My Oracle Support Banner

What Are the Minimum Privileges / Group Membership a Regular (NonAdmin) User Needs To Register Databases / Network Services with DBCA for EUS or Create Tnsnames Entries in an OID OracleContext? (TNS-04411: Directory service: permission denied) (Doc ID 1428080.1)

Last updated on SEPTEMBER 24, 2019

Applies to:

Oracle Net Services - Version and later
Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.


Created a non-administrator user in Oracle Internet Directory (OID) only for registering network services, i.e., to create tnsnames entries into the cn=oraclecontext,dc=<COMPANY>,dc=com realm context.

This user will be using Net Manager (Netmgr) and/or Oracle Directory Manager (OID 10g) / Oracle Directory Services Manager (ODSM, OID 11g) to register the entries, or Database Configuration Assistant (DBCA) to register databases for Enterprise User Security (EUS).

What are the minimum privileges/groups this ID needs for these purposes?


Below is a potential DBCA error authenticating with a regular user without sufficient permissions:

Unable to create database entry in the directory
service. - TNS-04411: Directory service:
permission denied
caused by:
TNS-04411: Directory service: permission denied
caused by:



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.