4 Replies Latest reply: Dec 13, 2011 4:55 AM by VIRU RSS

    Database Vault 11g R2 - ORA-01031: insufficient privileges

    VIRU
      Hi,
      I am using ORACLE DATABASE 11g R2. I have installed Oracle Database Vault on this DB and trying to implement it. I am doing a simple exercise which is stated in the oracle doc.

      [http://docs.oracle.com/cd/E11882_01/server.112/e23090/cfrulset.htm#CHDIBECJ]

      I am trying to create a rule by which if the Boss user is not logged in then Patch user should not be allowed to login.

      I did the followings :- (details you can see on the link)

      I have created a function - check_boss_logged_in in the DB vault owner account.

      Then i granted the EXECUTE privilege on to it for DVSYS user as stated in the doc.
      GRANT EXECUTE ON check_boss_logged_in to DVSYS;
      The i created a rule with the help of this function
      BEGIN
      --DVSYS.DBMS_MACADM.DELETE_RULE('Check if Boss Is Logged In');
        DVSYS.DBMS_MACADM.CREATE_RULE(
        rule_name => 'Check if Boss Is Logged In',
        rule_expr => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') = ''PATCH_USER'' and DBVOWNER.check_boss_logged_in =  ''TRUE'' ');
        COMMIT;
      END;
      /
      Then later on i am trying to add a rule which contains this function to a RULE SET
      BEGIN
      /*DVSYS.DBMS_MACADM.delete_rule_from_rule_set(rule_set_name =>  'Dual Connect for Boss and Patch',
           rule_name         => 'Check if Boss Is Logged In'
         );*/
           DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET(
           rule_set_name     => 'Dual Connect for Boss and Patch',
           rule_name         => 'Check if Boss Is Logged In'
         );
      END;
      /
      and i face this error :-
      ORA-47362: error adding Rule Check if Boss Is Logged In to Rule Set Dual Connect for Boss and Patch, ORA-01031: insufficient privileges
      ORA-06512: at "DVSYS.DBMS_MACUTL", line 55
      ORA-06512: at "DVSYS.DBMS_MACUTL", line 398
      ORA-06512: at "DVSYS.DBMS_MACADM", line 2676
      ORA-01031: insufficient privileges
      ORA-06512: at "DVSYS.DBMS_MACADM", line 2187
      ORA-06512: at line 6
      I have given the privilege to DVSYS , then also i get this error.
      can anyone guide me what step should be done here. Please refer the link given at start for the details steps of this exercise.

      Thanks in advance.