RE: account unlock/password reset

• From: "SHEEHAN, JEREMY" <JEREMY.SHEEHAN@xxxxxxx>
• To: oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Tue, 13 Jan 2009 09:08:57 -0500

So...  It was figured out.  Everything you had said was correct, but there was 
an AUTHID CURRENT_USER clause set in the procedure.  This was blocking it from 
working correctly.  

Thanks for all the suggestions!

Jeremy 
 Consider the environment. Please don't print this e-mail unless you really 
need to.


-----Original Message-----
From: SHEEHAN, JEREMY 
Sent: Tuesday, January 13, 2009 8:36 AM
To: oracle-l
Subject: RE: account unlock/password reset

Hey folks,

I've tried several things that have been suggested.  All excellent suggestions, 
but it's still not working.  

I've granted ALTER USER (with admin option) to the object owner.  I dropped and 
recompiled the password reset/account unlock procedure.  I granted execute on 
the procedure to the user in question, but he still gets the insufficient privs 
error.  

the error occurs @ line 62 (which is executing the 'alter user .... account 
unlock')....

JMS09ZF @ emtdbt > SELECT SUBSTR(LINE,1,4) LINE,SUBSTR(TEXT,1,130) TEXT
  2  FROM DBA_SOURCE
  3  WHERE OWNER='DBAO'
  4  AND NAME='SP_USER_CHANGE'
  5  AND LINE BETWEEN 59 AND 63
  6  ORDER BY LINE;

LINE TEXT
---- 
-----------------------------------------------------------------------------------------------
59
60          IF  p_user = upper(v_user) then
61           v_sqla := 'alter user ' || v_user || ' account unlock';
62           execute immediate v_sqla;
63           dbms_output.put_line ('User ' || v_user || ' Account unlocked.' );

Jeremy 
 Consider the environment. Please don't print this e-mail unless you really 
need to.


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Alex Fatkulin
Sent: Monday, January 12, 2009 6:08 PM
To: SHEEHAN, JEREMY
Cc: oracle-l
Subject: Re: account unlock/password reset

Jaremy,

the owner of the procedure needs to have an alter user privilege

the grantee does not

this is what definer rights are about

On Mon, Jan 12, 2009 at 4:33 PM, SHEEHAN, JEREMY <JEREMY.SHEEHAN@xxxxxxx> wrote:

> Is there anyway around allowing users to unlock accounts and change password
> without granting 'ALTER USER'?

-- 
Alex Fatkulin,
http://afatkulin.blogspot.com
http://www.linkedin.com/in/alexfatkulin
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: account unlock/password reset
    • From: Pete Finnigan

• References:
  • database authentication by windows credentials
    • From: Stephens, Chris
  • account unlock/password reset
    • From: SHEEHAN, JEREMY
  • Re: account unlock/password reset
    • From: Alex Fatkulin

Other related posts:

• » account unlock/password reset- SHEEHAN, JEREMY
• » Re: account unlock/password reset- Maria Gurenich
• » Re: account unlock/password reset- Bradd Piontek
• » RE: account unlock/password reset- Bobak, Mark
• » Re: account unlock/password reset- Alex Fatkulin
• » RE: account unlock/password reset- SHEEHAN, JEREMY
• » RE: account unlock/password reset - SHEEHAN, JEREMY
• » Re: account unlock/password reset- Pete Finnigan

1. Home
2. oracle-l
3. Archive
4. 01-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---