Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 








ORA-01031: insufficient privileges tips

Oracle Database Tips by Donald Burleson


Question:  I just created a new database and when I try to connect as sysdba I get the error: "ORA-01031: insufficient privileges".  How do I stop the ORA-01031 error?

Answer:  The ORA-01031: "insufficient privileges" error occurs when you attempt to execute a program or function for which you have not been granted the appropriate privileges. 

For the DBA, the ORA-01031 can happen if the target OS executables do not have read and execute permissions (e.g. (770) in UNIX/Linux), and ensure that the oracle user is a member of the dba group (e.g. /etc/group).  There are similar permission in the Windows registry.

Inside Oracle, the "ORA-01031: insufficient privileges" error can be avoided by signing on "as sysdba" with unlimited database privileges.

The oerr utility notes this on the ORA-01031 error:

ORA-01031: insufficient privileges

Cause: An attempt was made to change the current username or password without the appropriate privilege. This error also occurs if attempting to install a database without the necessary operating system privileges. When Trusted Oracle is configure in DBMS MAC, this error may occur if the user was granted the necessary privilege at a higher label than the current login.

Action: Ask the database administrator to perform the operation or grant the required privileges. For Trusted Oracle users getting this error although granted the appropriate privilege at a higher label, ask the database administrator to re-grant the privilege at the appropriate label.

Steve Callan has these notes on the ORA-01032 error:

"The solution to preventing or overcoming the ORA-01031 error is based on the divide and conquer principle commonly used in programming. You have two obstacles to overcome: problems at the operating system level, and problems within Oracle. Let's start by getting Very Happy Ammo at the operating system level.

The Operating System: Some important groups on Windows
There are two or three key groups on Windows: Administrators, ORA_DBA, and ORA_OPER. The first two are musts, and the ORA_OPER is entirely optional. In fact, it is so optional that no further mention will be made of it.

You do not necessarily have to belong to the Administrators group, but you or someone else does when Oracle is first installed, and for simplicity's sake, I will assume you are part of that group. If you are reading this at home on your own computer, you should have free reign to add yourself to this group.

With Oracle on Windows, you get the ORA_DBA group for free. Creating groups on Windows is typically in the purview of an administrator. The ORA_DBA group is similar to the oinstall or dba groups created on UNIX, and membership does have its privileges. Now that you know who or what the groups are, how do you access information about them and add users (like yourself) to them?

Open the Groups folder under Local Users and Groups on the Computer Management console ("snap-in," technically). If you have never seen this feature, you probably do not know how to get to it in the first place. It's easy. You may have to adjust what is displayed on Start>Programs by customizing your Start>Settings>Taskbar and Start Menu options. If you go to Start>Programs and do not see Administrative Tools, it is because you do not have "Display Administrative Tools" set under the Advanced Start menu options.

Go to Taskbar and Start Menu and click on the Start Menu tab, and then click the Customize button.

You can also "Run" compmgmt.msc via Start>Run, or run "mmc" and create your own console. If you use the mmc command (then go to File>Add/Remove Snap-in and click on the Add button), scroll down in the list of available standalone snap-in's and you will see the Oracle Primary MMC Snap-In. This snap-in is not needed, but it is something you may want to add later on (it is similar to the monitoring tools in Enterprise Manager, and the interface is more Windows-like). Your main purpose for being in this window is to add Computer Management, so go ahead and do that.

For now though, all you really need is the compmgmt.msc command for use with Start>Run.

Expand the Computer Management window and read the descriptions of the Administrators and ORA_DBA groups. Take note of what the ORA_DBA group description says: "Members can connect to the Oracle database as a DBA without a password." Actually, it is not just "DBA," but rather, sysdba, and that is the whole point of fixing the operating system barriers.

To add yourself (or other users) to these groups, double-click the group name and Add users as necessary.

Do not get carried away with adding users or security objects (built-in Windows groups) to the ORA_DBA group unless you are sure of what you are doing. For example, look at the addition I made below.

If you do not allow it on UNIX, you probably will not allow it on Windows, and that is allowing operating system authenticated users to connect without a database password. There are plenty of reasons to allow it, but just make sure you know or can justify those reasons.

Summarizing this part of the divide and conquer strategy, to get yourself added to the ORA_DBA group, an administrator has to add you, and now you know how and where to access the computer management functions on Windows.

If you don't want to write your own script, you can use the Oracle script collection for this, highly recommended because of the complexity of the locking structures.




Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.



Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster