RE: ORA-01031: insufficient privileges

From: Sam Bootsma <>
Date: Fri, 13 Feb 2009 15:17:16 -0500
Message-ID: <>

Hi Branimir,  

Here are some notes I have on this:  

SYSDBA and SYSOPER privileges are stored in an external password file. The default location for the file (in Unix) is $ORACLE_HOME/dbs. The default name for the password file is orapw<SID>.  

I know of two ways to change the SYS password:

  1. Run the orapwd program. This program replaces the password file and any users with SYSDBA privileges automatically lose those privileges.
  2. Use the standard alter user sys identified by xxx;. This will update / replace the password file, but preserve users who previously had SYSDBA privileges.

SYSDBA privileges are granted in the usual way. Eg. grant sysdba to user X;  

Performance view v$pwfile_users exposes users who have these privileges.

system_at_XXXTST> desc v$pwfile_users



Oracle Database Administrator

Information Technology Services
George Brown College

Phone: 416-415-5000 x4933
Fax: 416-415-4836
E-mail: <>

[] On Behalf Of Branimir Petrovic
Sent: February 13, 2009 2:51 PM
Subject: ORA-01031: insufficient privileges  

Please help me see what am I doing wrong or missing.

My system is (freshly installed):
 OS: OEL 5.2 64 bit
 Oracle: 64 bit

dba' group is primary group for user 'oracle' (created via 'oracle validated' rpm):
  ~]# cat /etc/passwd | grep oracle

[root_at_s-ora-004 ~]# cat /etc/group | grep dba

sqlnet.ora has:
  SQLNET.AUTHENTICATION_SERVICES= (NTS)   When I try to log on as 'oracle' (after sourcing environment and SID):   ~]$ sqlplus '/ as sysdba'

I get:
  ORA-01031: insufficient privileges

but providing user name and password:
  Enter user-name: sys as sysdba
  Enter password:

does get me there:
  Connected to:
  Oracle Database 10g Enterprise Edition Release - 64bit Production  

Looks like without ability successfully log on with '/ as sysdba' dbshut and dbstart scripts will not stop or start database services (TNS listener starts but not the database). What should I be looking at to restore '/ as sysdba' login capability?



Received on Fri Feb 13 2009 - 14:17:16 CST

Original text of this message