Re: Becoming a user - 10g issue

Yes. You can use this trick to do just about anything as any user -- all you need is create any procedure and execute any procedure.

Of course, if auditors are likely to complain about (mis-)use of ALTER USER, what are they likely to say about this.

Apply caution -- in may places performing actions like either of these without proper authorization can be firing offenses, or worse, could even result in criminal prosecution! (And simply having the necessary privileges is *not* authorization!)

On Thu, Aug 21, 2008 at 4:09 PM, Jared Still <jkstill_at_gmail.com> wrote:

> Clever solution.
>
> On Thu, Aug 21, 2008 at 1:54 PM, Yong Huang <yong321_at_yahoo.com> wrote:
>
>> What I usually do to create a private DB link or stop or start another
>> user's
>> DBMS job, is to create a temporary procedure in that schema:
>>
>> conn system
>> create or replace procedure yhuang.p as
>> begin
>> execute immediate 'create database link remotedb
>> connect to remoteuser identified by thepassword using ''remotedb''';
>> end;
>> /
>> exec yhuang.p
>> drop procedure yhuang.p;
>>
>> The advantage is you don't change that user's password even for a
>> subsecond. So
>> there's no risk in that respect.
>>
>> I wish Oracle would support "create database link theuser.linkname...", or
>> give
>> us a general method as Windows's "Run as" functionality.
>>
>>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
>

-- 
Cheers,
-- Mark Brinsmead
Senior DBA,
The Pythian Group
http://www.pythian.com/blogs

--
http://www.freelists.org/webpage/oracle-l