Solution : https://service.sap.com/sap/support/notes/834917 (SAP Service marketplace login required)
Summary :
This SAP Note focuses on the necessary role adjustments for SAP and Oracle integration, particularly after upgrading an Oracle database from version 9.2 or below to 10.2 or higher. It addresses the error "ORA-01031: insufficient privileges" by recommending the installation and correct assignment of the SAP-specific database role SAPCONN. The note clarifies the shift from previously extensive CONNECT role privileges to limited authorizations involving the CREATE SESSION privilege for safety, urging the assignment of application-specific roles like SAPCONN and SAPDBA to ensure secure database interactions. This update is mandatory from Oracle Release 10.2 onwards to harmonize database access controls within SAP systems.
Key words :
----------------------create sessionalter sessionunlimited tablespacecreate tablecreate clustercreate synonymcreate viewcreate sequencecreate procedurecreate triggeranalyze anycreate typecreate operatorcreate indextypehow, 1create viewcreate tablealter sessioncreate clustercreate sessioncreate synonymcreate sequencecreate database linksystem privileges, ops$ora<dbsid> ops$<sapsid>adm ops$<domain>\sapservice<sid>, ops$sapservice<sid> ops$<domain>\<sid>adm, grantee privilege adm-------- --------------------- ---sapsr3 unlimited tablespace nosystem privileges, note sapconn application-specific database rolethe role schema, grantee granted_role adm def-------- ---------------------- --- ---sapsr3 sapconn, sql> connect <sap user>/<pwd>sql> select, connect role included extensive database authorizations, java stack <ops$-user> specifies
Related Notes :
| 1256322 | Establishing a remote database connection in DBACOCKPIT |
| 1078293 | DBACockpit: Submonitor Workload Reporting |
| 1028220 | ORA-01031: Insufficient privileges despite SAPCONN role |
| 985607 | ORA-01031 Creating views after upgrade to Oracle 10g |
| 963760 | 'ORA-20000: Insufficient privileges' for creating statistics |
| 700548 | FAQ: Oracle authorizations |
| 134592 | Importing the SAPDBA role (sapdba_role.sql) |