufficient privileges. I have to make sure I run iRepair to set to privileges on that particular directory before I shutdown off the FW drive.
  Is there some way I can default the Leopard Start-Up on the external FW drive so that when I save a file to the internal HD the privileges are wide open? It's a pain to remember to fix the directories with iRepair before I shutdown. I have run Repair Permissions via the FW drive but that hasn't helped anything.

  Create a disk image in the Shared folder using rhe Disk Utility, select the mounted image in the Finder, choose to ignore permissions from the Get Info window under the File menu, and change the permissions on the image file so that all accounts can write to it. Save the JPEGs to the mounted image.
  (31781)

• Insufficient Privileges when calling package- Oracle9i

  Hello People,
  I've a Package PKGA owned by user A. PKGA contains a function returning boolean value. The Function performs dynamic SQL (using Execute Immediate) in order to Create user(Basically a User Admin package).
  User B has been granted Execute any Procedure privilege, Create User and Alter User privileges by the SYS user.
  When User B now tries to execute this package for eg: A.PKGA.create_user from a PLSQL block, there is a resultant 'Insufficient Privileges' error.
  User B however can create it's own identical package PKGB and execute this package to create user NewUsr, following that, User B grants execute any procedure and create session privilege to NewUsr. Furthermore NewUsr can now logon and execute PKGB without any trouble.
  What could possibly be the problem. Why is User B unable to execute PKGA? What other privilege does User B need?
  Cheers

  If UserA owns the package, and assuming that you are using the default of definer's rights, UserA needs to have CREATE USER and ALTER USER privileges. UserB does not need to have these privileges to call a procedure owned by UserA that creates and modifies a user.
  If I create a procedure in a highly privileged account that, for example, kills a session, I can grant normal users EXECUTE access on that procedure without granting them the underlying privileges necessary to kill a session.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Insufficient Privileges when executing DBMS_STREAMS_AUTH.grant_admin_privil

  Greetings Guru's
  When I execute dbms_streams_auth.grant_admin_privilege procedure as a user granted the DBA role. I get the following error stack.
  ORA-01031: insufficient privileges
  ORA-06512: at "SYS.DBMS_STREAMS_AUTH", line 1211
  ORA-06512: at line 2
  The command only seems to work when I execute it as the sys user. In my environment the sys user account will be locked out. Also, since you have to execute the commands on a remote database I can not do a connect as sysdba.
  What privileges do I need to grant to a DBA user to successfully execute the DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE procedure/package?
  Thanks in advance
  Derrick

  Hello
  This is supposed to be executed as SYS user itself. Oracle does not recommend to execute this as SYSTEM.
  Anyway I dont have a direct answer for this. Please try the following to find out more on this:
  connect / as sysdba
  create directory tmp_dir as '/tmp';
  --i assume strmadmin user exists already
  begin
  dbms_streams_auth.grant_admin_privilege
  grantee=>'strmadmin',
  grant_privileges=>false,
  file_name=>'strm_privs.sql',
  directory_name=>'tmp_dir'
  end;
  Now this will create a script called /tmp/strm_privs.sql. Please execute the individual statements of this as the system user to find out which statement fails when it executes.
  Hope this helps, let me know if you need more information on this.
  Thanks,
  Rijesh

• Insufficient privileges when connect to database as sysdba

  I installed a vision database along with Oracle R12 EBS. I need to connect to database as sysdba to unlock system account. but when I ran command sqlplus / as sysdba, I go this error "ORA-01031: insufficient privileges".
  I searched some answer in the internet, most answer says it requires the linux user to be in dba group. in my config.c file I have this definiation "#define SS_DBA_GRP "Oracle". So group 'Oracle" is my dba group. and I also checked my current user id (user name is Oracle too) and group , I got:
  [Oracle@linux admin]$id Oracle
  uid=500(Oracle) gid=500(Oracle) groups=500(Oracle)
  all above seems right to me. I also added authentication_services to sqlnet.ora like this : sqlnet. authentication_services=(all) . but I still got the same error. Can anyone tell me what is wrong?
  Or is there any other way to unlock system account?
  Edited by: user12100435 on Apr 15, 2013 7:53 PM

  user12100435 wrote:
  I installed a vision database along with Oracle R12 EBS. I need to connect to database as sysdba to unlock system account. but when I ran command sqlplus / as sysdba, I go this error "ORA-01031: insufficient privileges".
  I searched some answer in the internet, most answer says it requires the linux user to be in dba group. in my config.c file I have this definiation "#define SS_DBA_GRP "Oracle". So group 'Oracle" is my dba group. and I also checked my current user id (user name is Oracle too) and group , I got:
  [Oracle@linux admin]$id Oracle
  uid=500(Oracle) gid=500(Oracle) groups=500(Oracle)
  all above seems right to me. I also added authentication_services to sqlnet.ora like this : sqlnet. authentication_services=(all) . but I still got the same error. Can anyone tell me what is wrong?
  Or is there any other way to unlock system account?
  Edited by: user12100435 on Apr 15, 2013 7:53 PMyour OS user must be a member of the OS "dba" group

• Insufficient privileges when logging in as sysdba

  Oracle: 10.2.0.4
  Solaris
  I try to login as sysdba across the network
  sqlplus sys@MYDB as sysdba
  Password: blah
  ERROR:
  ORA-01031: insufficient privileges
  I have a password file. I ran the orawpd under $ORACLE_HOME/dbs
  Parameter
  remote_login_passwordfile string EXCLUSIVE
  I do NOT have a slqnet.ora file. I saw when I googled that some settings in here can be a problem.
  Not really sure. in the past this just works. All the common problems I see on message boards don't seem to apply to me.

  Guess2 wrote:
  Oracle: 10.2.0.4
  Solaris
  I try to login as sysdba across the network
  sqlplus sys@MYDB as sysdba
  Password: blah
  ERROR:
  ORA-01031: insufficient privileges
  I have a password file. I ran the orawpd under $ORACLE_HOME/dbs
  Parameter
  remote_login_passwordfile string EXCLUSIVE
  I do NOT have a slqnet.ora file. I saw when I googled that some settings in here can be a problem.
  Not really sure. in the past this just works. All the common problems I see on message boards don't seem to apply to me.Is your OS account a member of the os group "dba"?