RE: account unlock/password reset
Date: Mon, 12 Jan 2009 17:42:23 -0500
Message-ID: <6AFC12B9BFCDEA45B7274C534738067F0AB5C08D_at_AAPQMAILBX02V.proque.st>
Standard approach would be to have DBA_ACCESS_ACCOUNT with ALTER USER priv. Create definer rights PL/SQL package w/ procedures for locking, unlocking, and password reset.
Then, create accounts for level 2 support personnel. Their accounts get only create session and execute on the PL/SQL package you created. They can login, they can lock/unlock/reset password, and that's it.
Hope that helps,
-Mark
--
Mark J. Bobak
Senior Database Administrator, System & Product Technologies
ProQuest
789 E. Eisenhower, Parkway, P.O. Box 1346
Ann Arbor MI 48106-1346
+1.734.997.4059 or +1.800.521.0600 x 4059
mark.bobak_at_proquest.com<mailto:mark.bobak_at_il.proquest.com>
www.proquest.com<http://www.proquest.com>
www.csa.com<http://www.csa.com>
ProQuest...Start here.
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of SHEEHAN, JEREMY
Sent: Monday, January 12, 2009 4:34 PM
To: oracle-l_at_freelists.org
Subject: account unlock/password reset
I've co-authored a procedure that does and account unlock and password reset. It works great (if you're interested I'll post it, too).
Now I'd like to give this to level 2 support and have this taken out of the hands of the DBA's. We've got a few support users that are ready to use it, but I'm not thrilled with granting 'ALTER USER' to them.
Is there anyway around allowing users to unlock accounts and change password without granting 'ALTER USER'?
Thanks!
Jeremy
P Consider the environment. Please don't print this e-mail unless you really need to.
--
http://www.freelists.org/webpage/oracle-l
Received on Mon Jan 12 2009 - 16:42:23 CST