Find in this Blog

Thursday, April 23, 2015

sapconn_role.sql and sapdba_role.sql / CONNECT sapsr3/****** AT PROF_CONN IN SYSOPER MODE' ORA-01031: insufficient privileges

134592 - Import of SAPDBA role (sapdba_role.sql)

C:\Users\XXXX>brconnect -u / -c -f stats -t all
BR0801I BRCONNECT 7.10 (39)
BR0805I Start of BRCONNECT processing: ceqivquo.sta 2015-04-23 19.02.54
BR0252E Function fopen() failed for 'F:\oracle\GPD\sapcheck\ceqivquo.sta' at loc
ation main-11
BR0253E errno 2: No such file or directory
BR0121E Processing of log file F:\oracle\GPD\sapcheck\ceqivquo.sta failed
BR0280I BRCONNECT time stamp: 2015-04-23 19.03.02
BR0301W SQL error -1031 at location brc_dblog_open-1, SQL statement:
'INSERT INTO SAP_SDBAH (BEG, FUNCT, SYSID, OBJ, RC, ENDE, ACTID, LINE) VALUES ('
20150423190254', 'sta', 'GPD', 'ALL', '9999', ' ', 'ceqivquo', '7.10 (39)')'
ORA-01031: insufficient privileges
BR0324W Insertion of database log header failed

BR0806I End of BRCONNECT processing: ceqivquo.sta 2015-04-23 19.03.01
BR0280I BRCONNECT time stamp: 2015-04-23 19.03.02
BR0804I BRCONNECT terminated with errors


Solution:

SQL> grant sapconn, unlimited tablespace to PSAPSR3
  2  ;
grant sapconn, unlimited tablespace to PSAPSR3
                                       *
ERROR at line 1:
ORA-01917: user or role 'PSAPSR3' does not exist


SQL> grant sapconn, unlimited tablespace to SAPSR3;
Grant succeeded.
SQL> COMMIT;
Commit complete.
SQL> grant sYSTEM, unlimited tablespace to SAPSR3;
grant sYSTEM, unlimited tablespace to SAPSR3
      *
ERROR at line 1:
ORA-01919: role 'SYSTEM' does not exist


SQL> grant sysdba, unlimited tablespace to SAPSR3;
Grant succeeded.
SQL> commit;
Commit complete.
SQL>



SQL> grant sysoper to sapsr3;
Grant succeeded.
SQL> grant sapconn to sapsr3
  2  ;

Grant succeeded.
SQL> grant sapdba to sapsr3;
Grant succeeded.
SQL> alter user SAPSR3 default role all;
User altered.
SQL> select grantee, granted_role, default_role
  2        from dba_role_privs
  3         where grantee = 'SAPSR3';

GRANTEE                        GRANTED_ROLE                   DEF
------------------------------ ------------------------------ ---
SAPSR3                         SAPCONN                        YES
SAPSR3                         SAPDBA                         YES

SQL> select * from session_roles;
no rows selected
SQL>

 ====================================================================
D:\usr\sap\GPD\SYS\exe\NTAMD64>sqlplus /nolog @sapconn_role SR3
SQL*Plus: Release 11.2.0.3.0 Production on Thu Apr 23 19:29:19 2015
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64
bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing option

D:\usr\sap\GPD\SYS\exe\NTAMD64>
Output:
Connected.
PL/SQL procedure successfully completed.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded. etc;;;;;;;

================================================
D:\usr\sap\GPD\SYS\exe\NTAMD64>sqlplus /nolog @sapdba_role SR3
SQL*Plus: Release 11.2.0.3.0 Production on Thu Apr 23 19:39:29 2015
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64
bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

D:\usr\sap\GPD\SYS\exe\NTAMD64>

Output:
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.
Grant succeeded.                                                                          
                                                                               
old   1: grant ALL on &User..SDBAH to sapdba
new   1: grant ALL on SAPSR3.SDBAH to sapdba
Grant succeeded.
old   1: grant ALL on &User..SDBAD to sapdba
new   1: grant ALL on SAPSR3.SDBAD to sapdba
Grant succeeded.
old   1: grant ALL on &User..DBAML to sapdba
new   1: grant ALL on SAPSR3.DBAML to sapdba
Grant succeeded.






If database accesses are performed using the database tools BRBACKUP, BRARCHIVE, BRCONNECT, and BRSPACE, the relevant authorizations are missing.

BRBACKUP fails with the following error messages, for example:
BR0051I BRBACKUP 7.00 (20)
BR0055I Start of database backup: bddzbuxf.ant 2009-11-10 10.12.35
BR0280I Time stamp 2009-11-10 10.12.36
BR0301W SQL error -1031 at location BrLicCheck-7
ORA-01031: insufficient privileges
BR0301W SQL error -942 at location BrbDbLogOpen-1
ORA-00942: table or view does not exist
BR0324W Insertion of database log header failed
BR0280I Time stamp 2009-11-10 10.12.37
BR0301E SQL error -1031 at location BrCntrlCopy-1
ORA-01031: insufficient privileges
BR0320E Copying of control file to ... failed
BR0314E Collection of information on database files failed
BR0056I End of database backup: bddzbuxf.ant 2009-11-10 10.12.37
BR0280I Time stamp 2009-11-10 10.12.37
BR0054I BRBACKUP terminated with errors
In relation to table functions, the following errors, for example, can occur in SAP Release 7.40 SP10 or above:
BR0301E SQL error -1031 at location stats_tfun_update-2, SQL statement:
'BEGIN SAP091.UCONRFC_ATTRG (0, 1); END;'
ORA-01031: insufficient privileges
ORA-06512: at "SAP091.UCONRFC_ATTRG", line 1
ORA-06512: at line 1
BR1867E Updating statistics failed for table function SAP091.UCONRFC_ATTR


Other Terms

SAPDBA role, BR*Tools


Reason and Prerequisites

1. You did not create the SAPDBA role during an SAP/Oracle upgrade, as outlined in the upgrade instructions.
2. You use one of the tools mentioned above in a lower SAP release and the database authorizations have not been adjusted.
3. The database grants were deleted.


Solution

Download the SQL script for creating the SAPDBA role from the attachment to this SAP Note (for Oracle 10g: sapdba_role_ora10, for Oracle 11g: sapdba_role_ora11, and for Oracle 12c: sapdba_role_ora12 ). Execute this script as follows (sapdba_role.sql in the current directory):

sqlplus /nolog @sapdba_role <SAPSCHEMA_ID>

Where <SAPSCHEMA_ID> is the schema ID of the SAP database user:
- for User SAPR3:      R3
- For the user SAPSR3:     SR3
- for User SAP<SID>:   <SID>
- for User SAP<SID>DB: <SID>DB

Sample call for a standard installation with the schema SAPSR3:

sqlplus /nolog @sapdba_role SR3

and with the schema SAPR3:

sqlplus /nolog @sapdba_role R3

The log file sapdba_role.log is created in the current directory.

Note 1:
----------
The schema ID is not to be confused with the schema name. Therefore, the following call is incorrect:
sqlplus /nolog @sapdba_role SAPSR3

Caution 2
----------
For MCOD systems, the script must be executed for all SAP schemas, for example, for ABAP schemas and Java schemas in a database:
sqlplus /nolog @sapdba_role SR3
sqlplus /nolog @sapdba_role SR3DB

Caution 3
----------
Since non-ABAP systems/schemas (a pure SAP J2EE database, for example) do not contain all of the tables mentioned in the SAPDBA role, the log file will contain error messages, for example:
grant ALL on SAPSR3DB.DBAML to sapdba
                      *
ERROR at line 1:
ORA-00942: table or view does not exist

You can ignore these error messages.

134592 - Import of SAPDBA role (sapdba_role.sql)


















 

No comments:

Post a Comment

Ask Your Questions ?#