Re: How to prevent password changes?

>>: Question: using ORACLE 6 on Alpha/VMS how can I prevent a
>>: user from changing their own password using GRANT CONNECT?
>>
>>You can't.

This was probably mentioned before but lets not forget the normally useless product_user_profile. You can prevent users from doing ANY grants from sqlplus including Grant Connec. Rather drastic I admit, but how bad you want to keep the passwords the same?

>If you are really serious about preventing users from changing their
>passwords, you might try another approach -- instead of making it
>impossible, just make it undesirable. Keep a record of what you think
>their password should be in some secure file. Periodically attempt to
>connect as that user using what you think the password is. (This is an
>automatic process, of course.) If you can't connect, they must have changed
>their password, and you can take whatever action is appropriate -- remove
>their userid, send them mail, send their manager mail, send their mother
>mail, etc. Do this once or twice and word will get around. If users
>true if you made the system work that way. :-)

I suspect that the application already know (thinks it knows) the users password and uses it to do a connect. If that is true the the above would be acomplished by the application itself. ie) user changed password app stops working. Lot more useful than sending a memo to thier boss

I bring this up because if the application doesn't need to know the password then attempting to keep users from changing the password is a blindingly bad idea. IMHO ofcourse. :-}

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com