Results 1 to 4 of 4
  1. #1
    Join Date
    Feb 2004
    Posts
    93

    Unanswered: Running this 'grant statement' allows any use to change password!

    Command:

    grant alter user to &&MAIN_SCHEMA_OWNER with admin option;

    The above script is not very convenient as it will allow any user to change the password or any other user. Using the Oracle client, Is this true???

    If it is true do you know a way that we can give users the access to change their password within Sqlplus, or OEM/DBA studio or Toad? (oracle 8i)..


    We can use the command "ALTER USER <username> IDENTIFIED BY <new password> from the client which worked fine.

    I aslo believe that Oracle runs stored procedures under the context of the user that created the procedure rather than the connected user, a user is able to change their own password in the original case, but the owner(creator of the procedure) is not allowed to change another user's password.


    ANy ideas?
    Cheers
    Etravels

  2. #2
    Join Date
    Nov 2002
    Location
    Desk, slightly south of keyboard
    Posts
    697
    Hi,

    On the basis that a typical (non dba) user seems to be able to change their own password (I just ran SqlPlus and typed password on a standard user) I am not sure why you need to be granting them the priviledge to do so. Saying that it is late, and there are other people on here better qualified to answer.

    On the subject of procedures, you need to read up on definer rights versus invoker rights.

    Hth
    Bill
    Please don't email me directly with questions. I've probably just got home from the pub and cannot guarantee the sanity of my answers. In fact, I can't believe I actually made it home.

  3. #3
    Join Date
    Feb 2004
    Posts
    93

    definer rights versus invoker rights

    Can you tell me how I can do this?
    Cheers
    Etravels

  4. #4
    Join Date
    Nov 2002
    Location
    Desk, slightly south of keyboard
    Posts
    697
    Hi,

    google for "authid current_user" or "authid definer" for syntax and discussion of their meanings.

    These are the directives you insert into a procedure, function or package to specify with which rights the code will execute.

    Hth
    Bill
    Please don't email me directly with questions. I've probably just got home from the pub and cannot guarantee the sanity of my answers. In fact, I can't believe I actually made it home.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •