DBA Tips Archive for Oracle

  


[an error occurred while processing this directive]

No Title

[an error occurred while processing this directive]

by Michael New, MichaelNew@earthlink.net, Gradation LLC

This note provides code that enables a DBA to prevent certain users from changing their password. This can be useful in environments where many users log on to the database with a single account. In situations like this, it is very important to guarantee that no user can change the password, thus preventing other users of this common account to login.

The following function can be used to prevent a user from changing their password. This function requires use of a USER PROFILE to activate the function. This script must be run while connected as the SYS user. Next, create a profile that will contain a limit PASSWORD_VERIFY_FUNCTION associated with that previously created verify function. This profile can be assigned to all users who are not allowed to change their password.


connect sys/manager as sysdba Connected. CREATE OR REPLACE FUNCTION restrict_pwd_chg_verify_func ( username VARCHAR2 , password VARCHAR2 , old_password VARCHAR2) RETURN boolean IS BEGIN raise_application_error(-20009, 'ERROR: Password cannot be changed'); END; / Function created. CREATE PROFILE restrict_pwd_chg LIMIT PASSWORD_VERIFY_FUNCTION restrict_pwd_chg_verify_func; Profile created.

Give it a whirl.


SQL> create user ecartman identified by southpark; User created. SQL> grant create session to ecartman; Grant succeeded. SQL> alter user ecartman profile restrict_pwd_chg; User altered. SQL> connect ecartman/southpark Connected. -- Notice in the following example we need to provide -- the REPLACE keyword to prevent getting ORA-28221. This is -- required when users to not have the ALTER USER -- system privilege. SQL> alter user ecartman identified by newpassword replace southpark; alter user ecartman identified by newpassword replace southpark * ERROR at line 1: ORA-28003: password verification for the specified password failed ORA-20009: ERROR: Password cannot be changed SQL> password Changing password for ECARTMAN Old password: southpark New password: newpassword Retype new password: newpassword ERROR: ORA-28003: password verification for the specified password failed ORA-20009: ERROR: Password cannot be changed Password unchanged



Copyright (c) 1998-2017 Jeffrey M. Hunter. All rights reserved.

All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at jhunter@idevelopment.info.

I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.

Last modified on
Tuesday, 04-Sep-2012 00:25:03 EDT
Page Count: 15042