Environment
NetIQ Privileged Account Manager
NetIQ Privileged User Manager
NetIQ Privileged User Manager
Situation
Enabling Password Checkout for Oracle Database.
Selecting Test Connection reports an error in Status.
The following error appears or is reported / displayed under Status when clicking Test Connection:
ORA-01031: insufficient privileges
The Privileged Account Manager server's unifid.log reports:
Error, OCISessionBegin Failed (Status : -1)
Debug, Final STATUS : -1
Error, Oracle Error - OCI_INVALID_HANDLE
Info, dbaudit dbTestConnection client:localhost rc:0 status:500(ORA-01031: insufficient privileges
Info, prvcrdvlt testConnect client:localhost rc:0 status:500(ORA-01031: insufficient privileges
User might connect fine with Oracle SQL Developer using Basic Connection Type and default Role.
Selecting Test Connection reports an error in Status.
The following error appears or is reported / displayed under Status when clicking Test Connection:
ORA-01031: insufficient privileges
The Privileged Account Manager server's unifid.log reports:
Error, OCISessionBegin Failed (Status : -1)
Debug, Final STATUS : -1
Error, Oracle Error - OCI_INVALID_HANDLE
Info, dbaudit dbTestConnection client:localhost rc:0 status:500(ORA-01031: insufficient privileges
Info, prvcrdvlt testConnect client:localhost rc:0 status:500(ORA-01031: insufficient privileges
User might connect fine with Oracle SQL Developer using Basic Connection Type and default Role.
Resolution
Please GRANT the SYSDBA role (as selected in Connect As):
GRANT SYSDBA to <USER>;
GRANT ALTER USER to <USER>;
Note: Replace <USER> with the Oracle DB User intended for Password Checkout.
If there is an issue with using SYS for Password Checkout, please add or modify a user and GRANT the ALTER USER privilege:
GRANT ALTER USER to <USER>;
Note: This is needed for the user to be capable of resetting another user's password.
GRANT SYSDBA to <USER>;
GRANT ALTER USER to <USER>;
Note: Replace <USER> with the Oracle DB User intended for Password Checkout.
If there is an issue with using SYS for Password Checkout, please add or modify a user and GRANT the ALTER USER privilege:
GRANT ALTER USER to <USER>;
Note: This is needed for the user to be capable of resetting another user's password.
Cause
The user does not have the Sufficient Privileges to reset the password of another user in the Oracle Database. Validation occurs to verify the user has the ALTER USER privilege in the Oracle Database. This is needed for the user to be capable of resetting another user's password.
Additional Information
For more detailed information from Oracle, please see Oracle Database Privileges, Roles, Profiles, and Resource Limitations.