Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Using Oracle 7.3 OS_ROLES with NT Server 4.0
gmlewis_at_ix.netcom.com (Gerald M. Lewis) writes:
> I am having some trouble implementing OS_ROLES with NT Server.
>
> 1) I created an ORACLE role named ROLE1, authentication NONE.
> 2) ROLE1 has been granted CONNECT and RESOURCE roles
> 3) I have modified the INITORCL.ORA file to include OS_ROLES = TRUE
> 4) I have created the following local NT groups:
> ORA_ORCL_DBA
> ORA_ORCL_OPER
> ORA_ORCL_ROLE1_A
> ORA_ORCL_ROLE1_D
>
> 5) In addition, I have configured the following NT users and assigned
> them to the following group(s):
> GLewis ORA_ORCL_DBA
> ORA_ORCL_ROLE1_A
> MFarmer ORA_ORCL_ROLE1_D
>
> 6) When I create an ORACLE user, for example:
>
> GLewis - Authentication: External
> Role: ORA_ORCL_ROLE1_A
>
> I get the following error:
>
> "User was created but an error occured while granting privileges.
> ORA-01956: invalid command when OS_ROLES are being used."
Oracle does not permit an externally-defined role to be granted
other roles. What you'll have to do is to create an external role for each
role that a user is to have.
So each user would have to be granted:
ORA_ORCL_CONNECT_D
ORA_ORCL_RESOURCE_D
>
> 7) When I try to run SQL*Plus using the following syntax,
>
> PLUS33W.EXE /@alias
>
> I get the following error:
> "Error: ORA-01045: user GLEWIS lacks CREATE SESSION privilege; logon
> denied."
Given that GLEWIS does not have the connect role, this error makes sense. The
connect role incorporates CREATE SESSION privilege.
--
Rick Rick Wessman Security and Directory Technologies Server Technologies Oracle Corporation rwessman_at_us.oracle.comReceived on Wed Oct 14 1998 - 13:55:23 CDT