Skip to content
Home » Oracle Database » How to Resolve CRS-0245: User doesn't have enough privilege to perform the operation

How to Resolve CRS-0245: User doesn't have enough privilege to perform the operation

CRS-0245

There could be many possibilities that throw CRS-0245, this is only one case when we tried to modify the database by grid.

In this case, we are able to start / stop a database by grid.

[grid@primary01 ~]$ srvctl start database -d orclcdb
[grid@primary01 ~]$ srvctl stop database -d orclcdb

But we cannot modify the database by grid.

[grid@primary01 ~]$ srvctl modify database -d orclcdb -s mount
PRCD-1163 : Failed to modify database ORCLCDB
PRCR-1071 : Failed to register or update resource ora.orclcdb.db
CRS-0245:  User doesn't have enough privilege to perform the operation

CRS-0245 means that you can't perform such operation by this user, you should use the right user (account) with the right permission to do it.

Check ACL of Resource

Let's see the access-control list (ACL) of the resource.

[grid@primary01 ~]$ crsctl status resource ora.orclcdb.db -p -attr ACL
NAME=ora.orclcdb.db
ACL=owner:oracle:rwx,pgrp:oinstall:r--,other::r--,group:dba:r-x,group:oper:r-x,group:racdba:r-x,user:grid:r-x

As you can see, user grid has the right to read and execute, but it does not have the right to write the resource (i.e. r-x).

Solution

There're 2 ways to solve CRS-0245.

1. Use Owner to Modify DB

However, the owner oracle has the right to write (i.e. rwx), we should perform the operation by user oracle.

[oracle@primary01 ~]$ srvctl modify database -d orclcdb -s mount
[oracle@primary01 ~]$ echo $?
0

2. Modify ACL of Resource

Another way to solve it is to modify the attribute ACL, so as to make grid have the capability to write it (i.e. rwx).

Unfortunately, we can no longer modify it from release 12c, unless we use a very special flag to make it work, just like we did in How to Resolve CRS-4995.

[root@primary01 ~]# . /home/grid/.bash_profile
[root@primary01 ~]# crsctl modify resource ora.orclcdb.db -attr "ACL='owner:oracle:rwx,pgrp:oinstall:r--,other::r--,group:dba:r-x,group:oper:r-x,group:racdba:r-x,user:grid:rwx'" -unsupported

We may try to modify the resource by grid.

[grid@primary01 ~]$ srvctl modify database -d orclcdb -s mount
[grid@primary01 ~]$ echo $?
0

We made it.

Leave a Reply

Your email address will not be published. Required fields are marked *