Shutdown insufficient privilege

Similar Messages

• ORA-01031: insufficient privileges for STARTUP/SHUTDOWN TRIGGERS

  Hi,
  I given these 2 privs to scott still i am getting ORA-01031
  GRANT administer DATABASE TRIGGER TO scott;
  grant create any trigger to scott;
  CREATE OR REPLACE TRIGGER shut_db before shutdown on database
  ERROR at line 1:
  ORA-01031: insufficient privileges
  anything i missed ?
  Thanks
  Prakash

  Hi,
  Can you try logout and login and try again?
  i have 10.2.0.1 and it worked for me
  As user SCOTT
  TEST10.UTAC.COM.SG$SCOTT> CREATE OR REPLACE TRIGGER shut_db before shutdown on database
    2  begin
    3  null;
    4  end;
    5  /
  CREATE OR REPLACE TRIGGER shut_db before shutdown on database
  ERROR at line 1:
  ORA-01031: insufficient privilegesOn another window with user SYS
  TEST10.UTAC.COM.SG$SYS> GRANT administer DATABASE TRIGGER TO scott;
  Grant succeeded.On the first window of SCOTT (did not logout and login)
  TEST10.UTAC.COM.SG$SCOTT> CREATE OR REPLACE TRIGGER shut_db before shutdown on database
    2  begin
    3  null;
    4  end;
    5  /
  Trigger created.Salman

• ORA-01031: insufficient privileges when connecting by SQL PLUS 8.0 with sys

  From client, I use SQL PLUS 8.0 to connect to server: sys/password@MYDB1 as sysdba
  The error always raises “ORA-01031: insufficient privileges”
  I have done:
  - Set: remote_login_passwordfile=exclusive in tnsname.ora file
  - Uncomment: SQLNET.AUTHENTICATION_SERVICES in “sqlnet.ora” file
  Also on this client:
  to use SQL PLUS 8.0 to connect to server: manager/password@MYDB1. To connect normally
  to use PLSQL Deverloper (it is the same oracle_home with SQL PLUS 8.0) to connect to database normally with user sys.
  To use Enterprise manager console (it is other oracle_home with SQL PLUS 8.0) to connect to database normally with user sys
  Please, help me to solve this trouble

  THIS IS CONTENT OF SQLNET.ora CLIENT
  # copyright (c) 1996 by the Oracle Corporation
  # NAME
  # sqlnet.ora
  # FUNCTION
  # Oracle Network Client startup parameter file example
  # NOTES
  # This file contains examples and instructions for defining all
  # Oracle Network Client parameters. It should be possible to read
  # this file and setup a Client by uncommenting parameter definitions
  # and substituting values. The comments should provide enough
  # explanation to enable a reasonable user to manage his TNS connections
  # without having to resort to 'real' documentation.
  # SECTIONS
  # ONames Client
  # Namesctl
  # Native Naming Adpaters
  # MODIFIED
  # skanjila 06/06/97 - Correct default for Automatic_IPC
  # eminer 05/15/97 - Add the relevant onrsd parameters.
  # asriniva 04/23/97 - Merge with version from doc
  # ggilchri 03/31/97 - mods
  # bvasudev 02/07/97 - Change sqlnet.authentication_services documentation
  # bvasudev 11/25/96 - Merge sqlnet.ora transport related parameters
  # asriniva 11/12/96 - Revise with new OSS parameters.
  # asriniva 11/05/96 - Add ANO parameters.
  # - ONames Client ----------------------------------------------------
  #names.default_domain = world
  #Syntax: domain-name
  #Default: NULL
  # Indicates the domain from which the client most often requests names. When
  # this parameter is set the default domain name (for example, US.ACME), the
  # domain name will be automatically appended to any unqualified name in an
  # ONAmes request (query, register, deregister, etc). Any name which contains
  # an unescaped dot ('.') will not have the default domain appended. Simple
  # names may be qualified with a trailing dot (for example 'rootserver.').
  #names.initial_retry_timeout = 30
  #Syntax: 1-600 seconds
  #Default: 15 (OSD)
  # Determines how long a client will wait for a response from a Names Server
  # before reiterating the request to the next server in the preferred_servers
  # list.
  #names.max_open_connections = 3
  #Syntax: 3-64
  #Default: ADDRS in preferred_servers
  # Determines how many connections an ONames client may have open at one time.
  # Clients will ordinarily keep connections to servers open once they are
  # established until the operation (or session in namesctl) is complete. A
  # connection will be opened whenever needed, and if the maximum would be
  # exceeded the least recently used connection will be closed.
  #names.message_pool_start_size = 10
  #Syntax: 3-256
  #Default: 10
  # Determines the initial number of messages allocated in the client's message
  # pool. This pool provides the client with pre-allocated messages to be used
  # for requests to ONames servers. Messages which are in the pool and unused
  # may be reused. If a message is needed and no free messages are available in
  # the pool more will be allocated.
  #names.preferred_servers = (address_list =
  # (address=(protocol=ipc)(key=n23))
  # (address=(protocol=tcp)(host=nineva)(port=1383))
  # (address=(protocol=tcp)(host=cicada)(port=1575))
  #Syntax: ADDR_LIST
  #Default: Well-Known (OSD)
  # Specifies a list of ONames servers in the client's region; requests will be
  # sent to each ADDRESS in the list until a response is recieved, or the list
  # (and number of retries) is exhausted.
  # Addresses of the following form specify that messages to the ONames server
  # should use Oracle Remote Operations (RPC):
  # (description =
  # (address=(protocol=tcp)(host=nineva)(port=1383))
  # (connect_data=(rpc=on))
  #names.request_retries = 2
  #Syntax: 1-5
  #Default: 1
  # Specifies the number of times the client should try each server in the list
  # of preferred_servers before allowing the operation to fail.
  #names.directory_path
  #Syntax: <adapter-name>
  #Default: TNSNAMES,ONAMES,HOSTNAME
  # Sets the (ordered) list of naming adaptors to use in resolving a name.
  # The default is as shown for 3.0.2 of sqlnet onwards. The default was
  # (TNSNAMES, ONAMES) before that. The value can be presented without
  # parentheses if only a single entry is being specified. The parameter is
  # recognized from version 2.3.2 of sqlnet onward. Acceptable values include:
  # TNSNAMES -- tnsnames.ora lookup
  # ONAMES -- Oracle Names
  # HOSTNAME -- use the hostname (or an alias of the hostname)
  # NIS -- NIS (also known as "yp")
  # CDS -- OSF DCE's Cell Directory Service
  # NDS -- Novell's Netware Directory Service
  # - Client Cache (ONRSD) ---------------------------------------------
  names.addresses = (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
  Syntax: ADDR
  Default: (ADDRESS=(PROTOCOL=IPC)(KEY=ONAMES))
  Address on which the client cache listens (is available to clients).
  Any valid TNS address is allowed. The default should be used if at
  all possible; clients have this entry hardwired as the first line
  of their server-list file (sdns.ora). If the address is set to a
  non-default value the client's preferred_servers parameter should
  be set to include the client-cache address first.
  names.authority_required = False
  Syntax: T/F
  Default: False
  Determines whether system querys (for the root etc) require Authoritative
  answers.
  names.auto_refresh_expire = 259200
  Syntax: Number of seconds, 60-1209600
  Default: 259200
  This is the amount of time (in seconds) the server will cache the addresses
  of servers listed in server-list file (sdns.ora). When this time expires the
  server will issue another query to the servers in those regions to refresh
  the data.
  names.auto_refresh_retry = 180
  Syntax: Number of seconds, 60-3600
  Default: sec.     180
  This set how often the server will retry when the auto_refresh query fails.
  names.cache_checkpoint_file = cache.ckp
  Syntax: filename
  Default: $ORACLE_HOME/network/names/ckpcch.ora
  Specifies the name of the operating system file to which the Names Server
  writes its foreign data cache.
  names.cache_checkpoint_interval = 7200
  Syntax: Number of seconds, 10-259200
  Default: 0 (off)
  Indicates the interval at which a Names Server writes a checkpoint of its
  data cache to the checkpoint file.
  names.default_forwarders=
  (FORWARDER_LIST=
  (FORWARDER=
  (NAME= rootserv1.world)
  (ADDRESS=(PROTOCOL=tcp)(PORT=42100)(HOST=roothost))))
  Syntax: Name-Value/address_list
  Default: NULL
  A list (in NV form) of the addresses of other servers which should be used to
  forward querys while in default_forwarder (slave) mode. NAME is the global
  names for the server to which forwards whould be directed, and ADDRESS is its
  address.
  names.default_forwarders_only = True
  Syntax: T/F
  Default: False
  When set to true this server will use the servers listed in default_forwarders
  to forward all operations which involve data in foreign regions. Otherwise it
  will use the servers defined in the server-list file (sdns.ora) in addition
  to any defined in the default_forwarders parameter.
  names.log_directory = /oracle/network/log
  Syntax: directory
  Default: $ORACLE_HOME/network/log
  Indicates the name of the directory where the log file for Names Server
  operational events are written.
  names.log_file = names.log
  Syntax: filename
  Default: names.log
  The name of the output file to which Names Server operational events are
  written.
  names.log_stats_interval = 3600
  Syntax: Number of seconds, 10-ub4max
  Default: sec.     0 (off)
  Specifies the number of seconds between statistical entries in log file.
  names.log_unique = False
  Syntax: T/F
  Default: False
  If set to true the server will guarantee that the log file will have a unique
  name which will not overwrite any existing files (note that log files are
  appended to, so log information will not be lost if log_unique is not true).
  names.max_open_connections = 10
  Syntax: 3-64
  Default: 10
  Specifies the number of connections that the Names Server can have open at any
  given time. The value is generated as the value 10 or the sum of one
  connection for listening, five for clients, plus one for each foreign domain
  defined in the local administrative region, whichever is greater. Any
  operation which requires the server to open a network connection will use
  an already open connection if it is available, or will open a connection
  if not. Higher settings will save time and cost network resources; lower
  settings save network resources, cost time.
  names.max_reforwards = 2
  Syntax: 1-15
  Default: 2
  The maximum number of times the server will attempt to forward a certain
  operation.
  names.message_pool_start_size = 24
  Syntax: 3-256
  Default: 10
  Determines the initial number of messages allocated in the server's message
  pool. This pool provides the server with pre-allocated messages to be used
  for incoming or outgoing messages (forwards). Messages which are in the pool
  and unused may be reused. If a message is needed and no free messages are
  available in the pool more will be allocated.
  names.no_modify_requests = False
  Syntax: T/F
  Default: False
  If set to true, the server will refuse any operations which modify the
  data in its region (it will still save foreign info in the cache which is
  returned from foreign querys).
  names.password = 625926683431AA55
  Syntax: encrypted string
  Default: NULL
  If set the server will require that the user provide a password in his
  namesctl session (either with sqlnet.ora:namesctl.server_password or 'set
  password') in order to do 'sensitive' operations, like stop, restart, reload.
  This parameter is generally set in encrypted form, so it can not be set
  manually.
  names.reset_stats_interval = 3600
  Syntax: 10-ub4max
  Default: 0 (off)
  Specifies the number of seconds during which the statistics collected by the
  Names Servers should accumulate. At the frequency specified, they are reset
  to zero. The default value of 0 means never reset statistics.
  names.trace_directory = /oracle/network/trace
  Syntax: directory
  Default: $ORACLE_HOME/network/trace
  Indicates the name of the directory to which trace files from a Names Server
  trace session are written.
  names.trace_file = names.trc
  Syntax: filename
  Default: names.trc
  Indicates the name of the output file from a Names Server trace session.
  names.trace_func # NA
  Syntax: T/F
  Default: False
  Internal mechanism to control tracing by function name.
  names.trace_level = ADMIN
  Syntax: T/F
  Default: False
  Syntax: {OFF,USER,ADMIN,0-16}
  Default: OFF (0)
  Indicates the level at which the Names Server is to be traced.
  Available Values:
       0 or OFF - No trace output
       4 or USER - User trace information
       10 or ADMIN - Administration trace information
       16 or SUPPORT - WorldWide Customer Support trace information
  names.trace_mask = (200,201,202,203,205,206,207)
  Syntax: list of numbers
  Default: NULL
  Internal mechanism to control trace behavior.
  names.trace_unique = True
  Syntax: T/F
  Default: False
  Indicates whether each trace file has a unique name, allowing multiple trace
  files to coexist. If the value is set to ON, a process identifier is appended
  to the name of each trace file generated.
  # - Namesctl ---------------------------------------------------------
  #namesctl.trace_directory = /oracle/network/trace
  #Syntax: directory
  #Default: $ON/trace
  # Indicates the name of the directory to which trace files from a namesctl
  # trace session are written.
  #namesctl.trace_file = namesctl.trc
  #Syntax: filename
  #Default: namesctl.trc
  # Indicates the name of the output file from a namesctl trace session.
  #namesctl.trace_func # NA
  #Syntax: word list
  #Default: NULL
  # Internal mechanism to control tracing by function name.
  #namesctl.trace_level = ADMIN
  #Syntax: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  # Indicates the level at which the namesctl is to be traced.
  # Available Values:
  #     0 or OFF - No trace output
  #     4 or USER - User trace information
  #     10 or ADMIN - Administration trace information
  #     16 or SUPPORT - WorldWide Customer Support trace information
  #namesctl.trace_mask # NA
  #Syntax: number list
  #Default: NULL
  # Internal mechanism to control trace behavior.
  #namesctl.trace_unique = True
  #Syntax: T/F
  #Default: False
  # Indicates whether each trace file has a unique name, allowing multiple trace
  # files to coexist. If the value is set to ON, a process identifier is appended
  # to the name of each trace file generated.
  #namesctl.no_initial_server = False
  #Syntax: T/F
  #Default: False
  # If set to TRUE namesctl will suppress any error messages when namesctl is
  # unable to connect to a default names server.
  #namesctl.internal_use = True
  #Syntax: T/F
  #Default: False
  # If set to true namesctl will enable a set of internal undocumented commands.
  # All internal commands are preceded by an underscore ('_') in order to
  # distinguish them as internal. Without going into details, the commands
  # enabled are:
  # adddata createname deletename
  # fullstatus ireplacedata newttlname
  # pause                 remove_data renamename
  # replacedata start                 walk*
  # There are also a set of names server variables which may be set when
  # namesctl is in internal mode:
  # authorityrequired autorefresh*
  # cachecheckpoint_interval cachedump
  # defaultautorefresh_expire defaultautorefresh_retry
  # defaultforwarders_only forwardingdesired
  # maxreforwards modifyops_enabled
  # nextcache_checkpoint nextcache_flush
  # nextstat_log nextstat_reset
  # reload                         request_delay
  # restart                        shutdown
  #namesctl.noconfirm = True
  #Syntax: T/F
  #Default: False
  # When set to TRUE namesctl will suppress the confirmation prompt when
  # sensitive operations (stop, restart, reload) are requested. This is
  # quite helpful when using namesctl scripts.
  #namesctl.server_password = mangler
  #Syntax: string
  #Default: NULL
  # Automatically sets the password for the names server in order to perform
  # sensitive operations (stop, restart, reload). The password may also be
  # set manually during a namesctl session using 'set password'.
  #namesctl.internal_encrypt_password = False
  #Syntax: T/F
  #Default: True
  # When set to TRUE namesctl will not encrypt the password when it is sent to
  # the names server. This would enable an unencrypted password to be set in
  # names.ora:names.server_password
  # - Native Naming Adpaters -------------------------------------------
  #names.dce.prefix = /.:/subsys/oracle/names
  #Syntax: DCE cell name
  #Default: /.:/subsys/oracle/names
  #Specifies the DCE cell (prefix) to use for name lookup.
  #names.nds.name_context = personnel.acme
  #Syntax: NDS name
  #Default: (OSD?)
  # Specifies the default NDS name context in which to look for the name to
  # be resolved.
  #names.nis.meta_map # NA
  # Syntax: filename
  # Default: sqlnet.maps
  # Specifies the file to be used to map NIS attributes to an NIS mapname.
  # Currently unused.
  # - Advanced Networking Option Authentication Adapters ----------------
  #sqlnet.authentication_services
  # Syntax: A single value or a list from {beq, none, all, kerberos5,
  #       cybersafe, securid, identitx}
  # Default: NONE
  # Enables one or more authentication services. To enable
  # authentication via the Oracle Security Server, use (beq, oss). If
  # the Advanced Networking Option has been installed with Kerberos5
  # support, using (beq, kerberos5) would enable authentication via
  # Kerberos.
  sqlnet.authentication_services=(beq, oss)
  ## Parmeters used with Kerberos adapter.
  #sqlnet.kerberos5_cc_name
  # Syntax: Any valid pathname.
  # Default: /tmp/krb5cc_<uid>
  # The Kerberos credential cache pathname.
  #sqlnet.kerberos5_cc_name=/tmp/mycc
  #sqlnet.kerberos5_clockskew
  # Syntax: Any positive integer.
  # Default: 300
  # The acceptable difference in the number of seconds between when a
  # credential was sent and when it was received.
  #sqlnet.kerberos5_clockskew=600
  #sqlnet.kerberos5_conf
  # Syntax: Any valid pathname.
  # Default: /krb5/krb.conf
  # The Kerberos configuration pathname.
  #sqlnet.kerberos5_conf=/tmp/mykrb.conf
  #sqlnet.kerberos5_realms
  # Syntax: Any valid pathname
  # Default: /krb5/krb.realms
  # The Kerberos host name to realm translation file.
  #sqlnet.kerberos5_realms=/tmp/mykrb.realms
  #sqlnet.kerberos5_keytab
  # Syntax: Any valid pathname.
  # Default: /etc/v5srvtab
  # The Kerberos secret key file.
  #sqlnet.kerberos5_keytab=/tmp/myv5srvtab
  #sqlnet.authentication_kerberos5_service
  # Syntax: Any string.
  # Default: A default is not provided.
  # The Kerberos service name.
  #sqlnet.authentication_kerberos5_service=acme
  ## Parmeters used with CyberSAFE adapter.
  #sqlnet.authentication_gssapi_service
  # Syntax: A correctly formatted service principal string.
  # Default: A default is not provided.
  # The CyberSAFE service principal
  #sqlnet.authentication_gssapi_service=acme/[email protected]
  ## Parmeters used with Identix adapter.
  #sqlnet.identix_fingerprint_method
  # Syntax: Must be oracle.
  # Default: A default is not provided.
  # The Identix authentication server method
  #sqlnet.identix_fingerprint_method=oracle
  #sqlnet.identix_fingerprint_database
  # Syntax: Any string.
  # Default: A default is not provided.
  # The Identix authentication server TNS alias
  #sqlnet.identix_fingerprint_database=ofm
  #sqlnet.identix_fingerprint_database_user
  # Syntax: Any string
  # Default: A default is not provided.
  # The Identix authentication service well known username.
  #sqlnet.identix_fingerprint_database_user=ofm_client
  #sqlnet.identix_fingerprint_database_password
  # Syntax: Any string
  # Default: A default is not provided.
  # The Identix authentication service well known password.
  #sqlnet.identix_fingerprint_database_password=ofm_client
  # - Advanced Networking Option Network Security -------------------------
  #sqlnet.crypto_checksum_client
  #sqlnet.crypto_checksum_server
  #sqlnet.encryption_client
  #sqlnet.encryption_server
  # These four parameters are used to specify whether a service (e.g.
  # crypto-checksumming or encryption) should be active:
  # Each of the above parameters defaults to ACCEPTED.
  # Each of the above parameters can have one of four possible values:
  # value          meaning
  # ACCEPTED     The service will be active if the other side of the
  #          connection specifies "REQUESTED" or REQUIRED" and
  #          there is a compatible algorithm available on the other
  #          side; it will be inactive otherwise.
  # REJECTED     The service must not be active, and the connection
  #          will fail if the other side specifies "REQUIRED".
  # REQUESTED     The service will be active if the other side specifies
  #          "ACCEPTED", "REQUESTED", or "REQUIRED" and there is a
  #          compatible algorithm available on the other side; it
  #          will be inactive otherwise.
  # REQUIRED     The service must be active, and the connection will
  #          fail if the other side specifies "REJECTED" or if there
  #          is no compatible algorithm on the other side.
  #sqlnet.crypto_checksum_types_client
  #sqlnet.crypto_checksum_types_server
  #sqlnet.encryption_types_client
  #sqlnet.encryption_types_server
  # These parameters control which algorithms will be made available for
  # each service on each end of a connection:
  # The value of each of these parameters can be either a parenthesized
  # list of algorithm names separated by commas or a single algorithm
  # name.
  # Encryption types can be: RC4_40, RC4_56, RC4_128, DES, DES40
  # Encryption defaults to all the algorithms.
  # Crypto checksum types can be: MD5
  # Crypto checksum defaults to MD5.
  #sqlnet.crypto_seed ="4fhfguweotcadsfdsafjkdsfqp5f201p45mxskdlfdasf"
  #sqlnet.crypto_checksum_server = required
  #sqlnet.encryption_server = required
  # - Oracle Security Server ---------------------------------------------
  #oss.source.my_wallet
  # Syntax: A properly formatted NLNV list.
  # Default: Platform specific. Unix: $HOME/oracle/oss
  # The method for retrieving and storing my identity.
  #oss.source.my_wallet
  # =(source
  # =(method=file)
  # (method_data=/dve/asriniva/oss/wallet)
  #oss.source.location
  # Syntax: A properly formatted NLNV list.
  # Default: Oracle method, oracle_security_service/oracle_security_service@oss
  # The method for retrieving encrypted private keys.
  #oss.source.location
  # =(source
  # =(method=oracle)
  # (method_data=
  # (sqlnet_address=andreoss)
  # - Sqlnet(v2.x) and Net3.0 Client ------------------------------------------
  # In the following descriptions, the term "client program" could mean
  # either sqlplus, svrmgrl or any other OCI programs written by users
  #trace_level_client = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the client program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  #     4 or USER - User trace information
  #      10 or ADMIN - Administration trace information
  #     16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #trace_directory_client = /oracle/network/trace
  #Possible values: Any valid directory path with write permission
  #Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
  # site)
  #Purpose: Indicates the name of the directory to which trace files from
  # the client execution are written.
  #Supported since: v2.0
  #trace_file_client = /oracle/network/trace/cli.trc
  #Possible values: Any valid file name
  #Default:     $ORACLE_HOME/network/trace/cli.trc ($ORACLE_HOME =
  #          /oracle at customer site)
  #Purpose: Indicates the name of the file to which the execution trace
  # of the client is written to.
  #Supported since: v2.0
  #trace_unique_client = ON
  #Possible values: {ON, OFF}
  #Default: OFF
  #Purpose: Used to make each client trace file have a unique name to
  #     prevent each trace file from being overwritten by successive
  #     runs of the client program
  #Supported since: v2.0
  #log_directory_client = /oracle/network/log
  #Possible values: Any valid directory pathname
  #Default: $ORACLE_HOME/network/log ($ORACLE_HOME = /oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which the client log file
  #     is written to.
  #Supported since: v2.0
  #log_file_client = /oracle/network/log/sqlnet.log
  #Possible values: This is a default value, u cannot change this
  #Default: $ORACLE_HOME/network/log/sqlnet.log ($ORACLE_HOME=/oracle in
  # customer site)
  #Purpose: Indicates the name of the log file from a client program
  #Supported since: v2.0
  #log_directory_server = /oracle/network/trace
  #Possible values: Any valid diretcory path with write permission
  #Default: $ORACLE_HOME/network/trace ( $ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which log files from the
  #      server are written
  #Supported since: v2.0
  #trace_directory_server = /oracle/network/trace
  #Possible values: Any valid directory path with write permission
  #Default: $ORACLE_HOME/network_trace ( $ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the name of the directory to which trace files from
  # the server are written
  #Supported since: v2.0
  #trace_file_server = /orace/network/trace/svr_<pid>.trc
  #Possible values: Any valid filename
  #Default: $ORACLE_HOME/network/trace/svr_<pid>.trc where <pid? stands for
  # the process id of the server on UNIX systems
  #Purpose: Indicates the name of the file to which the execution trace of
  # the server program is written to.
  #Supported since: v2.0
  #trace_level_server = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the server program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  # 4 or USER - User trace information
  # 10 or ADMIN - Administration trace information
  # 16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #use_dedicated_server = ON
  #Possible values: {OFF,ON}
  #Default:      OFF
  #Purpose: Forces the listener to spawn a dedicated server process for
  #     sessions from this client program.
  #Supported since: v2.0
  #use_cman = TRUE
  #Possible values: {TRUE, FALSE}
  #Default:     FALSE
  #Purpose:
  #Supported since: v3.0
  #tnsping.trace_directory = /oracle/network/trace
  #Possible values: Any valid directory pathname
  #Default: $ORACLE_HOME/network/trace ($ORACLE_HOME=/oracle at customer
  #     site)
  #Purpose: Indicates the directory to which the execution trace from
  #     the tnsping program is to be written to.
  #Supported since: v2.0
  #tnsping.trace_level = ADMIN
  #Possible values: {OFF,USER,ADMIN,0-16}
  #Default: OFF (0)
  #Purpose: Indicates the level at which the server program
  # is to be traced.
  # Available Values:
  # 0 or OFF - No Trace output
  # 4 or USER - User trace information
  # 10 or ADMIN - Administration trace information
  # 16 or SUPPORT - Worldwide Customer Support trace information
  #Supported since: v2.0
  #sqlnet.expire_time = 10
  #Possible values: 0-any valid positive integer! (in minutes)
  #Default: 0 minutes
  #Recommended value: 10 minutes
  #Purpose: Indicates the time interval to send a probe to verify the
  #     client session is alive (this is used to reclaim watseful
  #     resources on a dead client)
  #Supported since: v2.1
  #sqlnet.client_registration = <unique_id>
  #Possible values:
  #Default: OFF
  #Purpose: Sets a unique identifier for the client machine. This
  #     identifier is then passed to the listener with any connection
  #     request and will be included in the Audit Trail. The identifier
  #     can be any alphanumeric string up to 128 characters long.
  #Supported since: v2.3.2
  #bequeath_detach = YES
  #Possible values: {YES,NO}
  #Default: NO
  #Purpose: Turns off signal handling on UNIX systems. If signal handling
  #     were not turned off and if client programs written by users make
  #     use of signal handling they could interfere with Sqlnet/Net3.
  #Supported since: v2.3.3
  #automatic_ipc = OFF
  #Possible values: {ON,OFF}
  #Default: OFF
  #Purpose: Force a session to use or not to use IPC addresses on the
  #     client's node.
  #Supported since: v2.0
  #disable_oob = ON
  #Possible values: {ON,OFF}
  #Default: OFF
  #Purpose: If the underlying transport protocol (TCP, DECnet,...) does
  # not support Out-of-band breaks, then disable out-of-band
  #     breaks
  #Supported since: v2.0
  #

• ORA-01031: insufficient privileges during 8i to 9i upgrade

  Hello,
  I am following the Oracle 9i upgrade checklist Doc ID: 159657.1 to upgrade from 8.1.7.3 to 9.2.0.4.
  In step 31, after setting the environment to new ORACLE_HOME, I am trying to start the 9.2.0.4 instance in migrate mode. This is the sequence of errors that I get.
  Any help is greatly appreciated.
  Thanks,
  Rao
  oracle>sqlplus /nolog
  SQL*Plus: Release 9.2.0.4.0 - Production on Mon Aug 25 09:55:29 2003
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  SQL> connect / as sysdba;
  Connected to an idle instance.
  SQL> shutdown immediate
  ORA-24324: service handle not initialized
  ORA-24323: value not allowed
  ORA-01092: ORACLE instance terminated. Disconnection forced
  SQL> startup migrate
  ORA-01031: insufficient privileges
  SQL> quit
  Disconnected
  oracle>

  You dont have enough privilege cause you were disconnected from the previous command you enter :
  ORA-24324: service handle not initialized
  ORA-24323: value not allowed
  ORA-01092: ORACLE instance terminated. Disconnection forced <= you are no longer logged here
  Your problem is the ORA-24324, not a privilege problem.
  Fred

• ORA-01031: insufficient privileges (Oracle 8.1.7.0)

  Hi,
  We are in the process of creating the test database (8.1.7.0) server on the new server machine having WINDOWS OS.
  I have installed oracle software and created the default database along with setup and thus created the TEST database.
  Listner is also working and also got connected to database server by login using "SYS@TEST as SYSDBA" user
  But now, when i try to shutdown / startup the database it show the following error :
  ORA-01031: insufficient privileges
  Though i have logged in as sysdba, it is not allowing to do so.
  Also checked the ROLES and PRIVILEGES for SYS and SYSTEM users.
  Both users are having all the default roles and privileges that have been given automatically during database creation.
  where is mistake done ???
  With Regards

  Hi,
  please check:
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  # sqlnet.ora Network Configuration File: E:\oracle\product\10.2.0\db_1\network\admin\sqlnet.ora
  # Generated by Oracle configuration tools.
  # This file is actually generated by netca. But if customers choose to
  # install "Software Only", this file wont exist and without the native
  # authentication, they will not be able to connect to the database on NT.
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  sqlnet.expire_time=2

• ORA-01031: insufficient privileges when loggin in as sqlplus "/ as sysdba"

  I have recently got a brand new Solaris Box. Have restored the ORacle Home from a live server.
  then gone to restore a database from Tape.
  All done fine.
  However I cannot seem to login as
  $>sqlplus "/ as sysdba"
  I can only seem to login as
  $>sqlplus /nolog
  then
  SQL>connect sys/password as sysdba
  I have shut the Database down and recreated the password file
  orapwd file=$ORACLE_HOME/dbs/orapwFMZ password=passowrd entries=50
  Tried again but the same response... a spool of which is below.
  $ sqlplus "/ as sysdba"
  SQL*Plus: Release 9.2.0.8.0 - Production on Thu Apr 5 09:49:23 2012
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  ERROR:
  ORA-01031: insufficient privileges
  Enter user-name: ^C^X^Z
  SQL> connect / as sysdba
  ERROR:
  ORA-01031: insufficient privileges
  $ sqlplus /nolog
  SQL*Plus: Release 9.2.0.8.0 - Production on Thu Apr 5 09:49:36 2012
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  SQL> connect sys/password as sysdba
  Connected to an idle instance.
  SQL> startup
  ORACLE instance started.
  Total System Global Area 68386816 bytes
  Fixed Size 729088 bytes
  Variable Size 54525952 bytes
  Database Buffers 12582912 bytes
  Redo Buffers 548864 bytes
  Database mounted.
  Database opened.
  SQL> shutdown immediate
  Database closed.
  Database dismounted.
  ORACLE instance shut down.
  I have inlcuded a list of parameters below FYI
  SQL> show parameter remote
  NAME TYPE VALUE
  remote_archive_enable string true
  remote_dependencies_mode string TIMESTAMP
  remote_listener string
  remote_login_passwordfile string SHARED
  remote_os_authent boolean TRUE
  remote_os_roles boolean FALSE
  Please can someone help.
  Best Regards,
  M
  Edited by: user5856470 on Apr 5, 2012 2:11 AM

  I have tried what has been suggested but with no result
  SQL> alter system set remote_login_passwordfile=exclusive scope=spfile;
  SQL> show parameter remote_log
  NAME TYPE VALUE
  remote_login_passwordfile string EXCLUSIVE
  SQLNET.AUTHENTICATION_SERVICES = (ALL)
  NAMES.DIRECTORY_PATH= (TNSNAMES)
  Bounced the database but no result...
  $ sqlplus "/ as sysdba"
  SQL*Plus: Release 9.2.0.8.0 - Production on Tue Apr 10 15:54:37 2012
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  ERROR:
  ORA-01031: insufficient privileges
  I have reset the parameters back to original. As this is the parameters in the source database system which is working with sqlplus "/ as sysdba"
  As you can see, I can log in as below but not with remote authentication....
  $ sqlplus
  SQL*Plus: Release 9.2.0.8.0 - Production on Tue Apr 10 15:54:42 2012
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  Enter user-name: sys/password as sysdba
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.8.0 - 64bit Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.8.0 - Production
  SQL> shutdown immediate
  Database closed.
  Database dismounted.
  ORACLE instance shut down.
  FYI.
  I did delete the password file and recreated it as well. But cannot still connect as sqlplus "/ as sysdba"
  Any Ideas???

• Insufficient privileges after creating new files

  I have a PowerBook G4 that I sometimes start-up off an external Firewire drive. The Internal HD is locked-down admin-wise as it's a company laptop but sometimes I need to run my own apps that aren't on the internal HD (i.e. Photo Rescue, Aperture, etc).
  When I work on/create a jpeg image while running Photoshop (start-up and PS running off the external FWHD) I save the image onto the PowerBook internal HD inside the Shared Folder.
  Later when I boot-up the laptop via the Internal HD I can open these jpeg files but cannot modify them due to Insufficient privileges. I have to make sure I run iRepair to set to privileges on that particular directory before I shutdown off the FW drive.
  Is there some way I can default the Leopard Start-Up on the external FW drive so that when I save a file to the internal HD the privileges are wide open? It's a pain to remember to fix the directories with iRepair before I shutdown. I have run Repair Permissions via the FW drive but that hasn't helped anything.

  Create a disk image in the Shared folder using rhe Disk Utility, select the mounted image in the Finder, choose to ignore permissions from the Get Info window under the File menu, and change the permissions on the image file so that all accounts can write to it. Save the JPEGs to the mounted image.
  (31781)

• Help! ORA-01031: insufficient privileges during "startup migrate" 8i to 9i

  Hello there,
  I am following the Oracle 9i upgrade checklist Doc ID: 159657.1 to upgrade from 8.1.7.3 to 9.2.0.4.
  In step 31, after setting the environment to new ORACLE_HOME, I am trying to start the 9.2.0.4 instance in migrate mode. This is the sequence of errors that I get.
  Any help is greatly appreciated.
  Thanks,
  Rao
  oracle>sqlplus /nolog
  SQL*Plus: Release 9.2.0.4.0 - Production on Mon Aug 25 09:55:29 2003
  Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
  SQL> connect / as sysdba;
  Connected to an idle instance.
  SQL> shutdown immediate
  ORA-24324: service handle not initialized
  ORA-24323: value not allowed
  ORA-01092: ORACLE instance terminated. Disconnection forced
  SQL> startup migrate
  ORA-01031: insufficient privileges
  SQL> quit
  Disconnected
  oracle>

  bash-2.03$ env | sort
  HOME=/home/oraclei
  HOSTNAME=orafinprdrodb01
  HOSTTYPE=sparc
  HZ=
  LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7/lib:/usr/dt/lib:/usr/openwin/lib
  LOGNAME=oraclei
  MACHTYPE=sparc-sun-solaris
  MAIL=/var/mail/oraclei
  NLS_DATE_FORMAT=DD-MON-RR
  NLS_LANG=American_America.UTF8
  NLS_NUMERIC_CHARACTERS=.,
  NLS_SORT=binary
  OLDPWD=/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7/rdbms
  ORACLE_HOME=/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7
  ORACLE_SID=PRODI
  OSTYPE=solaris
  PATH=/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7/bin:/usr/ccs/bin:/usr/sbin:/usr/bin:
  PWD=/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7/rdbms/lib
  SHELL=/bin/sh
  SHLVL=1
  TERM=xterm
  TNS_ADMIN=/ysm_finapps_legacy/ysm_data/d00/app/oraclei/prodidb/8.1.7/network/admin
  TZ=US/Pacific
  _=/usr/bin/env

• Scheduled Batch jobs error : ora-01031 insufficient privileges

  I have created a batch job that runs my database backups on a windows 2000 server. This job works perfect from the command line with the following syntax:
  coldbackup.bat PROD
  I have tried to schedule this backup to run every evening as follows:
  at 01:00 /every:M,T,W,Th,F,S C:\coldbackup.bat PROD
  The batch job does run every morning but generates an error when trying to shutdown the database. The error is ora-01031 insufficient privileges and seems to be related to the 'connect / as sysdba' command. The job has been scheduled using the local 'Administrator' user, which have been added to the ORA_DBA group.
  I have thought of one solution and that entails hard-coding the username and password into the script, but that creates a security risk.
  Can someone explain this behaviour and possible provide a good solution.
  Thank you

  Solution: Yes, I have found the solution to my problem.
  I was trying to schedule the batch job from the command line and in doing so the job was running in a 'system' user.
  When I scheduled the job from the control panel --> schedule tasks I was able to enter the 'run as' username and password.

• ORA-1031 Insufficient Privilege on RHEL5 / EBS12.1 Single Node Installation

  Hi,
  I am new to EBS
  I installed EBS R 12.1 for testing purpose on RHEL5,
  i made one user oracle which owns the file system + db under group oinstall, it has been granted privilages on file system. e
  Everything is working fine except one.
  Whenever i try to connect as sys as sysdba or / as sysdba or sys/oracle@VIS as sysdba, i m getting ORA-1031 insufficient privilage error, i can connect locally using system/oracle, but when i try to shutdown database again i recieve same ORA-1031 ERROR.
  My problem is that i don't have metalink account so i cannot access documents regarding this issue, can anybody help me here,
  I cannot access Note: 730067.1 - Troubleshooting ORA-1031 Insufficient Privilege because i don't have metalink account.
  If anyone can help me here or can give me any other link so i can download this doc.....
  regards,
  Farhat

  Hi,
  Whenever i try to connect as sys as sysdba or / as sysdba or sys/oracle@VIS as sysdba, i m getting ORA-1031 insufficient privilage error, i can connect locally using system/oracle, but when i try to shutdown database again i recieve same ORA-1031 ERROR.Do you source the database env file before connect to SQL*Plus as sysdba user?
  Also, make sure that the dba group is the primary group of oracle user.
  My problem is that i don't have metalink account so i cannot access documents regarding this issue, can anybody help me here,
  I cannot access Note: 730067.1 - Troubleshooting ORA-1031 Insufficient Privilege because i don't have metalink account.
  If anyone can help me here or can give me any other link so i can download this doc.....There is no other link available, and posting the contents on MOS/Metalink docs violates Oracle support agreement policy.
  Thanks,
  Hussein

• Noob. Command Line says "insufficient privileges". wont STARTUP

  Hi,
  I am new to SQL and have installed Oracle Database 10g Express Edition. OracleXE.exe.
  When I try to use the Command Line via the start menu, I enter STARTUP and it says "insufficient privileges"
  Logging in via the GUI works fine, I have created tables and added data to them, but I wish to use the command line.
  Many thanks for any advice.
  Thanks.
  Message was edited by:
  Swerve

  SQL> conn <username>/<password>to connect as normal user, or
  SQL> conn / as sysdbafor admin operations, like startup and shutdown.
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14357/ch12015.htm#i2697450

• Getting Insufficient Privileges Error while running Pages in Jdeveloper

  Hi,
  When I am running my pages in JDeveloper, I am getting the Error:
  "You have insufficient privileges for the current operation." and the Application login page is being shown.
  Looking at the log window, I see that the system expects my page to be shown correctly. However the login screen gets displayed.
  I suspected that my login/password is incorrect in Jdeveloper Project settings. But I tried that. It is finw. Any suggestions as to what the problem might be would be great.
  Please find excerpts from the Jdev log window:
  [328] Connected to Oracle JBO Server - Version: 9.0.3.13.88
  [329] Loading from /lalith/oracle/apps/xxtmg/graph/server/server.xml file
  [330] Loading from indvidual XML files
  [331] Loading the Containees for the Package 'lalith.oracle.apps.xxtmg.graph.server.server'.
  [332] Loading from /lalith/oracle/apps/xxtmg/graph/server/GraphAM.xml file
  [333] Created root application module: 'lalith.oracle.apps.xxtmg.graph.server.GraphAM'
  [334] Locale is: 'en_US'
  [335] DefaultConnectionStrategy is establishing an application module connection
  [336] mUsePersColl is false
  [337] ViewObjectImpl.mDefaultMaxRowsPerNode is 70
  [338] ViewObjectImpl.mDefaultMaxActiveNodes is 30
  [339] Oracle SQLBuilder: Registered driver: oracle.jdbc.driver.OracleDriver
  [340] Successfully logged in
  [341] JDBCDriverVersion: 9.2.0.5.0
  [342] DatabaseProductName: Oracle
  [343] DatabaseProductVersion: Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production With the Partitioning, OLAP and Data Mining options
  [344] Root application module, lalith.oracle.apps.xxtmg.graph.server.GraphAM, was created at 2007-01-02 14:08:08.391
  [345] setConnectionReleaseLevel - Set connection release level to 0
  [346] OAApplicationPoolImpl.setConnectionReleaseLevel was called with isReleased = false, isReserved = false
  [347] setConnectionReleaseLevel - Set connection release level to 0
  [348]
  <ICX_SessionValues_Diagnostics - ICX Cookie = m6BVBr6qeAiK1S9ptOKjFou1:S>: WebRequestUtil.validateContext is called.
  [349]
  <ICX_SessionValues_Diagnostics - ICX Cookie = m6BVBr6qeAiK1S9ptOKjFou1:S>: WebRequestUtil.validateContext returned status = VALID.
  ICX Session Values after WebRequestUtil.validateContext:
  ============================================================
  <ICX_SessionValues_Diagnostics - ICX Cookie = m6BVBr6qeAiK1S9ptOKjFou1:S>:
  Current ICX Session (Oracle Applications User Session) Values:
  1. User ID (DB, ICX_SESSIONS) = 6
  2. Responsibility ID (DB, ICX_SESSIONS) = -1
  3. Responsibility Application ID (DB, ICX_SESSIONS) = -1
  4. Org ID (DB, ICX_SESSIONS) = 132
  5. Org ID (DB, CLIENT_INFO) = 132
  6. Org ID (ProfileStore.getProfile) = 132
  7. Org ID (ProfileStore.getSpecificProfile with new ICX_SESSIONS values) = 132
  8. Employee ID (DB, FND_GLOBAL.EMPLOYEE_ID) = -1
  9. Employee ID (AppsContext.getFNDGlobal) = -1
  10. Function ID (DB, ICX_SESSIONS) = -1
  11. Security Group ID (DB, ICX_SESSIONS) = -1
  ===========================================================
  [350] New Language Code = null
  [351] Current Language Code = US
  [352] ViewDefImpl_1_2>#q computed SQLStmtBufLen: 64, actual=24, storing=54
  [353] select sysdate from dual
  [354] **********oracle.jdbc.driver.OraclePreparedStatement@11abd68
  [355] Column count: 1
  [356] Column count: 1
  [357] ViewObject : Created new QUERY statement
  [358] ViewDefImpl_1_2>#q old SQLStmtBufLen: 54, actual=24, storing=54
  [359] select sysdate from dual
  [360] ViewObject close prepared statements...
  [361] Loading from /oracle/apps/ak/region/server/server.xml file
  [362] Loading from indvidual XML files
  [363] Loading the Containees for the Package 'oracle.apps.ak.region.server.server'.
  [364] Loading from /oracle/apps/ak/region/server/AkAmParameterRegistryVO.xml file
  [365] ViewDef: oracle.apps.ak.region.server.AkAmParameterRegistryVO using glue class
  [366] Column count: 2
  [367] ViewObject : Created new QUERY statement
  [368] AkAmParameterRegistryVO>#q computed SQLStmtBufLen: 140, actual=100, storing=130
  [369] select PARAM_NAME, PARAM_SOURCE
  from AK_AM_PARAMETER_REGISTRY
  where APPLICATIONMODULE_DEFN_NAME = :1
  [370] Binding param 1: lalith.oracle.apps.xxtmg.graph.server.GraphAM
  [371] OAApplicationPoolImpl.setConnectionReleaseLevel was called with isReleased = true, isReserved = true
  JRAD_PERF : /lalith/oracle/apps/xxtmg/graphs/webui/GraphPG - processRequest : 1313ms
  We have recently migrated our 9i database to 10G database. Is it something related to that?
  Thanks

  Check whether the following thread helps.
  Re: Error: You have insufficient privileges for the current Operation.

• ORA-01031: insufficient privileges in PL/SQL but not in SQL

  I have problem with following situation.
  I switched current schema to another one "ban", and selected 4 rows from "ed"
  alter session set current_schema=ban;
  SELECT * FROM ed.PS WHERE ROWNUM < 5;
  the output is OK, and I get 4 rows like
  ID_S ID_Z
  1000152 1
  1000153 1
  1000154 1
  1000155 1
  but following procedure is compiled with warning
  create or replace
  procedure proc1
  as
  rowcnt int;
  begin
  select count(*) into rowcnt from ed.PS where rownum < 5;
  end;
  "Create procedure, executed in 0.031 sec."
  5,29,PL/SQL: ORA-01031: insufficient privileges
  5,2,PL/SQL: SQL Statement ignored
  ,,Total execution time 0.047 sec.
  Could you help me why SELECT does work in SQL but not in PL/SQL procedure?
  Thanks.
  Message was edited by:
  MattSk

  Privs granted via a role are only valid from SQL - and not from/within stored PL/SQL code.
  Quoting Tom's (from http://asktom.oracle.com) response to this:I did address this role thing in my book Expert one on one Oracle:
  <quote>
  What happens when we compile a Definer rights procedure
  When we compile the procedure into the database, a couple of things happen with regards to
  privileges.  We will list them here briefly and then go into more detail:
  q    All of the objects the procedure statically accesses (anything not accessed via dynamic SQL)
  are verified for existence. Names are resolved via the standard scoping rules as they apply to the
  definer of the procedure.
  q    All of the objects it accesses are verified to ensure that the required access mode will be
  available. That is, if an attempt to UPDATE T is made - Oracle will verify the definer or PUBLIC
  has the ability to UPDATE T without use of any ROLES.
  q    A dependency between this procedure and the referenced objects is setup and maintained. If
  this procedure SELECTS FROM T, then a dependency between T and this procedure is recorded
  If, for example, I have a procedure P that attempted to 'SELECT * FROM T', the compiler will first
  resolve T into a fully qualified referenced.  T is an ambiguous name in the database - there may be
  many T's to choose from. Oracle will follow its scoping rules to figure out what T really is, any
  synonyms will be resolved to their base objects and the schema name will be associated with the
  object as well. It does this name resolution using the rules for the currently logged in user (the
  definer). That is, it will look for an object owned by this user called T and use that first (this
  includes private synonyms), then it will look at public synonyms and try to find T and so on.
  Once it determines exactly what T refers to - Oracle will determine if the mode in which we are
  attempting to access T is permitted.   In this case, if we as the definer of the procedure either
  owns the object T or has been granted SELECT on T directly or PUBLIC was granted SELECT, the
  procedure will compile.  If we do not have access to an object called T by a direct grant - the
  procedure P will fail compilation.  So, when the object (the stored procedure that references T) is
  compiled into the database, Oracle will do these checks - and if they "pass", Oracle will compile
  the procedure, store the binary code for the procedure and set up a dependency between this
  procedure and this object T.  This dependency is used to invalidate the procedure later - in the
  event something happens to T that necessitates the stored procedures recompilation.  For example,
  if at a later date - we REVOKE SELECT ON T from the owner of this stored procedure - Oracle will
  mark all stored procedures this user has that are dependent on T, that refer to T, as INVALID. If
  we ALTER T ADD  some column, Oracle can invalidate all of the dependent procedures. This will cause
  them to be recompiled automatically upon their next execution.
  What is interesting to note is not only what is stored but what is not stored when we compile the
  object. Oracle does not store the exact privilege that was used to get access to T. We only know
  that procedure P is dependent on T. We do not know if the reason we were allowed to see T was due
  to:
  q    A grant given to the definer of the procedure (grant select on T to user)
  q    A grant to public on T (grant select on T to public)
  q    The user having the SELECT ANY TABLE privilege
  The reason it is interesting to note what is not stored is that a REVOKE of any of the above will
  cause the procedure P to become invalid. If all three privileges were in place when the procedure
  was compiled, a revoke of ANY of them will invalidate the procedure - forcing it to be recompiled
  before it is executed again. Since all three privileges were in place when we created the procedure
  - it will compile successfully (until we revoke all three that is). This recompilation will happen
  automatically the next time that the procedure is executed.
  Now that the procedure is compiled into the database and the dependencies are all setup, we can
  execute the procedure and be assured that it knows what T is and that T is accessible. If something
  happens to either the table T or to the set of base privileges available to the definer of this
  procedure that might affect our ability to access T -- our procedure will become invalid and will
  need to be recompiled.
  This leads into why ROLES are not enabled during the compilation and execution of a stored
  procedure in Definer rights mode. Oracle is not storing exactly WHY you are allowed to access T -
  only that you are. Any change to your privileges that might cause access to T to go away will cause
  the procedure to become invalid and necessitate its recompilation. Without roles - that means only
  'REVOKE SELECT ANY TABLE' or 'REVOKE SELECT ON T' from the Definer account or from PUBLIC. With
  roles - it greatly expands the number of times we would invalidate this procedure. If some role
  that was granted to some role that was granted to this user was modified, this procedure might go
  invalid, even if we did not rely on that privilege from that role. ROLES are designed to be very
  fluid when compared to GRANTS given to users as far as privilege sets go. For a minute, let's say
  that roles did give us privileges in stored objects. Now, most any time anything was revoked from
  ANY ROLE we had, or any role any role we have has (and so on -- roles can and are granted to roles)
  -- many of our objects would become invalid. Think about that, REVOKE some privilege from a ROLE
  and suddenly your entire database must be recompiled! Consider the impact of revoking some system
  privilege from a ROLE, it would be like doing that to PUBLIC is now, don't do it, just think about
  it (if you do revoke some powerful system privilege from PUBLIC, do it on a test database). If
  PUBLIC had been granted SELECT ANY TABLE, revoking that privilege would cause virtually every
  procedure in the database to go invalid. If procedures relied on roles, virtually every procedure
  in the database would constantly become invalid due to small changes in permissions. Since one of
  the major benefits of procedures is the 'compile once, run many' model - this would be disastrous
  for performance.
  Also consider that roles may be
  q    Non-default: If I have a non-default role and I enable it and I compile a procedure that
  relies on those privileges, when I log out I no longer have that role -- should my procedure become
  invalid -- why? Why not? I could easily argue both sides.
  q    Password Protected: if someone changes the password on a ROLE, should everything that might
  need that role be recompiled?  I might be granted that role but not knowing the new password - I
  can no longer enable it. Should the privileges still be available?  Why or Why not?  Again, arguing
  either side of this is easy. There are cases for and against each.
  The bottom line with respect to roles in procedures with Definer rights are:
  q    You have thousands or tens of thousands of end users. They don't create stored objects (they
  should not). We need roles to manage these people. Roles are designed for these people (end users).
  q    You have far fewer application schema's (things that hold stored objects). For these we want
  to be explicit as to exactly what privileges we need and why. In security terms this is called the
  concept of 'least privileges', you want to specifically say what privilege you need and why you
  need it. If you inherit lots of privileges from roles you cannot do that effectively. We can manage
  to be explicit since the number of development schemas is SMALL (but the number of end users is
  large)...
  q    Having the direct relationship between the definer and the procedure makes for a much more
  efficient database. We recompile objects only when we need to, not when we might need to. It is a
  large efficiency enhancement.
  </quote>

• ORA-01031: insufficient privileges and shared memory realm does not exist

  Hi all,
  I came to a dead end to start oracle 10.2 database. I have searched on google and this forum, none of these solutions work for me. PS, I have installed 11g on my machine too.
  I have set up ORACLE_SID,ORACLE_HOME to 10.2 database based on the tnsnames.ora.
  follow is error message：
  sqlplus sys as sysdba
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 3 02:09:54 2013
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Enter password:
  ERROR:
  ORA-01031: insufficient privileges
  sqlplus /nolog
  SQL*Plus: Release 10.2.0.1.0 - Production on Wed Apr 3 02:10:55 2013
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  SQL> conn / as sysdba
  ERROR:
  ORA-01031: insufficient privileges
  SQL> conn scott/tiger
  ERROR:
  ORA-01034: ORACLE not available
  ORA-27101: shared memory realm does not exist
  Linux-x86_64 Error: 2: No such file or directory
  First I thought the instance has been start yet, but since I can't login with sysdba. I don't know what other options.
  For 10.2, the tnsnames.ora
  ORA102 =
  +(DESCRIPTION =+
  +(ADDRESS = (PROTOCOL = TCP)(HOST =XXX)(PORT = 1523))+
  +(CONNECT_DATA =+
  +(SERVER = DEDICATED)+
  +(SERVICE_NAME = ora102)+
  +)+
  +)+
  LISTENER_ORA102 =
  +(ADDRESS = (PROTOCOL = TCP)(HOST =XXX)(PORT = 1523))+
  EXTPROC_CONNECTION_DATA =
  +(DESCRIPTION =+
  +(ADDRESS_LIST =+
  +(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))+
  +)+
  +(CONNECT_DATA =+
  +(SID = PLSExtProc)+
  +(PRESENTATION = RO)+
  +)+
  +)+
  listener.ora:
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /data/oracle/ora102)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC2))
  (ADDRESS = (PROTOCOL = TCP)(HOST =XXXXX)(PORT = 1523))
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  )

  try do this steps on server side:
  1) sqlplus sys as sysdba
  2) select open_mode from v$database;
  show result 2 step

• ORA-00604 error occured at recursive level1,ORA-20123 Insufficient privileges: you cannot drop table cls_lrn_tab_unique TABLE,ORA-06512

  Dear All,
       I created one table like
  create table cls_lrn_tab_unique (F_no number unique UK_F_NO );
  after performing some operations I want to delete the same.
  At that time i got following error. Please help me and tell what is the reason for the error.
  ORA-00604 error occured at recursive level1
  ORA-20123 Insufficient privileges: you cannot drop table cls_lrn_tab_unique TABLE,
  ORA-06512 at line no 2
  Thanks and Regards
  Prasad

  26bffcad-f9a2-4dcf-afa0-e1e33d0281bf wrote:
  Dear All,
       I created one table like
  create table cls_lrn_tab_unique (F_no number unique UK_F_NO );
  after performing some operations I want to delete the same.
  At that time i got following error. Please help me and tell what is the reason for the error.
  ORA-00604 error occured at recursive level1
  ORA-20123 Insufficient privileges: you cannot drop table cls_lrn_tab_unique TABLE,
  ORA-06512 at line no 2
  Thanks and Regards
  Prasad
  ORA-20123 is a localized/customized error code & message; therefore any solution depends upon what is unique inside your DB now.
  I suspect that some sort of TRIGGER exists, which throws posted error, but this is just idle speculation on my part.
  How do I ask a question on the forums?
  https://forums.oracle.com/message/9362002#9362002