create or Replace package body DBA_PACKAGE is
procedure NewUser(username IN varchar2)
is
V_SQL varchar2(200);
V_ROLE varchar2(100);
V_ROLE2 varchar2(100);
begin
V_SQL := 'Create user ' || username || ' identified by pass1234' ||' Password Expire'|| ' Default tablespace users' || ' Quota 1m on users';
V_ROLE := 'Grant' || ' create session' || ' to ' || username;
V_ROLE2 :='Grant' || ' connect' || ' to ' || username;
dbms_output.put_line(V_SQL);
dbms_output.put_line(V_ROLE);
dbms_output.put_line(V_ROLE2);
Execute immediate(V_SQL);
execute immediate(V_ROLE);
execute immediate(V_ROLE2);
end NewUser;
set serveroutput on;
exec DBA_PACKAGE.NewUser('Kevonia');
执行时我从SQL开发人员那里得到了这个错误
Error report -
ORA-01031: insufficient privileges
ORA-06512: at "SYSTEM.DBA_PACKAGE", line 20
ORA-06512: at line 1
01031. 00000 - "insufficient privileges"
*Cause: An attempt was made to change the current username or password
without the appropriate privilege. This error also occurs if
attempting to install a database without the necessary operating
system privileges.
When Trusted Oracle is configure in DBMS MAC, this error may occur
if the user was granted the necessary privilege at a higher label
than the current login.
*Action: Ask the database administrator to perform the operation or grant
the required privileges.
For Trusted Oracle users getting this error although granted the
the appropriate privilege at a higher label, ask the database
administrator to regrant the privilege at the appropriate label.
答案 0 :(得分:1)
首先,不要在Oracle提供的模式中创建对象。 SYS和SYSTEM应仅包含Oracle作为数据库安装的一部分安装的对象。如果要创建自己的对象,则需要创建新的模式。
如果要创建诸如此类的定义者权限存储过程,则过程的所有者必须具有直接授予用户的必要权限,而不是通过角色。 DBA角色与任何其他具有完全相同限制的角色一样 - 如果该过程的所有者仅具有通过DBA角色创建用户的权限,那么您将获得ORA-01031错误。包的所有者需要直接授予CREATE USER权限。
或者,您可以将该过程声明为调用者的权限存储过程。这将允许您使用通过角色授予的权限。但这意味着无论谁调用该程序都需要具备创建用户的能力(通过角色或通过直接授权)。