Missing SYSDBA & SYSOPER System Privileges in EM checkbox lists
I created a brand new user called USER1.
When edit the USER1 using Eneterprise Manager, System Privileges, both the SYSDBA and SYSOPER are missing from the system privileges check box listing.
Why it is like that?
I am using Oracle 10g R2 and HPUX.
Thank you,
Smith
It seems that the user you have used to login to EM doesn't have permissions to grant sysdba, sysoper privileges, please connect to em AS sysdba
Oded
[www.dbsnaps.com]
[www.orbiumsoftware.com]
Similar Messages
-
Upon database creation, user SYS is created with the SYSDBA system privilege and user SYSTEM is created with the SYSOPER system privilege. It is possible to grant the privilege to other users as long as you are logged in as SYS AS SYSDBA. The problem is that before my arrival to my company someone went in and revoked the SYSDBA privilege from SYS and the SYSOPER privilege from SYSTEM. No user within the database holds these privileges anymore. Is it possible to regain the SYSDBA & SYSOPER privilege for SYS without having to recreate the database??? The SYSDBA privilege is not even possible to grant to SYS since I obviously have to log in as SYS AS SYSDBA but can't since the privilege was revoked. Any ideas???
Michael, lets start from scratch here b/c some of your assumption are off. SYS and SYSTEM are not granted SYSDBA or SYSOPER by default.
You can "connect internal" which gives you SYSDBA privs. Set up a password file using the "orapwd" executable and in the init.ora file set remote_login_passwordfile = exclusive. When you connect you will become SYS in the database and have the SYSDBA privilege.
Or simple connect to the operating system with a unix user that is in the group designated as "OSDBA" - the name of the UNIX group is probably "dba". Then you can "connect internal" or "connect / as sysdba". When you connect you will become SYS in the database and have the SYSDBA privilege.
HTH,
Aaron Newman
Database Security Consultant -
Create a new user for oracle 10G ASM instance with sysdba system privilege
Hi,
In our Golden Gate Project, we require the SYS user credential to connect to the Oracle 10g ASM instance to read the database transaction logs.But our client is not providing the SYS user credential to connnect to ASM instance.
I'm getting the error message "ORA-01109: database not open",When I tried to create a new user using the below the steps in oracle 10g ASM instance
1. Login using "sqlplus / as sysdba"
2. Create user <username> identified by <password>;
But in oracle 11g ASM instance, I'm able to create new user by connecting the ASM instance with SYSASM role without issues.
Is there is any workaround to create a new user with sysdba system privilege in oracle 10g ASM instance?.
Thanks in advance .Hi,
Recreate the password file for the ASM instance as follows:
Unix:
orapwd file=<ORACLE_HOME>/dbs/PWD<SID> password=<sys_password>
Windows:
orapwd file=<ORACLE_HOME>/database/PWD<SID>.ora password=<sys_password>
Now sys password is reset, we are ready to use sys for ASM management. I decided to create another user ASMDBA as I tried above.
SQL> create user ASMDBA identified by test01;
User created.
SQL> grant SYSASM, SYSOPER to ASMDBA;
Grant succeeded.
SQL> select * from v$pwfile_users;
USERNAME SYSDBA SYSOPE SYSASM
SYS TRUE TRUE TRUE
ASMDBA FALSE TRUE TRUE
Please see this link : http://orachat.com/how-to-change-asm-sys-password-creating-sysasm-user-11g/
Thank you -
*Listing admin_option for System Privilege *
Hi All,
I have a use case where in i have to list the admin_option for all the system privileges.
Apart from two privileges listed below i could find this info from dba_sys_priv and dba_wm_sys_priv views.
SYSDBA
SYSOPER
We can find these privileges information from v$pwfile view which do not give any information abt admin_option.
Is there any way we can find out this inforamtion?
I executed following steps :
=================================
SQL> conn user2/password
Connected.
SQL>select user from dual;
USER
USER2
SQL> conn user2/password as sysdba
Connected.
SQL> select user from dual;
USER
SYS
SQL> conn user2/password
Connected.
SQL> grant sysdba to user1;
grant sysdba to user1
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn user2/password as sysdba
Connected.
SQL> run
1* grant sysdba to user1
Grant succeeded.
======================================
Here when 'user2' is connecting as sysdba, its becoming 'sys' and its 'sys' who is granting sysdba privilege to 'user1'.
So from this, can we say that its always 'sys' who can grant the sysdba privilege and admin_option for sys is always 'YES' where as for other users its always 'NO'
Is this same for 'sysoper' privilege, because initially, its only 'sys' who has both the privileges assigned?
If above is not true, is there any way to find this information?
I am in URGENT need of this information. Could anybody please help me on this?Just a correction...
From Oracle management Console, we can not change the admin_option assigned by default.
Even if we try to change, the following sql gets executed
REVOKE SYSDBA FROM USER2
GRANT SYSDBA TO USER2
So its ultimately With admin option always :)
That has solved my problem
Thanks all for your help..
--Mrunal -
Hi there
Can any body explain me, why SYS user should always connect to the database as SYSDBA/SYSOPER only?
Why he cannot login without as a SYSDBA/SYSOPER.
TIA
Aqueel.Though you should understand the implications of making this change. Here's the excerpt from the Oracle docs.
"O7_DICTIONARY_ACCESSIBILITY is intended for use when you migrate from Oracle7 to Oracle9i. It controls restrictions on SYSTEM privileges. If the parameter is set to true, access to objects in the SYS schema is allowed (Oracle7 behavior). The default setting of false ensures that system privileges that allow access to objects in "any schema" do not allow access to objects in SYS schema.
For example, if O7_DICTIONARY_ACCESSIBILITY = false, then the SELECT ANY TABLE privilege allows access to views or tables in any schema except the SYS schema (data dictionary tables cannot be accessed). The system privilege EXECUTE ANY PROCEDURE allows access on the procedures in any schema except the SYS schema.
If this parameter is set to false and you need to access objects in the SYS schema, then you must be granted explicit object privilege. Also, the following roles, which can be granted to the database administrator, also allow access to dictionary objects: SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, and DELETE_CATALOG_ROLE." -
Granting any privilege system privilege....in Ora10g
Hi,
In order to be given to a user -Info_bi let's name him - the grant to select any table from user Info , This user (Info) must be given the system privilege "any privilege".... So :
connect sys/....@.... as sysdba;
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as SYS
SQL> GRANT ANY PRIVILEGE TO "INFO";
GRANT ANY PRIVILEGE TO "INFO"
ORA-00990:Privilege is missing or invalidWhat error do i do...????
Many thanks...
SimThere is.......!!!!
Read at :
Oracle® Database SQL Reference
10g Release 2 (10.2)
Part Number B14200-02
The Prerequisites section of the grant command....
I pasted there an extract of it...
To grant a system privilege, you must either have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege. Greetings,
Sim -
What is the system privilege required to grant "Analytic Privilege" to a user
Hi SCN,
I have the user with following privileges:
SYSTEM Privileges: CATALOG READ,CREATE STRUCTURED PRIVILEGE,DATA ADMIN,STRUCTUREDPRIVILEGE ADMIN,USER ADMIN
PACKAGE Privileges: SECURITY
OBJECT Privileges: _SYS_BI,_SYS_BIC and REPOSITORY_TEST
Am able to create a AP, but not able to assign to a user. Checked different threads and documents, Am able to add with "SYSTEM" user but not with the generic user i have
I can't do tracing as it is disabled in the client system
Am i missing something here? Can someone help me please?
Regards,
Krishna TanguduThank you so much Raj.
I was expecting this kind of privilege under SYSTEM PRIVILEGE.
So other privileges which i mentioned are fine right?
Regards,
Krishna Tangudu -
Roles/System privileges/Object privileges
Oracle 10g. we created a role and assigned this role to the user. We also assigned some system privileges and Object privileges directly to the same user. Now the company's new policy is that the user's permissions have to be assigned only via role. system privileges and Object privileges cannot be assigned directly to the user. So I have to alter the role. The steps are:
1. grant system privileges and Object privileges to role. (this will be executed as a script)
These privileges were directly assigned to the user.
2. revoke all privileges which were directly assigned to the user.
Do I miss anything?
Please advise.
Thanks
S.Object privileges cannot be assigned directly to the user.Privileges acquired via ROLE do not apply within PL/SQL procedures.
You may face some coding challenges in the future due to this policy. -
Who may grant a system privilege?
I am asking this as the Oracle doc explains:
Only users who have been granted a specific system privilege with the ADMIN OPTION or users with the system privileges GRANT ANY PRIVILEGE or GRANT ANY OBJECT PRIVILEGE can grant or revoke system privileges to other users.
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96524/c24privs.htm#791
Im not clear on this: why does GRANT ANY OBJECT PRIVILEGE give you the ability to grant SYSTEM privs??
Thanks,
DAThis conflicts with the admin guide (http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96521/privs.htm#15326) which says: "To grant a system privilege, you must have been granted the system privilege with the ADMIN OPTION or have been granted the GRANT ANY PRIVILEGE system privilege."
It works as said in the admin guide.
SQL> create user test identified by test;
User created.
SQL> grant grant any object privilege to test;
Grant succeeded.
SQL> grant create session to test;
Grant succeeded.
SQL> conn test
Enter password:
Connected.
SQL> grant create any synonym to test2;
grant create any synonym to test2
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> conn sys as sysdba
Enter password:
Connected.
SQL> grant grant any privilege to test;
Grant succeeded.
SQL> conn test
Enter password:
Connected.
SQL> grant create any synonym to test2;
Grant succeeded.
Message was edited by:
Yas -
What is the sql command to view all the system privileges that are available. Thanks have been searching on the web with no luck.
found it system_privilege_map
Message was edited by:
user457357And just to show the difference between what the OP found and what Virag suggested:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select name from system_privilege_map
2 minus
3 select privilege from dba_sys_privs;
NAME
EXEMPT ACCESS POLICY
EXEMPT IDENTITY POLICY
SYSDBA
SYSOPER -
DEBUG CONNECT SESSION system privilege
Hi everyone. It's my first post to this forum so I'd like to say hello :)
I'm completely new to PL/SQL language. I'm using PL/SQL Developer and I want to make a simple testscript but when I launch it communicate appears
Debugging requires the DEBUG CONNECT SESSION system privilege
could You tell me how to set that? Greetings. P.in the xp:
start>run>cmd
in the cmd console:
1. set oracle_sid=<bobens_83-here_goes_your_db-name>
2. sqlplus /nolog
3. conn sys as sysdba
4. sqlplus may asks for password - if it does, bobens_83, supply the password that was chossen during the install process.
5. grant DEBUG CONNECT SESSION to =<bobens_83-here_goes_your_db-username>
6. exit sqlplus
7. exit cmd
in the xp:
try to debug using PL/SQL Developer.
Have fun,
Amiel Davis -
Hi
I've written a Java web service using WLW7.0.1. I now want to test it using SOAP
RPC from a Java client. Having written the client, I get a "org.xml.sax.SAXParseException:
Missing whitespace before SYSTEM literal URI" exception when I run it.
Has anyone else come across this exception, or am I missing something glaringly
obvious?!!!
Thanks
TimHi Tim,
Could you post the entire traceback?
Also, you might try the verify utility against the WSDL just as a check:
http://webservice.bea.com/wsdlVerify.zip
You are using clientgen to build the client?
HTHs,
Bruce
Tim Dickson wrote:
>
Hi
I've written a Java web service using WLW7.0.1. I now want to test it using SOAP
RPC from a Java client. Having written the client, I get a "org.xml.sax.SAXParseException:
Missing whitespace before SYSTEM literal URI" exception when I run it.
Has anyone else come across this exception, or am I missing something glaringly
obvious?!!!
Thanks
Tim -
ALLOW A USER TO KILL A SESSION WITHOUT ALTER SYSTEM PRIVILEGE.
Hi
I need a user to have permission to kill a session without having the ALTER SYSTEM privilege. I created a procedure on sys schema and granted the EXECUTE privilege to the user but it doesn't work, how can I do, help please.
CREATE OR REPLACE PROCEDURE SYS.PRC_SESSION_KILLER (P_SID IN NUMBER, P_SERIAL IN NUMBER)
AS
BEGIN
EXECUTE IMMEDIATE 'GRANT ALTER SYSTEM TO SYSADMIN';
EXECUTE IMMEDIATE 'ALTER SYSTEM KILL SESSION ''' || P_SID || ',' || P_SERIAL || ''' IMMEDIATE';
EXECUTE IMMEDIATE 'REVOKE ALTER SYSTEM FROM SYSADMIN';
END;
Thank you very much.Hi,
I second everything John said.
Are you sure the arguments are correct?
Below is the procedure I use. You may want to run it, just to see what the error is.
PROCEDURE kill_internal
s_id IN NUMBER,
serial_num IN NUMBER,
stat_out OUT VARCHAR2
IS
alter_handle INTEGER;
ex_val INTEGER; -- Returned by dbms_sql.execute
BEGIN
alter_handle := dbms_sql.open_cursor;
dbms_sql.parse
alter_handle,
'ALTER SYSTEM KILL SESSION ''' ||
TO_CHAR (s_id, '999990') ||
', ' ||
TO_CHAR (serial_num, '999990') ||
dbms_sql.native
ex_val := dbms_sql.execute (alter_handle);
dbms_sql.close_cursor (alter_handle);
stat_out := 'Success: ' ||
TO_CHAR (s_id, '999990') ||
', ' ||
TO_CHAR (serial_num, '999990');
EXCEPTION
WHEN OTHERS
THEN
stat_out := 'Failure:' ||
SQLERRM;
-- dbms_output.put_line (stat_out);
dbms_sql.close_cursor (alter_handle);
END kill_internal
; -
Message Text in a Message Class is missing in Production System
Hi,
I am facing a peculiar error, in Message Class, the messages which I created was missing all of sudden in Prod system which was present earlier.
The same messages are available in Dev and QA system.
Even I checked all the transports whether I have deleted unknowingly and moved to Prod, but I didn't.
Whether Is it possible to delete the messages in Prod system directly and Is there any way to find how the messages got missed in Prod system. Kindly share your valuable inputs.
Regards,
Karthikeyan.Hi Karthikeyan,
If the SAP systems are upgraded recently this case may occur. Sometimes during the enhancement patch upgrade some objects get vanishes from systems.
So you can take help of the BASIS team, Inform them this object was present earlier.
They will take a look and will resolve it.
Cheers,
Pravin -
System.privilege.admin problem
Good afternoon. Please excuse if this has already been asked and answered, but after searching for a few days I still haven't found a fix for this:
After I had to wipe the hard drive on my G5 (don't ask), I reinstalled the OS from the DVD and then used the setup assistant to migrate all my files from my (mirrored) MacBook Pro. Now the application that runs my wireless broadband modem starts up, recognizes the modem, which is getting reception and shows up on Sprint's network (their tech support confirms), but *asks for my admin password, noting that it's necessary for "system.privilege.admin"* I give the (confirmed) password. At that point I get the spinning beach ball for a few seconds, then nothing at all happens. It doesn't freeze, mind you. It just goes back to idle. The same modem works fine with the same software on my laptop.
*How do I fix my "system.privilege.admin"?*
I had to reauthorize my Adobe Creative Suite, too, incidentally, but that took immediately.
Here's what I've already tried:
--Repair permissions
--Un- and reinstall the software
--delete plists associated with Sprint's SmartView software
--create a new user account with admin privileges (beyond my main account that has admin privileges, too, of course)
--confirmed firewall settings as "allow all incoming connections"
None of these had any effect on the problem.
Thank you for your time. I hope you can help.Ah! Very interesting! I hadn't thought to circumvent the provided application entirely. -- Well, look at that! That did the trick! Thank you, Sig.
Here is the configuration for future reference:
Configuration: Default
Telephone Number: #777
Account name: (field left blank)
Password: (field left blank)
Advanced > Modem Tab:
Vendor: Other
Model: EVDO Support
Enable error correction and compression in modem (checked)
Dial Mode: Ignore dial tone when dialing
Dialing: Tone
Sound: Off
The rest of the settings I left alone.
I'm still curious how to address the system.privilege.admin issue, but my actual problem is solved. Thank you for your help! I appreciate it.
Maybe you are looking for
-
I concluded that with buying an Apple ipad2, I made the worst investment. Unfortunately, I realized that the philosophy that you build the software for these devices is to extort money from clients without providing them the right to choice. Specif
-
Performance of mapping with FILTER
LS, How to tackle performance of OWB 10g-generated mappings in Oracle10g? Database: 10.1.0.2.0 OWB repos: 10.1.0.1 OWB client: 10.1.0.2 Situatie: A StorageArea (1) with data of more than 1 day, each row has a column filled with a date, to which this
-
Sort and compress transport!
Hi SDN, What is sort and compress of a transport!!
-
I have tried the following, and no luck. - Uninstalling iTunes and Apple Mobile Device, then reinstalling them after reboot. - Plugging into different USB ports, and blowing dust out of them. - Rebooting iPhone multiple times. - Clicking "Restore" in
-
Advice on in-place reinstall of ZAM7.5
* Environment * Windows 2003 SP2 Release 2 Zenworks Asset Management 7.50.0043 IR18 PRU 01/07/2009 All ZAM conponents run on the same server The ZAM SQL DB resides on a separate SQL2005 server * Problem * A few weeks ago, access to the ZAM Management