Tuesday, 8 May 2012

ORA-28183: proper authentication not provided by proxy

ORA-28183: proper authentication not provided by proxy

Cause: A client user must be authenticated but no authentication credentials were provided by the proxy user.

Action: Provide some form of authentication credentials.

ORA-28182: cannot acquire Kerberos service ticket for client

ORA-28182: cannot acquire Kerberos service ticket for client

Cause: An attempt to use a Kerberos forwardable ticket granting ticket to obtain a Kerberos service ticket failed.

Action: Check that the Kerberos forwardable ticket granting ticket belongs to the client, is valid, and that the key distribution center is available.

ORA-28181: proxy string failed to enable one or more of the specified initial roles for client string

ORA-28181: proxy string failed to enable one or more of the specified initial roles for client string

Cause: Attempt to enable specified initial roles after logon resulted in failure.

Action: Check that the initial roles are valid, granted to client, and not password protected.

ORA-28180: multiple authentication methods provided by proxy

ORA-28180: multiple authentication methods provided by proxy

Cause: More than one authentication method was specified by the proxy user for the client user.

Action: Specify only one of the following: a client database user name, a distinguished name or an X.509 certificate.

ORA-28179: client user name not provided by proxy

ORA-28179: client user name not provided by proxy

Cause: No user name was provided by the proxy user for the client user.

Action: Either specify a client database user name, a distinguished name or an X.509 certificate.

ORA-28178: password not provided by proxy

ORA-28178: password not provided by proxy

Cause: A client user is to be authenticated using a database password but none was provided by the proxy user.

Action: Provide a password.

ORA-28177: incorrect Kerberos ticket version

ORA-28177: incorrect Kerberos ticket version

Cause: the version of Kerberos ticket provided by the proxy user to authenticate a client user does not match the version that is required.

Action: Provide a Kerberos ticket of the correct version.

ORA-28176: incorrect certificate version

ORA-28176: incorrect certificate version

Cause: the version of certificate provided by the proxy user to identify a client user does not match the version that is required.

Action: Provide a certificate of the correct version.

ORA-28175: incorrect certificate type

ORA-28175: incorrect certificate type

Cause: the type of certificate provided by the proxy user to identify a client user does not match the type that is required.

Action: Provide a certificate of the correct type.

ORA-28174: Kerberos ticket not provided by proxy

ORA-28174: Kerberos ticket not provided by proxy

Cause: A client user is to be authenticated using a Kerberos ticket but none was provided by the proxy user.

Action: Provide a Kerberos ticket.

ORA-28173: certificate not provided by proxy

ORA-28173: certificate not provided by proxy

Cause: A client user is to be identified using a certificate but none was provided by the proxy user.

Action: Provide a certificate.

ORA-28172: distinguished name not provided by proxy

ORA-28172: distinguished name not provided by proxy

Cause: A client user is to be identified using a distinguished name, but none was provided by the proxy user.

Action: Provide a distinguished name.

ORA-28171: unsupported Kerberos version

ORA-28171: unsupported Kerberos version

Cause: the version the Kerberos ticket which the server is to use to validate the identity of the client is not supported.

Action: Specify a supported version.

ORA-28170: unsupported certificate version

ORA-28170: unsupported certificate version

Cause: The version of the certificate from which the server is to extract the credentials of the client is not supported.

Action: Specify a supported version.

ORA-28169: unsupported certificate type

ORA-28169: unsupported certificate type

Cause: The type of certificate from which the server is to extract the credentials of the client is not supported.

Action: Specify a supported type.

ORA-28168: attempted to grant password-protected role

ORA-28168: attempted to grant password-protected role

Cause: An ALTER USER ... GRANT CONNECT command was attempted specifying a role that is protected by a password as a role which the proxy may execute on behalf of a client.

Action: Either specify a role that does not have a password or alter the role so that a password is not required.

ORA-28166: duplicate rolename in list

ORA-28166: duplicate rolename in list

Cause: The name of a role was specified more than once in a list.

Action: Repeat the command specifying the role once.

ORA-28165: proxy string may not specify password-protected role string for client string

ORA-28165: proxy string may not specify password-protected role string for client string

Cause: A proxy user attempted to activate a role on behalf of a client which has a password associated with it. Since the proxy does not have a password, this activation cannot be allowed.

Action: Attempt to activate a different role or change the role administratively so that there is no password.

ORA-28164: REVOKE already specified

ORA-28164: REVOKE already specified

Cause: The REVOKE clause was specified twice.

Action: Use only one REVOKE clause.

ORA-28163: GRANT already specified

ORA-28163: GRANT already specified

Cause: The GRANT clause was specified twice.

Action: Use only one GRANT clause.

ORA-28157: Proxy user string forbidden to set role string for client string

ORA-28157: Proxy user string forbidden to set role string for client string

Cause: A proxy user was forbidden to use a role on behalf of a client through the command ALTER USER lamp;lt;lamp;nbsp;clientlamp;gt; GRANT CONNECT THROUGH lamp;lt;lamp;nbsp;proxylamp;gt; WITH ALL ROLES EXCEPT lamp;lt;lamp;nbsp;rolelamp;gt;

Action: Execute the command ALTER USER lamp;lt;lamp;nbsp;clientlamp;gt; GRANT CONNECT THROUGH PROXY lamp;lt;lamp;nbsp;proxylamp;gt; to grant the needed role.

ORA-28156: Proxy user string not authorized to set role string for client string

ORA-28156: Proxy user string not authorized to set role string for client string

Cause: A proxy user has not been granted the right to use a role on behalf of a client.

Action: Execute the command ALTER USER lamp;lt;lamp;nbsp;clientlamp;gt; GRANT CONNECT THROUGH PROXY lamp;lt;lamp;nbsp;proxylamp;gt; to grant the needed role.

ORA-28155: user string specified as a proxy is actually a role

ORA-28155: user string specified as a proxy is actually a role

Cause: A user specified in an AUDIT lamp;lt;lamp;nbsp;operationlamp;gt; BY lamp;lt;lamp;nbsp;proxylamp;gt; ON BEHALF OF lamp;lt;lamp;nbsp;clientlamp;gt; is actually a role.

Action: Execute the statement again with a valid proxy user.

ORA-28154: Proxy user may not act as client string

ORA-28154: Proxy user may not act as client string

Cause: A proxy user may not assume the identity of a privileged user in order to limit the privileges that a proxy may possess.

Action: Execute the statement again specify a client other than a privileged user.

ORA-28153: Invalid client initial role specified: string

ORA-28153: Invalid client initial role specified: string

Cause: A role specified by a proxy user as an initial role to be activated upon connecting on behalf of a client is invalid.

Action: Connect again as the client specifying a valid role.

ORA-28152: proxy user string may not specify initial role string on behalf of client string

ORA-28152: proxy user string may not specify initial role string on behalf of client string

Cause: A proxy user attempted to specify an initial role for a client, but the client does not possess the role.

Action: Change the proxy user so that it does not specify the role or grant the role to the client.

ORA-28151: more than one user name specified for command

ORA-28151: more than one user name specified for command

Cause: More than one user name was specified for an ALTER USER command.

Action: Try the command again with only one user name.

ORA-28150: proxy not authorized to connect as client

ORA-28150: proxy not authorized to connect as client

Cause: A proxy user attempted to connect as a client, but the proxy was not authorized to act on behalf of the client.

Action: Grant the proxy user permission to perform actions on behalf of the client by using the ALTER USER ... GRANT CONNECT command.

ORA-28142: error in accessing audit index file

ORA-28142: error in accessing audit index file

Cause: ORACLE was not able to access the file being used to hold audit file names.

Action: Make sure the file exists in the directory pointed to by the initialization parameter audit_file_dest and is readable by the ORACLE user.

ORA-28141: error in creating audit index file

ORA-28141: error in creating audit index file

Cause: ORACLE was not able to create the file being used to hold audit file names.

Action: Examine the directory pointed to by the initialization parameter audit_ file_dest. Make sure that all of the following is true: 1. The directory exists. 2. The name indeed points to a directory and not a file. 3. The directory is accessible and writable to the ORACLE user.

ORA-28140: Invalid column specified

ORA-28140: Invalid column specified

Cause: Column name specified during policy creation is invalid

Action: Please specify a valid column name. Object columns are not supported

ORA-28139: Maximum allowed Fine Grain Audit Policies Exceeded

ORA-28139: Maximum allowed Fine Grain Audit Policies Exceeded

Cause: A maximum of 256 policies can be enabled on an object

Action: Drop or disable an existing policy before creating more

ORA-28138: Error in Policy Predicate

ORA-28138: Error in Policy Predicate

Cause: An invalid policy predicate was specified.

Action: Please specify a valide policy Predicate for the FGA policy

ORA-28137: Invalid FGA audit Handler

ORA-28137: Invalid FGA audit Handler

Cause: An invalid audit handler was specified.

Action: Specify a valid audit handler.

ORA-28134: object cannot have fine-grained access control policy

ORA-28134: object cannot have fine-grained access control policy

Cause: Only tables, views, or synonyms of tables or views may have VPD policies

Action: none

ORA-28132: Merge into syntax does not support security policies.

ORA-28132: Merge into syntax does not support security policies.

Cause: Merge into syntax currently does not support a security policy on the destination table.

Action: use the insert or update DML stmts on the table that has a security policy defined on it.

ORA-28121: driving context does not exist

ORA-28121: driving context does not exist

Cause: try to drop a driving context that does not exist

Action: none

ORA-28120: driving context already exists

ORA-28120: driving context already exists

Cause: try to create a driving context that already exists

Action: none

ORA-28119: policy group does not exist

ORA-28119: policy group does not exist

Cause: try to drop a policy group that does not exist

Action: none

ORA-28118: policy group already exists

ORA-28118: policy group already exists

Cause: try to create a policy group that already exists

Action: none

ORA-28117: integrity constraint violated - parent record not found

ORA-28117: integrity constraint violated - parent record not found

Cause: try to update or insert a child record with new foreign key values, but the corresponding parent row is not visible because of fine-grained security in the parent.

Action: make sure that the updated foreign key values must also visible in the parent

ORA-28116: insufficient privileges to do direct path access

ORA-28116: insufficient privileges to do direct path access

Cause: Users with insufficient privileges attempting to do direct path access of tables with fine grain access control policies.

Action: Ask the database administrator to do the operation. Note that users can work with security administrator to temporarily drop or disable the policies at time of export, import, or load, but this has security implication, and thus access of the database must be controlled carefully.

ORA-28115: policy with check option violation

ORA-28115: policy with check option violation

Cause: Policy predicate was evaluated to FALSE with the updated values.

Action: none

ORA-28113: policy predicate has error

ORA-28113: policy predicate has error

Cause: Policy function generates invalid predicate.

Action: Review the trace file for detailed error information.

ORA-28112: failed to execute policy function

ORA-28112: failed to execute policy function

Cause: The policy function has one or more error during execution.

Action: Check the trace file and correct the errors.

ORA-28111: insufficient privilege to evaluate policy predicate

ORA-28111: insufficient privilege to evaluate policy predicate

Cause: Predicate has a subquery which contains objects that the owner of policy function does not have privilege to access.

Action: Grant appropriate privileges to the policy function owner.

ORA-28110: policy function or package string.string has error

ORA-28110: policy function or package string.string has error

Cause: The policy function may have been dropped, or is no longer valid.

Action: Check the status of the function and correct the problem. Or re-create the policy with a valid function.

ORA-28109: the number of related policies has exceeded the limit of 16

ORA-28109: the number of related policies has exceeded the limit of 16

Cause: Too many policies are involved in the same objects.

Action: Drop one or more policies. Or combine a few of them into one.

ORA-28108: circular security policies detected

ORA-28108: circular security policies detected

Cause: Policies for the same object reference each other.

Action: Drop the policies

ORA-28107: policy was disabled

ORA-28107: policy was disabled

Cause: Try to flush a disabled policy.

Action: If the policy is supposed to be enforced, it must be enabled.

ORA-28106: input value for argument #string is not valid

ORA-28106: input value for argument #string is not valid

Cause: Input values for the argument is missing or invalid.

Action: Correct the input values.

ORA-28105: cannot create security relevant column policy in an object view

ORA-28105: cannot create security relevant column policy in an object view

Cause: Security relevant column argument is not null in policy creation for an object view

Action: none

ORA-28104: input value for string is not valid

ORA-28104: input value for string is not valid

Cause: Input value for the argument is not valid

Action: specify a valid argument value.

ORA-28103: adding a policy to an object owned by SYS is not allowed

ORA-28103: adding a policy to an object owned by SYS is not allowed

Cause: Try to add a policy to a table or a view owned by SYS.

Action: You can not perform this operation.

ORA-28102: policy does not exist

ORA-28102: policy does not exist

Cause: Try to drop or enable or refresh a non-existent policy.

Action: Correct the policy name argument.

ORA-28101: policy already exists

ORA-28101: policy already exists

Cause: A policy with the same name for the same object already exists.

Action: Check if the policy has already been added or use a different policy name.

ORA-28100: policy function schema string is invalid

ORA-28100: policy function schema string is invalid

Cause: The schema was dropped after the policy associated with the function had been added to the object.

Action: Drop the policy and re-create it with a policy function owned by a valid user. Or re-create the user and the policy function under the new user.

ORA-28055: the password will expire within string days

ORA-28055: the password will expire within string days

Cause: The enterprise user s password is about to expire.

Action: Change the password in the directory or contact the directory administrator.

ORA-28054: the password has expired. string Grace logins are left

ORA-28054: the password has expired. string Grace logins are left

Cause: The enterprise user s password has expired. The user is able to login because he has gracelogins left.

Action: change the password in the directory or contact the directory administrator.

ORA-28053: the account is inactive

ORA-28053: the account is inactive

Cause: The enterprise user s account in the directory is currently not active.

Action: Contact the directory administrator.