?
Solved

maximum of 30 enabled roles exceeded

Posted on 2004-09-29
5
Medium Priority
?
3,144 Views
Last Modified: 2012-08-13
Hi,

I am working in a "security" project, and I have prepared 60 roles (3 per schema, SELECT, OPER and ADMIN)
As you can notice this database have 20+ schemas, each one with its own processes.
Later I may need to create more roles (not per schema but per department) as HR, FINANCE, etc.

The problem is that as soon as I ran the script that created the roles (even without assigning the privileges) the databases do not allowed me to login as SYSTEM indicating: "ORA-01925: maximum of 30 enabled roles exceeded"

Now, why this happened if I havent even assigned the roles to users?

Any help will be gratly appreciated.

Carlos
0
Comment
Question by:fadeshadow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 23

Expert Comment

by:seazodiac
ID: 12185726
try to log in as sysdba, and do a database shutdown immediate


and modify init<SID>.ora file

add this line;

MAX_ENABLED_ROLES = 60

and restart the database
0
 
LVL 8

Expert Comment

by:baonguyen1
ID: 12186343
Just as more to seazodiac's post:

To find how large the MAX_ENABLED_ROLES parameter in init.ora to make it, execute the following SQL statements:
 
---> in 9i :
 
     SQL> SELECT grantee, count(*)
          FROM  (SELECT grantee, granted_role
                 FROM dba_role_privs
                 CONNECT BY PRIOR grantee = granted_role)
          GROUP BY grantee
          HAVING count(*) = (SELECT max(count(*))
                             FROM (SELECT grantee, granted_role
                                   FROM dba_role_privs
                                   CONNECT BY PRIOR grantee=granted_role)
                                   GROUP BY grantee);
 
---> in 8i: as CONNECT BY is not usable with GROUP BY, create a temporary
            table that selects the rows from the dictionary view before:
 
     SQL> drop table tempo_roles;  
     SQL> create table tempo_roles
          as select grantee, granted_role
          from dba_role_privs;
     SQL> select grantee,count(*)
          from (SELECT grantee, granted_role
                FROM tempo_roles
                CONNECT BY PRIOR grantee = granted_role)
          where grantee in (select username from dba_users)
          group by grantee
          having count(*) = (select max(count(*))
                             from (SELECT grantee, granted_role
                             FROM tempo_roles
                             CONNECT BY PRIOR grantee = granted_role)
                             group by grantee);
 
to get the highest current number of roles assigned to a user.
 
0
 
LVL 1

Author Comment

by:fadeshadow
ID: 12189591
Thanks to all for your comments, but none of you really response to my question, I will post ONLY the question again to see if I make me understand better:

"As soon as I created 60 roles the databases do not allowed me to login as SYSTEM indicating: "ORA-01925: maximum of 30 enabled roles exceeded""
"Now, why this happened if I havent even assigned the roles to users?"

I really appreciate your comments and I know what the parameter MAX_ENABLED_ROLES means, I also know that it is a static parameter that will require to restart the database, but why I received this message just creating the new roles?

I was thinking that maybe SYSTEM auto self grants any new role, or somethink like that.

BTW baonguyen, I ran the script and returned that System has 53 roles, it is that possible when the max_enabled_roles is 30?

regards again.

Carlos

0
 
LVL 7

Accepted Solution

by:
BobMc earned 1000 total points
ID: 12192096
You are correct, when you create a role, it is automatically granted to the creator with admin privs - otherwise you wouldnt be able to grant it on to any users!


HTH
Bob
0
 

Expert Comment

by:TheGoToGuy
ID: 12194460
As a general database setup, I always set the parameter MAX_ENABLED_ROLES to 125 in the init.ora file.  It seems to be enough.  And of course System is granted access to roles it creates because it has the GRANT ANY ROLE system privilege because of the DBA role it has.

RWB
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cursors in Oracle: A cursor is used to process individual rows returned by database system for a query. In oracle every SQL statement executed by the oracle server has a private area. This area contains information about the SQL statement and the…
Configuring and using Oracle Database Gateway for ODBC Introduction First, a brief summary of what a Database Gateway is.  A Gateway is a set of driver agents and configurations that allow an Oracle database to communicate with other platforms…
Via a live example, show how to take different types of Oracle backups using RMAN.
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question