HELP - ALTER USER

Similar Messages

• Alter user system identified by manager; need help

  SQL> connect /as sysdba;
  Connected.
  SQL> alter user system account unlock;
  User altered.
  SQL> alter user system identified by manager;
  User altered.
  SQL> connect system/manager@q17als;
  ERROR:
  ORA-28000: the account is locked
  Warning: You are no longer connected to ORACLE.

  can you try do to the connect system/manager without
  putting the @q17als on it?
  I bet it will work
  Well that one should work, although it may not connect to the right database.
  What may have happened is he logged in to a different database using "/as sysdba" and unlocked SYSTEM account there. Therefore connecting as system without using an alias would work (if the password is manager).
  the net service name for q17als probably uses different database in its connect descriptor. We can see that if we know what connect descriptor for q17als looks like. (tnsping q17als or checking tnsnames.ora)
  I agree with the earlier posts - I think you are
  dealing with two different databasesThat is what I am trying to prove as well

• Alter user help

  Hello there,
  I have written this sql script, & i get errors when i execute it.
  I want to enter uid only once. How can i do it?
  DECLARE
  l_uid dba_users.username%TYPE;
  BEGIN
  EXECUTE IMMEDIATE 'ALTER USER &uid IDENTIFIED BY testpwd' returning uid into l_uid;
  EXECUTE IMMEDIATE 'CREATE PROFILE test_proffile LIMIT PASSWORD_LIFE_TIME 1/1440 PASSWORD_GRACE_TIME 0';
  EXECUTE IMMEDIATE 'ALTER USER l_uid PROFILE test_proffile';
  END;
  thanks a lot

  Why not assign a value to l_uid when you're declaring it? Something like
  l_uid dba_users.username%TYPE := '&username';You'll need to concatenate that value into the EXECUTE IMMEDIATE strings.
  btw the current version will have problems the second time you run it because the profile you created will already exist.
  Also it's not a SQL script, it's a PL/SQL block.

• Oracle Security - Controlling the 'alter user' privilege

  Hi,
  1. DB 10.1.0.5 and 10.2.0.3
  2. "Admin User" needs to be able to change some users passwords in database.
  3. Create user adminuser - grant alter user to adminuser.
  4. DBAs will grant "approle" role to list of required users. DBAs will maintain control of who gets this role.
  4. Create system trigger on alter database - will prevent "adminuser" from changing passwords for accounts not authorized - Script does not fire for DBAs and anyone changing their own password.
  The trigger works as intended - the "adminuser" account can only change the specific set of users.
  Question: We've discovered that the "adminuser" can also use the "alter user" privilege to change default tablespace and tablespace quota. User should only be able to change password.
  Anyone have ideas on adding to the trigger to make sure the "adminuser" is only altering the password?
  I am playing with the ora_is_alter_column system event, thinking that maybe the password column in user$ would be changed but so far I can't get this to work: Here is my trigger --
  CREATE OR REPLACE TRIGGER SYS.PASSWORD_CONTROL AFTER ALTER ON DATABASE
  DECLARE
  DBACHK varchar2(50);
  USRCHK varchar2(50);
  BEGIN
  BEGIN
  -- Ensure users can change their own passwords --
  IF
  ora_login_user = ora_dict_obj_name
  THEN
  RETURN;
  ELSE
  -- Do not apply trigger to DBA group --
  select grantee into DBACHK from dba_role_privs where granted_role='DBA'
  and grantee = ora_login_user;
  IF
  DBACHK = ora_login_user
  THEN
  RETURN;
  END IF;
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  NULL;
  END;
  BEGIN
  select grantee into USRCHK from dba_role_privs where
  granted_role='DISCUSR' and grantee = ora_dict_obj_name;
  IF
  ora_dict_obj_type = 'USER'
  and ora_dict_obj_name = USRCHK
  ---- Need to check that only the password is being change -- the line below does not work
  and ora_is_alter_column('PASSWORD') = TRUE
  THEN
  RETURN;
  ELSE
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END IF;
  EXCEPTION
  WHEN NO_DATA_FOUND
  THEN
  RAISE_APPLICATION_ERROR(-20003,
  'You are not allowed to alter user.');
  END;
  END;

  user602453 wrote:
  Ed, thank you for your reply. But, let me explain in more detail.
  More detail is always helpful. ;-)
  >
  A specific user has been assigned as the application administrator. This admininstrator is responsible for reseting application user passwords. The DBA (me) recognizes the DB security issues so I am trying to craft a solution that will allow the application administrator the ability to change only the password of the application users.
  I see that this may be out your hands, but I'd still question the wisdom of having an apps administrator being the one to change user passwords. Especially if that were a model where the users couldn't change their own passwords. I might accept it if the app admin were acting more of a helper to a clueless user.
  Since the only way to change user passwords is to grant the 'alter user' privilege I need a system trigger to keep the user from changing non-application user passwords. Also, because I support nearly 100 production databases that support about 35 different applications I need a solution that can apply to multiple databases. I've been assured that there will only be one administrator charged with resetting passwords.
  So,
  Given those requirements, I have this trigger that will allow the the specific administrator to change the password of a specific set of user while not impacting DBAs or people wanting to change their own password. The way I've implemented this is to create a "dummy" role and assigning the role to the application user. The trigger will allow the administrator to change the password only if the user has the role assigned. The role has no privileges, it is just a way to "mark" the user as an application user. The administrator cannot grant this "dummy" role, only the DBA can.
  Hope that clears things up.I still see another problem in that it still comes back to the dba to create the apps user in the first place, and to assign that dummy role to the user. Also, I'd hope that this proposed apps admin user is a role assigned to a real user. If not, as I mentioned before, you have no real accountability to who is using that account. Simply saying "it shall not be shared", even if written in corporate policy, won't secure it, and you won't be able to trace it. Well, you could turn on auditing and capture the OS userid in the audit log.

• MAXL - Alter User issue

  Hi All,
  Does Alter User MAXL work for an external user?
  We use Alter User to add users to groups. This works fine for native users, say
  Alter user user1 add to group1 ;
  From the above statement it is not sure if user1 is a native or an external user. I think the default is native.
  Is there any special way to specify that the user is an external user?
  Appreciate your thoughts.
  Thanks,
  -Ethan.

  Hi Cameron,
  Thank you for the link.
  I think LCM works only when both the source & destination are in Shared services mode.
  In my case, source is not in Shared services.
  All I want to know is, Is there any utility to assign "Server access" to external LDAP users?
  Here is the problem.
  I need to assign filter access to many users & groups.
  I can create native groups & assign filters using MAXLS
  I can Alter external LDAP users to assign them to groups using MAXL, ONLY after I give them server access & refersh security, because users will not be recognized in MAXL if they don't have server access privelege.
  The complete process cannot be executed in one flow.
  I have to manually assign server access to each user or manually include each user to a group & then assign server access to the group.
  I am wondering if there is any thing in MAXL or any other utility to assign server access to the users.
  This would be very helpful.
  Thanks,
  -Ethan.

• Alter User Inside procedure

  Hi to all,
  I have a user named dbo and vijay.
  I have a procedure under dbo named as sp_alteruser
  CREATE OR REPLACE PROCEDURE DBO.SP_ALTERUSER
  P_USER_ID IN VARCHAR2,P_PASSWORD IN VARCHAR2,P_MSG OUT VARCHAR2)
  --Declaration of IN parameters
  IS
  E_PASSWORD EXCEPTION;
  E_INVALIDUSER EXCEPTION;
  PRAGMA EXCEPTION_INIT(E_PASSWORD,-00988);
  PRAGMA EXCEPTION_INIT(E_INVALIDUSER,-01918);
  BEGIN
  DECLARE
  V_COUNT NUMBER;
  V_STATEMENT1 VARCHAR2(200);
  BEGIN
  --To check whether the user has been already exists
  SELECT COUNT(*) INTO V_COUNT
  FROM ALL_USERS
  WHERE USERNAME = P_USER_ID;
  IF V_Count = 0 THEN
  --If the count is 0 means that the user does not exist
  DBMS_OUTPUT.PUT_LINE('User Does Not exist');
  END IF;
  IF V_COUNT>0 THEN
  --If the count is greater than 0 then the Alter statement is executed
  V_STATEMENT1:= 'ALTER USER ' ||P_USER_ID||' IDENTIFIED BY '
  ||P_PASSWORD;
       -- EXECUTE IMMEDIATE 'GRANT ALTER USER TO VIJAY';
  -- EXECUTE IMMEDIATE 'ALTER USER ' ||P_USER_ID||' IDENTIFIED BY ' ||P_PASSWORD;
  --EXECUTE IMMEDIATE v_STATEMENT1;
  P_MSG := 'Password Changed Sucessfully';
  END IF;
  END;
  EXCEPTION
  WHEN E_PASSWORD THEN
  P_MSG := 'Missing or Invalid Password';
  WHEN E_INVALIDUSER THEN
  P_MSG := 'User '||P_USER_id||' Does not exist';
  END;
  I have created a synonym with the same name as sp_alteruser and given the execute privilege to the user vijay...
  This procedure works fine when I run as DBO user, when I am trying from the vijay user it is throwing the error as insufficient privilege.
  I tried to give the alter user privilege explicitly but none gone right, when i gave dba privilege and checked with it works fine..
  Please help me in this regard.
  Thanks
  vijay

  Yes, I got it and apologies. Its not there so the error is correct. I am not sure that which priv is letting the dba role change another user, here is a list of privs for some default roles but none of them is there which depicts clearly the option to change another user.
  A very stupid answer, try giving the alter user with the admin option and see what happens. I don't ahve a db here otherwise I would had done it.
  HTH
  Aman....

• Let group leader change his memeber's pwd without giving him 'alter user' p

  Hi, all
  Is there any way that I can let a group leader to reset his own member's password without giving him the 'alter user' privilege ?
  I know I can use following simplified procedure to allow one person to change his own password, but I am looking for a way to let leader to reset when his members forget their pwd, and the following script can't work. I also created the synonym and grant 'execute on' to him. Can someone help me on this?
  Thanks in advance.
  CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2, v_pwd in varchar2)
  authid current_user
  is
  BEGIN
  execute immediate 'alter user '||m_username||' identified by '||v_pwd ;
  END ;
  ----

  SQL> @example
  SQL> spool capture.log
  SQL> create user alladmin identified by adminall;
  User created.
  SQL> grant connect to alladmin;
  Grant succeeded.
  SQL> grant resource to alladmin;
  Grant succeeded.
  SQL> grant alter user to alladmin;
  Grant succeeded.
  SQL> create user member1 identified by No1knows;
  User created.
  SQL> grant connect to member1;
  Grant succeeded.
  SQL> create user member2 identified by No1knows;
  User created.
  SQL> grant connect to member2;
  Grant succeeded.
  SQL> create user gl1 identified by secret;
  User created.
  SQL> grant connect to gl1;
  Grant succeeded.
  SQL> grant resource to gl1;
  Grant succeeded.
  SQL> connect alladmin/adminall
  Connected.
  SQL> CREATE OR REPLACE PROCEDURE change_pwd ( v_username in varchar2)
    2  is
    3  m_username varchar2(100);
    4  v_pwd varchar2(30) := 'FUBAR1';
    5  BEGIN
    6  select user into m_username from dual;
    7  if (m_username = 'GL1')
    8  then
    9       execute immediate 'alter user '||v_username||' identified by '||v_pwd ;
  10  end if;
  11  END ;
  12  /
  Procedure created.
  SQL> grant execute on change_pwd to gl1;
  Grant succeeded.
  SQL> connect gl1/secret
  Connected.
  SQL> exec alladmin.change_pwd('MEMBER1');
  PL/SQL procedure successfully completed.
  SQL> exec alladmin.change_pwd('MEMBER2');
  PL/SQL procedure successfully completed.
  SQL> connect member1/FUBAR1
  Connected.
  SQL> select user from dual;
  USER
  MEMBER1
  SQL> connect member2/FUBAR1
  Connected.
  SQL> select user from dual;
  USER
  MEMBER2
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
  With the Partitioning, OLAP and Data Mining optionsAny more questions?

• Alter user + ora-03114

  Hello...
  Using Forms 10gR1(9.0.4.19).
  When the command call database procedure "execute immediate alter user..."
  return the error "ORA-03114".
  Can you help me?
  Thanks.

  ORA - 3114 Not connected to OracleIt looks like you somehow got disconnected from the database or never connected in the first place. You don't suppress logging on to the database by overriding the ON-LOGON trigger?
  If you are initially connected you somehow got disconnected. Could be that you're database session crashed on a previous action. Check the bdump directory at the database server to see if there is a log file of a crashed session.
  I haven't ever experienced this myself, but could it be that you are altering the current user in such a way that the session is ended? You did not specify what you are doing in the ALTER USER, so it's only guessing for me

• Alter user command failed

  Hello,
  I login to my audit vault database as "/as sysdba" and tried to unlock the user. I must have missed something because I thought SYS can do almost everything. Any ideas?
  SQL> ALTER USER "AV" ACCOUNT UNLOCK;
  ALTER USER "AV" ACCOUNT UNLOCK
  ERROR at line 1:
  ORA-01031: insufficient privileges
  Thanks.

  feverlove wrote:
  Hello,
  I login to my audit vault database as "/as sysdba" and tried to unlock the user. I must have missed something because I thought SYS can do almost everything. Any ideas?
  SQL> ALTER USER "AV" ACCOUNT UNLOCK;
  ALTER USER "AV" ACCOUNT UNLOCK
  ERROR at line 1:
  ORA-01031: insufficient privileges
  Thanks.By default, Oracle Database Vault is enabled in the Audit Vault Server. Oracle Database Vault restricts access to the data in the Audit Vault Server from any user, including users who have administrative access. For Oracle Audit Vault, Oracle Database Vault protects the Audit Vault Server by using a realm. To ensure that the data in the Audit Vault Server is protected, do not disable Oracle Database Vault.
  Please check if data vault is enabled:
  SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';
  Read more about:
  http://download.oracle.com/docs/cd/E14472_01/doc.102/e14459/avadm_mng_security.htm
  Best Regards,
  Gokhan
  If this question is answered, please mark appropriate posts as correct/helpful and the thread as closed. Thanks

• Using alter user to change oracle password for logged in web user on XE

  Hi All
  I'm building an app using the pl/sql web toolkit on XE (installed on Win XP Pro SP2). (I'm not using the APEX front-end).
  I'm using basic authentication and oracle database user accounts, and when a user registers for the first time I create them an oracle user account with dynamic sql, followed by some initial setup stuff, and they then log in with it.
  All fine so far.
  However I want to allow the user to change their oracle password as part of maintaining their user details. I've done this in the past using the web toolkit and Oracle 9i and it has worked fine using dynamic sql.
  Unfortunately I can't get the same thing to work in XE.
  For example, if I create the following procedure in the schema aligned to the DAD which holds my application and then run it from a browser (IE or Firefox) then the
  Browser and the db just hangs - not even an error message:
  CREATE OR REPLACE PROCEDURE ut
  AS
  v_stmt varchar2(300);
  BEGIN
  HTP.htmlOpen;
  HTP.headOpen;
  HTP.title ('User Test');
  HTP.headClose;
  HTP.bodyOpen;
  v_stmt := 'alter user "'||user||'" identified by "BERT"';
  htp.print(v_stmt);
  EXECUTE IMMEDIATE v_stmt;
  htp.print('Done');
  HTP.bodyClose;
  HTP.htmlClose;
  END;
  If I run the same statement in SQL*plus it's fine, and if I run the same proc for a different user then it's fine too.
  I'm sure it's something to do with trying to change the credentials of the currently logged in user, but I would at least have expected an error message.
  I'd be grateful for any ideas.
  Thanks
  Steve

  Hi g.myers
  Thanks for your response.
  Sorry, yes, bad turn of phrase there. It's not the entire db that hangs. The web browser (either IE or FF) hangs, and if I look at v$session at this point, I can see that the user STATUS=ACTIVE and the STATE=WAITING.
  I should also point out that I am using standard Oracle users as users of the application, (e.g. create a new user account called TESTER1). These users are then granted the appropriate privileges on the owning schema in order to run the app, access the tables etc.
  Therefore it is the user account (e.g. TESTER1) that is running the password change procedure that is owned by the SYS schema. (However again, this is the exact code and method that I've used in the past and it has worked fine).
  If I leave the browser hanging long enough, it will eventually return with the following error:
  Proxy Error
  The proxy server received an invalid response from an upstream server.
  The proxy server could not handle the request POST /h/hopapp.pwdmaint_do.
  Reason: Error reading from remote server
  cheers
  Steve

• Need help for user exit mereq001

  Hi,
  I need help for user exit mereq001. I think I messed up with include table CI_EBANDB and CI_EBANMEM. And When I tried to check the syntax . It gives me error like : <b>Class IF_PURCHASE_REQUISITION. Inconsistency in the dictionary for the structure mereq_item_s_cust_data.</b> Anyone had experience for this exit? I just need to extract costcenter information of the each item from the requisition and block the requisiton if the costcenter are differents from each other before the requisition is saved. Any one has idea about it?
  Thanks.

  biao,
  Have you checked this struture consistency from SE11. Also check the activation log.
  If there are any errors and you are not able to rectify the same use RSDDCHECK program, give your table name and run the report.
  This will list down the error structures releated this table and also prompts for you to activate it.
  Regds
  Manohar

• Grant access to help desk users to add members to distribution and security groups

  Hello,
  I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
  in the FIM Portal and flow it down to ADS.
  This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
  well as MPR "Security group management: Users can read selected attributes of group resources".
  The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
  Any help is greatly appreciated.
  Thanks!

  I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
  which was added a minute ago) he gets Access Denied:
  The
  request included members which the requestor is not authorized
  to add and/or remove from this group."
  It is caused by default MPR:
  Group management workflow: Validate requestor on remove member
  Question is how this activity validates this request - any insight?

• Sql_text truncated for alter user not in dba_hist_Sqltext

  why sql_text is truncated for "alter user" in v$sqltext
  when i query v$sqltext i am getting only "alter user abc" .. not full text..
  where as i am getting full text from dba_hist_sqltext for alter user...
  Any idea..?

  adk wrote:
  why sql_text is truncated for "alter user" in v$sqltext
  when i query v$sqltext i am getting only "alter user abc" .. not full text..
  where as i am getting full text from dba_hist_sqltext for alter user...
  Any idea..?what do you see below?
  09:48:38 SQL> DESC V$SQLTEXT
  Name                            Null?    Type
  ADDRESS                             RAW(8)
  HASH_VALUE                             NUMBER
  SQL_ID                              VARCHAR2(13)
  COMMAND_TYPE                             NUMBER
  PIECE                                  NUMBER
  SQL_TEXT                             VARCHAR2(64)

• How to alter user defined  objects in  oracle

  Hi all,
  Can any one tell me how to alter user defined objects in oracle .
  Thanks,
  P Prakash

  prakash wrote:
  Hi all,
  Can any one tell me how to alter user defined objects in oracle .
  DROP
  then
  CREATE
  Handle:      prakash
  Email:      [email protected]
  Status Level:      Newbie (80)
  Registered:      Feb 3, 2011
  Total Posts:      185
  Total Questions:      67 (65 unresolved)
  so many questions & so few answers.
  How SAD!
  Edited by: sb92075 on Sep 22, 2011 9:22 AM

• IW31- How to add Search help for User specific fields in IW31 transaction.

  Hi Experts,
  I have to add Search help for standard fields USR00 to USR10 fields in IW31 transaction.
  Is there any user exit for this requirement.
  Please reply, it will be very helpful for me.
  Regards,
  B. V. Rao

  Bala,
  See the following user-exits:
  IWO10015: F4 Help for user fields on operation
  IWO10016: Customer enhancement to check operation user fields
  PeteA
  [www.pjas.com]