Re: prohibit password changes?

Kyler,

It sounds as though what you're really after is an ops$ account - ie. an account which is only authenicated at the operating system (unix) level - it does not have a password at the Oracle security level. The ops$ prefix is a convention set by the os_authent_prefix in your init'SID'.ora file. So if you create a user joe like :

    sql> create user ops$joe identified externally;     sql> grant connect top ops$joe;

ops$joe must have a corresponding unix account called joe for this to work. But once logged on to through the os he accesses the database :

    unix-shell-prompt> sqlplus /
The downside to this approach is that if the user requires a password for say a client-server application this won't fly.

Regards,
Kevin

Kyler Laird wrote:

> I'd like to make a generic "user" that is not able
> to create any tables nor modify its password. I
> want this so that any of our (Unix) users can get
> to information in Oracle without having to have
> accounts.
>
> Any ideas? It looks like it should be easy, but I
> don't see how to allow CONNECT without allowing
> password changes.
>
> Thank you!
>
> --kyler
Received on Tue Sep 30 1997 - 00:00:00 CDT