惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
N
News and Events Feed by Topic
D
DataBreaches.Net
MongoDB | Blog
MongoDB | Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Engineering at Meta
Engineering at Meta
T
Tailwind CSS Blog
博客园_首页
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
A
About on SuperTechFans
I
InfoQ
S
Securelist
Last Week in AI
Last Week in AI
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hacker News: Ask HN
Hacker News: Ask HN
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
腾讯CDC
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
Simon Willison's Weblog
Simon Willison's Weblog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
美团技术团队
aimingoo的专栏
aimingoo的专栏
G
Google Developers Blog
罗磊的独立博客
Vercel News
Vercel News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
S
Secure Thoughts
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Latest news
Latest news
Recent Announcements
Recent Announcements
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
LINUX DO - 热门话题
Security Latest
Security Latest
TaoSecurity Blog
TaoSecurity Blog
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
ORA-01031 오류 원인과 해결 방법 완벽 가이드
umzzil nng · 2026-05-21 · via DEV Community

umzzil nng

ORA-01031란?

ORA-01031: insufficient privileges 에러는 현재 데이터베이스 세션의 사용자가 요청한 작업을 수행하기 위한 권한이 충분하지 않을 때 발생하는 Oracle 에러입니다. 단순한 테이블 조회부터 DDL 실행, 시스템 관리 작업에 이르기까지 권한이 없는 모든 작업에서 발생할 수 있으며, 특히 운영 환경에서 계정 관리가 미흡할 때 자주 마주치는 에러입니다. 개발 초기에는 DBA 권한으로 작업하다가 운영 계정으로 전환하거나, 롤(Role) 기반 권한이 세션 컨텍스트에서 비활성화된 경우에도 동일한 에러가 발생할 수 있습니다.


주요 발생 원인

  1. 객체에 대한 직접 권한 미부여
    특정 테이블, 뷰, 프로시저 등에 대해 SELECT, INSERT, UPDATE, DELETE, EXECUTE 등의 권한이 해당 사용자에게 직접 부여되지 않은 경우입니다. 특히 다른 스키마 소유의 객체에 접근할 때 자주 발생하며, 개발자가 자신의 스키마가 아닌 타 스키마 테이블에 쿼리를 날릴 때 흔히 겪는 상황입니다.

  2. 롤(Role)을 통한 권한 부여 후 스토어드 프로그램에서 사용 시 충돌
    Oracle에서는 저장 프로시저(Stored Procedure), 함수(Function), 패키지(Package) 내부에서는 롤을 통해 부여된 권한이 적용되지 않습니다. 직접 권한(Direct Grant)만 인식하기 때문에, 롤로만 권한을 받은 사용자가 PL/SQL 블록 내에서 해당 객체에 접근하면 ORA-01031이 발생합니다.

  3. 시스템 권한 미부여 (CREATE, ALTER, DROP 등)
    DDL 작업(테이블 생성, 인덱스 생성, 뷰 생성 등)을 수행하려면 해당 시스템 권한이 필요합니다. CREATE TABLE, CREATE VIEW, CREATE PROCEDURE 등의 권한 없이 DDL을 실행하면 이 에러가 발생하며, 특히 신규 계정 생성 직후 기본 권한만 부여된 상태에서 자주 발생합니다.

  4. SYSDBA / SYSOPER 권한 없이 관리자 접속 시도
    CONNECT / AS SYSDBA 형태로 접속하려 할 때 해당 OS 사용자가 dba 그룹에 포함되어 있지 않거나, password file에 등록되지 않은 경우에 발생합니다. 원격 접속 시 password file이 존재하지 않아도 동일한 에러가 발생할 수 있습니다.

  5. INVOKER RIGHTS vs DEFINER RIGHTS 혼동
    기본적으로 PL/SQL 객체는 DEFINER RIGHTS 방식으로 동작하여 소유자의 권한으로 실행됩니다. 그러나 AUTHID CURRENT_USER로 선언된 INVOKER RIGHTS 프로시저에서는 호출자의 권한을 기준으로 실행되므로, 호출자에게 권한이 없으면 ORA-01031이 발생합니다.


해결 방법

원인 1: 객체 권한 직접 부여

다른 스키마의 테이블이나 객체에 접근 권한을 부여합니다.

-- HR 스키마의 EMPLOYEES 테이블에 대해 APP_USER에게 SELECT 권한 부여
GRANT SELECT ON hr.employees TO app_user;

-- INSERT, UPDATE, DELETE 권한 함께 부여
GRANT SELECT, INSERT, UPDATE, DELETE ON hr.employees TO app_user;

-- 특정 컬럼에만 UPDATE 권한 부여 (컬럼 레벨 권한)
GRANT UPDATE (salary, job_id) ON hr.employees TO app_user;

-- 프로시저 실행 권한 부여
GRANT EXECUTE ON hr.process_employee TO app_user;

-- 권한 부여 후 확인
SELECT grantee, table_name, privilege, grantable
FROM dba_tab_privs
WHERE grantee = 'APP_USER'
ORDER BY table_name, privilege;

Enter fullscreen mode Exit fullscreen mode

원인 2: PL/SQL 내 롤 권한 문제 해결

저장 프로그램 내부에서 롤로 부여된 권한은 동작하지 않으므로 직접 권한을 부여합니다.

-- 문제 상황: DEVELOPER_ROLE을 통해 권한을 받은 경우
-- PL/SQL 내부에서 hr.employees 접근 불가

-- 잘못된 방식 (롤을 통한 권한 - PL/SQL 내부에서 미동작)
GRANT SELECT ON hr.employees TO developer_role;
GRANT developer_role TO app_user;

-- 올바른 방식 (직접 권한 부여)
GRANT SELECT ON hr.employees TO app_user;

-- 현재 세션에서 활성화된 롤 확인
SELECT * FROM session_roles;

-- 사용자에게 직접 부여된 권한 확인
SELECT grantee, owner, table_name, privilege
FROM dba_tab_privs
WHERE grantee = 'APP_USER';

-- 롤을 통해 부여된 권한 확인 (PL/SQL 내에서는 미적용)
SELECT role, owner, table_name, privilege
FROM role_tab_privs
WHERE role IN (
    SELECT granted_role FROM dba_role_privs WHERE grantee = 'APP_USER'
);

Enter fullscreen mode Exit fullscreen mode

원인 3: 시스템 권한 부여

DDL 실행에 필요한 시스템 권한을 부여합니다.

-- 기본 개발 계정 생성 및 권한 부여 예시
CREATE USER dev_user IDENTIFIED BY "SecurePass123!";

-- 접속 권한 부여
GRANT CREATE SESSION TO dev_user;

-- 객체 생성 관련 시스템 권한 부여
GRANT CREATE TABLE TO dev_user;
GRANT CREATE VIEW TO dev_user;
GRANT CREATE PROCEDURE TO dev_user;
GRANT CREATE SEQUENCE TO dev_user;
GRANT CREATE TRIGGER TO dev_user;
GRANT CREATE SYNONYM TO dev_user;

-- 테이블스페이스 쿼터 설정 (UNLIMITED 주의 - 운영환경에서는 제한 권장)
ALTER USER dev_user QUOTA 500M ON users;

-- 부여된 시스템 권한 전체 확인
SELECT grantee, privilege, admin_option
FROM dba_sys_privs
WHERE grantee = 'DEV_USER'
ORDER BY privilege;

-- 특정 권한 회수
REVOKE CREATE TABLE FROM dev_user;

Enter fullscreen mode Exit fullscreen mode

원인 4: SYSDBA 접속 문제 해결

-- [OS 레벨] oracle 유저가 dba 그룹에 포함되어 있는지 확인 (Linux/Unix)
-- $ id oracle
-- uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba)

-- password file 존재 여부 확인 (Oracle 19c 기준)
-- $ORACLE_HOME/dbs/orapw{SID} 파일 존재 여부 확인

-- password file 재생성 (SYS 비밀번호 재설정)
-- $ orapwd file=$ORACLE_HOME/dbs/orapwORCL password=새비밀번호 entries=10

-- 원격 SYSDBA 접속 허용 여부 확인
SHOW PARAMETER REMOTE_LOGIN_PASSWORDFILE;

-- 필요 시 파라미터 변경 (EXCLUSIVE 또는 SHARED)
-- ALTER SYSTEM SET REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE SCOPE=SPFILE;

-- SYSDBA 권한을 가진 사용자 목록 확인
SELECT * FROM v$pwfile_users;

-- 특정 사용자에게 SYSDBA 권한 부여
GRANT SYSDBA TO dba_user;

Enter fullscreen mode Exit fullscreen mode

원인 5: INVOKER RIGHTS 프로시저 권한 문제

-- INVOKER RIGHTS 프로시저 예시 (AUTHID CURRENT_USER)
CREATE OR REPLACE PROCEDURE get_employee_info(p_emp_id IN NUMBER)
AUTHID CURRENT_USER  -- 호출자 권한으로 실행
AS
    v_name VARCHAR2(100);
BEGIN
    -- 호출자에게 hr.employees SELECT 권한이 없으면 ORA-01031 발생
    SELECT first_name || ' ' || last_name
    INTO v_name
    FROM hr.employees
    WHERE employee_id = p_emp_id;

    DBMS_OUTPUT.PUT_LINE('직원명: ' || v_name);
END;
/

-- 해결책 1: 호출자에게 직접 권한 부여
GRANT SELECT ON hr.employees TO calling_user;

-- 해결책 2: DEFINER RIGHTS 방식으로 변경 (기본값)
CREATE OR REPLACE PROCEDURE get_employee_info(p_emp_id IN NUMBER)
-- AUTHID DEFINER (기본값, 생략 가능)
AS
    v_name VARCHAR2(100);
BEGIN
    SELECT first_name || ' ' || last_name
    INTO v_name
    FROM hr.employees
    WHERE employee_id = p_emp_id;

    DBMS_OUTPUT.PUT_LINE('직원명: ' || v_name);
END;
/

Enter fullscreen mode Exit fullscreen mode

권한 문제 전반 진단 쿼리


sql
-- 특정 사용자의 모든 권한 현황 종합 조회
SELECT 'SYSTEM PRIVILEGE' AS priv_type,
       privilege AS privilege_name,
       NULL AS object_name,
       admin_option AS extra_option

Enter fullscreen mode Exit fullscreen mode