ORA-12526: TNS:listener: all appropriate instances are in restricted mode
Nothing special... just tested some about Database in Restricted Mode.
Opening the Database in Restricted Mode,that will only allow users with special privileges (RESTRICTED SESSION)
orcl =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = x.x.x.x)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
DBA role: connected by using user who has DBA role.
Then solved it by changed TNSNAMES.ORA: using "(UR=A)"
orcl =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = x.x.x.x)(PORT = 1521))
(CONNECT_DATA =
(UR=A)
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
Tested for connection again.
The (UR=A) clause for TNS connect strings in TNSNAMES.ORA file. This clause insert into:
(CONNECT_DATA =
(UR=A)It allows a privileged or administrative user to connect via the listener even when the service handler is blocking connections for non-privileged users.
However, On database LISTENER.ORA file, what can we do? Static service!!! by using SID_DISC=
Example:
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC = (ORACLE_HOME = /oracle/11gR2) (SID_NAME = orcl ))
)
SQL> select * from dba_sys_privs where privilege='RESTRICTED SESSION';On Server: just opened instance in restricted mode.
GRANTEE PRIVILEGE ADM
------------------------------ ---------------------------------------- ---
DBA RESTRICTED SESSION YES
SYS RESTRICTED SESSION NO
SQL> startup restrictOn client: TNSNAMES.ORA file
orcl =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = x.x.x.x)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
DBA role: connected by using user who has DBA role.
$ sqlplus system@orclFound!!! ORA-12526: TNS:listener: all appropriate instances are in restricted mode
Enter password:
ERROR:
ORA-12526: TNS:listener: all appropriate instances are in restricted mode
Then solved it by changed TNSNAMES.ORA: using "(UR=A)"
orcl =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = x.x.x.x)(PORT = 1521))
(CONNECT_DATA =
(UR=A)
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
Tested for connection again.
$ sqlplus system@orclOK... It's work. In case with NONE-DBA role:
Enter password:
SQL>
$ sqlplus nondba@orclWhat did I learn? When instance is restricted mode.
Enter password:
ERROR:
ORA-01035: ORACLE only available to users with RESTRICTED SESSION privilege
$ lsnrctl statusPMON updates the listener with that information and blocks new connection(establish).
.
.
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status RESTRICTED, has 1 handler(s) for this service...
The (UR=A) clause for TNS connect strings in TNSNAMES.ORA file. This clause insert into:
(CONNECT_DATA =
(UR=A)It allows a privileged or administrative user to connect via the listener even when the service handler is blocking connections for non-privileged users.
However, On database LISTENER.ORA file, what can we do? Static service!!! by using SID_DISC=
Example:
$ lsnrctl statusThen change listener.ora file:
.
.
Services Summary...
Service "orcl" has 1 instance(s).
Instance "orcl", status RESTRICTED, has 1 handler(s) for this service...
$ sqlplus system@orcl
Enter password:
ERROR:
ORA-12526: TNS:listener: all appropriate instances are in restricted mode
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC = (ORACLE_HOME = /oracle/11gR2) (SID_NAME = orcl ))
)
$ lsnrctl reloadWhat did we see? "status UNKNOWN" and "status RESTRICTED" ... then tested...
$ lsnrctl status
Services Summary...
Service "orcl" has 2 instance(s).
Instance "orcl", status UNKNOWN, has 1 handler(s) for this service...
Instance "orcl", status RESTRICTED, has 1 handler(s) for this service...
$ sqlplus system@orclIt's work... however, test with some user (NON-DBA role)
Enter password:
SQL>
$ sqlplus nondba@orcl^ ^ Now!!! We can use "DBA" role to do something with database by using LISTENER, when the Database open in Restricted Mode.
Enter password:
ERROR:
ORA-01035: ORACLE only available to users with RESTRICTED SESSION privilege
No comments:
Post a Comment