What additional privilege am I missing?
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
SQL> create user myUser identified by password default tablespace theData temporary tablespace temp;
User created.
SQL> grant connect, resource to myUser;
Grant succeeded.
SQL> GRANT READ,WRITE ON DIRECTORY tmp TO myUser;
Grant succeeded.
SQL> GRANT CREATE JOB TO myUser;
Grant succeeded.
SQL> GRANT CREATE EXTERNAL JOB TO myUser;
Grant succeeded.
SQL> connect myUser/password
Connected.
SQL>
SQL>
1 CREATE PROCEDURE shellScript
2 AS
3 /*-----------------------*/
4 v_sql UTL_FILE.FILE_TYPE;
5 v_shell UTL_FILE.FILE_TYPE;
6 /*=======================*/
7 BEGIN
8 /*=======================*/
9 -- write the sql script to /tmp/myUser-tmp-script.sql
10 v_sql:= UTL_FILE.FOPEN('TMP','myUser-tmp-script.sql','w');
11 UTL_FILE.PUT_LINE(v_sql,'select to_char(sysdate,''YYYYMMDDHR24MISS'') from dual'||';', FALSE);
12 UTL_FILE.FFLUSH(v_sql);
13 UTL_FILE.FCLOSE(v_sql);
14 -- write the shell script to /tmp/myUser-tmp-script.sh
15 v_shell:= UTL_FILE.FOPEN('TMP','myUser-tmp-script.sh','w');
16 UTL_FILE.PUT_LINE(v_shell,'#!/bin/bash', FALSE);
17 UTL_FILE.PUT_LINE(v_shell,'sqlplus myUser/password#sbox #/tmp/myUser-tmp-script.sql > /tmp/myUser-tmp-script.err', FALSE);
18 UTL_FILE.FFLUSH(v_shell);
19 UTL_FILE.FCLOSE(v_shell);
20 -- execute the shell script which executes the sql script
21 DBMS_SCHEDULER.PURGE_LOG(JOB_NAME=>'myJob');
22 DBMS_SCHEDULER.CREATE_JOB(JOB_NAME=>'myJob', JOB_TYPE=>'EXECUTABLE', JOB_ACTION=>'/bin/bash', NUMBER_OF_ARGUMENTS=>1, START_DATE=>SYSTIMESTAMP, ENABLED=>FALSE);
23 DBMS_SCHEDULER.SET_JOB_ARGUMENT_VALUE('myJob', 1, '/tmp/myUser-tmp-script.sh');
24 DBMS_SCHEDULER.ENABLE('myJob');
25 USER_LOCK.SLEEP(500); -- give it 5 seconds to complete
26 -- clean up
27 UTL_FILE.FREMOVE('TMP', 'myUser-tmp-script.sh');
28 UTL_FILE.FREMOVE('TMP', 'myUser-tmp-script.sql');
29 /*=======================*/
30 END shellScript;
/
Procedure created.
SQL> SHOW ERRORS PROCEDURE shellScript
No errors.
SQL>
SQL>
SQL> execute shellScript;
BEGIN shellScript; END;
*
ERROR at line 1:
ORA-27486: insufficient privileges
ORA-06512: at "SYS.DBMS_ISCHED", line 411
ORA-06512: at "SYS.DBMS_ISCHED", line 452
ORA-06512: at "SYS.DBMS_SCHEDULER", line 1082
ORA-06512: at "MYUSER.SHELLSCRIPT", line 21
ORA-06512: at line 1
SQL>
According to TFM, PURGE_LOG requires the MANAGE SCHEDULER privilege:
GRANT MANAGE SCHEDULER TO xxx;
Wow, I found the problem... "myJob" was an existing package object in the database. I'm guessing my "insufficient privileges" were to replace the package object with a job object.
if you get the manage scheduler privilege, the next thing where this will fail is the none existing execute bits on the shell script. If the execute bits are in place, it will fail because it lacks the environment settings like PATH and ORACLE_HOME, needed to run SQL*Plus.
Besides that, why stick to 10g?
Oracle 11g has much better options to run external jobs, security implemented by credentials instead of some file in $ORACLE_HOME that defines the user to run the job.
There is some very nice reading available on this subject, see my profile.
I hope this helps,
Ronald.
Related
I'm trying to read a file of type txt from c:\Dir and insert the content on the table Oracle Sql
set SERVEROUTPUT ON
CREATE OR REPLACE DIRECTORY MYDIR AS ' C:\dir';
DECLARE
vInHandle utl_file.file_type;
eNoFile exception;
PRAGMA exception_init(eNoFile, -29283);
BEGIN
BEGIN
vInHandle := utl_file.Fopen('MYDIR','attachment.txt','R');
dbms_output.put_line('The File exists');
EXCEPTION
WHEN eNoFile THEN
dbms_output.put_line('The File not exists');
END;
END fopen;
/
i have the file not exists but i have this file
I don't know whether space you have in front of the directory name in the first statement you posted makes difference (or is it just a typo), but - nonetheless, here's how it is usually done.
Create directory on hard disk:
C:\>mkdir c:\dir
Connect to the database as SYS (as it owns the database, as well as directories); create directory (Oracle object) and grant privileges to user which will use that directory:
C:\>sqlplus sys as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on ╚et O×u 5 18:34:43 2020
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production
SQL> create or replace directory mydir as 'c:\dir';
Directory created.
SQL> grant read, write on directory mydir to scott;
Grant succeeded.
SQL>
You don't need this, as you already have the file; I'll create it by spooling table contents.
SQL> connect scott/tiger
Connected.
SQL> spool c:\dir\example.txt
SQL> select * From dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL> spool off;
SQL> $dir c:\dir\*.txt
Volume in drive C is OSDisk
Volume Serial Number is 7635-F892
Directory of c:\dir
05.03.2020. 18:39 539 example.txt
1 File(s) 539 bytes
0 Dir(s) 290.598.363.136 bytes free
SQL>
Finally, reusing code you wrote:
SQL> set serveroutput on
SQL>
SQL> DECLARE
2 vInHandle utl_file.file_type;
3 eNoFile exception;
4 PRAGMA exception_init(eNoFile, -29283);
5 BEGIN
6 BEGIN
7 vInHandle := utl_file.Fopen('MYDIR','example.txt','R');
8 dbms_output.put_line('The File exists');
9 EXCEPTION
10 WHEN eNoFile THEN
11 dbms_output.put_line('The File not exists');
12 END;
13 END fopen;
14 /
The File exists
PL/SQL procedure successfully completed.
SQL>
Works properly (congratulations, you wrote code that actually works!).
So, what have you done wrong?
as I said, space in front of c:\dir: CREATE OR REPLACE DIRECTORY MYDIR AS ' C:\dir';
database isn't on your computer but on a separate database server
it means that you probably created directory, but it points to c:\dir directory on the database server, not your own PC!
As Boneist commented, it is possible to create a directory (Oracle object) on computer which is NOT a database server, but that's not something we usually do. If you opt to choose this option, you'll have to use UNC (Universal Naming Convention) while creating directory.
Another option you might want to consider is to use SQL Loader. It is an operating system utility, installed along with the database or (full, not instant) client software. Its advantage is that it runs on your local PC (i.e. you don't have to have access to the database server) and is extremely fast. You'd create a control file which tells Oracle how to load data stored in the source (.txt) file.
Another option, which - in the background - uses SQL Loader, is to use an external table. It is yet another Oracle object which points to the source (.txt) file and allows you to access it using a simple SQL SELECT statement. Possible drawback: it still requires access to the Oracle directory (just like your UTL_FILE option).
I'm trying to configure Oracle XStream out by official documentation
So, shortly, I'm connecting as sysdba
sqlplus / as sysdba
Then executing commands create create CDB user and give him privileges
> CREATE TABLESPACE xstream_tbs DATAFILE '$ORACLE/cdb/orcl/xstream_tbs.dbf' SIZE 25M REUSE AUTOEXTEND ON MAXSIZE UNLIMITED;
> CREATE USER c##xstrmadmin IDENTIFIED BY password DEFAULT TABLESPACE xstream_tbs QUOTA UNLIMITED ON xstream_tbs container=all;
> GRANT CREATE SESSION, SET CONTAINER TO c##xstrmadmin CONTAINER=ALL;
After this step I should give permissions to user to use XStream
> BEGIN
DBMS_XSTREAM_AUTH.GRANT_ADMIN_PRIVILEGE(
grantee => 'c##xstrmadmin',
privilege_type => 'CAPTURE',
grant_select_privileges => TRUE,
container => 'ALL');
END;
/
On this stage, I'm getting this error:
ERROR at line 1:
ORA-44001: invalid schema
ORA-06512: at "SYS.DBMS_XSTREAM_AUTH_IVK", line 3383
ORA-06512: at line 1
ORA-06512: at "SYS.DBMS_XSTREAM_AUTH_IVK", line 3500
ORA-06512: at "SYS.DBMS_XSTREAM_AUTH", line 34
ORA-06512: at line 2
Current container is cdb$root
Googling gives actually nothing and I have no idea whats wrong as I'm following DBA documentation.
I guess I found workaround.
If you connect to oracle with
> sqlplus /nolog
And then connect as sysdba
> conn / as sysdba
Then all works fine!
If this is only one way to resolve problem with creating permissions then problem is in sqlplus or oracle itself. Sad!
I am having a function called fn_export and its owner is bhist. I am calling this function from ohist user using bhist.fn_export. While calling like this I am facing the below issue.
ORA-00942: table or view does not exist
ORA-06512: at "bhist.fn_export", line 442
ORA-06512: at line 20
I tried to verify all the tables in that function and I am able to access all those tables from ohist. I have execute grant on bhist.fn_export to ohist. Still I am having this issue. Can any one of you please help in resolving this issue?
Thanks,
Venkat
You need to grant EXECUTE privilege on this function to ohist user.
A syntax is:
GRANT EXECUTE ON function_name TO username;
You can connect as bhist user and grant the privilege using:
GRANT EXECUTE ON fn_export TO ohist;
You can also connect as SYS or SYSTEM, and use this command:
GRANT EXECUTE ON bhist.fn_export TO ohist;
See a below simple example (one user is named TEST and the other is named DEV):
SQL> connect test
Enter password:
Connected.
SQL> CREATE FUNCTION fn_export RETURN number AS
2 BEGIN
3 RETURN 20;
4 END;
5 /
Function created.
SQL> connect dev
Enter password:
Connected.
SQL> SELECT test.fn_export FROM dual;
SELECT test.fn_export FROM dual
*
ERROR at line 1:
ORA-00904: "TEST"."FN_EXPORT": invalid identifier
SQL> connect test
Enter password:
Connected.
SQL> grant execute on fn_export to dev;
Grant succeeded.
SQL> connect dev
Enter password:
Connected.
SQL> SELECT test.fn_export FROM dual;
FN_EXPORT
----------
20
SQL>
Step 1 : I have created one package with procedures to create context and set value to the context.
create or replace PACKAGE Context_check AS
PROCEDURE set_context_vpd_proc (V_ISID in varchar2);
procedure set_context (v_isid_a in varchar2);
END Context_check;
create or replace PACKAGE BODY Context_check AS
PROCEDURE set_context_vpd_proc (V_ISID in varchar2)
AS
v_STAT VARCHAR2(200);
v_chk varchar2(2000);
BEGIN
DBMS_SESSION.SET_CONTEXT('VPD_CTX', 'ISID', V_ISID );
--v_STAT := '';
EXCEPTION
WHEN NO_DATA_FOUND THEN NULL;
END;
procedure set_context (v_isid_a in varchar2)
as
begin
EXECUTE IMMEDIATE 'CREATE OR REPLACE CONTEXT VPD_CTX using set_context_vpd_proc';
set_context_vpd_proc (v_isid_a);
EXCEPTION
WHEN NO_DATA_FOUND THEN NULL;
end set_context;
END Context_check;
Step 2: When I am trying to executing the procedure I am getting an error
EXECUTE Context_check.set_context('Ana');
Error starting at line 43 in command:
EXECUTE Context_check.set_context('Ana')
Error report:
ORA-01031: insufficient privileges
ORA-06512: at "SYS.DBMS_SESSION", line 114
ORA-06512: at "SEC_ADMIN.CONTEXT_CHECK", line 8
ORA-06512: at "SEC_ADMIN.CONTEXT_CHECK", line 20
ORA-06512: at line 1
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to change the current username or password
without the appropriate privilege. This error also occurs if
attempting to install a database without the necessary operating
system privileges.
When Trusted Oracle is configure in DBMS MAC, this error may occur
if the user was granted the necessary privilege at a higher label
than the current login.
*Action: Ask the database administrator to perform the operation or grant
the required privileges.
For Trusted Oracle users getting this error although granted the
the appropriate privilege at a higher label, ask the database
administrator to regrant the privilege at the appropriate label.
I have already given all the grants on that package.Still I am not able to execute this procedure.
Note : If I create the same procedures as stand alone ,its working fine and setting the context.
You need to create a context using a package, not using a procedure inside of a package.
Instead of
EXECUTE IMMEDIATE 'CREATE OR REPLACE CONTEXT VPD_CTX using set_context_vpd_proc';
Write
EXECUTE IMMEDIATE 'CREATE OR REPLACE CONTEXT VPD_CTX using Context_check';
Hi I am running Oracle 11 and I am trying to write to a directory on the server box using UTL_FILE.FOPEN.
To test this I am using the following script (output included):
SQL> #D:\test.sql
declare
l_file_handle UTL_FILE.FILE_TYPE;
begin
l_file_handle := UTL_FILE.FOPEN('/appl/mydir',
'/appl/mydir/filename',
'W');
UTL_FILE.FCLOSE(l_file_handle);
DBMS_OUTPUT.PUT_LINE('FINISHED');
end;
ORA-29280: invalid directory path
ORA-06512: at "SYS.UTL_FILE", line 41
ORA-06512: at "SYS.UTL_FILE", line 478
ORA-06512: at line 7
SQL>
I have the /appl/mydir added to the UTL_FILE parameter:
SELECT value
FROM V$PARAMETER
WHERE NAME = 'utl_file_dir';
/appl/mydir, /appl/mydir2, /appl/mydir3
The UNIX directory is writable by all on UNIX:
$ ls -l /appl/mydir
total 0
drwxrwsrwx 2 user userc 363968 Nov 27 13:46 mydir
Using oracle Directory object is not an option and I am aware of the disadvantages of using the UTL_FILE_DIR implementation.
Any ideas why the above script is failing?
first, in 11g the preferred way is to create a directory and not use utl_file.
secondly, please verify what exact command you used to set the directoty list :
SELECT value
FROM V$PARAMETER
WHERE NAME = 'utl_file_dir';
/appl/mydir, /appl/mydir2, /appl/mydir3
was it
alter system set utl_file_dir='/appl/mydir, /appl/mydir2, /appl/mydir3' scope = spfile;
or
alter system set utl_file_dir='/appl/mydir','/appl/mydir2','/appl/mydir3' scope = spfile;
if its the first way, redo it again the 2nd way as the first way is wrong (it will look the same in the v$table output, but its wrong).
eg:
declare
2
l_file_handle UTL_FILE.FILE_TYPE;
4
begin
l_file_handle := UTL_FILE.FOPEN('/tmp/foo/a',
'/tmp/foo/a/filename.txt',
'w');
9
UTL_FILE.FCLOSE(l_file_handle);
11
DBMS_OUTPUT.PUT_LINE('FINISHED');
13
end;
15 /
declare
*
ERROR at line 1:
ORA-29280: invalid directory path
ORA-06512: at "SYS.UTL_FILE", line 41
ORA-06512: at "SYS.UTL_FILE", line 478
ORA-06512: at line 6
SQL> show parameter utl_fil
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir string /tmp/foo, /tmp/foo/a
humm. now lets fix that data.
SQL> alter system set utl_file_dir='/tmp/foo','/tmp/foo/a' scope = spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup open
ORACLE instance started.
Total System Global Area 263049216 bytes
Fixed Size 2225584 bytes
Variable Size 176163408 bytes
Database Buffers 79691776 bytes
Redo Buffers 4968448 bytes
Database mounted.
Database opened.
declare
2
l_file_handle UTL_FILE.FILE_TYPE;
4
begin
l_file_handle := UTL_FILE.FOPEN('/tmp/foo/a',
'/tmp/foo/a/filename.txt',
'w');
9
UTL_FILE.FCLOSE(l_file_handle);
11
DBMS_OUTPUT.PUT_LINE('FINISHED');
13
end;
15 /
PL/SQL procedure successfully completed.
SQL> show parameter utl_file
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
utl_file_dir string /tmp/foo, /tmp/foo/a
SQL>
also verify the oracle user has r+x on /appl and rwx on /appl/mydir
2 resolution steps for overcoming this error::
1.Be sure that the OS level user has permission to write to a folder
2.Try upper case letters for the directory name i.e. instead of out_dir use OUT_DIR
Out of space may also lead to this issue.
Oracle throws same error if you do not have space on mount point.
ORA-29280: invalid directory path ORA-06512: at "SYS.UTL_FILE", line
41
Please check whether space is available or not on utl_file_dir mountpoint.
For Linux & Solaris use :
df -k ${UTIL_FILE_PATH}
I faced same issue , later got to know it was space issue on mount point.
For the filename put just the name not the path.
So you should put
declare
l_file_handle UTL_FILE.FILE_TYPE;
begin
l_file_handle := UTL_FILE.FOPEN('/appl/mydir',
',filename',
'W');
UTL_FILE.FCLOSE(l_file_handle);
DBMS_OUTPUT.PUT_LINE('FINISHED');
end;