I've created a role in my Oracle 11g database called TestUserRole that will eventually have more privileges, but currently has only the Create Session privilege. I've assigned that role to a user, TestUser. It is their only role.
I created this as follows:
CREATE ROLE TestUserRole IDENTIFIED BY somepassword;
GRANT Create Session TO TestUserRole;
CREATE USER TestUser IDENTIFIED BY somepassword;
GRANT TestUserRole TO TestUser;
When I try to connect to the database, I receive:
ORA-01045: user TESTUSER lacks CREATE SESSION privilege; logon denied
I have verified (I think) that the user and role were setup successfully. If I query
select * from dba_role_privs where grantee = 'TESTUSER'
I get
| Grantee | Granted_Role | Admin_Option | Default_Role |
---------------------------------------------------------
| TESTUSER | TESTUSERROLE | NO | YES |
Then if I query
select * from role_sys_privs where role = 'TESTUSERROLE'
I get
| Role | Privilege | Admin_Option |
------------------------------------------------
| TESTUSERROLE | CREATE SESSION | NO |
So it appears that I have created the user and role successfully, the user has the role, and the role has the create session permission. Yet, when I try to log on, Oracle is telling me that the user doesn't have the Create Session permission. Where am I going wrong? Do I have to assign this privilege directly to the user rather than through a role?