What Are the Minimum Privileges / Group Membership a Regular (NonAdmin) User Needs To Register Databases / Network Services with DBCA for EUS or Create Tnsnames Entries in an OID OracleContext? (TNS-04411: Directory service: permission denied) (Doc ID 1428080.1)

Last updated on AUGUST 31, 2017

Applies to:

Oracle Net Services - Version 11.1.0.6 and later
Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.

Goal

Created a non-administrator user in Oracle Internet Directory (OID) only for registering network services, i.e., to create tnsnames entries into the cn=oraclecontext,dc=mycompany,dc=com realm context.

This user will be using Net Manager (Netmgr) and/or Oracle Directory Manager (OID 10g) / Oracle Directory Services Manager (ODSM, OID 11g) to register the entries, or Database Configuration Assistant (DBCA) to register databases for Enterprise User Security (EUS).

What are the minimum privileges/groups this ID needs for these purposes?

 

Below is a potential DBCA error authenticating with a regular user without sufficient permissions:

Unable to create database entry in the directory
service. - TNS-04411: Directory service:
permission denied
caused by:
oracle.net.config.DirectoryServiceException:
TNS-04411: Directory service: permission denied
caused by: oracle.net.ldap/NNFLException

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms