on 04-01-2008 1:30 PM
Hi All. The system configuration is : WINDOWS 2003 server , NW 7.0 Basis SP=SAPKB70011, Oracle 10.2.0.2.
The shema --> SAPSR3
We need to create backup from data protector.
The error :
BR0051I BRBACKUP 7.00 (18)
BR0055I Start of database backup: bdxpkepp.aff 2008-04-01 16.21.25
BR0280I BRBACKUP time stamp: 2008-04-01 16.21.25
BR0301E SQL error -1031 at location BrInitOraCreate-2, SQL statement:
'CONNECT system/******* AT PROF_CONN IN SYSOPER MODE'
ORA-01031: insufficient privileges
BR0303E Determination of Oracle version failed
I'm know about Note 400241 - Problems with ops$ or sapr3 connect to Oracle,
about new SAPCONN and SAPDBA roles, THE OPS$ users have this roles. The Shema owner have the SAPCONN role.
In the data protector i'm trying the backup from users "system" and "SAPSR3" but same error.
Regards.
I'm resolve this problem! The problem is :
Data protector service login with default
NT AUTHORITY\SYSTEM user, i'm stop this service
configure it to start with SIDADM user , and it's ok! Thanks and regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Sergo Beradze
i also got same problem while i was taking backup with brtools. i checked all roles with users but iam login with sidadm user i got problem is
usr/sap/KPR/SYS/exe/run/brbackup: error while loading shared libraries: libclnt sh.so.10.1: cannot open shared object file: No such file or directory
###############################################################################
BR0292I Execution of BRBACKUP finished with return code 127
kindly help for this
regards
vasu
Hi Sergo,
Note 1028220 - ORA-01031: Insufficient privileges despite SAPCONN role
This note should solve your problem
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mr. Juan Reyes. Thanks for answer. I'm alredy read this note and chek the DEF values (the system SID is KWS) :
The shema owner :
SQL> SELECT OWNER FROM DBA_TABLES WHERE TABLE_NAME = 'T000';
OWNER
-
SAPSR3
The roles :
SQL> select grantee, granted_role, default_role from dba_role_privs where grantee = 'SAPSR3';
GRANTEE GRANTED_ROLE DEF
SAPSR3 SAPCONN YES
SAPSR3 SAPDBA YES
Under NT, it is required that user sapservice<sid> can also access the SAPUSER table. In order to avoid problems with the data consistency, it does not make sense to create an additional SAPUSER table having the same contents. Instead, you should define a synonym. Check if a suitable synonym exists by using the following call:
SQL> SELECT OWNER, TABLE_OWNER, TABLE_NAME FROM DBA_SYNONYMS WHERE SYNONYM_NAME = 'SAPUSER';
OWNER TABLE_OWNER
TABLE_NAME
-
OPS$SAPSERVICEKWS OPS$KWSADM
SAPUSER
As first value, this call should return either OPS$SAPSERVICE<sid> or PUBLIC, followed by OPS$<sid>ADM and SAPUSER. If this is not the case, recreate the synonym after you have deleted it.
SQL> select grantee, granted_role, default_role from dba_role_privs where grantee = 'OPS$KWSADM';
GRANTEE GRANTED_ROLE DEF
OPS$KWSADM SAPCONN YES
OPS$KWSADM SAPDBA YES
SQL> select grantee, granted_role, default_role from dba_role_privs where grantee = 'OPS$SAPSERVICEKWS';
GRANTEE GRANTED_ROLE DEF
OPS$SAPSERVICEKWS SAPDBA YES
OPS$SAPSERVICEKWS SAPCONN YES
What it is possible to check up still? Regards.
Hi all. I'm chek the error in event log on Server and find this :
Audit trail: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE :
NONE CLIENT USER: NT AUTHORITY\SYSTEM CLIENT TERMINAL: HOSTNAME STATUS: 1031 .
In another server where backup is run well the log contains this :
Audit trail: ACTION : 'CONNECT' DATABASE USER: '/' PRIVILEGE :
SYSOPER CLIENT USER : HOSTNAME\SAPSERVICESID SYSTEM CLIENT TERMINAL: HOSTNAME STATUS: 0.
Question: Why there is a connection under the user NT AUTHORITY\SYSTEM ? And how it can be corrected?
Regards.
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.