ORA-01031 insuffiecient privilidges
i am unable to login to oracle 10g as 'sys' as sysdba it is throwing an error like ORA-01031 insufficient privilidges for sys.
but when i connect to database with username=system and password = oracle i am able to connect to database.
i have installed oracle 10g database on windows.
so how should i resolve this error so that i can connect to the database as 'sys as sysdba'.
Aditya.C wrote:
i am unable to login to oracle 10g as 'sys' as sysdba it is throwing an error like ORA-01031 insufficient privilidges for sys.
but when i connect to database with username=system and password = oracle i am able to connect to database.
i have installed oracle 10g database on windows.
so how should i resolve this error so that i can connect to the database as 'sys as sysdba'.What is parameter for SQLNET.AUTHENTICATION_SERVCIES in sqlnet.ora file ? set it to NTS and retry.
Similar Messages
-
Error:ora-01031 Insuffiecient Privileges when using "conn / as sysdba"?
HI all,
I used oracle to login and used dbca to create a database.
export ORACLE_SID=db9i
sqlplus /nolog
conn / as sysdba
Error:ora-01031 Insuffiecient Privileges
Notes: I can use "conn sys/pwd as sysdba" to connect instance.Verify your oracle installation as of document available at this URL : http://www.oracle.com/technology/pub/articles/smiley_10gdb_install.html
-
Using database-link in view to get around ORA-01031 error
I have been granted select rights on a users table. I am therefore able to select from his table. If however I try create a view against his table I run into the ORA-01031 problem. I have worked around this problem by creating a database-link to myself and then adding that to the view creation and it works. What are the downsides of using the database-link in this way?
The only down side I have been able to identify is that a extra session is created and that the CPU has a little extra work due to the LOOP BACK that takes place. I need to ensure the network is not unnessesarly used and therefore will need to ensure that 127.0.0.1 (local host) is used in the database connection discription. e.g.
create database link my_db_link connect to scott identified by tiger using '(description=(address=(protocol=tcp)(host=127.0.0.1) (Port = 1521) ) (connect_data= (sid=ora10g)))'; -
Ora-01031 on RHEL 5 with 10gr2 after installation
Hi Friends,
OS : RHEL 5
DB : 10.2.0.4
we installed oracle10g on a new RHEL 5 machine and upgraded to 10.2.0.4. now we are unable to connect / as sysdba and getting following error
[oracle@xxxxxxxxx db]$ sqlplus "/ as sysdba"
SQL*Plus: Release 10.2.0.4.0 - Production on Tue Feb 2 13:15:51 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-01031: insufficient privileges
actually installation was done by other DBA who left now and i am taking care
following metalink note 69642.1, i found some facts
1) variable TNS_ADMIN was not set
2) sqlnet.ora file not there except in samples directory (but we have tnsnames.ora and listener.ora in network/admin path)
3) output of cat config.[cs] is as follows
[oracle@viadbscph802v lib]$ cat config.[cs]
/* SS_DBA_GRP defines the UNIX group ID for adminstrative access. */
/* Refer to the Installation and User's Guide for further information. */
#define SS_DBA_GRP "dba"
#define SS_OPER_GRP "dba"
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP};
4) but, i found id was not showing dba group
[oracle@viadbscph802v lib]$ id
uid=511(oracle) gid=511(oracle) groups=511(oracle)
5) i checked permissions for oracle in $ORACLE_HOME/bin and proper permissions exists
6) password file is in place
7) TWO_TASKS is not set
please suggest me anything more to do to solve this problem
thanks in advance
Edited by: Pavan - a DBA on 2 Feb, 2010 5:56 PMHi Pavan,
Sometime it happens that issue / problem wish us; we forgets the basic answer. I am remembeing you have mentioned so many time in the forum to check the dba group to different OPs, but....!
Re: ORA-01031: insufficient privileges
Re: ORACLE-client & CITRIX
Re: "Create User" gives ORA-01031: insufficient privileges for user sys
But since problem has been solved... so its good for all...!
Regards
Girish Sharma -
ORA-01031: insufficient privileges in PL/SQL but not in SQL
I have problem with following situation.
I switched current schema to another one "ban", and selected 4 rows from "ed"
alter session set current_schema=ban;
SELECT * FROM ed.PS WHERE ROWNUM < 5;
the output is OK, and I get 4 rows like
ID_S ID_Z
1000152 1
1000153 1
1000154 1
1000155 1
but following procedure is compiled with warning
create or replace
procedure proc1
as
rowcnt int;
begin
select count(*) into rowcnt from ed.PS where rownum < 5;
end;
"Create procedure, executed in 0.031 sec."
5,29,PL/SQL: ORA-01031: insufficient privileges
5,2,PL/SQL: SQL Statement ignored
,,Total execution time 0.047 sec.
Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
Thanks.
Message was edited by:
MattSkPrivs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
<quote>
What happens when we compile a Definer rights procedure
When we compile the procedure into the database, a couple of things happen with regards to
privileges. We will list them here briefly and then go into more detail:
q All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
are verified for existence. Names are resolved via the standard scoping rules as they apply to the
definer of the procedure.
q All of the objects it accesses are verified to ensure that the required access mode will be
available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
has the ability to UPDATE T without use of any ROLES.
q A dependency between this procedure and the referenced objects is setup and maintained. If
this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
resolve T into a fully qualified referenced. T is an ambiguous name in the database - there may be
many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
synonyms will be resolved to their base objects and the schema name will be associated with the
object as well. It does this name resolution using the rules for the currently logged in user (the
definer). That is, it will look for an object owned by this user called T and use that first (this
includes private synonyms), then it will look at public synonyms and try to find T and so on.
Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
attempting to access T is permitted. In this case, if we as the definer of the procedure either
owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
procedure will compile. If we do not have access to an object called T by a direct grant - the
procedure P will fail compilation. So, when the object (the stored procedure that references T) is
compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
the procedure, store the binary code for the procedure and set up a dependency between this
procedure and this object T. This dependency is used to invalidate the procedure later - in the
event something happens to T that necessitates the stored procedures recompilation. For example,
if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
we ALTER T ADD some column, Oracle can invalidate all of the dependent procedures. This will cause
them to be recompiled automatically upon their next execution.
What is interesting to note is not only what is stored but what is not stored when we compile the
object. Oracle does not store the exact privilege that was used to get access to T. We only know
that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
to:
q A grant given to the definer of the procedure (grant select on T to user)
q A grant to public on T (grant select on T to public)
q The user having the SELECT ANY TABLE privilege
The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
cause the procedure P to become invalid. If all three privileges were in place when the procedure
was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
before it is executed again. Since all three privileges were in place when we created the procedure
- it will compile successfully (until we revoke all three that is). This recompilation will happen
automatically the next time that the procedure is executed.
Now that the procedure is compiled into the database and the dependencies are all setup, we can
execute the procedure and be assured that it knows what T is and that T is accessible. If something
happens to either the table T or to the set of base privileges available to the definer of this
procedure that might affect our ability to access T -- our procedure will become invalid and will
need to be recompiled.
This leads into why ROLES are not enabled during the compilation and execution of a stored
procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
only that you are. Any change to your privileges that might cause access to T to go away will cause
the procedure to become invalid and necessitate its recompilation. Without roles - that means only
'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
roles - it greatly expands the number of times we would invalidate this procedure. If some role
that was granted to some role that was granted to this user was modified, this procedure might go
invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
that roles did give us privileges in stored objects. Now, most any time anything was revoked from
ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
-- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
and suddenly your entire database must be recompiled! Consider the impact of revoking some system
privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
in the database would constantly become invalid due to small changes in permissions. Since one of
the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
for performance.
Also consider that roles may be
q Non-default: If I have a non-default role and I enable it and I compile a procedure that
relies on those privileges, when I log out I no longer have that role -- should my procedure become
invalid -- why? Why not? I could easily argue both sides.
q Password Protected: if someone changes the password on a ROLE, should everything that might
need that role be recompiled? I might be granted that role but not knowing the new password - I
can no longer enable it. Should the privileges still be available? Why or Why not? Again, arguing
either side of this is easy. There are cases for and against each.
The bottom line with respect to roles in procedures with Definer rights are:
q You have thousands or tens of thousands of end users. They don't create stored objects (they
should not). We need roles to manage these people. Roles are designed for these people (end users).
q You have far fewer application schema's (things that hold stored objects). For these we want
to be explicit as to exactly what privileges we need and why. In security terms this is called the
concept of 'least privileges', you want to specifically say what privilege you need and why you
need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
to be explicit since the number of development schemas is SMALL (but the number of end users is
large)...
q Having the direct relationship between the definer and the procedure makes for a much more
efficient database. We recompile objects only when we need to, not when we might need to. It is a
large efficiency enhancement.
</quote> -
ORA-01031: insufficient privileges and shared memory realm does not exist
Hi all,
I came to a dead end to start oracle 10.2 database. I have searched on google and this forum, none of these solutions work for me. PS, I have installed 11g on my machine too.
I have set up ORACLE_SID,ORACLE_HOME to 10.2 database based on the tnsnames.ora.
follow is error message:
sqlplus sys as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 3 02:09:54 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-01031: insufficient privileges
sqlplus /nolog
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 3 02:10:55 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> conn / as sysdba
ERROR:
ORA-01031: insufficient privileges
SQL> conn scott/tiger
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux-x86_64 Error: 2: No such file or directory
First I thought the instance has been start yet, but since I can't login with sysdba. I don't know what other options.
For 10.2, the tnsnames.ora
ORA102 =
+(DESCRIPTION =+
+(ADDRESS = (PROTOCOL = TCP)(HOST =XXX)(PORT = 1523))+
+(CONNECT_DATA =+
+(SERVER = DEDICATED)+
+(SERVICE_NAME = ora102)+
+)+
+)+
LISTENER_ORA102 =
+(ADDRESS = (PROTOCOL = TCP)(HOST =XXX)(PORT = 1523))+
EXTPROC_CONNECTION_DATA =
+(DESCRIPTION =+
+(ADDRESS_LIST =+
+(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))+
+)+
+(CONNECT_DATA =+
+(SID = PLSExtProc)+
+(PRESENTATION = RO)+
+)+
+)+
listener.ora:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /data/oracle/ora102)
(PROGRAM = extproc)
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))
(ADDRESS = (PROTOCOL = TCP)(HOST =XXXXX)(PORT = 1523))
EXTPROC_CONNECTION_DATA =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(CONNECT_DATA =
(SID = PLSExtProc)
(PRESENTATION = RO)
)try do this steps on server side:
1) sqlplus sys as sysdba
2) select open_mode from v$database;
show result 2 step -
We have Oracle applications VIS instance.
I have Oracle 10g database installed on my PC
I made entry in tnsnames.ora & tried connecting to VIS instance using,
conn apps/apps@VIS
but this does not work for sys, like
conn sys/sys@VIS as sysdba
It throws the following error:
ORA-01031: insufficient privileges
Warning: You are no longer connected to ORACLE.
Will the problem be rectified if sys privilege is given to sys user(on my pc) from sys user(VIS instance)
Thanks in advance
BipinWill the problem be rectified if sys privilege is given to sys user(on my pc) from sys user(VIS instance)...there is nothing like give sys user sys privilege. And, there is nothing like 'my pc sys' and 'server sys'. Sys is ONE single user.
--Mukesh -
Ora-01031 error: insufficient Priviliges
hi experts,
im was completely enervated by a simple error for which im hanging out for plenty of hours. kindly advice me what to do to eradicate it.
i have a Redhat Linux AS 4 server and 9.2.0.4 database version.
The problem is, when im trying to connect database as sysdba with netservice name, i.e using remote authentication method, i was thrown ora-01031 error: insufficient priviliges. But when i tend to connect it locally using OS authentication method it permits me to do it.
for example,
Sql> connect sys@<sid> as sysdba
Enter password:
ERROR: insufficient priviliges
where as,
Sql>conn sys as sysdba
connected
sql>
i've configured oracle in Linux environment as per the documentation. i can't figure out the exact problem. the sqlnet.ora file contains SQLNET.AUTHENTICATION_SERVICES=none
kindly tell me where im missing out?
Thanks
SMyes. i've Password file in its appropirate location,
which is named as orapw$ORACLE_SID
and the parameter, remote_login_passwordfile is set
as EXCLUSIVE.This should be fine.
Try
- select * from v$pwfile_users; to check whether oracle sees the password file
- recreate the password file, if possible (it can get corrupted sometimes)
- delete sqlnet.ora to go with the defaults (of course, backup it first)
- check whether you can connect as usual user using the net service name (and check whether you connect to the proper database, just to be sure)
- try to connect from a different machine
- check that TWO_TASK and TNS_ADMIN environment variables are not set. -
ORA-01031 error...need enter password prompt
Hi.
I'm creating a form which kills a session, using this command:
Forms_DDL('ALTER SYSTEM KILL SESSION'|| :v_$session.sid|| ',' ||:v_$session.serial# );
in my when-button-pressed trigger. But I get ora-01031 error insufficient privileges. So I'd like to prompt the user to enter his password when he tries to kill a session, because only the administrator should be able to kill a session. Thanks in advance.
-KHi Kristine:
First I would ask you why can't they just use the normal logon to establish their access level?
Then, let me say there is no way to just popup the logon screen in forms, however, it is relatively simple to create a signon screen. Just create a dialog popup with two fields for username and password, and a button with a label maybe "Signon". Then in the WHEN-BUTTON-PRESSED associated with Signon button, you use the code like following. Please test it and modify as needed, because I do not have a database to test it with. Note I use ... as needed to indent because the forum strips leading spaces.
DECLARE
..V_CONNECT_STRING VARCHAR2(100) :=
..........GET_APPLICATION_PROPERTY(CONNECT_STRING);
BEGIN
..LOGOUT;
..LOGON(:B1.UN, :B1.PW ||'@'|| V_CONNECT_STRING, 'TRUE');
..EXIT_FORM;
END;
Hope this helps,
Thomas -
ORA-01031- Insufficient Privilleges coming while loading .jar
Hi,
I'm trying to execute a java class from 8i.
This class has got 3 dependency jar. I used loadjava to load the class and then i tried loading the dependency classes(.jar) as the same user using loadjava. I did the following at command prompt:
loadjava -resolve -resolver "((* online1)(* SYS)(* PUBLIC))" -user online1/online1@orcl mail.jar
It gave me error(s) like the following:
Error while creating class javax/mail/MethodNotSupportedException
ORA-01031: insufficient privileges
I know its something to do with privilleges. I tried grant_permission but it was giving some error.
Then i tried to load the same to SYS it loaded without giving error but the status of all classes where invalid.
What shall i do to execute this class from 8i in the same user (online1) and how can i load all the dependencies which is req. to load my class.
Can anybody help me out here.
Thanx
Arun
nullHi Bos,
thanks for your repply,
In the Topology, the target server ORACLE_CSA created with connection user : NGPCSA,
A physical schema under this server created with schema :NGPCSA and Work schema :WORKSCH1,
to WORKSCH1 schema i have given all privileges & even DBA role also given.
the ODI generated drop work table code, i am able to execute in the WORKSCH1 schema successfully.Create work table also i am able do in the WORSCH1 using pl/sql developer.
Please help me,
Kumbar -
Error while Creating Master Repository: ORA-01031: insufficient Privileges
Hi,
I'm trying to install ODI into my VM.
I have done the installation and while creating Master Repository, I'm getting following error:
ORA-01031: insufficient Privileges
I'm using Oracle & have created user as ODI_MASTER with Admin Privileges.
I'll be using it to load metadata onto planning (Version 11.1.2)
Is there anything that I'm missing out on.
Jitendra.Seems missing grants on the user you are using to create Master Repository.
you are using Oracle .. grant connect, resource to <your_user>. These two rolesa have sufficient access to db to create the master repository.
execuute the sql from sys user
Regards,
Amit
Edited by: amitgupta1202 on 20 Aug, 2009 10:42 PM -
ORA-01031: insufficient privileges
Hi Everyone,
I am facing a weird scenario. In this I am creating a test user and after creating and granting the required privilieges I am executing a procedure in this user.
The steps are as follows:
SQL> REM ***
SQL> connect sys/**** as sysdba
Connected.
SQL> REM ****
SQL> REM grant privileges to the test user
SQL> grant connect, resource, create table, create view, alter session,
2 create sequence, create session, create procedure to tester ;
Grant succeeded.
SQL> grant unlimited tablespace to tester ;
Grant succeeded.
SQL> grant execute on dbms_lock to tester ;
Grant succeeded.
SQL> grant create any procedure to tester ;
Grant succeeded.
SQL>
SQL> connect tester/tester
ERROR:
ORA-01031: insufficient privileges
Warning: You are no longer connected to ORACLE.
SQL> set serveroutput on
SQL> REM ******
SQL> declare
<block of code>
SP2-0640: Not connected
SQL> SQL>
I am executing this process in loop for about 4 times and each time the test user is connected successfully in 1st and 4th run while in 2nd and 3rd run it throws privileges error? Any idea why this error is ocurring?SQL> create user test identified by test ;
User created.
SQL> grant connect, resource, create table, create view, alter session,create sequence, create session, create procedure to test;
Grant succeeded.
SQL> conn test/test ;
Connected.
SQL> -
ORA-01031 error while executing package..
Hi All,
user is getting an error ORA-01031 while executing a procedure (i.e create or replace procedure).
Please let me know how I can trobuleshoot it..let me know the script to check the required privileges..
Thanks a lot.......It's not a bug, check Oracle doc,
System Privileges Needed to Create or Alter a Procedure
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/authoriz.htm#i1009241
To create a procedure, you must have been explicitly granted the necessary privileges (system or object) on all objects referenced by the procedure. You cannot have obtained the required privileges through roles. This includes the EXECUTE privilege for any procedures that are called inside the procedure being created. -
ORA-01031 SYSMAN Insufficient Privileges Creating a new user
I have installed Oracle 11g R2 onto Windows 7 64bit
I then created a new database, at the end it moaned about the service and listener was not running or allocated to each other and also there was no web admin tool available.
To resolve this I managed to use Net Configuration Assistant to get the listener sorted.
I then had to run:
set ORACLE_HOSTNAME=localhost
set ORACLE_SID=mydb
set ORACLE_UNQNAME=mydb
I then ran
emca -config dbcontrol db -repos recreate
This gave me the web admin tool to create a new user.
I logged in as SYSMAN tried to create a new user and got the "ORA-01031 Insufficient Privileges, you do not have enough privileges to perform this operation." error
Can someone please help.
ThanksIt isn't that simple. As SYSMAN used for 11.2.0.3 database control:
orcl> select privilege from user_sys_privs;
PRIVILEGE
CREATE PUBLIC SYNONYM
SELECT ANY DICTIONARY
UNLIMITED TABLESPACE
ALTER SESSION
orcl>but as SYSMAN used for 12.1 Cloud Control:SQL> select privilege from user_sys_privs;
PRIVILEGE
ALTER USER
DROP USER
CREATE SESSION
CREATE PUBLIC SYNONYM
CREATE JOB
CREATE MATERIALIZED VIEW
SELECT ANY DICTIONARY
CREATE TABLE
ALTER SESSION
CREATE USER
CREATE SYNONYM
DROP PUBLIC SYNONYM
MANAGE SCHEDULER
CREATE VIEW
CREATE DATABASE LINK
15 rows selected.
SQL>so you have to be a bit careful when you give a yes/no answer.
Edited by: JohnWatson on Nov 12, 2012 11:38 AM
Forgot to include a quote: this is replying to the question about whether SYSMAN can create users. -
ORA-01031: insufficient privileges when creating a table in other schema
Dear all,
I appreciate your help please in this issue :
when i try to issue the below statement to create a table in an another schema than the user i am connected in
CREATE TABLE SCHEMA_NAME_B.HST_ARCH nologging AS
SELECT *
FROM HST
WHERE 1 = 0;
I always get ORA-01031: insufficient privileges error, even if i have granted the create table privilege to the user i am connected in.
What other privileges should i grant also,
Please if you have any idea.user562674 wrote:
Dear all,
I appreciate your help please in this issue :
when i try to issue the below statement to create a table in an another schema than the user i am connected in
CREATE TABLE SCHEMA_NAME_B.HST_ARCH nologging AS
SELECT *
FROM HST
WHERE 1 = 0;
I always get ORA-01031: insufficient privileges error, even if i have granted the create table privilege to the user i am connected in.
What other privileges should i grant also,
Can you show us a cut/paste from the sql*plus of session of yours which should show that you have given the privilege directly to this user and after that the command fails?
Aman....
Maybe you are looking for
-
Seek help on If - then - else structure.
I am not good at PL/SQL and need some advice on this stored procudure. This SP is usded to refresh materialized views. In the first block, check how many mvs in the user_mviews table and select it into v_2. IF v_2 = 25, go to 2nd block to run package
-
I would like to close one account and only use the other. D
-
Exposing the Image Filename in Bridge Full Screen Preview?
While in the "Full Screen Preview" if I enter "5" on the numeric keypad the filename and five stars appear in the lower-left hand portion of the screen. Is there any way to make the filename appear without entering a label value? (if the image was a
-
I was revisting my Entourage mailbox after many months of not using it, saw old messages, saw messages from my "mail" mailbox, (but don't remember how I set that up.) When I closed out of Entourage and went back to my "mail" mailbox all the messages
-
Read Xml file for Sender and Receiver Info
Hi Is it possible to customize B2B to read Sender/Receiver/Document Information from the xml file which is supposed to be transmitted? I do NOT the option to specify this information in channel configuration under file name since file name will not h