| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: CHANGE PASSWORD
On Wed, 24 Feb 1999 11:39:11 +0100, Michael Ringbo <mri_at_dde-nospam.dk>
wrote:
>Hi,
>
>If your users are to use a Forms 4.5 / 5.0 application, and have to have the
>ability to change their own password there is a way to dot this without
>having to grant them ALTER USER directly:
Why do you want to grant ALTER USER privilege to the end user in the first place? Users don't need to have this privilege to be able to change *their own* password! Users don't need to have been granted any system privilege or role at all to be able to change their own password. (Well, sure, they need at least CREATE SESSION privilege so that they are able to connect to the database, but that is all that is needed!)
>1) Make a role with the ALTER USER privilege. Make the role
>password-protected.
>2) Grant the role to the users. Be sure it won't be their default role
>3) Set the role from within your apllication using forms_ddl
>
>I have done this with a Forms application, but I don't know if you could use
>this method using other application platforms.
>
>Miguel Almeida wrote:
>
>> How can i prevent a user, with ALTER USER system privilege, to change SYS
>> password?
Regards,
Jurij Modic <jmodic_at_src.si>
Certified Oracle7 DBA (OCP)
 |
 |