ORA-01031 (Insuffecient Privileges)
DBeltJun 28 2010 — edited Jun 29 2010I am getting an insufficient privileges error while trying to access a view owned by sys.
Logged on as user SYS AS SYSDBA, I create a role with the following statement and grant an object privilege to the sys owned table:
CREATE ROLE drsdb_dba NOT IDENTIFIED;
GRANT SELECT ON sys.dba_role_privs TO drsdb_dba;
Then I create a user and assign the drsdb_dba role:
CREATE USER drsdb (...);
GRANT drsdb_dba TO drsdb;
Logged on as user DRSDB, I try to create the view:
CREATE OR REPLACE VIEW all_user_roles AS
SELECT grantee AS username, granted_role
FROM sys.dba_role_privs
WHERE granted_role LIKE 'DRSDB%'
AND grantee NOT LIKE 'DRSDB%';
The CREATE VIEW produces an error on the FROM line:
ORA-01031: insufficient privileges
I would think that, since I have given SELECT privilege to the object via the role and then assigned the role to the user, the user would have access to the object. This appears to not be the case. Do I have to assign the object privilege directly to every user created that needs access to the view? If so, I see no real purpose to the existence of a role since I have always thought roles exist so that we don't have to assign long object privilege lists to every user that is created; rather the object privileges are assigned to a role and then the role is assigned to the various users.
If the role approach will not work, is there some way I can accomplish the same thing?
Of course, the most likely scenario is that I am doing something wrong and just need to be pointed in the right direction.
db