cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot Drop a User

Scott Buckingham
Regular Advisor

Cannot Drop a User

I'm using Oracle 8.1.7 on an HP-UX 11.00 system.

While logged in as SYSTEM/***** AS SYSDBA, I'm trying to delete a user. However, when doing so, I receive the following:

ORA-00604: error occurred at recursive SQL level 2
ORA-20001: Insufficient privileges for DELETE or DROP
ORA-06512: at line 2

I thought SYSTEM could do anything (in fact, it has in the past as far as deleting goes). The user I'm trying to delete became unstable after playing with some role settings. Now that it is no longer needed, I would like to get rid of it. Any ideas as to what I need to do?

Thank you.




Long time dabbler, first time Admin / DBA
15 REPLIES
Steven E. Protter
Exalted Contributor

Re: Cannot Drop a User

Log on as the database binary owner(usually oracle).

Make sure the ORACLE_SID is set correctly.


sqlplus internal
>drop user cascade;

This should work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

Thanks Steven, but the results are the same. Does this mean that my SYSTEM / SYS privileges are goofed up? If so, how can I get them back?
Long time dabbler, first time Admin / DBA
Steven E. Protter
Exalted Contributor

Re: Cannot Drop a User

ps -ef | grep oracle

Is the database up?

Consider a restart of the system.

ORA-20001 seems to be mentioned quite often in patch installations going bad. Any recent activity there?

The Environment variables of the oracle user can cause this:

On a working oracle system:
as oracle
env > /tmp/env.good.text

compate that to the same output on the problem system.

Obviously check the alert logs for problems, I'm assuming you did that and found nothing.

ORA-00604 has been solved by patch installations. Bad idea in the current conext.

Check the ipcs commands, see if shared memory is owned by the right user. If the database was started by root all kinds of ugly things like this can happen.

My experience shows this is environment variables or corrupt shared memory. shmmax, shmseg are the kernel parameters to look at.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

I've already done everything you have suggested and you are right, there is nothing in the alert log to help me figure this out. I used to be able to remove users but I cannot in this particular instance. Ever since I messed with the roles for this particular user, I've had this problem. I was trying to create a role and assign one user to it so he could pretty much administer that particular set of data (creating tables/views and deleting whenever necessary) while at the same time keeping the dataset available to everyone else for use through our app. It failed and now I can't remove this bogus user. I can still create things, I just can't delet them (as sys or anybody!)
Long time dabbler, first time Admin / DBA
Yogeeraj_1
Honored Contributor

Re: Cannot Drop a User

hi,
*
try to connect as the oracle user.
*
sqlplus
then connect as
/ as sysdba
*
it is perferrable that you create another user with DBA role to do these operations.
*
If still not OK, post the output of:
select * from v$database;
and
select * from v$instance;
*
regards
YOgeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

Here are the results for the selects that were requested:

select * from v$database;

DBID - 3091073505
NAME - TST817
CREATED - 27-SEP-01
RESETLOGS_CHANGE# - 1
RESETLOGS_TIME - 27-SEP-01
PRIOR_RESETLOGS_CHANGE# - 0
PRIOR_RESETLOGS_TIME -
LOG_MODE - NOARCHIVELOG
CHECKPOINT_CHANGE# - 30784925
ARCHIVE_CHANGE# - 30772724
CONTROLFILE_TYPE - CURRENT
CONTROLFILE_CREATED - 27-SEP-01
CONTROLFILE_SEQUENCE# - 123825
CONTROLFILE_CHANGE# - 30785692
CONTROLFILE_TIME - 25-SEP-03
OPEN_RESETLOGS - NOT ALLOWED
VERSION_TIME - 27-SEP-01
OPEN_MODE - READ WRITE

select * from v$instance;

INSTANCE_NUMBER - 1
INSTANCE_NAME - TST817
HOST_NAME - xxxxxx
VERSION - 8.1.7.0.0
STARTUP_TIME - 20-SEP-03
STATUS - OPEN
PARALLEL - NO
THREAD# - 1
ARCHIVER - STOPPED
LOG_SWITCH_WAIT -
LOGINS - ALLOWED
SHUTDOWN_PENDING - NO
DATABASE_STATUS - ACTIVE
INSTANCE_ROLE - PRIMARY_INSTANCE
Long time dabbler, first time Admin / DBA
Brian Crabtree
Honored Contributor

Re: Cannot Drop a User

This sounds suspicously like a bad upgrade, or a failed installation. Is this a new database, or has it been running for a while? Have you recently upgraded this database from a previous version? Have you been able to remove users from this database before? Have you tried re-running the catalog/catproc scripts (long shot)?

Thanks,

Brian
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

Brian, please see my earlier posts as they explain what what worked before and what I did to mess things up. It just seems like the DELETE or DROP privilege has been revoked for anyone. Is this possible and can I get it back?
Long time dabbler, first time Admin / DBA
Brian Crabtree
Honored Contributor

Re: Cannot Drop a User

Hmmm. Ok, unless you know what you did to the roles, I can't reproduce it on a test system. So.

Connect in as internal or sysdba, run "alter session set sql_trace = true", try to drop the user, and get the trace for it. Post it back on here when you get the chance, and I will try and figure out where your permission problem is.

Thanks,

Brian
Yogeeraj_1
Honored Contributor

Re: Cannot Drop a User

hi again,
*
could it be that you have a database BEFORE DROP trigger? YES - Most probably!!
*
Post the output of the following SQL query:
===========================================
select owner, substr(triggering_event,1,45)
from dba_triggers
where triggering_event like '%DROP%';
===========================================
*
revert
*
regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Yogeeraj_1
Honored Contributor

Re: Cannot Drop a User

hi,
-
I tried to simulate something similar!
-
see below:
===========================================
yd@MYDB.MU> grant create session, create user, drop user to a identified by a;
Grant succeeded.
*
yd@MYDB.MU> grant create session to b identified by b;
Grant succeeded.
*
yd@MYDB.MU> create table app_users ( username varchar2(30) );
Table created.
*
yd@MYDB.MU> insert into app_users values ( 'B' );
1 row created.
*
yd@MYDB.MU> create or replace trigger drop_user_trigger
2 before drop on database
3 when ( user = 'A' )
4 declare
5 l_cnt number;
6 l_name varchar2(30);
7 begin
8 if ( ora_dict_obj_type = 'USER' )
9 then
10 l_name := ORA_DICT_OBJ_NAME;
11 select count(*) into l_cnt
12 from dual
13 where exists ( select null
14 from app_users
15 where username = l_name );
16 if ( l_cnt <> 1 )
17 then
18 raise_application_error( -20001, 'Insufficient privileges for DELETE or DROP' );
19 end if;
20 end if;
21 end;
22 /
*
Trigger created.
*
yd@MYDB.MU> @connect a/a
*
a@MYDB.MU> drop user scott;
drop user scott
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: Insufficient privileges for DELETE or DROP
ORA-06512: at line 15
*
a@MYDB.MU> drop user b;
*
User dropped.
*
a@MYDB.MU>
*
Hope this helps!
regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

First of all, THANK YOU for sticking with this! I really appreciate it.

Now, Brian, here is the trace you requested. You'll see towards the end where the 'insufficient privilege' message appears. ABC_CODE is the first table under the M460QA817 user. Is there an issue with DUAL?

Yogeeraj, here is the output you requested from you select statement:

OWNER SUBSTR(TRIGGERING_EVENT,1,45)
------------------------------ ---------------------------------------------
SYS DROP
SYSTEM DROP
SYSTEM DROP
MDSYS DROP
Long time dabbler, first time Admin / DBA
Scott Buckingham
Regular Advisor

Re: Cannot Drop a User

I got it! Thanks for the idea, Yogeeraj. After reading your posts on triggers, I did some investigating and found out that I did have a couple triggers in place that were preventing me from performing a drop. Problem solved!
Long time dabbler, first time Admin / DBA
Brian Crabtree
Honored Contributor

Re: Cannot Drop a User

Great Answer Yogeeraj! :)
Yogeeraj_1
Honored Contributor

Re: Cannot Drop a User

Thank you Brian. Glad to have helped! You do have some great replies too... Cheers
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)