ORA-17628: Oracle error 1031 returned by remote Oracle server<br>ORA-01031: insufficient privileges

ORA-17628: Oracle error 1031 returned by remote Oracle server
ORA-01031: insufficient privileges

There are multiple pdbs in cdb1

SQL> show pdbs

    CON_ID CON_NAME                       OPEN MODE  RESTRICTED
---------- ------------------------------ ---------- ----------
         2 PDB$SEED                       READ ONLY  NO
         3 XYPDB1                         READ WRITE NO
         4 XYPDB2                         MOUNTED
         5 XYPDB3                         MOUNTED
         6 XYPDB4                         MOUNTED

From cdb1, create user and grant the necessary privileges to common user.

SQL> create user c##xyusr identified by password container=all;

User created.

SQL> grant create pluggable database, sysoper, create session to c##xyusr;

Grant succeeded.

Check tns connectivity

[oracle@xylidwra ~]$ tnsping xypdb1

TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 21-MAR-2023 06:18:35

........

OK (0 msec)

Create database link to connect to the pdb in cdb1 from cdb2 

SQL> create database link xydl connect to c##xyusr identified by "password" using 'xypdb1';

Database link created.

SQL> select * from dual@xydl;

D
-
X

Now the error occur due to privilege issue

SQL> create pluggable database pdbxy from xypdb1@xydl FILE_NAME_CONVERT=('/u01/app/oracle/oradata/XYLIDWRA/xypdb1/','/u01/app/oracle/oradata/XYLIDWRA/pdbxy');
create pluggable database pdbxy from xypdb1@xydl FILE_NAME_CONVERT=('/u01/app/oracle/oradata/XYLIDWRA/xypdb1/','/u01/app/oracle/oradata/XYLIDWRA/pdbxy')
*
ERROR at line 1:
ORA-17628: Oracle error 1031 returned by remote Oracle server
ORA-01031: insufficient privileges

Most of the time errors starting with 17* are pdb related which is supporting error and main error appear after that which is 1031

[oracle@xylidwra ~]$ oerr ora 1031
01031, 00000, "insufficient privileges"
// *Cause: An attempt was made to perform a database operation without
//         the necessary privileges.
// *Action: Ask your database administrator or designated security
//          administrator to grant you the necessary privileges
[oracle@xylidwra ~]$ oerr ora 17628
17628, 00000, "Oracle error %s returned by remote Oracle server"
// *Cause:  Oracle server on the remote instance has returned an error.
// *Action: Look at remote instance alert log/trace file for more information
//          and take appropriate action or contact Oracle Support Services
//          for further assistance

Since there are multiple containers, privileges were granted at CDB level but not individual pdbs

SQL> grant create pluggable database, sysoper, create session to c##xyusr container=all;

Grant succeeded.

Able to clone successfully

SQL> create pluggable database pdbxy from xypdb1@xydl FILE_NAME_CONVERT=('/u01/app/oracle/oradata/XYLIDWRA/xypdb1/','/u01/app/oracle/oradata/XYLIDWRA/pdbxy');

Pluggable database created.

Moral:

Grant privileges to necessary pdb if it is multitenant. Since, we get used to non-CDB often.

Comments 0

Leave a Reply

%d bloggers like this: