| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.misc -> Re: help,help-- How to develop a changing password program using d2k?
A copy of this was sent to "Johnson" <zhang_at_aqua.ocn.ne.jp>
(if that email address didn't require changing)
On Fri, 26 Mar 1999 21:28:14 +0900, you wrote:
>Hello, :
> It seems so strange that I can not find a way to develop a changing
>password program using d2k. Finally, I use dynamic SQL to send "alter user"
>command to change the password, but it can only do with my own account, when
>i use this stored procedure to change other's pwd, I am always told there is
>rights problem. Please help me.
>
If the user executing the FORM has the "alter user" privelege (a very generous priv. anyone with this priv can become any user in the database) then:
forms_ddl( 'alter user ' || username || ' identifed by ' || new_password );
will work. On the other hand, if another user creates a procedure "change_pw( uname, pword )", and that other user has the alter user priv., they can grant execute on that stored procedure to whomever and then people with execute on that procedure can change passwords.
So -- if you use forms_ddl, the user needs to have alter user from either a ROLE or granted directly to them.
If you use a stored procedure, the OWNER of the procedure must have ALTER USER granted directly to them, not via a role...
>Thanks, in advance
>Johnson Chao
>zhang_at_aqua.ocn.ne.jp
>
Thomas Kyte
tkyte_at_us.oracle.com
Oracle Service Industries
Reston, VA USA
--
http://govt.us.oracle.com/ -- downloadable utilities
 |
 |