Sys and system schema are expired & locked after doing disaster recovery.
Hi All,
In one of our development database, I performed disaster recovery and it was successfull.
After completing thre recovery, sys and system schema are expired & locked.
So, I am not able to perform any kind of operation which is performed by sys and system user.
Database Version : 11g r2
Operating system : Red hat 5.5
Please kindly suggest me, How can i solve this problem?
Thanks,
Viren Patel.
This is some sort of a mirracle. SYS even if expired and locked - can login:
SQL> SELECT d.username, u.account_status
2 FROM DBA_USERS_WITH_DEFPWD d, DBA_USERS u
3 WHERE d.username = u.username and u.username=’SYS’
4 ORDER BY 2,1;
USERNAME ACCOUNT_STATUS
SYS OPEN
SQL> alter user sys account lock;
User altered.
SQL> alter user sys password expire;
User altered.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
C:\Tools\Oracle\scripts_oracle>sqlplus sys/manager as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Mon Feb 20 17:09:14 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> SELECT d.username, u.account_status
2 FROM DBA_USERS_WITH_DEFPWD d, DBA_USERS u
3 WHERE d.username = u.username and u.username=’SYS’
4 ORDER BY 2,1;
USERNAME ACCOUNT_STATUS
SYS EXPIRED & LOCKEDPlease, show us exact connection string and an error you are getting, while logging in.
Similar Messages
-
GSS on 'SYS' and 'SYSTEM' schemas
Hi Team,
We have both 11i(11.5.10.2) and R12(12.1.3) EBS applications. Can we run Gather schema stats on the 'SYS' and 'SYSTEM' schema and how frequent we can run on these schema ?
Thanks,Hi,
Yes it is mandatory to collect statistics for Sys and System schema for 10g + databases.
You cannot use FND_STATS package to gather statistcs but must use the dbms_stats package. Running this once in a month or twice a month, and you can schedule this via dbms_scheduler.
All your queries are answered in note:
EBPERF FAQ - Collecting Statistics in Oracle EBS 11i and R12 (Doc ID 368252.1)
Thanks &
Best Regards, -
Verify the database fails in the SYS and SYSTEM schemas
Hi all,
When we execute a verify: brconnect -u / -c -f stats -v cascade -t all -p 8
we obtain some errors from some tables (NOT PARTITIONED) of SYS and SYSTEM schemas:
BR0996W Table/index SYS.UTL_RECOMP_SORTED does not exist anymore
and
BR0301E SQL error -14508 at location stats_tab_validate-2
ORA-14508: specified VALIDATE INTO table not found
BR0893E Validating structure failed for table/cluster SYSTEM.LOGMNR_TABPART$
but the tables exists.
any ideas??
Thanks in advanceHI,
try this:
sqlplus system/password
@$ORACLE_HOME/rdbms/admin/utlvalid.sql
grant all on invalid_rows to public;
exit
sqlplus "/ as sysdba"
create synonym ops$ora<sid>.index_stats for sys.sap_index_stats;
exit
sqlplus system/password
create synonym ops$<sid>adm.invalid_rows for system.invalid_rows;
Thanks -
SYS and SYSTEM user password expired
My 11g2 database on Redhat 5 has sys and system user password expiredSQL> select username,account_status,EXPIRY_DATE
from dba_users where username like 'SYS%';
2
USERNAME ACCOUNT_STATUS EXPIRY_DA
SYSMAN OPEN
SYSTEM OPEN 15-FEB-11
SYS OPEN 15-FEB-11But I can still connect the databsae with t expired password.
Do I need worry about the expiration of these user's password? For a normal user, I connot login with expired passwordDear user13148231,
Here is an illustration;
SQL> alter user sys account lock;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where USERNAME='SYS';
USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DA
SYS LOCKED 20-AUG-10 23-FEB-09
SQL> host sqlplus sys/password@opttest as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:25:43 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sys identified by password password expire;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DA
SYS EXPIRED & LOCKED 20-AUG-10 20-AUG-10
SQL> host sqlplus sys/password@opttest as sysdba
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:27:02 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> alter user sys identified by password account unlock;
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DA
SYS OPENEven if it shows expired and locked it is OK to connect to the database for the SYS user.
SQL> alter user ogan identified by password account lock password expire;
User altered.
SQL> select username, account_status, lock_date, expiry_date from dba_users where username='OGAN';
USERNAME ACCOUNT_STATUS LOCK_DATE EXPIRY_DA
OGAN EXPIRED & LOCKED 20-AUG-10 20-AUG-10
SQL> conn ogan/password
ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.
SQL> conn / as sysdba
Connected.
SQL> alter user ogan account unlock;
User altered.
SQL> conn ogan/password@opttest
ERROR:
ORA-28001: the password has expired
Changing password for ogan
New password:
Retype new password:
Password changed
Connected.
SQL>Ogan -
DB version: 11.2.0.2
OS : Solaris 10
In our production DBs , I've noticed that both SYS and SYSTEM users are locked
$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.2.0 Production on Thu Jan 19 14:21:34 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
With the Partitioning option
SQL> select username, account_status from dba_users where username like 'SYS%';
USERNAME ACCOUNT_STATUS
SYSTEM LOCKED
SYS LOCKED1. How can I log in to SYS account despite being locked. Is it because i logged in through external authentication?
2. Is locking the SYS user a standard practise ? If so, why ?Hi;
1. How can I log in to SYS account despite being locked. Is it because i logged in through external authentication?set ORACLE_HOME, ORACLE_SID than
sqlplus "/as sysdba"
alter user xx account unlock;
2. Is locking the SYS user a standard practise ? If so, why ?
SYS and SYSTEM are default users, created with the creation of the database. Although they have much power - as they are granted the DBA role - they're still ordinary users. Because SYS owns the data dictionary, (s)he is considered a bit more special than SYSTEM. But SYS has the SYSDBA privilege which SYSTEM doesn't. This makes it possible for SYS to become a very very powerful user. This is the case when (s)he connects as sys/password as SYSDBA or / as sysdba. The as sysdba phrase is a request to aqcuire the privileges associated wht the single SYSDBA system privileges (see here).
Source:
http://www.adp-gmbh.ch/ora/misc/sys_system_internal.html
Regard
Helios -
How to encrypt/restrict sys and system tables so that no user can view them.
On one of the database few user are having dba access.
Is it possible to restrict their access on the dictionary tables.I have not heard of anyone encrypting the sys and system schemas, and suspect it is not possible due to the number of tools that need access to these tables and views (OEM, RMAN etc)
Maybe the application needs to run "create user" or "select * from v$session", but this does not mean that it needs DBA role. Turn on tracing or auditing to find out what priveleges the application actually needs, then grant minimum priveleges and revoke DBA.
In the worst case if the application won't start unless it has been granted a role called "DBA" then you may be able to revoke all priveleges from the DBA role and then grant them via a custom role called "MY_DBA", but there is potential for this to go very wrong, so test in a DEV environment first, and I doubt Oracle Support would approve.
Or you could use Database Vault .... -
Dear all,
We have 10.2.0.4 on solaris 10.
Currently we had I.T audit on our environment and auditor commented to lock sys and system user and use one user with any name (not oracle generic name) and grant him sys and system privilege and to use this user for admin purposes. is this right ?.. is this recommended ?
Please adviseHello,
I think it's not a right way to lock SYS.
More over, if you connect as OS Administrator (root for Unix/linux) on the server and use
OS Authentification then, you can connect on SYS AS SYSDBA anyway.
So, in fact, it's not possible to lock out SYS even if you execute the following:
ALTER USER SYS ACCOUNT LOCK;If you want to prevent access on SYS you should set a complex and long password and
apply the same rule for the Administrator / root OS user.
These passwords must be known by very few and well - identified people and written nowhere
(in any files or scripts).
More over, you should limit DBA roles to SYS and SYSTEM and remove this powerful Role
from other Oracle Users.
Then, you may enable session AUDIT so as to control the connexion on the database and,
create a LOGON TRIGGER so as to check the login, workstation, program of the end users
who connect to the database.
On 10g, EM DBConsole shows an alert everytime a User is connected with SYS.
Please, find enclosed, an interesting document written by Pete Finigan on this topic:
http://www.insight.co.uk/files/presentations/Hacking%20and%20securing%20Oracle.pdf
Hope this help.
Best regards,
Jean-Valentin -
I am using VS 2012 and BizTalk 2013 and attempting to deploy an application to BizTalk when I get these errors:
Error 47
at Microsoft.BizTalk.Deployment.Assembly.BtsMap.Save()
at Microsoft.BizTalk.Deployment.Assembly.BtsArtifactCollection.Save()
at Microsoft.BizTalk.Deployment.Assembly.BtsAssembly.Save(String applicationName)
at Microsoft.BizTalk.Deployment.BizTalkAssembly.PrivateDeploy(String server, String database, String assemblyPathname, String applicationName)
at Microsoft.BizTalk.Deployment.BizTalkAssembly.Deploy(Boolean redeploy, String server, String database, String assemblyPathname, String group, String applicationName, ApplicationLog log)
0 0
Error 49
Failed to add resource(s). Change requests failed for some resources. BizTalkAssemblyResourceManager failed to complete end type change request. Failed to deploy map "XXX.BTS2013.XXX.Maps.map_XXXX_R01_InsLabProc".
Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present. Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present.
0 0
Error 46
Failed to deploy map "XXX.BTS2013.XXX.Maps.map_XXXX_R01_InsLabProc".
Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present.
0 0
I also tried to Import a MSI file from our test environment to see if that would work...got the same errors. After spending hours (not kidding) looking for an answer, all I could find is that a hotfix would work. So, I got the hotfix from Microsoft
Support and applied it then rebooted. Still getting the same errors. I'm absolutely at a stand still. Interesting that I got this application to deploy yesterday and then the next time I deployed it I started getting these errors. I'm
ready to pull my hair out!
Is there an answer for this out there somewhere? Any help would be appreciated.
Thanks,
DaveHi Dave,
Which hotfix have you applied? I don't think a hotfix of this issue is available for BizTalk 2013 yet. You should create a
support ticket with Microsoft to get a solution.
If this answers your question please mark as answer. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply. -
Starting up a database when I forgot the sys and system password
Hi,
I want to startup up a database from Oracle Entreprise Manager. I forgot the sys and system password.
If I give the command:
orapwd file=orapwSDB01 password=test entries=100
can I give the password "test" to sys and then to connect with sys with password test as sysdba, and then to startup the database? Are any problems with this command?
Thank you,
MihaelaHi,
I have not done this myself, but YES, according to the documentation, thats correct.
ORAPWD FILE=mypwdfile PASSWORD=syspass ENTRIES=10
will set the password of SYS to syspass. And you can use the same further.
But here, you should be in oracle user or the user which owns the Oracle installation.
Also, OS authentication is always supperior than any other authentication.
Regards -
I forgot sys and system password
Dear All,
I installed oracle database 9.2.0.6 one year ago and I am using this database for RMAN.
Today I need it to do something else but I really forgot the sys and system password and i dont know what to do.
I appreciate your help on that.
ThanksHi,
>>I really forgot the sys and system password
Really ? or are you trying to hack the database ? :-)
You can try this too:
Use the orapwd utility in order to re-create the SYS password...
e.g.: orapwd file=orapw<SID> password=adm entries=5
Cheers -
Lost of sys and system password
Hello,
What are the options when the sys and system passwords to 9206 on Windows 2000 are not known. I was given the database but no one knows the passwords to sys and system. The Windows o/s account does belong to the DBA group but I am not able to log on as '/ as sysdba'. Error saids insufficient privilege even though the o/s acct belongs to group DBA. What can be done to gain access so sys and system passwords can be reset. Thank you in advance.Hi, please review the Note:77665.1 into metalink site.
Regards. -
Profiles apply to SYS and SYSTEM users
dear all.
is possible configure the security policies (profiles), i mean password length, history, failed login attempts for SYS and SYSTEM users in oracle 10g.
What will happen if both users blocked ?? the service would be affected ???
what would you recommend me ?
thanks for your answers and apologize my english, is not very well.Check here:
SYS account cannot be locked out by setting the failed_login_attempts limit in the profile.
is it possible to lock out SYS using FAILED_LOGIN_ATTEMPTS in a profile
http://www.petefinnigan.com/ramblings/failed_login_attempts.htm
-Anantha -
Restrication on using sys and system tables.
I have created the user in oracle 10g, granted resource , connect , select, insert, and update any table
I would like to restrict the user from modifying sys and system tables.
I know , it is possible using triggers. but it will create perofrmance issues
Any other solution , please let me knowuser8680248 wrote:
user wants this priv ( user is super user ) but user is not DBAYou say the user is not a "super user" and is not a DBA.
Then he doesn't get what he "wants", he gets the minimum privs required to do his job. And it's the job of the DBA (presumably you) to enforce that policy. The technical issues are simple. The political ones are often difficult, but as a DBA that, too, is part of your job. It's YOUR job that will be on the line if you put the company's data at risk by granting someone excessive privileges on the database..
Edited by: EdStevens on Feb 8, 2010 6:33 AM -
To analyze or not to analyze (sys and system)! That is the question.
Hello,
There are a lot of opposing opinions out there about whether it is beneficial or not to analyze the sys and system objects? Do you guys have any theoretical or practical knowledge that backs one or the other?
Also did any one experience considerable positive impact of calculating the "system stats" with dbms_stats.gather_system_stats?
Thank you,There are a lot of opposing opinions out there about whether it is beneficial or not to analyze the sys and system objects? Do you guys have any theoretical or >practical knowledge that backs one or the other?
Also did any one experience considerable positive impact of calculating the "system stats" with dbms_stats.gather_system_stats?Oracle recommends to gather statistics for SYS only if you're using Oracle APPS.
Some good articles to read.
[http://jonathanlewis.wordpress.com/2007/02/02/10g-upgrade/]
[http://download.oracle.com/docs/cd/B19306_01/server.102/b14238/toc.htm]
[http://jonathanlewis.wordpress.com/2007/05/20/system-stats-strategy/]
upgrade 9i to 10g
[http://www.jlcomp.demon.co.uk/system_stats.html]
System Statistics and optimizer_index_cost_adjust interaction in 9i
HTH
-Anantha -
Access to sys and system accounts
How to determine who can access sys and system accounts?
we have oracle 10.2.0.4. I want to know which users can access sys and system accounts?
Please advise
Thanks
S.ski123 wrote:
How to determine who can access sys and system accounts?That depends... access to SYS can be done via o/s - no need to compromise the db instance. Only the o/s account running it.
Even inside Oracle, it is possible to logon as SCOTT and execute SQL and PL/SQL code as SYS - without having any DBA like privs or access to the password for SYS (possible by using a compromised DBMS_SYS_SQL package).
Bottom line is, you cannot just look at privs inside Oracle to determine who has SYS access. Security and hardening are more complex than that.
Maybe you are looking for
-
Downloading records in in excel sheet from ALV.
Hi, I am downloading Records from ALV GRID DIsplay to Excel sheet but i am unable to get all records that are displayed in ALV report. I am getting only 73 records if i have only 180 Any inputs please for correctine the error Regards Rasheed.
-
Can I have the same phone number on an iPhone and an iPad with cellular?
I currently have an iPhone 4s and am interested in getting an iPad Air. I'm interested in the cellular option for iPad, but don't want to give up my smaller, portable phone. Is it possible have one phone number for both devices?
-
Profit Center Value getting deleted in Limit PO while Confirmation
Hi, We are in Extended Classic Scenario, SRM 7.0 and ECC 6.0 When i create a limit PO with account asst.category as " Profit Center ", the purchase order is creating successfully and also replicated to ECC. Later while creating confirmation for that
-
Problem with simple error checking
Scratch the error checking bit. The original code involved error checking, but I've dwindled the problem down to the following code: int input; cout << endl << "Enter number: "; cin >> input; if (isnumber(input) == 0) cout << "Not a number"; else cou
-
HT4623 WHY IS MY IPAD HAVE A PASSCODE AFTER I UPDATED THE NEW VERSION?
why is my ipad have a passcode after updating new version?