Solved

maximum of 30 enabled roles exceeded

Posted on 2004-09-29
5
3,135 Views
Last Modified: 2012-08-13
Hi,

I am working in a "security" project, and I have prepared 60 roles (3 per schema, SELECT, OPER and ADMIN)
As you can notice this database have 20+ schemas, each one with its own processes.
Later I may need to create more roles (not per schema but per department) as HR, FINANCE, etc.

The problem is that as soon as I ran the script that created the roles (even without assigning the privileges) the databases do not allowed me to login as SYSTEM indicating: "ORA-01925: maximum of 30 enabled roles exceeded"

Now, why this happened if I havent even assigned the roles to users?

Any help will be gratly appreciated.

Carlos
0
Comment
Question by:fadeshadow
5 Comments
 
LVL 23

Expert Comment

by:seazodiac
ID: 12185726
try to log in as sysdba, and do a database shutdown immediate


and modify init<SID>.ora file

add this line;

MAX_ENABLED_ROLES = 60

and restart the database
0
 
LVL 8

Expert Comment

by:baonguyen1
ID: 12186343
Just as more to seazodiac's post:

To find how large the MAX_ENABLED_ROLES parameter in init.ora to make it, execute the following SQL statements:
 
---> in 9i :
 
     SQL> SELECT grantee, count(*)
          FROM  (SELECT grantee, granted_role
                 FROM dba_role_privs
                 CONNECT BY PRIOR grantee = granted_role)
          GROUP BY grantee
          HAVING count(*) = (SELECT max(count(*))
                             FROM (SELECT grantee, granted_role
                                   FROM dba_role_privs
                                   CONNECT BY PRIOR grantee=granted_role)
                                   GROUP BY grantee);
 
---> in 8i: as CONNECT BY is not usable with GROUP BY, create a temporary
            table that selects the rows from the dictionary view before:
 
     SQL> drop table tempo_roles;  
     SQL> create table tempo_roles
          as select grantee, granted_role
          from dba_role_privs;
     SQL> select grantee,count(*)
          from (SELECT grantee, granted_role
                FROM tempo_roles
                CONNECT BY PRIOR grantee = granted_role)
          where grantee in (select username from dba_users)
          group by grantee
          having count(*) = (select max(count(*))
                             from (SELECT grantee, granted_role
                             FROM tempo_roles
                             CONNECT BY PRIOR grantee = granted_role)
                             group by grantee);
 
to get the highest current number of roles assigned to a user.
 
0
 
LVL 1

Author Comment

by:fadeshadow
ID: 12189591
Thanks to all for your comments, but none of you really response to my question, I will post ONLY the question again to see if I make me understand better:

"As soon as I created 60 roles the databases do not allowed me to login as SYSTEM indicating: "ORA-01925: maximum of 30 enabled roles exceeded""
"Now, why this happened if I havent even assigned the roles to users?"

I really appreciate your comments and I know what the parameter MAX_ENABLED_ROLES means, I also know that it is a static parameter that will require to restart the database, but why I received this message just creating the new roles?

I was thinking that maybe SYSTEM auto self grants any new role, or somethink like that.

BTW baonguyen, I ran the script and returned that System has 53 roles, it is that possible when the max_enabled_roles is 30?

regards again.

Carlos

0
 
LVL 7

Accepted Solution

by:
BobMc earned 250 total points
ID: 12192096
You are correct, when you create a role, it is automatically granted to the creator with admin privs - otherwise you wouldnt be able to grant it on to any users!


HTH
Bob
0
 

Expert Comment

by:TheGoToGuy
ID: 12194460
As a general database setup, I always set the parameter MAX_ENABLED_ROLES to 125 in the init.ora file.  It seems to be enough.  And of course System is granted access to roles it creates because it has the GRANT ANY ROLE system privilege because of the DBA role it has.

RWB
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
statspack purge automate 7 53
Oracle regular expression 6 47
report returning null 21 80
sql query 9 37
This article started out as an Experts-Exchange question, which then grew into a quick tip to go along with an IOUG presentation for the Collaborate confernce and then later grew again into a full blown article with expanded functionality and legacy…
Subquery in Oracle: Sub queries are one of advance queries in oracle. Types of advance queries: •      Sub Queries •      Hierarchical Queries •      Set Operators Sub queries are know as the query called from another query or another subquery. It can …
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now