Re: Using Oracle 7.3 OS_ROLES with NT Server 4.0

gmlewis_at_ix.netcom.com (Gerald M. Lewis) writes:

> I am having some trouble implementing OS_ROLES with NT Server.
>
> 1) I created an ORACLE role named ROLE1, authentication NONE.
> 2) ROLE1 has been granted CONNECT and RESOURCE roles
> 3) I have modified the INITORCL.ORA file to include OS_ROLES = TRUE
> 4) I have created the following local NT groups:
> ORA_ORCL_DBA
> ORA_ORCL_OPER
> ORA_ORCL_ROLE1_A
> ORA_ORCL_ROLE1_D
>
> 5) In addition, I have configured the following NT users and assigned
> them to the following group(s):
> GLewis ORA_ORCL_DBA
> ORA_ORCL_ROLE1_A
> MFarmer ORA_ORCL_ROLE1_D
>
> 6) When I create an ORACLE user, for example:
>
> GLewis - Authentication: External
> Role: ORA_ORCL_ROLE1_A
>
> I get the following error:
>
> "User was created but an error occured while granting privileges.
> ORA-01956: invalid command when OS_ROLES are being used."
Oracle does not permit an externally-defined role to be granted other roles. What you'll have to do is to create an external role for each role that a user is to have.

So each user would have to be granted:

    ORA_ORCL_CONNECT_D
    ORA_ORCL_RESOURCE_D
>
> 7) When I try to run SQL*Plus using the following syntax,
>
> PLUS33W.EXE /@alias
>
> I get the following error:
> "Error: ORA-01045: user GLEWIS lacks CREATE SESSION privilege; logon
> denied."

Given that GLEWIS does not have the connect role, this error makes sense. The connect role incorporates CREATE SESSION privilege. --

                                        Rick
                                        Rick Wessman
                                        Security and Directory Technologies
                                        Server Technologies
                                        Oracle Corporation
                                        rwessman_at_us.oracle.com