Sys and system schema are expired & locked after doing disaster recovery.

Similar Messages

• GSS on 'SYS' and 'SYSTEM' schemas

  Hi Team,
  We have both 11i(11.5.10.2) and R12(12.1.3) EBS applications. Can we run Gather schema stats on the 'SYS' and 'SYSTEM' schema and how frequent we can run on these schema ?
  Thanks,

  Hi,
  Yes it is mandatory to collect statistics for Sys and System schema for 10g + databases.
  You cannot use FND_STATS package to gather statistcs but must use the dbms_stats package. Running this once in a month or twice a month, and you can schedule this via dbms_scheduler.
  All your queries are answered in note:
  EBPERF FAQ - Collecting Statistics in Oracle EBS 11i and R12 (Doc ID 368252.1)
  Thanks &
  Best Regards,

• Verify the database fails in the SYS and SYSTEM schemas

  Hi all,
  When we execute a verify: brconnect -u / -c -f stats -v cascade -t all -p 8
  we obtain some errors from some tables (NOT PARTITIONED) of SYS and SYSTEM schemas:
  BR0996W Table/index SYS.UTL_RECOMP_SORTED does not exist anymore
  and
  BR0301E SQL error -14508 at location stats_tab_validate-2
  ORA-14508: specified VALIDATE INTO table not found
  BR0893E Validating structure failed for table/cluster SYSTEM.LOGMNR_TABPART$
  but the tables exists.
  any ideas??
  Thanks in advance

  HI,
  try this:
  sqlplus system/password
  @$ORACLE_HOME/rdbms/admin/utlvalid.sql       
  grant all on invalid_rows to public;
  exit
  sqlplus "/ as sysdba"
  create synonym ops$ora<sid>.index_stats for sys.sap_index_stats; 
  exit
  sqlplus system/password
  create synonym ops$<sid>adm.invalid_rows for system.invalid_rows;
  Thanks

• SYS and SYSTEM user password expired

  My 11g2 database on Redhat 5 has sys and system user password expiredSQL> select username,account_status,EXPIRY_DATE
  from dba_users where username like 'SYS%';
    2
  USERNAME                       ACCOUNT_STATUS                   EXPIRY_DA
  SYSMAN                         OPEN
  SYSTEM                         OPEN                             15-FEB-11
  SYS                            OPEN                             15-FEB-11But I can still connect the databsae with t expired password.
  Do I need worry about the expiration of these user's password? For a normal user, I connot login with expired password

  Dear user13148231,
  Here is an illustration;
  SQL> alter user sys account lock;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where USERNAME='SYS';
  USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                                      LOCKED                           20-AUG-10      23-FEB-09
  SQL> host sqlplus sys/password@opttest as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:25:43 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> alter user sys identified by password password expire;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
  USERNAME                      ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                                EXPIRED & LOCKED                 20-AUG-10   20-AUG-10
  SQL> host sqlplus sys/password@opttest as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Fri Aug 20 12:27:02 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> exit
  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  SQL> alter user sys identified by password account unlock;
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='SYS';
  USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  SYS                            OPENEven if it shows expired and locked it is OK to connect to the database for the SYS user.
  SQL> alter user ogan identified by password account lock password expire;
  User altered.
  SQL> select username, account_status, lock_date, expiry_date from dba_users where username='OGAN';
  USERNAME                       ACCOUNT_STATUS                   LOCK_DATE EXPIRY_DA
  OGAN                           EXPIRED & LOCKED                 20-AUG-10 20-AUG-10
  SQL> conn ogan/password
  ERROR:
  ORA-28000: the account is locked
  Warning: You are no longer connected to ORACLE.
  SQL> conn / as sysdba
  Connected.
  SQL> alter user ogan account unlock;
  User altered.
  SQL> conn ogan/password@opttest
  ERROR:
  ORA-28001: the password has expired
  Changing password for ogan
  New password:
  Retype new password:
  Password changed
  Connected.
  SQL>Ogan

• Locked SYS and SYSTEM user

  DB version: 11.2.0.2
  OS : Solaris 10
  In our production DBs , I've noticed that both SYS and SYSTEM users are locked
  $ sqlplus / as sysdba
  SQL*Plus: Release 11.2.0.2.0 Production on Thu Jan 19 14:21:34 2012
  Copyright (c) 1982, 2010, Oracle.  All rights reserved.
  Connected to:
  Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
  With the Partitioning option
  SQL> select username, account_status from dba_users where username like 'SYS%';
  USERNAME                       ACCOUNT_STATUS
  SYSTEM                         LOCKED
  SYS                            LOCKED1. How can I log in to SYS account despite being locked. Is it because i logged in through external authentication?
  2. Is locking the SYS user a standard practise ? If so, why ?

  Hi;
  1. How can I log in to SYS account despite being locked. Is it because i logged in through external authentication?set ORACLE_HOME, ORACLE_SID than
  sqlplus "/as sysdba"
  alter user xx account unlock;
  2. Is locking the SYS user a standard practise ? If so, why ?
  SYS and SYSTEM are default users, created with the creation of the database. Although they have much power - as they are granted the DBA role - they're still ordinary users. Because SYS owns the data dictionary, (s)he is considered a bit more special than SYSTEM. But SYS has the SYSDBA privilege which SYSTEM doesn't. This makes it possible for SYS to become a very very powerful user. This is the case when (s)he connects as sys/password as SYSDBA or / as sysdba. The as sysdba phrase is a request to aqcuire the privileges associated wht the single SYSDBA system privileges (see here).
  Source:
  http://www.adp-gmbh.ch/ora/misc/sys_system_internal.html
  Regard
  Helios

• Encrypt sys and system tables

  How to encrypt/restrict sys and system tables so that no user can view them.
  On one of the database few user are having dba access.
  Is it possible to restrict their access on the dictionary tables.

  I have not heard of anyone encrypting the sys and system schemas, and suspect it is not possible due to the number of tools that need access to these tables and views (OEM, RMAN etc)
  Maybe the application needs to run "create user" or "select * from v$session", but this does not mean that it needs DBA role. Turn on tracing or auditing to find out what priveleges the application actually needs, then grant minimum priveleges and revoke DBA.
  In the worst case if the application won't start unless it has been granted a role called "DBA" then you may be able to revoke all priveleges from the DBA role and then grant them via a custom role called "MY_DBA", but there is potential for this to go very wrong, so test in a DEV environment first, and I doubt Oracle Support would approve.
  Or you could use Database Vault ....

• Lock sys and system user

  Dear all,
  We have 10.2.0.4 on solaris 10.
  Currently we had I.T audit on our environment and auditor commented to lock sys and system user and use one user with any name (not oracle generic name) and grant him sys and system privilege and to use this user for admin purposes. is this right ?.. is this recommended ?
  Please advise

  Hello,
  I think it's not a right way to lock SYS.
  More over, if you connect as OS Administrator (root for Unix/linux) on the server and use
  OS Authentification then, you can connect on SYS AS SYSDBA anyway.
  So, in fact, it's not possible to lock out SYS even if you execute the following:
  ALTER USER SYS ACCOUNT LOCK;If you want to prevent access on SYS you should set a complex and long password and
  apply the same rule for the Administrator / root OS user.
  These passwords must be known by very few and well - identified people and written nowhere
  (in any files or scripts).
  More over, you should limit DBA roles to SYS and SYSTEM and remove this powerful Role
  from other Oracle Users.
  Then, you may enable session AUDIT so as to control the connexion on the database and,
  create a LOGON TRIGGER so as to check the login, workstation, program of the end users
  who connect to the database.
  On 10g, EM DBConsole shows an alert everytime a User is connected with SYS.
  Please, find enclosed, an interesting document written by Pete Finigan on this topic:
  http://www.insight.co.uk/files/presentations/Hacking%20and%20securing%20Oracle.pdf
  Hope this help.
  Best regards,
  Jean-Valentin

• Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present.

  I am using VS 2012 and BizTalk 2013 and attempting to deploy an application to BizTalk when I get these errors:
  Error 47
  at Microsoft.BizTalk.Deployment.Assembly.BtsMap.Save()
     at Microsoft.BizTalk.Deployment.Assembly.BtsArtifactCollection.Save()
     at Microsoft.BizTalk.Deployment.Assembly.BtsAssembly.Save(String applicationName)
     at Microsoft.BizTalk.Deployment.BizTalkAssembly.PrivateDeploy(String server, String database, String assemblyPathname, String applicationName)
     at Microsoft.BizTalk.Deployment.BizTalkAssembly.Deploy(Boolean redeploy, String server, String database, String assemblyPathname, String group, String applicationName, ApplicationLog log)
  0 0
  Error 49
  Failed to add resource(s). Change requests failed for some resources. BizTalkAssemblyResourceManager failed to complete end type change request. Failed to deploy map "XXX.BTS2013.XXX.Maps.map_XXXX_R01_InsLabProc".
  Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present. Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present.
  0 0
  Error 46
  Failed to deploy map "XXX.BTS2013.XXX.Maps.map_XXXX_R01_InsLabProc".
  Error saving map. Stored procedure returned non-zero result. Check if source and target schemas are present.
  0 0
  I also tried to Import a MSI file from our test environment to see if that would work...got the same errors.  After spending hours (not kidding) looking for an answer, all I could find is that a hotfix would work.  So, I got the hotfix from Microsoft
  Support and applied it then rebooted.  Still getting the same errors.  I'm absolutely at a stand still.  Interesting that I got this application to deploy yesterday and then the next time I deployed it I started getting these errors.  I'm
  ready to pull my hair out!
  Is there an answer for this out there somewhere?  Any help would be appreciated.
  Thanks,
  Dave

  Hi Dave,
  Which hotfix have you applied? I don't think a hotfix of this issue is available for BizTalk 2013 yet. You should create a
  support ticket with Microsoft to get a solution.
  If this answers your question please mark as answer. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Starting up a database when I forgot the sys and system password

  Hi,
  I want to startup up a database from Oracle Entreprise Manager. I forgot the sys and system password.
  If I give the command:
  orapwd file=orapwSDB01 password=test entries=100
  can I give the password "test" to sys and then to connect with sys with password test as sysdba, and then to startup the database? Are any problems with this command?
  Thank you,
  Mihaela

  Hi,
  I have not done this myself, but YES, according to the documentation, thats correct.
  ORAPWD FILE=mypwdfile PASSWORD=syspass ENTRIES=10
  will set the password of SYS to syspass. And you can use the same further.
  But here, you should be in oracle user or the user which owns the Oracle installation.
  Also, OS authentication is always supperior than any other authentication.
  Regards

• I forgot sys and system password

  Dear All,
  I installed oracle database 9.2.0.6 one year ago and I am using this database for RMAN.
  Today I need it to do something else but I really forgot the sys and system password and i dont know what to do.
  I appreciate your help on that.
  Thanks

  Hi,
  >>I really forgot the sys and system password
  Really ? or are you trying to hack the database ? :-)
  You can try this too:
  Use the orapwd utility in order to re-create the SYS password...
  e.g.: orapwd file=orapw<SID> password=adm entries=5
  Cheers

• Lost of sys and system password

  Hello,
  What are the options when the sys and system passwords to 9206 on Windows 2000 are not known. I was given the database but no one knows the passwords to sys and system. The Windows o/s account does belong to the DBA group but I am not able to log on as '/ as sysdba'. Error saids insufficient privilege even though the o/s acct belongs to group DBA. What can be done to gain access so sys and system passwords can be reset. Thank you in advance.

  Hi, please review the Note:77665.1 into metalink site.
  Regards.

• Profiles apply to SYS and SYSTEM users

  dear all.
  is possible configure the security policies (profiles), i mean password length, history, failed login attempts for SYS and SYSTEM users in oracle 10g.
  What will happen if both users blocked ?? the service would be affected ???
  what would you recommend me ?
  thanks for your answers and apologize my english, is not very well.

  Check here:
  SYS account cannot be locked out by setting the failed_login_attempts limit in the profile.
  is it possible to lock out SYS using FAILED_LOGIN_ATTEMPTS in a profile
  http://www.petefinnigan.com/ramblings/failed_login_attempts.htm
  -Anantha

• Restrication on using sys and system tables.

  I have created the user in oracle 10g, granted resource , connect , select, insert, and update any table
  I would like to restrict the user from modifying sys and system tables.
  I know , it is possible using triggers. but it will create perofrmance issues
  Any other solution , please let me know

  user8680248 wrote:
  user wants this priv ( user is super user ) but user is not DBAYou say the user is not a "super user" and is not a DBA.
  Then he doesn't get what he "wants", he gets the minimum privs required to do his job. And it's the job of the DBA (presumably you) to enforce that policy. The technical issues are simple. The political ones are often difficult, but as a DBA that, too, is part of your job. It's YOUR job that will be on the line if you put the company's data at risk by granting someone excessive privileges on the database..
  Edited by: EdStevens on Feb 8, 2010 6:33 AM

• To analyze or not to analyze (sys and system)! That is the question.

  Hello,
  There are a lot of opposing opinions out there about whether it is beneficial or not to analyze the sys and system objects? Do you guys have any theoretical or practical knowledge that backs one or the other?
  Also did any one experience considerable positive impact of calculating the "system stats" with dbms_stats.gather_system_stats?
  Thank you,

  There are a lot of opposing opinions out there about whether it is beneficial or not to analyze the sys and system objects? Do you guys have any theoretical or >practical knowledge that backs one or the other?
  Also did any one experience considerable positive impact of calculating the "system stats" with dbms_stats.gather_system_stats?Oracle recommends to gather statistics for SYS only if you're using Oracle APPS.
  Some good articles to read.
  [http://jonathanlewis.wordpress.com/2007/02/02/10g-upgrade/]
  [http://download.oracle.com/docs/cd/B19306_01/server.102/b14238/toc.htm]
  [http://jonathanlewis.wordpress.com/2007/05/20/system-stats-strategy/]
  upgrade 9i to 10g
  [http://www.jlcomp.demon.co.uk/system_stats.html]
  System Statistics and optimizer_index_cost_adjust  interaction in 9i
  HTH
  -Anantha

• Access to sys and system accounts

  How to determine who can access sys and system accounts?
  we have oracle 10.2.0.4. I want to know which users can access sys and system accounts?
  Please advise
  Thanks
  S.

  ski123 wrote:
  How to determine who can access sys and system accounts?That depends... access to SYS can be done via o/s - no need to compromise the db instance. Only the o/s account running it.
  Even inside Oracle, it is possible to logon as SCOTT and execute SQL and PL/SQL code as SYS - without having any DBA like privs or access to the password for SYS (possible by using a compromised DBMS_SYS_SQL package).
  Bottom line is, you cannot just look at privs inside Oracle to determine who has SYS access. Security and hardening are more complex than that.