Alter User Inside procedure

Similar Messages

• HELP - ALTER USER

  Hi,
  Here is the situation:
  - When I use "FORMS_DLL(alter user....)" inside the Forms, it's ok.
  - When I use "EXECUTE IMMEDIATE('alter user....)" inside a Package, it gives me an error: "Insuficient Privilegies".
  The user has permission to execute the package. The "execute immediate" is ok when using another command, like "alter table", "create table", etc...
  What's the problem? Is there another command to grant the usage of "alter user" inside the package?
  Thanks!

  SQL> CREATE SYNONYM t_syn FOR dept;
  Synonym created. I have ROLE for creating synonyms but not direct privilege thats why i can create
  synonoym from SQL through ROLE but for creating synonyms through procedure
  ROLE are ignored or volatile for stored procedure to get it done from procedure
  you should have DIRECT PRIVILEGE.You have privilge through ROLE not
  DIRECT PRIVILEGE.
  SQL> create or replace procedure cpr (p in varchar2)
    2  as
    3  begin
    4  execute immediate 'create synonym syn_'||p||' for a';
    5  end;
    6  .
  SQL> /
  Procedure created.
  SQL> execute cpr('A');
  BEGIN cpr('A'); END;
  ERROR at line 1:
  ORA-01031: insufficient privileges
  ORA-06512: at "SCOTT.CPR", line 4
  ORA-06512: at line 1
  With Invoker Right using AUTHID CURRENT_USER privileges are checked at
  runtime not Role so below code will run successfully
  SQL> create or replace procedure cpr (p in varchar2)
    2      AUTHID CURRENT_USER  
    3  as
    4  begin
    5  execute immediate 'create synonym syn_'||p||' for a';
    6  end;
    7  .
  SQL> /
  Procedure created.
  SQL> execute cpr('A');
  PL/SQL procedure successfully completed.You can get it done by getting direct privilege as well creating synonyms on the fly
  using stored procedure if you give DIRECT PRIVILEGE.
  SQL> GRANT CREATE SYNONYM TO scott;
  Grant succeeded.
  SQL> create or replace procedure cpr (p in varchar2)
    2  as
    3  begin
    4  execute immediate 'create synonym syn_'||p||' for a';
    5  end;
    6  .
  SQL> /
  Procedure created.
  SQL> execute cpr('B');
  PL/SQL procedure successfully completed.
  As documented
  The reason is that, for a definer's rights procedure, the database checks privileges
  at compilation time, not at execution time. That is, the database verifies that the
  owner of the procedure has necessary privileges--granted directly, not through a
  role--at the time the procedure is compiled.
  Khurram

• Using ALTER SESSION inside a stored procedure.... not a good idea?

  Hi,
  I have two stored procedures, both of which are used to query a database to find a particular book, based on ISBN. One sproc searches our main product catalogue and the other searches our suppliers feed catalogues. The stored procedures are called from a C# application via a search tool and the user is able to search on either our catalogue or our suppliers. The appropriate procedure is called based on the users choices.
  However, the following behaviour is observed
  I search for an ISBN (is a varchar2 field, as isbn's may contain an X if the checksum digit equates to 10) on a feed, so uses the FEED SPROC. The book is found and returned to the app in about 0.5 seconds. I can repeat this as often as i like on different books etc. always works fine.
  I then do the same search but against our own catalogue, so uses our CATALOGUE SPROC. Again the book is found quickly, and the search can be repeated with the same results.
  If i then go back and run our FEED SPROC then the search time increases to about 3 minutes !
  Both the feed and our catalogue is in the same database, although different schema's the connections will be pooled through our app server.
  I can repliacte this every single time. I think i have narrowed doen the cause of this behaviour to a few lines of code in our CATALOGUE SPROC:
  -- store values
  select value into v_vch_NLS_COMP from nls_session_parameters nsp where nsp.parameter = 'NLS_COMP';
  select value into v_vch_NLS_SORT from nls_session_parameters nsp where nsp.parameter = 'NLS_SORT';
  -- Ensure case insensitivity throughout
  EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_COMP = LINGUISTIC';
  EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_SORT = BINARY_CI';
  do other stuff
  -- restore session variables
  EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_COMP = ' || v_vch_NLS_COMP;
  EXECUTE IMMEDIATE 'ALTER SESSION SET NLS_SORT = ' || v_vch_NLS_SORT;
  If i remove this code then all is well, so i am assuming that using ALTER SESSION inside a stored procedure is the cause of the problem as it would be changing the execution plan of the FEEDS SPROC in some manner? Any ideas? I know i can just rewrite the sproc to avoid using this coding, but wanted to understand if i am doing something wrong by using ALTER SESSION in this manner?
  Any pointers would be appreciated.
  John Thompson
  Software Architect,
  play.com
  Edited by: user7186902 on 27-May-2009 03:51

  Hello (and welcome),
  It may be a case of having to create a linguistic index to facilitate the queries once you set these session level parameters, i.e..,
  CREATE INDEX idx_01 ON tab ((NLSSORT(col1, 'NLS_SORT=BINARY_CI'))It would appear that the setting of those parameters is invalidating index searching on the current indexes.

• Alter User Procedure Error

  Dear all,
  i have made a procedure which will alter the user password
  but when i run this procedure from the form and send the password as number it gives me an error, but when i send the password as characters it runs perfectly:
  like this l_user_name = ashraf
  password = 123456
  the code like this :
  Execute Immediate 'ALTER USER '|| l_user_name ||' IDENTIFIED BY '||p_new_password;
  the error is ORA-00988 missing or invalid password(s)
  but when it from the sql/plus
  alter user ashraf identified by "123456"; it runs perfectly
  Please Advice
  Best Regards,
  Ashraf

  Ashraf,
  On your sql*Plus prompt
  alter user ashraf identified by 123456 will give same error.
  but,
  alter user ashraf identified by '123456' will work.
  try putting to_char in your procedure

• Using alter user to change oracle password for logged in web user on XE

  Hi All
  I'm building an app using the pl/sql web toolkit on XE (installed on Win XP Pro SP2). (I'm not using the APEX front-end).
  I'm using basic authentication and oracle database user accounts, and when a user registers for the first time I create them an oracle user account with dynamic sql, followed by some initial setup stuff, and they then log in with it.
  All fine so far.
  However I want to allow the user to change their oracle password as part of maintaining their user details. I've done this in the past using the web toolkit and Oracle 9i and it has worked fine using dynamic sql.
  Unfortunately I can't get the same thing to work in XE.
  For example, if I create the following procedure in the schema aligned to the DAD which holds my application and then run it from a browser (IE or Firefox) then the
  Browser and the db just hangs - not even an error message:
  CREATE OR REPLACE PROCEDURE ut
  AS
  v_stmt varchar2(300);
  BEGIN
  HTP.htmlOpen;
  HTP.headOpen;
  HTP.title ('User Test');
  HTP.headClose;
  HTP.bodyOpen;
  v_stmt := 'alter user "'||user||'" identified by "BERT"';
  htp.print(v_stmt);
  EXECUTE IMMEDIATE v_stmt;
  htp.print('Done');
  HTP.bodyClose;
  HTP.htmlClose;
  END;
  If I run the same statement in SQL*plus it's fine, and if I run the same proc for a different user then it's fine too.
  I'm sure it's something to do with trying to change the credentials of the currently logged in user, but I would at least have expected an error message.
  I'd be grateful for any ideas.
  Thanks
  Steve

  Hi g.myers
  Thanks for your response.
  Sorry, yes, bad turn of phrase there. It's not the entire db that hangs. The web browser (either IE or FF) hangs, and if I look at v$session at this point, I can see that the user STATUS=ACTIVE and the STATE=WAITING.
  I should also point out that I am using standard Oracle users as users of the application, (e.g. create a new user account called TESTER1). These users are then granted the appropriate privileges on the owning schema in order to run the app, access the tables etc.
  Therefore it is the user account (e.g. TESTER1) that is running the password change procedure that is owned by the SYS schema. (However again, this is the exact code and method that I've used in the past and it has worked fine).
  If I leave the browser hanging long enough, it will eventually return with the following error:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request POST /h/hopapp.pwdmaint_do.
  Reason: Error reading from remote server
  cheers
  Steve

• Re: How to alter user using variable

  I need to reset all Oracle default accounts to a custom password in one of our databases (11.1.0.7). I am using two files:
  File 1 called mydb.sh
  This file is Solaris shell script to run sql file. Here is the content:
  #!/bin/bash
  cd $HOME
  . ./agsdb
  sqlplus "/as sysdba"<<EOF
  start /h/bin/mydb.sql
  exit
  EOF
  if [$? !=0 ]; then
  echo "Error, mydb.sh did not run"
       echo "Exiting."
       exit 1
  fi
  echo "********** mydb.sh is complete **********"And here is file2 mydb.sql
  This file has content similar this the following:
  >
  alter user anonymous identified by password;
  alter user oracle_ocm identified by password;
  alter user DI identified by password;
  alter user system identified by password;
  Our problem is we don't want to use the password in plain text. To get arround, we will pass the password as a variable instead of the plain password text.
  Maybe something like this:
  alter user anonymous identified by variable_name;How can I mitigate this by passing this variable from solaris to sqlplus?
  Thanks in advance.

  Alex wrote:
  01. Create a procedure to get the username and password and then alter that user. For this you can use synamic sql
  CREATE OR REPLACE PROCEDURE (username VARCHAR2, password VARCHAR2)
  IS
  BEGIN
  EXECUTE IMMEDIATE 'ALTER USER '||username||' IDENTIFIED BY ||password;
  END;
  I have already dealt with the above. My problem is how to get the procedure to pass the password in variable as you mentioned below:
  02. Then in your shell script call that procedure by passing username and password variables..

• Let group leader change his memeber's pwd without giving him 'alter user' p

  Hi, all
  Is there any way that I can let a group leader to reset his own member's password without giving him the 'alter user' privilege ?
  I know I can use following simplified procedure to allow one person to change his own password, but I am looking for a way to let leader to reset when his members forget their pwd, and the following script can't work. I also created the synonym and grant 'execute on' to him. Can someone help me on this?
  Thanks in advance.
  CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2, v_pwd in varchar2)
  authid current_user
  is
  BEGIN
  execute immediate 'alter user '||m_username||' identified by '||v_pwd ;
  END ;
  ----

  SQL> @example
  SQL> spool capture.log
  SQL> create user alladmin identified by adminall;
  User created.
  SQL> grant connect to alladmin;
  Grant succeeded.
  SQL> grant resource to alladmin;
  Grant succeeded.
  SQL> grant alter user to alladmin;
  Grant succeeded.
  SQL> create user member1 identified by No1knows;
  User created.
  SQL> grant connect to member1;
  Grant succeeded.
  SQL> create user member2 identified by No1knows;
  User created.
  SQL> grant connect to member2;
  Grant succeeded.
  SQL> create user gl1 identified by secret;
  User created.
  SQL> grant connect to gl1;
  Grant succeeded.
  SQL> grant resource to gl1;
  Grant succeeded.
  SQL> connect alladmin/adminall
  Connected.
  SQL> CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2)
    2  is
    3  m_username varchar2(100);
    4  v_pwd varchar2(30) := 'FUBAR1';
    5  BEGIN
    6  select user into m_username from dual;
    7  if (m_username = 'GL1')
    8  then
    9       execute immediate 'alter user '||v_username||' identified by '||v_pwd ;
  10  end if;
  11  END ;
  12  /
  Procedure created.
  SQL> grant execute on change_pwd to gl1;
  Grant succeeded.
  SQL> connect gl1/secret
  Connected.
  SQL> exec alladmin.change_pwd('MEMBER1');
  PL/SQL procedure successfully completed.
  SQL> exec alladmin.change_pwd('MEMBER2');
  PL/SQL procedure successfully completed.
  SQL> connect member1/FUBAR1
  Connected.
  SQL> select user from dual;
  USER
  MEMBER1
  SQL> connect member2/FUBAR1
  Connected.
  SQL> select user from dual;
  USER
  MEMBER2
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
  With the Partitioning, OLAP and Data Mining optionsAny more questions?

• Alter user + ora-03114

  Hello...
  Using Forms 10gR1(9.0.4.19).
  When the command call database procedure "execute immediate alter user..."
  return the error "ORA-03114".
  Can you help me?
  Thanks.

  ORA - 3114 Not connected to OracleIt looks like you somehow got disconnected from the database or never connected in the first place. You don't suppress logging on to the database by overriding the ON-LOGON trigger?
  If you are initially connected you somehow got disconnected. Could be that you're database session crashed on a previous action. Check the bdump directory at the database server to see if there is a log file of a crashed session.
  I haven't ever experienced this myself, but could it be that you are altering the current user in such a way that the session is ended? You did not specify what you are doing in the ALTER USER, so it's only guessing for me

• Alter user privilege

  Hello,
  is there any way to grant just certain privileges that involve the Alter User system privilege? That is, How can i do so that a user can execute just: alter user <user> account lock or account unlock, but not password expires as an example?
  Thanks in advance.

  Hi, you can set the AUTHID DEFINER clause when you crate the stored procedure for execute how owner, the stored procedure must be owner of SYS user.
  Please review the nexts links
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_5009.htm#sthref6483
  http://www.adp-gmbh.ch/ora/plsql/authid.html
  Luck.
  Have a good day.
  Regards.

• Oracle Security - Controlling the 'alter user' privilege

  Hi,
  1. DB 10.1.0.5 and 10.2.0.3
  2. "Admin User" needs to be able to change some users passwords in database.
  3. Create user adminuser - grant alter user to adminuser.
  4. DBAs will grant "approle" role to list of required users. DBAs will maintain control of who gets this role.
  4. Create system trigger on alter database - will prevent "adminuser" from changing passwords for accounts not authorized - Script does not fire for DBAs and anyone changing their own password.
  The trigger works as intended - the "adminuser" account can only change the specific set of users.
  Question: We've discovered that the "adminuser" can also use the "alter user" privilege to change default tablespace and tablespace quota. User should only be able to change password.
  Anyone have ideas on adding to the trigger to make sure the "adminuser" is only altering the password?
  I am playing with the ora_is_alter_column system event, thinking that maybe the password column in user$ would be changed but so far I can't get this to work: Here is my trigger --
  CREATE OR REPLACE TRIGGER SYS.PASSWORD_CONTROL AFTER ALTER ON DATABASE
  DECLARE
  DBACHK varchar2(50);
  USRCHK varchar2(50);
  BEGIN
  BEGIN
  -- Ensure users can change their own passwords --
  IF
  ora_login_user = ora_dict_obj_name
  THEN
  RETURN;
  ELSE
  -- Do not apply trigger to DBA group --
  select grantee into DBACHK from dba_role_privs where granted_role='DBA'
  and grantee = ora_login_user;
  IF
  DBACHK = ora_login_user
  THEN
  RETURN;
  END IF;
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  NULL;
  END;
  BEGIN
  select grantee into USRCHK from dba_role_privs where
  granted_role='DISCUSR' and grantee = ora_dict_obj_name;
  IF
  ora_dict_obj_type = 'USER'
  and ora_dict_obj_name = USRCHK
  ---- Need to check that only the password is being change -- the line below does not work
  and ora_is_alter_column('PASSWORD') = TRUE
  THEN
  RETURN;
  ELSE
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END;
  END;

  user602453 wrote:
  Ed, thank you for your reply. But, let me explain in more detail.
  More detail is always helpful. ;-)
  >
  A specific user has been assigned as the application administrator. This admininstrator is responsible for reseting application user passwords. The DBA (me) recognizes the DB security issues so I am trying to craft a solution that will allow the application administrator the ability to change only the password of the application users.
  I see that this may be out your hands, but I'd still question the wisdom of having an apps administrator being the one to change user passwords. Especially if that were a model where the users couldn't change their own passwords. I might accept it if the app admin were acting more of a helper to a clueless user.
  Since the only way to change user passwords is to grant the 'alter user' privilege I need a system trigger to keep the user from changing non-application user passwords. Also, because I support nearly 100 production databases that support about 35 different applications I need a solution that can apply to multiple databases. I've been assured that there will only be one administrator charged with resetting passwords.
  So,
  Given those requirements, I have this trigger that will allow the the specific administrator to change the password of a specific set of user while not impacting DBAs or people wanting to change their own password. The way I've implemented this is to create a "dummy" role and assigning the role to the application user. The trigger will allow the administrator to change the password only if the user has the role assigned. The role has no privileges, it is just a way to "mark" the user as an application user. The administrator cannot grant this "dummy" role, only the DBA can.
  Hope that clears things up.I still see another problem in that it still comes back to the dba to create the apps user in the first place, and to assign that dummy role to the user. Also, I'd hope that this proposed apps admin user is a role assigned to a real user. If not, as I mentioned before, you have no real accountability to who is using that account. Simply saying "it shall not be shared", even if written in corporate policy, won't secure it, and you won't be able to trace it. Well, you could turn on auditing and capture the OS userid in the audit log.

• Sql_text truncated for alter user not in dba_hist_Sqltext

  why sql_text is truncated for "alter user" in v$sqltext
  when i query v$sqltext i am getting only "alter user abc" .. not full text..
  where as i am getting full text from dba_hist_sqltext for alter user...
  Any idea..?

  adk wrote:
  why sql_text is truncated for "alter user" in v$sqltext
  when i query v$sqltext i am getting only "alter user abc" .. not full text..
  where as i am getting full text from dba_hist_sqltext for alter user...
  Any idea..?what do you see below?
  09:48:38 SQL> DESC V$SQLTEXT
  Name                            Null?    Type
  ADDRESS                             RAW(8)
  HASH_VALUE                             NUMBER
  SQL_ID                              VARCHAR2(13)
  COMMAND_TYPE                             NUMBER
  PIECE                                  NUMBER
  SQL_TEXT                             VARCHAR2(64)

• How to alter user defined  objects in  oracle

  Hi all,
  Can any one tell me how to alter user defined objects in oracle .
  Thanks,
  P Prakash

  prakash wrote:
  Hi all,
  Can any one tell me how to alter user defined objects in oracle .
  DROP
  then
  CREATE
  Handle:      prakash
  Email:      [email protected]
  Status Level:      Newbie (80)
  Registered:      Feb 3, 2011
  Total Posts:      185
  Total Questions:      67 (65 unresolved)
  so many questions & so few answers.
  How SAD!
  Edited by: sb92075 on Sep 22, 2011 9:22 AM

• Database Crash after "alter user"

  Hi,
  I've a problem with oracle 8i databases on windows 2000 server, clustered (active-passive).
  When I try to change sys password as sysdba the instance crashes without error messages in alterlog and without dump files.
  ie:
  sqlplus /nolog
  SQL>conn sys/pwd@db as sysdba
  SQL>alter user sys identified by pwd2;
  this command works and the password file is updated, but the database cluster resource changed its status to "failed"
  Is there a relationship with password file and microsoft cluster service or oralce fail safe?
  this don't happens neither in standalone server nor clustered 10g databases

  I think yes.
  Check MOS FailSafe Database Goes Offline After Changing SYS Password - 167496.1
  HTH
  -Anantha

• Compare 2 different users inside oralce 10

  goodmorning everybody,
  is it possible compare all the tables owned by 2 different users inside a database?
  for example i have 2 different structure for 2 different users and i would like to check the difference and then apply the difference..
  is it possible to do it by SQL command?
  thanks

  goodmorning everybody,
  is it possible compare all the tables owned by 2 different users inside a database?
  for example i have 2 different structure for 2 different users and i would like to check the difference and then apply the difference..
  is it possible to do it by SQL command?
  thanks

• How to audit alter user sql statements in Oracle 11g.

  I want to audit all the alter user sql statements that show who is altered with what sql stment including the connections performed by sys and system.
  Ex: If I use the command : alter user xxx quota 50 GB on users;
  Then how can i grab this sql stement and who performed it with the timings.

  Pl post OS and database versions.
  What have you learned from the documentation ?
  http://download.oracle.com/docs/cd/E11882_01/server.112/e26088/statements_4007.htm#SQLRF01107
  http://download.oracle.com/docs/cd/E11882_01/network.112/e16543/guidelines.htm#DBSEG508
  What have you tried to implement so far ?
  HTH
  Srini