Trying to change user's password using PL/SQL procedure.
Date: Wed, 23 Sep 1998 10:34:58 -0500
Message-ID: <36091521.E2BF8573_at_nortel.com>
Hi, [Quoted]
I have written a procedure which will be called by Dev2000 forms application
to change a user's passwd.
I am using Oracle 7.3.2 and PL/SQL 2.2.3. The procedure is as follows
and currently contains a lot of
debug messages.
The procedure calls "alter user ..." using dbms_sql.execute.
The steps that I took to implement this procedure are:
1. Logged in to SQLPlus as "gsmdba" (Does not have DBA
privilege) and compiled the procedure
"ChangePasswd". No
errors.
2. Created public synonym "ChangePasswd" for "gsmdba.ChangePasswd".
3. Granted execute on "ChangePasswd" to public.
The problem is that I can only change the passwd for gsmdba with
this procedure. Even when I login
as someone else, I can change passwd for gsmdba, but not for
the user whom I logged in as. I seems
as if the procedure executes as the owner of the procedure.
Can u tell me why this happens??
Thanks,
VJ.
--------------------
Here is the source code:
=================
These are the outputs that I get:
=======================
A. Logged in as GSMDBA. Trying to change passwd for GSMDBA. This works fine.
-------------
GSMDBA SQL> execute changepasswd('GSMDBA', 'testing');
In changePasswd user = GSMDBA
Before parsing, sqlstmt = "alter user "GSMDBA" identified by testing"
before executing
before closing cursor
after closing cursor.
-------------
B. Logged in as CNT69081. Trying to change passwd for CNT69081. This DOES NOT WORK.
-------------
CNT69081 SQL> execute changepasswd('CNT69081', 'GSMDBA');
In changePasswd user = CNT69081
Before parsing, sqlstmt = "alter user "CNT69081" identified by GSMDBA"
within exeception - ORA-01031: insufficient privileges
begin changepasswd('CNT69081', 'GSMDBA'); end;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "GSMDBA.CHANGEPASSWD", line 23
ORA-06512: at line 1
-------------
C. Logged in as CNT69081. Trying to change passwd for GSMDBA.
This SHOULD FAIL, but it does
not and that is not
right.
-------------
CNT69081 SQL> execute changepasswd('GSMDBA', 'testing');
In changePasswd user = CNT69081
Before parsing, sqlstmt = "alter user "GSMDBA" identified by testing"
before executing
before closing cursor
after closing cursor.
-------------
Thanks,
VJ.
-- Vijay Damodaran vijayd_at_nortel.com Work: (972) 685-8150Received on Wed Sep 23 1998 - 17:34:58 CEST