在oracle 11g中创建用户的软件包

Question

create or Replace package body DBA_PACKAGE is
  procedure NewUser(username IN varchar2)
  is
  V_SQL varchar2(200); 
  V_ROLE varchar2(100);
  V_ROLE2 varchar2(100);
  begin

  V_SQL := 'Create user ' || username || ' identified by pass1234' ||' Password Expire'|| ' Default tablespace users' || ' Quota 1m on users';

  V_ROLE := 'Grant' || ' create session' || ' to ' || username;
  V_ROLE2 :='Grant' || ' connect' || ' to ' || username;


  dbms_output.put_line(V_SQL);
  dbms_output.put_line(V_ROLE);
  dbms_output.put_line(V_ROLE2);

  Execute immediate(V_SQL);
  execute immediate(V_ROLE);
  execute immediate(V_ROLE2);
  end NewUser;

set serveroutput on; 

exec DBA_PACKAGE.NewUser('Kevonia');

I got this error from SQL developer when executed

Error report -
ORA-01031: insufficient privileges
ORA-06512: at "SYSTEM.DBA_PACKAGE", line 20
ORA-06512: at line 1
01031. 00000 -  "insufficient privileges"
*Cause:    An attempt was made to change the current username or password
           without the appropriate privilege. This error also occurs if
           attempting to install a database without the necessary operating
           system privileges.
           When Trusted Oracle is configure in DBMS MAC, this error may occur
           if the user was granted the necessary privilege at a higher label
           than the current login.
*Action:   Ask the database administrator to perform the operation or grant
           the required privileges.
           For Trusted Oracle users getting this error although granted the
           the appropriate privilege at a higher label, ask the database
           administrator to regrant the privilege at the appropriate label.

Answer 1

First, don't create objects in schemas that Oracle provides. SYS and SYSTEM should only have objects that Oracle installs as part of the database installation. If you want to create your own objects, you'll want to create new schemas.

If you want to create a definer's rights stored procedure such as this, the owner of the procedure must have the necessary privileges granted directly to the user not via a role. The DBA role is a role like any other that has exactly the same restrictions-- if the owner of the procedure only has privileges to create a user via the DBA role, you'll get an ORA-01031 error. The owner of the package would need to be granted the CREATE USER privilege directly.

Alternately, you could declare the procedure as an invoker's rights stored procedure. That would allow you to use privileges granted via a role. But that would mean that whoever called the procedure would need to have the ability to create a user (either via a role or via a direct grant).