Not a DBA group
Hi,
I am trying to create a cold database backp up In Oracle XE.
Everytime I hit backup database, it says that Im not a member of DBA. I successfully installed the Oracle Database 10g Express Edition. How can I solved this problem?
Please help.
Jocelyn
Hi,
If you run the database in NOARCHIVELOG mode, all you need is to:
1.Stop database
2.Copy 5 database files and control file from c:\oraclexe\oradata\xe directory.
3.Copy 2 log files from flash_recovery_area\XE\ONLINELOG
4.Copy SPFILE.ORA from dbs folder.
It is a temporary solution until you solve the problem and it is a cold backup too.
Konstantin
Similar Messages
-
LINUX:while Deleting OLD backup's got error that ORACLE is not in DBA group
Error
Error - The specified host user is not a member of the operating system DBA group. The host user must be a DBA group member since the database user does not have the SYSDBA role.
But. put users: system,oracle in OS /etc/group :
oracle:x:500:oracle,system
And both users have the DBA roleTo be able to OS authenticate login as sysdba, your OS user need to be in dba group which you choose when you do installation.
SYSDBA role is not same as DBA role -
Kerberos auth in Oracle, sys user and dba group
Hello.
I've set up kerbros auth in test oracle 10g r2 database on 64-bit linux according to Oracle® Database Advanced Security Administrator's Guide. I have the following issue: kerberos user can login to the test server (from this server) and normal database user can login to database server from other hosts. However, oracle system user, members of dba group and normal users can't longer login to this server from it. So, when oracle system user runs sqlplus "/as sysdba" , he gets ORA-12638: Credential retrieval failed.
sqlnet.ora looks the following way:
SQLNET.KERBEROS5_CC_NAME = /tmp/krb5cc
SQLNET.KERBEROS5_CONF_MIT=TRUE
SQLNET.AUTHENTICATION_SERVICES= (KERBEROS5)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.KERBEROS5_CONF = /etc/krb5.conf
SQLNET.KERBEROS5_REALMS = /etc/krb5.realms
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle
What should I do to enable login to this server for members of dba group and normal users from the database server?I've tried to set SQLNET.AUTHENTICATION_SERVICES to (BEQ,KERBEROS5), it works almost as expected, but I have strange effect: my os user is not in dba group, but can connect "/as sysdba"...
$ id -nG
domusers oinstall
$ sqlplus "/as sysdba"
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Mar 3 13:20:55 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> -
Changing the default DBA group
Hi guys,
For Oracle8i, 9i, and 10g, is it possible to change the DBA group once Oracle is installed? Let me give you an example:
I got Oracle 10g, with the DBA group 'oinstall'. Is it possible that i create a new OS group called 'DBAtest' and use this as the default DBA group so OS users members of this group can os-authenticate to oracle?
thanks,
jamesYes, on Unix platforms I think it is possible to change the OSDBA group (the group used to authenticate SYSDBA connection).
Not sure if there are any consequences afterwards, if you did not separate the Oracle software owner OraInventory group, usually 'oinstall', from OSDBA/OPER groups. Could be a good idead to work that out before implementing any changes! -
Hi Friends,
I want to install two (2) Oracle 10g DBs in my linux server. I want different dba groups for each so that the dba on one database will not be able to touch the other's database.
In my first DB the owner is > oraprod and group> dba
In my 2nd DB the owner is> oratest and group> dba2
My quiestion is, can the user oratest/dba2 be able to connect "/ as sysdba" and starup/shutdown oracle? What is the special tag thats makes a certain owner/group be able to connect as "sysdba". I just felt it is a reserved word granted by default to "dba" by oracle.
ThanksSuggestions: (with a little humor)
1) switch to Solaris and you can use zones isolating the dbas
2) create user accounts in your separate databases and grant sysdba or sysoper privileges accordingly -- this is actually the way Oracle intended this to be for these types of situations.
3) fire one of your dbas and give a big raise to the other one.
4) trust your dbas - doesn't everyone trust their dbas? -
Grid user in dba group ?
Hey,
according to the best practise paper, the grid user should not be part of the dba user group.
While running cluvy, this fixupscript will put the user grid into this group.
Is it neccessary to put the grid user into the dba group or can I ignore this message ?
CHristianChristian wrote:
Hey,
according to the best practise paper, the grid user should not be part of the dba user group.
While running cluvy, this fixupscript will put the user grid into this group.
Is it neccessary to put the grid user into the dba group or can I ignore this message ?
CHristianHi, GRID user can be part of DBA group there is no problem, this is designed if grid user is supposed to have access to db's which would be running on RAC system.
See
http://docs.oracle.com/cd/E11882_01/install.112/e22489/prelinux.htm#BABBIDCF -
I am not sure if I am in the right discussion board or not but here it goes. At our company they want each of the DBAs to lead various initiatives to improve the way we get things done on a day to day basis. They are always looking to us for new ideas to save money or standardize more or use the newest oracle technology. I thought it would be a good idea to start a thread to see what other DBA groups have done to improve their quality. It could be very simple things to not so simple. At our work we have done things like
standardize the setup on all unix servers by using the same profiles and variables.
create deployment scripts to create the Oracle Homes and New Database - sets up auditing and locks certain users automatically
using BMC to monitor processes on servers
created scripts to monito the alert logs
I am looking for ideas from others. I was thinking of something with the 10g scheduler or consumer groups. If anyone has done something like this and would like to share let me know. Thanks
Edited by: user579934 on Jan 27, 2009 5:14 AMuser579934 wrote:
I am not sure if I am in the right discussion board or not but here it goes.Nope. wrong place.
>
Forum: Community Feedback and Suggestions (Do Not Post Product-Related Questions Here)
Use this forum for feedback about OTN programs, Web site content, and systems - product-related questions will be deleted.
>
This forum is for any issues or matters relating to the OTN site/forums themselves.
You question sound a bit like it relates to DBA stuff, so perhaps the [Database General Forum|http://forums.oracle.com/forums/forum.jspa?forumID=61] would be a good place. -
11gR2 problem for dba group user
Hi Pavan Sir,
After the 11gR2 Installation and connect to oracle as one of the dba group user(ex: tuser)
1) when sqlplus / as sysdba --> startup nomount --> receiving the error ORA-48189 (The OS command to create directory failed) for the diagnostic_dest(ex: /disk1/oradata/test)location, but the specified directory is created and owned by the same dba group user(test).
2) If suppose the "/disk1/oradata/test" directory permission are modified by 777, the dba group user(test) can connect to nomount stage, but the sub directories of diagnostic_dest automatically gets created (like /disk1/oradata/test/diag/rdbms then etc......) are being owned by oracle user and also if the db is created ,the control file,redolog file and datafiles are automatically getting owned by oracle user but not by the test user.
Which was not the case till 10gR2.
Plz. provide any body provide us with some solution to overcome the above experienced problem which is implemented in our Dev. box.
Thanks in Advance.
Best regards,
Habeeb.Dear user,
Even if the perm are changed by -R ,the files are automatically owned by oracle user, not by the test user.
Have any body tried creating oracle database using dba group user in 11gR2, but the db files being created by test user should not be automatically owned by oracle user. If so , plz. forward me the steps.
Thanx in advance. -
Problemm with dba group vs oinstall group
Hi to all ;
This is related to oracle as well as some os related security problems. please clarify it.
I tried but couldn't solve it All information's given here ..
Testing from user 'A'
+# useradd -m -g oinstall a+
+# passwd a+
Changing password for user a.
New UNIX password:
BAD PASSWORD: its WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
su - a
+[a@testorcl ~]$ export+
ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
+$ export PATH=$PATH:$ORACLE_HOME/bin+
+$ export ORACLE_SID=testdb+
+$ sqlplus /nolog+
SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jan 3 01:33:49 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Testing From user 'b' :
+# useradd -m -g dba b+
+# passwd b+
Changing password for user b.
New UNIX password:
BAD PASSWORD: its WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
su - b
Password:
+$ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1+
+$ export PATH=$PATH:$ORACLE_HOME/bin+
+$ export ORACLE_SID=testdb+
+$ sqlplus /nolog+
sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory
*>> From oracle user finding libsqlplus.so >>*
*[oracle@testorcl ~]$*
*$ find / -name libsqlplus\* -ls 2>/dev/null*
+1378188 1296 -rw-r----- 1 oracle oinstall 1319436 Jun 22 2005 /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.a+
+1378193 1028 -rw-r----- 1 oracle oinstall 1047293 Jun 22 2005 /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.so+
SQLPLUS LOCATION with associated group
+$ ls -l $ORACLE_HOME+
drwxr-x--- 9 oracle oinstall 4096 Dec 24 03:28 sqlplus
Please Note :
USER 'a' belongs oinstall group.
USER 'b' belongs dba group.
My questions are :
*1.why OS user can access database with oinstall group ?*
*2.why OS user can't access database with dba group ?*
Note: This is concept of oracle
**To connect as sysdba using OS Authe*ntication ; UNIX OS user must be a part of OSDBA (dba) group.*
Once the user is part of OSDBA group.
but in dba group with os user 'b' , can't connect sqlplus , what's the real problem here ?
version : 10gr2
*$ uname -a*
Linux testorcl 2.6.9-42.0.0.0.1.ELsmp #1 SMP Sun Oct 15 14:02:40 PDT 2006 i686 athlon i386 GNU/Linux
Edited by: 952909 on Jan 4, 2013 1:03 PMHi dude ;
Thanks for your reply.
So , You suggest me to change install directory permission from 750 to 775.
$ cd install
[oracle@testorcl install]$ ls -l
total 240
-rw-r----- 1 oracle oinstall 0 Jun 7 2005 createseed1.sh
-rw-r----- 1 oracle oinstall 0 Jun 7 2005 createseed.sh
-rw-r----- 1 oracle oinstall 977 Dec 24 03:29 envVars.properties
drwxr-x--- 2 oracle oinstall 4096 Dec 24 03:26 jlib
-rw-r----- 1 oracle oinstall 194849 Dec 24 03:29 make.log
-rwxr-xr-x 1 oracle oinstall 0 Dec 24 03:29 oratab
-rw-r----- 1 oracle oinstall 132 Dec 24 04:01 portlist.ini
-rw-r----- 1 oracle oinstall 221 Dec 24 04:02 readme.txt
-rwxr-xr-x 1 oracle oinstall 824 Dec 24 03:28 rootdeletenode.sh
-rw-r----- 1 oracle oinstall 9646 Dec 24 03:28 rootlocaladd
-rw-r----- 1 oracle oinstall 0 Jun 7 2005 seed.log
-rw-r----- 1 oracle oinstall 2800 Jun 7 2005 templocal
drwxr-x--- 2 oracle oinstall 4096 Dec 24 03:29 unix
drwxr-x--- 2 oracle oinstall 4096 Dec 24 03:28 utl
*>> Permission changed as per your suggestion >>*
*[oracle@testorcl db_1]$ chmod 775 install*
*[oracle@testorcl db_1]$ ls -l*
drwxrwxr-x 5 oracle oinstall 4096 Dec 24 04:02 install
*>> Trying to find changePerm.sh >>*
[oracle@testorcl db_1]$ cd install
[oracle@testorcl install]$ ./changePerm.sh
-bash: ./changePerm.sh: No such file or directory
[oracle@testorcl install]$ cd
[oracle@testorcl ~]$ whereis changePerm.sh
changePerm:
[oracle@testorcl ~]$
In my testdb file not found ... Any suggestion to find DUDE
Please note :
http://www.oracle-base.com/articles/10g/oracle-db-10gr2-installation-on-rhel-4.php
Installation Doc did n't say anything to change permission related to install group +( from 750 to 775 )+
Can you please clarify this ?
Thanks Dude .. -
sapsid adm has no access to "dba" group
My client, a LARGE telecom company, has 150+ SAP instances and is in the process of moving most of them from PARISC to Itanium HP servers.
As part of the replatforming effort, we have to create <sapsid>adm ids on the new servers. As per SAP installation Manuals, <sapsid>adm should have "sapsys" as primary and "dba" as secondary group. The Basis, DBA and SA support functions are performed by different work groups and due to SOX and other internal security policies, the DBA groups feels it is against "separation of duties", etc, to have someone other than DBAs have access to the "dba" group and is unwilling to approve "dba" as secondary group for <sapsid>adm. The Basis Admins feel that the failure to allow access to "dba" will negatively impact our ability to perform our Basis support activities, For example: unable to start & stop the database when using start|stopsap scripts; inability to perform any activity that uses sapinst (as sapinst checks for existence of <sapsid>adm and its membership of "sapsys" and "dba" groups; probably some of the database related transactions within the SAP gui, etc).
Have any other Basis Admins run across these SOX restrictions? How are they handled in other companies? What other impacts could the failure to have access to the "dba" group have?
Sharing of Any experiences in this area would be greatly appreciated.
AlexHi Alex,
Making the user <SID>adm as part of the group "dba" as secondary is the SAP Standard installation configuration. Indeed sometimes the internal Security policies of the organizations do make some restrictions for the "Segregation of duties" part due to which user configurations need to be different at the OS level. SAP do have a solution for that.
Now there can be 3 scenarios and you have to identify which scenario you want to implement-
1. SAP standard configuration where an operator has full privilege for DB administration.
2. An operator is authorized to backup the DB and also to start/shut down the DB but restricted privileges to modify the data.
3. Only authorized DBA operators are allowed to execute BR*Tools operations. Such users have
no other database access rights.
Please refer to the below link for more details-
http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9e626b1c-0d01-0010-b2ba-cfa2443c1cce?quicklink=ora&overridelayout=true
Additonally you can also refer to the SAP note 832662.
Regards
Sourabh Majumdar -
Is there any live chat oracle dba group to join?
893874 wrote:
Hi there,
who has experties in Oracle table partition and indexes?Lot's of people here do. If you have a question about it, start a thread on it.
Just remember that this is a peer-supported and world-wide forum. Don't expect instant answers. First, half the world will be asleep when you post your question. Second, the people with answers are working professionals with real jobs which do NOT pay them for monitoring this forum. -
Oracle-Xe, can't seem to tell that I am a part of the dba group
Hi, I just installed oracle-xe and it seemed to go well. but when I make myself part of the group and try to start the database from the applications menu. I get this message.
Operation failed. KarlRove is not a member of 'dba' group
in Gnome. Yet when I do
[KarlRove@WhiteHouse ~]$ id KarlRove
uid=1000(KarlRove) gid=100(users) groups=100(users),7(lp),10(wheel),50(games),91(video),92(audio),93(optical),95(storage),98(power),1000(dba)
Oracle created the dba group I just added myself to it with
usermod -a -G dba KarlRove
Was that wrong? Any ideas as to what is happening? Oracle also created a user called Oracle, who's account is disabled in user settings.I don't know about oracle, but with regular system-level groups you have to completely logout out your user and log back in before it picks up a new group.
-
Hi All,
The UNIX SA would like to change the gid of the DBA group (basically when this was first setup the group was give an ID of 15 ... so the Unix SA would like to change this to something > 100).
I've read a number of articles regarding this however I've found conflicting information as to what steps are required. Some say that the oracle software does not reference the ID and so no re-linking is required other say that the software will require re-linking. Could anyone clarify this?
N.B
Only the ID of the group is changing the name of the group will stay the same.
System information:
Oracle Database 10g Release 10.2.0.1.0 - 64bit Production
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for Linux: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
Linux 2.6.9-89.0.23.ELsmp #1 SMP Fri Mar 5 23:27:13 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
Thanks for your help
- KaiIf group name is going to be same and ID is changing , no need of any relink.
-
Hi expert,
i need your support to give me the soluation of this
i have oracle 10g on unix 5.10
i have user in unix now i need to add this user in in dba group
i dont know how to add user in dba group & how to add profile
cuz i need my unix user able to do sqlplus now my user not able to enter to DB
MANY THANKSnow can you tell me how to copy file from user to another user
i need to copy local.profile from user oracle to my unix users
many thanks -
Hi to anyone,
Im wondering if my account was already a member of dba group or not. I successfully installed oracle xe. Under applications, Oracle Database Express Edititon is a subtopic BACKUP DATABASE. I HAVE TRIED TO click the Backup Database to see if it works but a small window just popup right away everytime I click it and told me that Im not a dba member. Is anybody here have a clue what was wrong with my account? Im using Ubuntu 6.06. Pls help me.
Thank you,
JocelynHow many times did you post ?
flash recovery area
Maybe you are looking for
-
Creation of A/R Down Payment Invoice based on Sales Order not logical
When creating a A/R Down Payment Invoice based on a Sales Order you have the option to create multible ones. Which by itself could be usefull to create one of 50 % for a certain day and decide they need to pay another 25 % at a later date. But SBO do
-
Keeping a connection with HDMI thunderbolt and HD TV what settings in Preferences are needed?
-
How to import password html file in Firefox in win7 -
I exported password into a HTML file from firefox on a PC with XP-SP3. I can't find where to import these into firefox on my new Win7 PC.
-
Error in exporting data to any format after user has cancelled the request
Hi all I have a scenario with crystal report when open from SAP B1 for which I need your expertise guidance. The situation is as follows. After I enter parameters to a report, its opens up. When I export the data to pdf, the data is correct. Now, I p
-
Excluding workflows from automatic mail forwarding of work items
Hi, I have configured automatic email forwarding of work items by scheduling a background job that calls RSWUWFML2. Is there some way to exclude some workflows, meaning that work items from these workflows shall not be forwarded to the users email? T