RE: Errors executing password change procedure
- From: <correo@xxxxxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 29 Nov 2018 10:52:02 -0500
Why don´t create a nice APEX app that sends emails with the new password
autogenerated?
You validate the info with a table inside the app.
FJA
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx <oracle-l-bounce@xxxxxxxxxxxxx> On Behalf
Of Mladen Gogala
Sent: Thursday, November 29, 2018 10:41 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: Errors executing password change procedure
On 11/28/18 11:56 AM, Sandra Becker wrote:
Oracle Enterprise version 12.1.0.2
We have a new requirement to allow users to change their passwords,
even if expired and/or account is locked. Per the requirements, I
have created the new user (not allowed DBA privs) that will connect
through a GUI and execute a password change procedure in another
schema that has the necessary privileges. This new user has been
granted execute privileges on the procedure. However, I'm getting an
"ORA-01031: insufficient privileges" error when I try to execute the
procedure as the new user.
Hi Sandra!
You can create the procedure belonging to the user SYSTEM and grant an execute
rights to your users. The default is so called "definer's rights" procedure,
and that is what your security concerns are about. The "definer's rights
procedure" can access any object that its owner can access. Personally, I would
create the procedure to unlock/change password for users not containing the
string 'SYS'. An alternative would be to create a role LUSER and only allow the
operations if the username to process is a member of the role LUSER. If you
create another user, call it ORAPHB, you can grant the execute privilege on the
SYSTEM.CHANGE_LUSER_PASSWORD procedure and that would be it. The procedure can
access anything that the user SYSTEM can access.
Regards
--
Mladen Gogala
Database Consultant
Tel: (347) 321-1217
--
//www.freelists.org/webpage/oracle-l
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
//www.freelists.org/webpage/oracle-l
Other related posts: