ORA-01031: insufficient privileges after changing group.
I installed oracle 10g with oracle:oinstall as owner and I was able to connect using "sqlplus / as sysdba".
But today I chaged owner of 10g software owner to oracle:dba.
Now when I am trying "sqlplus / as sysdba".
ERROR:
ORA-01031: insufficient privileges
But I am able to connect with "sqlplus sys/password as sysdba".
linux1:(oracle):DEV +-> id
uid=175(oracle) gid=115(dba) groups=115(dba)
What to do to have OS authen working?
Thanks
Most probably this is what the user means :-
1. Installation was done with oracle:oinstall a year back.
oracle as the user and oinstall as the group owner.
At that time sqlplus "/ as sysdba" was working fine for him
2. He probably wanted his setting to be oracle:dba and he issued the following command:-
chown -R oracle:dba $ORACLE_HOME
Now the issue is that he cannot use sqlplus "/ as sysdba" however sqlplus sys/connpass works just fine.
He probably wants to know why his settings are not working now.
Have you read metalink for that error ORA-1031, there is a whole set of document available to diagonise this issue.
Similar Messages
-
ORA-01031 (Insufficient Privileges) after moving server to new domain
Hello SAP/Oracle experts,
We recently performed a 'lift & shift' to move our SAP test system (QAS) from our HQ to our hosting partner's data centre. Although SAP works fine, we've lost the ability to run database operations through DB13. We now receive ORA-01031 - Insufficient Privileges errors whenever we try anything through DB13.
Because moving the server involved changing the Windows domain to which it belonged, we created a trust relationship between old and new domains so that we didn't have to change the details of QASADM and SAPServiceQAS. We ran the usual oradbuser.sql and sapdba_role.sql scripts. We also removed and reassigned the ORA_QAS_DBA and ORA_QAS_OPER groups to the QASADM and SAPServiceQAS users. All of which seems to have made no difference and we still get ORA-01031 errors in DB13.
Even stranger though is the fact that at the Oracle level, user sys is able to log in 'as sysdba', whilst user system cannot. e.g.
sqlplus sys/<password>@qas as sysdba Works.
sqlplus sys/<password> as sysdba Works.
sqlplus / as sysdba Doesnt work
sqlplus system/<password>@qas as sysdba Doesnt work.
sqlplus system/<password> as sysdba Doesnt work.
This leads me to believe that the problem is not SAP-related (i.e. sapdba_role won't fix it!), but is more likely Oracle-related and perhaps down to the fact that ths system was built in one domain, but now resides in another. I guess the easiest thing to do would be to create QASADM and SAPServiceQAS accounts in the new domain and try that, but that's clutching at straws and doesn't explain why Oracle user sys works, whilst system doesn't.
Has anyone moved servers between domains and experienced similar problems?
Thanks in advance of any help,
Arwel.is the recommended procedure when moving SAP Systems (or the server where they installed on) from one Domain to the next one (at least if the user accounts are in the same domain as the Server).
You have following dependencies when installing in a domain:
1. domain groups
2. local groups containing domain groups and/or domain accounts
3. Domain Accounts
4. maybe domain groups are used in Access Control Lists of local Files / Directories
5. User rights Assignment in registry
6. as in Oracle Database internal users reflecting Operating System users.
In Windows Security Objects (ACLs of Files, Directories) a Windows Account is referenced by it's SID which is unique (you can have a look at those strings in Upper Keys of the Registry HKEY_USERS). This means that a Domain User XYZ in Domain A has a different SID than Domain User XYZ in Domain B. The same applies to Windows Groups.
As a result of this c:\documents and Settings\XYZ will not be for the use with the same name if you move the computer to a diferent domain.
Windows will create something like c:\documents and Settings\XYZ.NEW_DOMAIN. As a result of this all envrionment variables of XYZ in the old domain are not visible in the new domain, because they are stored in the users registry which resides in c:\documents and Settings\XYZ\ntuser.dat in the old domain and c:\documents and Settings\XYZ.NEW_DOMAIN\ntuser.dat in the new domain.
Too many things to do, to many possibilities you can make mistakes - therefore --> homogenious system copy.
regards
Peter -
ORA-01031: insufficient privileges - after upgrade from 2.1 to 3.0.1
Hi I installed 10g with APEX 2.1 and started working on an app. I had the privs needed to do all DDL.
I updated to 3.0.1 (not 3.1 because my work won't go to 3.1 yet)
I started working on the app not problem with DML but I tried to create a function and found ORA-01031: insufficient privileges
Did I miss running a script after the install? Is there a POST install?Here are the results from PL?SQL Developer:
select user from dual;
1 EDIUSER
select * from user_role_privs;
1 EDIUSER CONNECT NO YES NO
2 EDIUSER DBA NO YES NO
3 EDIUSER RESOURCE NO YES NO
select * from user_sys_privs;
1 EDIUSER UNLIMITED TABLESPACE NO
doesn't the roles give me all I need?
And as I said, in PL/SQL Developer I can do anything.
Here are the results from the APEX SQL Worksheet:
select user from dual;
ANONYMOUS
select * from user_role_privs;
EDIUSER CONNECT NO YES NO
EDIUSER DBA NO YES NO
EDIUSER RESOURCE NO YES NO
select * from user_sys_privs;
EDIUSER UNLIMITED TABLESPACE NO -
DB13 jobs errors (ORA-01031: insufficient privileges) after System Copy
Dear SAP gurus,
I performed an ECC60 System copy from Dev to a sandbox system (Linux-Oracle). When I try to access DB13 all jobs are cancelled:
Example of "check and update optimizer statistics" job log:
Job started
Step 001 started (program RSDBAJOB, variant &0000000000001, user ID TGEPOMA1)
Execute logical command BRCONNECT On host eccsbx01
Parameters: -u / -jid STATS20110720050000 -c -f stats -t ALL
BR0801I BRCONNECT 7.00 (46)
BR0805I Start of BRCONNECT processing: cegkmpzk.sta 2011-07-27 05.00.32
BR0484I BRCONNECT log file: /oracle/SBX/sapcheck/cegkmpzk.sta
BR0280I BRCONNECT time stamp: 2011-07-27 05.00.36
BR0301W SQL error -1031 at location brc_dblog_open-1, SQL statement:
'INSERT INTO SAP_SDBAH (BEG, FUNCT, SYSID, OBJ, RC, ENDE, ACTID, LINE) VALUES ('20110727050032', 'sta', 'SBX', 'ALL', '9999', '
ORA-01031: insufficient privileges
BR0324W Insertion of database log header failed
I read the SAP note 400241 (Problems with ops$ or sapr3 connect to Oracle) and performed the general checks such checking the SAPUSER owner,etc.
If I executed the sapdba_role.sql script I get the following log errors on sapdba_role.log:
old 1: grant ALL on &User..SDBAH to sapdba
new 1: grant ALL on SAPR3.SDBAH to sapdba
grant ALL on SAPR3.SDBAH to sapdba
ERROR at line 1:
ORA-00942: table or view does not exist
old 1: grant ALL on &User..SDBAD to sapdba
new 1: grant ALL on SAPR3.SDBAD to sapdba
grant ALL on SAPR3.SDBAD to sapdba
ERROR at line 1:
ORA-00942: table or view does not exist
old 1: grant ALL on &User..DBAML to sapdba
new 1: grant ALL on SAPR3.DBAML to sapdba
grant ALL on SAPR3.DBAML to sapdba
Should I create those tables in order to allow ops$ user to access Oracle DB in order to execute the DB job from DB13?
Please let me know if anybody can help me or has face a situation before?
Thanks in advance, MarcHi Markus,
I dont think that it is an authorization issue becasue it has the same authorizations than Development:
eccsbx01:/sapmnt/SBX/exe # ls -ltr br*
-rwsr-srw- 1 orasbx dba 4121272 Jul 19 11:55 brarchive
-rwsr-srw- 1 orasbx dba 4227280 Jul 19 11:55 brbackup
-rwsrwxr-x 1 orasbx sapsys 5489731 Jul 19 11:55 brconnect
-rwxr-xr-x 1 sbxadm sapsys 4537880 Jul 19 11:55 brrecover
-rwxr-xr-x 1 sbxadm sapsys 1554379 Jul 19 11:55 brrestore
-rwxr-xr-x 1 sbxadm sapsys 5617510 Jul 19 11:55 brspace
-rwsrwxr-x 1 orasbx sapsys 2289337 Jul 19 11:55 brtools
Regards, Marc -
ORA-01031: insufficient privileges getting After upg. oracle from 8i to 9i
Hi,
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\s47adm>sqlplus "/as sysdba"
SQL*Plus: Release 9.2.0.7.0 - Production on Thu Apr 9 19:20:10 2009
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name: system
Enter password:
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Enter user-name:
*The above happened after successfully upgraded oracle from 8i to 9i. After upgrade assistant successfully completed then its giving above error. Please help ASAP.Rohit,
Thanks for your reply.
Its solved.....I just changed NTS in place of NONE in the below line of sqlnet.ora file.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
With Regards,
Krishna. -
ORA-01031: insufficient privileges despite oracle belonging to DBA group
DB Version : 10.2.0.4.0
OS Version : Solaris 5.10
Os user oracle already belongs to DBA group.
$ id -a
uid=1001(oracle) gid=1100(oinstall) groups=1100(oinstall),1800(dba)But, i get the following error
$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Mon Nov 29 14:33:59 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
Enter user-name: ^C
$
$
$ sqlplus sys/password as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Mon Nov 29 09:34:13 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
With the Partitioning, Data Mining and Real Application Testing options
SQL>Value of remote_login_passwordfile parameter
SQL> show parameter password
NAME TYPE VALUE
remote_login_passwordfile string EXCLUSIVEWhat could possibly be the reason?Hi,
Have you create the orapw file in the $ORACLE_HOME/dbs with orapwd ?
example :
orapwd file=${ORACLE_HOME}/dbs/orapw${ORACLE_SID} password=change_on_install entries=40
Then the unix user oracle will be create in the orapw${ORACLE_SID} file
after if you want to create another user :
grant sysdba to TOTO; the unix user TOTO could do : connect / as sysdba
Regards,
Mario Alcaide
http://marioalcaide.wordpress.com -
Check database with error "ORA-01031: insufficient privileges"
Dear Gurus,
I ran "Check database" in DB13 but I got error "ORA-01031: insufficient privileges"
BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
BR0301E SQL error -1031 at location BrDbdiffRead-1, SQL statement:
'PREPARE stmt_5 STATEMENT FROM'
'SELECT OBJNAME FROM "SAPSR3".DBDIFF WHERE DBSYS IN ('ORACLE', ' ') AND OBJTYPE = 'TABL' AND DIFFKIND IN ('02', '61', '99') ORDER BY OBJNAME'
ORA-01031: insufficient privileges
BR0806I End of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.37.00
Note I try to execute sapdba_role.sql (with command "sqlplus /nolog @sapdba_role.sql SR3") as Note 134592 both login 'oradev' and 'devadm' but it seem to do nothing (not found sapdba_role.log)
Please advice.
Best regards,
Choosak B.
Ps.
detailed log of /oracle/DEV/sapcheck/cecxekdh.chk
BR0801I BRCONNECT 7.00 (40)
BR0477I Oracle pfile /oracle/DEV/102_64/dbs/initDEV.ora created from spfile /oracle/DEV/102_64/dbs/spfileDEV.ora
BR0805I Start of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.30.53
BR0484I BRCONNECT log file: /oracle/DEV/sapcheck/cecxekdh.chk
BR0101I Parameters
Name Value
oracle_sid DEV
oracle_home /oracle/DEV/102_64
oracle_profile /oracle/DEV/102_64/dbs/initDEV.ora
sapdata_home /oracle/DEV
sap_profile /oracle/DEV/102_64/dbs/initDEV.sap
system_info devadm/oradev sapdev SunOS 5.10 Generic_142900-03 sun4v
oracle_info DEV 10.2.0.4.0 8192 7465 94896497 sapdev UTF8 UTF8
sap_info 701 SAPSR3 0002LK0003DEV0011N11827599290015Maintenance_ORA
make_info sun_64 OCI_102 Feb 21 2009
command_line brconnect -u / -jid CHECK20100331123000 -c -f check
alert_log /oracle/DEV/saptrace/background/alert_DEV.log
BR0280I BRCONNECT time stamp: 2010-03-31 12.30.56
BR0813I Schema owners found in database DEV:
DBSNMP, DIP, OPS$DEVADM, OPS$ORADEV, OPS$SAPSERVICEDEV, ORACLE_OCM, OUTLN, SAPSR3*, SYS, SYSTEM,
TSMSYS
BR0118I Tablespaces and data files
Tablespace Status File Status Id. Size MaxSize IncrSize BlkSize Device Type Link
PSAPSR3 ONLINE+ /oracle/DEV/sapdata2/sr3_1/sr3.data1 ONLINE+ 4 2411732992 10485760000 20971520 8192 16777219 FILE NOLINK
SYSTEM ONLINE+ /oracle/DEV/sapdata1/system_1/system.data1 SYSTEM+ 1 1017126912 10485760000 20971520 8192 16777219 FILE NOLINK
BR0119I Redo log files
File Status Group Size Device Type Link
/oracle/DEV/origlogA/log_g11m1.dbf INUSE 1 52429312 16777218 FILE NOLINK
/oracle/DEV/mirrlogA/log_g11m2.dbf INUSE 1 52429312 16777218 FILE NOLINK
/oracle/DEV/origlogB/log_g12m1.dbf INUSE 2 52429312 16777218 FILE NOLINK
/oracle/DEV/mirrlogB/log_g12m2.dbf INUSE 2 52429312 16777218 FILE NOLINK
/oracle/DEV/origlogA/log_g13m1.dbf INUSE 3 52429312 16777218 FILE NOLINK
/oracle/DEV/mirrlogA/log_g13m2.dbf INUSE 3 52429312 16777218 FILE NOLINK
/oracle/DEV/origlogB/log_g14m1.dbf INUSE 4 52429312 16777218 FILE NOLINK
/oracle/DEV/mirrlogB/log_g14m2.dbf INUSE 4 52429312 16777218 FILE NOLINK
BR0120I Control files
File Size Device Type Link
/oracle/DEV/origlogA/cntrl/cntrlDEV.dbf 15024128 16777218 FILE NOLINK
/oracle/DEV/origlogB/cntrl/cntrlDEV.dbf 15024128 16777218 FILE NOLINK
/oracle/DEV/sapdata1/cntrl/cntrlDEV.dbf 15024128 16777219 FILE NOLINK
BR0982I Database disk volumes
Directory / Raw disk Device Total[KB] Free[KB] Used[%] MaxNeed[KB] MaxMiss[KB]
/oracle/DEV/102_64 16777218 480700086 404332206 15.89 0 0
/oracle/DEV 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/mirrlogA 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/mirrlogB 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/origlogA 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/origlogB 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/sapdata1 16777219 591212116 404332206 31.61 240019884 0
/oracle/DEV/sapdata2 16777219 591212116 404332206 31.61 240019884 0
/oracle/DEV/sapdata3 16777219 591212116 404332206 31.61 240019884 0
/oracle/DEV/sapdata4 16777219 591212116 404332206 31.61 240019884 0
/oracle/DEV/saparch 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/sapbackup 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/sapcheck 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/sapreorg 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/saptrace 16777218 480700086 404332206 15.89 0 0
/oracle/DEV/oraarch 16777218 480700086 404332206 15.89 0 0
BR0280I BRCONNECT time stamp: 2010-03-31 12.31.29
BR0814I Number of tables in schema of owner SAPSR3: 74582
BR0836I Number of info cube tables found for owner SAPSR3: 49
BR0814I Number of tables/partitions in schema of owner SYS: 625/189
BR0814I Number of tables/partitions in schema of owner SYSTEM: 134/27
BR0280I BRCONNECT time stamp: 2010-03-31 12.32.28
BR0815I Number of indexes in schema of owner SAPSR3: 89159
BR0815I Number of indexes/partitions in schema of owner SYS: 678/199
BR0815I Number of indexes/partitions in schema of owner SYSTEM: 175/32
BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
BR0816I Number of segments in schema of owner DBSNMP: 25
BR0816I Number of segments in schema of owner OPS$DEVADM: 1
BR0816I Number of segments in schema of owner OUTLN: 9
BR0816I Number of segments/LOBs in schema of owner SAPSR3: 168369/2314
BR0816I Number of segments/LOBs in schema of owner SYS: 1831/87
BR0816I Number of segments/LOBs in schema of owner SYSTEM: 353/22
BR0816I Number of segments in schema of owner TSMSYS: 4
BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
BR0961I Number of conditions found in DBCHECKORA: 118
BR0983I Tablespace fragmentation
Tablespace Files Tables Indexes Extents Total[KB] Used[%] Free[KB] FreeExt. MaxSize[KB] MaxAlloc[KB] Used[%] Free[KB] Largest[KB]
PSAPSR3 16 74248 88689 209864 54138880 94.51 2970752 240 163840000+ 109701120+ 31.23+ 112671872+ 9246720:7966720:7946240:7905280:7905280+
PSAPSR3701 14 0 0 0 54466560 0.00 54465664 20 143360000+ 88893440+ 0.00+ 143359104+ 9021440:8192000:8192000:8192000:8192000+
PSAPSR3701X 4 310 445 12190 68342784 94.20 3962240 7 68342784 0 94.20 3962240 1298432:1191936:979968:163776:163776
PSAPSR3USR 1 24 25 51 51200 6.50 47872 1 10240000+ 10188800+ 0.03+ 10236672+ 10188800+:47872:0:0:0
PSAPTEMP 1 0 0 0 1433600 0.00 1433600 0 10240000+ 8806400+ 0.00+ 10240000+ 8806400+:0:0:0:0
PSAPUNDO 1 0 0 0 7823360 0.00 7823296 406 10240000+ 2416640+ 0.00+ 10239936+ 2416640+:2041792:1814464:1433536:603072
SYSAUX 1 254 284 2059 307200 93.35 20416 16 10240000+ 9932800+ 2.80+ 9953216+ 9932800+:13248:3072:1024:640
SYSTEM 1 505 569 2926 993280 98.91 10816 2 10240000+ 9246720+ 9.59+ 9257536+ 9246720+:10176:640:0:0
Total: 39 75341 90012 227090 187556864 62.29 70734656 692 426742784 239185920 27.38 309920576 60157952:19463744:18936384:17695616:16864768
BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
BR0301E SQL error -1031 at location BrDbdiffRead-1, SQL statement:
'PREPARE stmt_5 STATEMENT FROM'
'SELECT OBJNAME FROM "SAPSR3".DBDIFF WHERE DBSYS IN ('ORACLE', ' ') AND OBJTYPE = 'TABL' AND DIFFKIND IN ('02', '61', '99') ORDER BY OBJNAME'
ORA-01031: insufficient privileges
BR0806I End of BRCONNECT processing: cecxekdh.chk 2010-03-31 12.37.00
BR0280I BRCONNECT time stamp: 2010-03-31 12.37.00
BR0804I BRCONNECT terminated with errorsHi,
It solved after change permission of directory that sapdba_role.sql kept to oradev:dba after that it can write sapdba_role.log.
Thank you for your guideline.
Now, I can ran 'Check database' via DB13 without that error.
Best regards,
Choosak B. -
11.2.0.1 :ORA-01031: insufficient privileges / as sysdba
Hi All,
I installed 11.2.0.1 $ORACLE_HOME in process of performing database upgrade in 11i applications environment.
Installation went successfully, while installing i have to select group name as "other" as it was not listing the dba group in installation screen. I manually changed the group to dba after Installation.
Now when im trying to login as /sysdba its getting error-ed out:
bash-3.00$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Sat Jun 5 08:53:35 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
- proper oracle home, sid, path is set
- listener is up and running
what could be the problem?
Thanks in advance for all you inputs.Prathmesh wrote:
You do this by running the utility orapwd from a command line.
orapwd file=$ORACLE_HOME/dbs/orapwsid password=secure entries=5Dear Prathmesh "sqlplus / as sysdba" command do not use passwordfile or this is not password file authentication,this is OS authentication.Pls see http://download.oracle.com/docs/cd/B19306_01/server.102/b14231/dba.htm#sthref149 -
ORA-01031: insufficient privileges when running adgrants_nt PATCH 6510214
Hi all,
I need to clone an Oracle Applications R12 from production to development, so for that I am using Metalink document ID 406982.1 (C;loning Oracle Applications Release 12 with Rapid Clone).
In the document, the step 3 is to "Apply the latest AD patch" and the things get hotter here, since when trying to apply the patch, the pre req is to run the script adgrants_nt.sql, it returns an error (ORA-01031: insufficient privileges) and aborts.
After some searching in google and metalink and OTN forums, the solution was to create an ora_dba group and add the user to that group and set sqlnet.ora to use NTS. I did all that and the error does not go away.
so, what can I do to complete the clone process?
thank you very much,
Hassane Cabirhi Hassane;
I need to clone an Oracle Applications R12 from production to development, so for that I am using Metalink document ID 406982.1 (C;loning Oracle Applications Release 12 with Rapid Clone).If your release 12.0.6 then i belive you can pass AD patch part
In the document, the step 3 is to "Apply the latest AD patch" and the things get hotter here, since when trying to apply the patch, the pre req is to run the script adgrants_nt.sql, it returns an error (ORA-01031: insufficient privileges) and aborts.You try to apply this patch your production, so then be sure patch folder has r/w permisson to your application user(for instance applmgr) then try again please
After some searching in google and metalink and OTN forums, the solution was to create an ora_dba group and add the user to that group and set sqlnet.ora to use NTS. I did all that and the error does not go away.You dont need to create one other group,issue is:
su - applmgr(your apps user)
id
uid=1002(oracle) gid=1010(dba)
it gives you your user's group (for instance dba,install etc)
then issue chown -R applmgr:dba /u01.......(your patch location)
I suggest change your entery on sqlnet.ora file
Regard
Helios -
Resolving problem with ORA-01031: insufficient privileges
hello i just to write a few word about my installation of oracle database 9i
My installation is on a Red Hat AS3
I have a problem with the error :ORA-01031: insufficient privileges
The one who read this know what about i tell.
The authorization is only for the user which Group is DBA as you can read everywhere.
but me when i tried groupadd dba => it tells group already exist.
but i can't find the group dba in the file /etc/group.
So i tried to make my user 'oracle' works with the 'already group exist' dba .
useradd -g dba oracle
but when i tried to start the database i create i have the message. : ORA-01031: insufficient privileges
i tried to add manualy the group dba to /etc/group (as i can read in websites)
and add a user manualy (/etc/passwd).
But does works.
I try all i can during 1 days long.
I was really upset because nothing that i read work.
finaly I go to the RedHat Menu (things i don't really do normaly on LINUX) and go to 'SYSTEM SETTINGS' and choose 'User and Group'
Here i can see my user 'Oracle' I get the property of the user .
there is a tab group ( 'select the group that the user will be member of:')
None of them where name DBA so i decidied to select all of them and tried.
MAGIC!!! then it works!!!
ps: after when i see the list of the group I saw that one of them is named 'SYS' . I really think that it is the one group i had to select. but don't know.
Now It is working for me so... And good luck for you. bye.Errors
ORA-01031 "insufficient privileges"
Symptoms
During database upgrade phase using DBUA , it fails with error
ORA-1031 Insufficient privileges
Connection from sqlplus also fails with same error
$ sqlplus /nolog
SQLPLUS "conn / as sysdba"
ORA-1031 Insufficient privileges
Changing the REMOTE_LOGIN_PASSWORDFILE to SHARED / NONE does not make differen
Cause
ORACLE_HOME owner oramigts is part of OS group "dba" ,but config.s shows group "g680"
The 'OSDBA' and 'OSOPER' groups are chosen at installation time and usually both default to the group 'dba'.
These groups are compiled into the 'oracle' executable and so are the same for all databases running from a given ORACLE_HOME directory.
The actual groups being used for OSDBA and OSOPER can be checked thus:
cd $ORACLE_HOME/rdbms/lib
cat config.[cs]
Solution
To implement the solution, please execute the following steps:
1. Checked the ORACLE_HOME owner.
echo $ORACLE_HOME
/h02/app/oracle/product/9.2.0_64
cd / h02/app/oracle/product/
ls -l
drwxr-xr-x 58 oramigts dba 1024 Jan 2 2004 9.2.0_64
2.ORACLE_HOME software owner "oramigts" is part of group "dba"
3.Checked file $ORACLE_HOME/rdbms/lib/config.s
[If your platform has config.c:
Due to the way different compilers under different architectures generate
assembler code, it's not possible to give a universal rule.]
It shows dba group as "g680" where software owner is part of "dba" group
You can more find detail on config.s / config.c in the following doc.
Note 50507.1 SYSDBA and SYSOPER Privileges in Oracle
4. Modified the config.s for correct group.
.ascii "g680\0"
to
.ascii "dba\0"
7. mv config.o config.o.bak
8. make -f ins_rdbms.mk config.o ioracle
9. Checked the file config.o is created at $ORACLE_HOME/rdbms/lib
10. Connected / as sysdba thru Sqlplus from 9.2 Home, which connected sucessfully. -
Oracle does not start automatically ORA-01031: insufficient privileges
Hi,
OS WS2008R2.
ORACLE 11gR2.
Oracle Instance does not start with oracle services but if i stop and restart the services it comes up clean.
Moreover if i change service ownership to Domain\Administrator it again works well.
Checked registery and all ok. No error in alert.log. Only clue found in Oradim.log.
ORADIM.LOG....
C:\Oracle\Ora11g\bin\oradim.exe -startup -sid ptdb -usrpwd * -log oradim.log -nocheck 0
Thu Nov 15 15:16:15 2012
ORA-01031: insufficient privileges
Please help
Thanks1- startup type- Auto
2- Group to user- ORA_DBA
3 - you can check log on tab in the service properties and set the username and password who responsible about this services
As i already stated 3 works. but i want it to work under Local System and not under any user.
Thanks -
Not able to Start the oracle db error "ORA-01031: insufficient privileges"
Hi experts,
I have oracle 11g setup on so solaris. i changed the db_cache_size
& processes values and stopped the DB services after that i am not able to start the oracle DB. Listener is running.
when i start the db server its giving the below error(startup.log)
./dbstart: Starting up database "orcl"
Mon Sep 27 04:31:08 MDT 2010
SQL*Plus: Release 11.1.0.7.0 - Production on Mon Sep 27 04:31:08 2010
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL> ERROR:
ORA-01031: insufficient privileges
SQL> ORA-01031: insufficient privileges
SQL>
./dbstart: Database instance "orcl" warm started.
Please help me to ressolve this issue.
Thanks
Krishnayes, password file is there in /etc/passwd
here are the contents:
root:x:0:0:Super-User:/:/sbin/sh
lroot:x:0:0:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:/bin/false
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:/bin/false
lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/false
uucp:x:5:5:uucp Admin:/usr/lib/uucp:/bin/false
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:/bin/false
nobody:x:60001:60001:Nobody:/:/bin/false
noaccess:x:60002:60002:No Access User:/:/bin/false
nobody4:x:65534:65534:SunOS 4.x Nobody:/:/bin/false
itunix:x:50000:14:IT Unix Account:/export/home/itunix:/bin/csh
hharika:x:765:38:Harpal Harika:/export/home/hharika:/bin/csh
prsingh:x:795:38:Pradeep Singh:/export/home/prsingh:/bin/csh
mmir:x:1229:21:Mir Monis Ali:/export/home/mmir:/bin/csh
bogunnai:x:1207:21:Bose Ogunnaike:/export/home/bogunnai:/bin/ksh
mpokala:x:2117:21:Mahesh Pokala:/export/home/mpokala:/bin/ksh
apopov:x:2385:38:Anton Popov:/export/home/apopov:/bin/csh
kkeith:x:2629:227:Kevin Keith:/home/kkeith:/usr/bin/ksh
sshd:x:22:22:SSH Privsep:/var/empty:/bin/false
patrol:x:2784:10:Patrol User:/opt/bmc:/usr/bin/ksh
smmsp:x:25:25:Sendmail Submission user:/none:/bin/false
ldap:x:50001:1002::/export/home/ldap:/bin/sh
perfuser:x:884:268::/export/home/perfuser:/bin/csh
webservd:x:80:80::/home/webservd:/bin/pfsh
oracle:x:156:40:Oracle Software Owner:/export/home/oracle:/bin/bash
perfuser_idc:x:64383:1::/home/perfuser_idc:/bin/sh
idc_perf:x:64384:292::/home/idc_perf:/bin/sh -
Win2003 ORA-01031: insufficient privileges
C:\>sqlplus "/ as sysdba"
SQL*Plus: Release 9.2.0.6.0 - Production on Thu Apr 10 10:22:36 2008
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
OS:win20003 R2 SP1
sqlnet.oar:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES = (NTS)
but if I restart this sever, I can logon in oracle without error
and when server run a week(about) The error is again
Can you help me?Windows user is a member of ora_dba group, and also in local admin group. Plus in sqlnet.ora file, the authentication is set to NTS.
Now,I must restart server after server running a bout a week -
ORA-01031: insufficient privileges in PL/SQL but not in SQL
I have problem with following situation.
I switched current schema to another one "ban", and selected 4 rows from "ed"
alter session set current_schema=ban;
SELECT * FROM ed.PS WHERE ROWNUM < 5;
the output is OK, and I get 4 rows like
ID_S ID_Z
1000152 1
1000153 1
1000154 1
1000155 1
but following procedure is compiled with warning
create or replace
procedure proc1
as
rowcnt int;
begin
select count(*) into rowcnt from ed.PS where rownum < 5;
end;
"Create procedure, executed in 0.031 sec."
5,29,PL/SQL: ORA-01031: insufficient privileges
5,2,PL/SQL: SQL Statement ignored
,,Total execution time 0.047 sec.
Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
Thanks.
Message was edited by:
MattSkPrivs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
<quote>
What happens when we compile a Definer rights procedure
When we compile the procedure into the database, a couple of things happen with regards to
privileges. We will list them here briefly and then go into more detail:
q All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
are verified for existence. Names are resolved via the standard scoping rules as they apply to the
definer of the procedure.
q All of the objects it accesses are verified to ensure that the required access mode will be
available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
has the ability to UPDATE T without use of any ROLES.
q A dependency between this procedure and the referenced objects is setup and maintained. If
this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
resolve T into a fully qualified referenced. T is an ambiguous name in the database - there may be
many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
synonyms will be resolved to their base objects and the schema name will be associated with the
object as well. It does this name resolution using the rules for the currently logged in user (the
definer). That is, it will look for an object owned by this user called T and use that first (this
includes private synonyms), then it will look at public synonyms and try to find T and so on.
Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
attempting to access T is permitted. In this case, if we as the definer of the procedure either
owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
procedure will compile. If we do not have access to an object called T by a direct grant - the
procedure P will fail compilation. So, when the object (the stored procedure that references T) is
compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
the procedure, store the binary code for the procedure and set up a dependency between this
procedure and this object T. This dependency is used to invalidate the procedure later - in the
event something happens to T that necessitates the stored procedures recompilation. For example,
if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
we ALTER T ADD some column, Oracle can invalidate all of the dependent procedures. This will cause
them to be recompiled automatically upon their next execution.
What is interesting to note is not only what is stored but what is not stored when we compile the
object. Oracle does not store the exact privilege that was used to get access to T. We only know
that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
to:
q A grant given to the definer of the procedure (grant select on T to user)
q A grant to public on T (grant select on T to public)
q The user having the SELECT ANY TABLE privilege
The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
cause the procedure P to become invalid. If all three privileges were in place when the procedure
was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
before it is executed again. Since all three privileges were in place when we created the procedure
- it will compile successfully (until we revoke all three that is). This recompilation will happen
automatically the next time that the procedure is executed.
Now that the procedure is compiled into the database and the dependencies are all setup, we can
execute the procedure and be assured that it knows what T is and that T is accessible. If something
happens to either the table T or to the set of base privileges available to the definer of this
procedure that might affect our ability to access T -- our procedure will become invalid and will
need to be recompiled.
This leads into why ROLES are not enabled during the compilation and execution of a stored
procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
only that you are. Any change to your privileges that might cause access to T to go away will cause
the procedure to become invalid and necessitate its recompilation. Without roles - that means only
'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
roles - it greatly expands the number of times we would invalidate this procedure. If some role
that was granted to some role that was granted to this user was modified, this procedure might go
invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
that roles did give us privileges in stored objects. Now, most any time anything was revoked from
ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
-- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
and suddenly your entire database must be recompiled! Consider the impact of revoking some system
privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
in the database would constantly become invalid due to small changes in permissions. Since one of
the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
for performance.
Also consider that roles may be
q Non-default: If I have a non-default role and I enable it and I compile a procedure that
relies on those privileges, when I log out I no longer have that role -- should my procedure become
invalid -- why? Why not? I could easily argue both sides.
q Password Protected: if someone changes the password on a ROLE, should everything that might
need that role be recompiled? I might be granted that role but not knowing the new password - I
can no longer enable it. Should the privileges still be available? Why or Why not? Again, arguing
either side of this is easy. There are cases for and against each.
The bottom line with respect to roles in procedures with Definer rights are:
q You have thousands or tens of thousands of end users. They don't create stored objects (they
should not). We need roles to manage these people. Roles are designed for these people (end users).
q You have far fewer application schema's (things that hold stored objects). For these we want
to be explicit as to exactly what privileges we need and why. In security terms this is called the
concept of 'least privileges', you want to specifically say what privilege you need and why you
need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
to be explicit since the number of development schemas is SMALL (but the number of end users is
large)...
q Having the direct relationship between the definer and the procedure makes for a much more
efficient database. We recompile objects only when we need to, not when we might need to. It is a
large efficiency enhancement.
</quote> -
ORA-01031: insufficient privileges
Hi Everyone,
I am facing a weird scenario. In this I am creating a test user and after creating and granting the required privilieges I am executing a procedure in this user.
The steps are as follows:
SQL> REM ***
SQL> connect sys/**** as sysdba
Connected.
SQL> REM ****
SQL> REM grant privileges to the test user
SQL> grant connect, resource, create table, create view, alter session,
2 create sequence, create session, create procedure to tester ;
Grant succeeded.
SQL> grant unlimited tablespace to tester ;
Grant succeeded.
SQL> grant execute on dbms_lock to tester ;
Grant succeeded.
SQL> grant create any procedure to tester ;
Grant succeeded.
SQL>
SQL> connect tester/tester
ERROR:
ORA-01031: insufficient privileges
Warning: You are no longer connected to ORACLE.
SQL> set serveroutput on
SQL> REM ******
SQL> declare
<block of code>
SP2-0640: Not connected
SQL> SQL>
I am executing this process in loop for about 4 times and each time the test user is connected successfully in 1st and 4th run while in 2nd and 3rd run it throws privileges error? Any idea why this error is ocurring?SQL> create user test identified by test ;
User created.
SQL> grant connect, resource, create table, create view, alter session,create sequence, create session, create procedure to test;
Grant succeeded.
SQL> conn test/test ;
Connected.
SQL>
Maybe you are looking for
-
HP Officejet Pro 8500A Plus printing issues
I have been having two new issues suddenly (within the past 2 weeks) with my HP Officejet Pro 8500A Plus. I am trying to print from my iMac 27 inch running OS.X 10.8.4 Both the mac and the printer are connected to a wireless network via an Xfinity Wi
-
ACPI\VPC2004 Unknown Device - Lenovo g560 windows 7 pro. x64 installed
I just bought Lenovo g560. And installed windows 7 pro. x64 and installed drivers from driver cd shipped with laptop (windows 7 drivers). After installed all drivers still I had one device unknown ; device id = Acpi\Vpc2004. In the Windows 7 solution
-
What are the best bluetooth headsets for running?
With the new 3.0 software update, I want stereo bluetooth headsets to go running with. Any ideas on what the best brands are?
-
How do I transfer songs from iPod to MacBook?
I have a 3rd gen iPod shuffle and i want to transfer the songs from it to my MacBook Pro (retina). But when I try and drag of copy-paste the songs, nothing happens!! I really want my songs on my MacBook as well so that i can listen to them without ha
-
I hear a rattling noise from my iPhone 5i f I shake it slightly.
i hear a rattling noise from my iPhone 5i f I shake it slightly.This is a replaced handset,the previous iphone also had a flaw.The people at apple say that it is normal but there was no such noise in the previous one