Getting ORA-00990: missing or invalid privilege while running the below query on Oracle 11g r2 :
grant inherit any privileges to dbuser1;
Any suggestions on this.
Suggestion is to upgrade to at least 12c to use it. It doesn't exist in 11g, as far as I can tell.
This privilege is first documented in Oracle 12.1
INHERIT PRIVILEGES and INHERIT ANY PRIVILEGES Privileges
Before Oracle Database 12c, an IR unit always ran with the privileges of its invoker. If its invoker had higher privileges than its owner, then the IR unit might perform operations unintended by, or forbidden to, its owner.
As of Oracle Database 12c, an IR unit can run with the privileges of its invoker only if its owner has either the INHERIT PRIVILEGES privilege on the invoker or the INHERIT ANY PRIVILEGES privilege.
Related
I have a oracle 12c database .
I would like to grant sysdba to C##user1.
Here is user table.
When I execute this command I can get a error.
grant sysdba to c##user1 container=current
Error report -
SQL Error: ORA-65175: cannot grant SYSDBA privilege locally in the root
65175. 00000 - "cannot grant SYSDBA privilege locally in the root"
*Cause: An attempt was made to grant SYSDBA privilege locally in the root
of a multitenant container database (CDB).
*Action: While connected to the root, SYSDBA privilege can only be granted
commonly.
and when I execute this command , I can get 2 users of C##user1.
grant sysdba to c##user1 container=all
How can I grant sysdba to C##user1.
Thank you for viewing.
Pls help me.
Are you trying to grant sysdba to c##user1 at the Container or Root level? This is an important distinction within 12C, as the Container is logically separate from the rest of the CDB. The CON_ID column will tell you where each user resides - Con_ID=0 means that the row pertains to the entire CDB, whereas CON_ID=1 means that the row pertains to the root.
You currently have two "C##user1" users, one is a common user that is present in all containers (CON_ID=0,) and the other is a local user that is specific to the root.
You already have one "C##user1" user that has the SYSDBA privilege on the entire CDB, so if that's what you want, you can connect to the root and drop the local "C##user1" user. If you just wanted a local user with the SYSDBA privilege on that root only, I would recommend dropping the "C##user1" common user, then connecting to the root and granting sysdba to the local user there.
The article I linked to is titled "Overview of the Multitenant Architecture", I would suggest giving it a review before you make a decision either way.
under cdb connection try it
grant sysdba to c##user1 container=all
I have a AWS Oracle Database 12c Enterprise Edition Release DB,
I want to kill a session using the Master username.
set role dba;
alter user MY_MASTER_USER default role connect, dba;
But when I run alter system kill session '14,60599'; from MY_MASTER_USER user I got this error:
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to perform a database operation without
the necessary privileges.
*Action: Ask your database administrator or designated security
administrator to grant you the necessary privileges
A little googling gave me this:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.CommonDBATasks.System.html#Appendix.Oracle.CommonDBATasks.KillingSession
begin
rdsadmin.rdsadmin_util.kill(
sid => sid,
serial => serial_number);
end;
/
In sqlplus under normal schema account (not sys), query select * from v$instance; runs OK. But when create view which references it, error happens:
create or replace view vw_test_instance
as
select * from V$instance;
SQL Error: ORA-01031: insufficient privileges
If switch v$instance to any normal table like select * from dual;, then the view created with no problem.
Oracle version:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
"CORE 11.2.0.4.0 Production"
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
The back ground is I'm upgrading a database run on 10g to 11g, things used to work on 10g just broken on 11g... Can I fix it without touching source code of views? Appreciated!
This is related to user GRANTS.
1. GRANT SELECT ON V$INSTANCE TO <USER>; --> Will be provided by SYSDBA
2. Then try. It will definitley help.
This link will also help you to understand why this kind of behaviour occurs.
v$views Grant
"query select * from v$instance; runs OK. But when create view which references it, error happens:"
The error you get - SQL Error: ORA-01031: insufficient privileges - indicates that your user lacks the privileges to create a view.
" things used to work on 10g just broken on 11g"
Clearly on 10g privileges your user had privileges to create views and on 11g they do not.
The most likely explanation is that your user relies on the CONNECT role. In older versions of Oracle this role had several system privileges, including CREATE VIEW. This implicit granting of privileges was always dodgy. However, in 11g this changed and the role now only has CREATE SESSION. All other privileges must be granted explicitly. This is mentioned in the 11g Upgrade docs and explained in depth by the 11g Security Guide Find out more.
I have Oracle 11G SE1 on AWS RDS.
I'm trying to do :
CREATE RESTORE POINT RestorePointName GUARANTEE FLASHBACK DATABASE;
and I'm getting :
Error at Command Line:1 Column:1
Error report:
SQL Error: ORA-01031: insufficient privileges
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to change the current username or password
without the appropriate privilege. This error also occurs if
attempting to install a database without the necessary operating
system privileges.
When Trusted Oracle is configure in DBMS MAC, this error may occur
if the user was granted the necessary privilege at a higher label
than the current login.
*Action: Ask the database administrator to perform the operation or grant
the required privileges.
For Trusted Oracle users getting this error although granted the
the appropriate privilege at a higher label, ask the database
administrator to regrant the privilege at the appropriate label.
I'm logged in as the admin user.
One of our cutomer is running the scripts in oracle sql developer to upgrade his database table structure, procudere & triggers etc. But while running the script, he is getting ORA-00904: Invalid Identifier Error for DBMS_LOB.SUBSTR() and DBMS_LOB.GETLENGTH() in one procedure.
Can somebody tell why is happening so?
There are using Oracle Sql developer Version 3.1.07 Build MAIN-07.42 with Oracle 11g.
I imagine 3 possible reasons:
the user lacks execute privilege on sys.dbms_lob (although the
privilege is granted to PUBLIC by default)
there is no synonym dbms_lob for sys.dbms_lob in the database (although such public synonym should exist)
the schema, on which the customer works, contains some other package with the same name DBMS_LOB
Run this sql with sys to check whether your schema has privilege to execute DBMS_LOB.
select * from dba_tab_privs where table_name='DBMS_LOB';
By default, you should see PUBLIC in the grantees.
If not, you can run sql with sys.
grant execute on sys.DBMS_LOB to public;
or
grant execute on sys.DBMS_LOB to <your_schema_name>