RE: Passwords in DBA_USERS (Oracle 12c)

From: Deas, Scott <Scott.Deas_at_lfg.com>
Date: Thu, 7 Jul 2016 13:32:21 +0000
Message-ID: <C1FB7BA65B13C542B2CB1CE5DB8F74AF4B5F8460_at_NC2PWEX501.us.ad.lfg.com>

Becoming another user in the database is a perfect case for proxy access. You never have to change the original user’s credentials (which in an online app can sometimes not be an option).

Thanks,
Scott

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mladen Gogala Sent: Thursday, July 07, 2016 9:23 AM
To: Chris Taylor <christopherdtaylor1994_at_gmail.com>; dimensional.dba_at_comcast.net Cc: andy_at_oracledepot.com; oracle-l <oracle-l_at_freelists.org> Subject: Re: Passwords in DBA_USERS (Oracle 12c)

On 07/07/2016 09:16 AM, Chris Taylor wrote: Having the password "somewhere" is important so I'm not sure if Andy is suggesting it's absurd to have it anywhere in the database or not. But for at least one case it's terribly important and that is supporting legacy applications.

Sometimes you need to be able to login as an application schema to create an object such as a materialized view or database link that is either exceptionally difficult or impossible to do UNLESS you are logged in as the schema owner. The DBA may not have access to the schema password but can preserve the password by looking at sys.user$ for the encrypted password, temporarily change it, create the object (db link or MV), then change the password back without ever affecting the application (or briefly affecting the application at least).

Thanks,
Chris

Yes, that was exactly the case. It was a DB link.

Mladen Gogala

Oracle DBA

Tel: (347) 321-1217
Notice of Confidentiality: **This E-mail and any of its attachments may contain Lincoln National Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Lincoln National Corporation family of companies. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. Thank You.**

--

http://www.freelists.org/webpage/oracle-l Received on Thu Jul 07 2016 - 15:32:21 CEST

This message: [ Message body ]
Next message: Andy Klock: "Re: Passwords in DBA_USERS (Oracle 12c)"
Previous message: Chris Taylor: "Re: Passwords in DBA_USERS (Oracle 12c)"
Maybe in reply to: Dimensional DBA: "RE: Passwords in DBA_USERS (Oracle 12c)"
Next in thread: Chris Taylor: "Re: Looking for Suggestions - 5 TB DB WHSE Backup options"
Reply: Andy Klock: "Re: Passwords in DBA_USERS (Oracle 12c)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message