Re: Becoming a user - 10g issue

From: Mark Brinsmead <>
Date: Thu, 21 Aug 2008 18:12:04 -0600
Message-ID: <>

Yes. You can use this trick to do just about anything as any user -- all you need is create any procedure and execute any procedure.

Of course, if auditors are likely to complain about (mis-)use of ALTER USER, what are they likely to say about this.

Apply caution -- in may places performing actions like either of these without proper authorization can be firing offenses, or worse, could even result in criminal prosecution! (And simply having the necessary privileges is *not* authorization!)

On Thu, Aug 21, 2008 at 4:09 PM, Jared Still <> wrote:

> Clever solution.
> On Thu, Aug 21, 2008 at 1:54 PM, Yong Huang <> wrote:
>> What I usually do to create a private DB link or stop or start another
>> user's
>> DBMS job, is to create a temporary procedure in that schema:
>> conn system
>> create or replace procedure yhuang.p as
>> begin
>> execute immediate 'create database link remotedb
>> connect to remoteuser identified by thepassword using ''remotedb''';
>> end;
>> /
>> exec yhuang.p
>> drop procedure yhuang.p;
>> The advantage is you don't change that user's password even for a
>> subsecond. So
>> there's no risk in that respect.
>> I wish Oracle would support "create database link theuser.linkname...", or
>> give
>> us a general method as Windows's "Run as" functionality.
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist

-- Mark Brinsmead
Senior DBA,
The Pythian Group

Received on Thu Aug 21 2008 - 19:12:04 CDT

Original text of this message