ORA-01031: insufficient privileges Status when selecting Test Connection

  • 7017738
  • 17-Jun-2016
  • 17-Jun-2016

Environment

NetIQ Privileged Account Manager
NetIQ Privileged User Manager

Situation

Enabling Password Checkout for Oracle Database.
Selecting Test Connection reports an error in Status.
The following error appears or is reported / displayed under Status when clicking Test Connection:
ORA-01031: insufficient privileges
The Privileged Account Manager server's unifid.log reports:
Error, OCISessionBegin Failed (Status : -1)
Debug, Final STATUS : -1
Error, Oracle Error - OCI_INVALID_HANDLE
Info, dbaudit dbTestConnection client:localhost rc:0 status:500(ORA-01031: insufficient privileges
Info, prvcrdvlt testConnect client:localhost rc:0 status:500(ORA-01031: insufficient privileges

User might connect fine with Oracle SQL Developer using Basic Connection Type and default Role.

Resolution

Please GRANT the SYSDBA role (as selected in Connect As):
GRANT SYSDBA to <USER>;
GRANT ALTER USER to <USER>;
Note: Replace <USER> with the Oracle DB User intended for Password Checkout.

If  there is an issue with using SYS for Password Checkout, please add or modify a user and GRANT the ALTER USER privilege:
GRANT ALTER USER to <USER>;
Note: This is needed for the user to be capable of resetting another user's password.

Cause

The user does not have the Sufficient Privileges to reset the password of another user in the Oracle Database. Validation occurs to verify the user has the ALTER USER privilege in the Oracle Database. This is needed for the user to be capable of resetting another user's password.

Additional Information

For more detailed information from Oracle, please see Oracle Database Privileges, Roles, Profiles, and Resource Limitations.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.