A friend wrote: “I enabled Database Vault (explained here ) in my database. Now the management wants me to create a new user with connect as well as resource privileges. “However, when I connect as a user with the DBV_ACCTMGR role and try to create a new user, I get the following error: connect dave@proddb grant connect,resource to SALESUSER2 * ERROR at line 1: ORA-47410: Realm violation for GRANT on RESOURCE “I checked in dba_role_privs and dba_sys_privs for the roles and privileges granted to dave, and he has been granted the connect role as well as the DBV_ACCTMGR role. “Do any more privileges or roles need to be granted to the user Dave?” The answer: No, this is perfectly normal. The user with the DBV_ACCTMGR role can only grant the connect role, since a realm or protection zone is in place. If you want to grant the resource role, you need to grant it as SYS.
↧