| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: CHANGE PASSWORD
Hi,
Well, you have a point there Jurij. I was too quickly!
In fact the situation in the application is that there are common users who have rights to use the application, but only have rights to query information about other users. Beside the common users there are a group of superusers (not DBA's) who have the rights to add new common users, and these are on the same time added as oracle-users to the database. These superusers are the ones who I set the role with alter user privileges for. Does this make it clearer?
My point is that the runtime, applicationbased set of the privileged role is one of the ways you can protect the database from uncontrolled use: Even though the superusers have access to the database with for example SQL*PLUS, they are not able to apply their application-rights. That is of course if they can't guess the password of the privileged role.
Regards,
Michael Ringbo
Jurij Modic wrote:
> On Wed, 24 Feb 1999 11:39:11 +0100, Michael Ringbo <mri_at_dde-nospam.dk>
> wrote:
>
> >Hi,
> >
> >If your users are to use a Forms 4.5 / 5.0 application, and have to have the
> >ability to change their own password there is a way to dot this without
> >having to grant them ALTER USER directly:
>
> Why do you want to grant ALTER USER privilege to the end user in the
> first place? Users don't need to have this privilege to be able to
> change *their own* password! Users don't need to have been granted any
> system privilege or role at all to be able to change their own
> password. (Well, sure, they need at least CREATE SESSION privilege so
> that they are able to connect to the database, but that is all that is
> needed!)
>
> >1) Make a role with the ALTER USER privilege. Make the role
> >password-protected.
> >2) Grant the role to the users. Be sure it won't be their default role
> >3) Set the role from within your apllication using forms_ddl
> >
> >I have done this with a Forms application, but I don't know if you could use
> >this method using other application platforms.
> >
> >Miguel Almeida wrote:
> >
> >> How can i prevent a user, with ALTER USER system privilege, to change SYS
> >> password?
>
> Regards,
> Jurij Modic <jmodic_at_src.si>
> Certified Oracle7 DBA (OCP)
> ================================================
> The above opinions are mine and do not represent
> any official standpoints of my employer
Received on Thu Feb 25 1999 - 02:16:26 CST
 |
 |