Vous êtes sur la page 1sur 2

 Become database admin

First log into your host running oracle and become the oracle user
% sqlplus /nolog
SQL> connect / as SYSDBA
Connected
SQL>

 Find out which accounts are expired


Select username, account_status from dba_users
where ACCOUNT_STATUS LIKE ‘%EXPIRED%’;

 Unexpire an account
Once an account has been expired, it can only re revived by assigning it a new password
ALTER USER scott IDENTIFIED BY password;

 Unlock an account
ALTER USER scott ACCOUNT UNLOCK;

 Disable default password expiry


This all depends on the profile a user belongs to, to disable password expiry for all users
assigned the default user profile do this
ALTER PROFILE DEFAULT LIMIT PASWORD_LIFE_TIME UNLIMITED;

In spite of deleting an oracle user, we can LOCK it. In that way the user won’t be accessible. In future if
we want we can UNLOCK it.

create a user named JACK which is LOCKED:

SQL> create user jack identified by jack account lock;


User created.
Now grant him the CONNECT & RESOURCE privilege:

SQL> grant connect, resource to jack;


Grant succeeded.
Now, try to connect the user:

SQL> conn jack/jack;


ERROR:
ORA-28000: the account is locked
Warning: You are no longer connected to ORACLE.
Now, connect to the SYS accout:

SQL> conn sys as sysdba


Enter password:
Connected.
SQL>
Now, see the account status:

SQL> select USERNAME,ACCOUNT_STATUS,LOCK_DATE from dba_users where USERNAME=’JACK’;


USERNAME ACCOUNT_STATUS LOCK_DATE

------------------------------ -------------------------------- ---------

JACK LOCKED 10-OCT-08


To, unlock the Jack:

SQL> alter user jack account unlock;


User altered.
SQL>
SQL> conn jack/jack;
Connected.
==================

Otherwise we can do one thing, we can revoke its CONNECT privilage. In that way the user can’t connect
to the db.

SQL> revoke connect from jack;


Revoke succeeded.
SQL> conn jack/jack;
ERROR:
ORA-01045: user JACK lacks CREATE SESSION privilege; logon denied

Warning: You are no longer connected to ORACLE.


SQL> conn sys as sysdba
Enter password:
Connected.
SQL>
SQL> grant connect to jack;
Grant succeeded.
SQL>
SQL> conn jack/jack;
Connected.

In Oracle 10gR2 things are fairly sane:

CONNECT role has only CREATE SESSION

RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE,

CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE

In Oracle 9iR2 things get a little scary:

CONNECT has ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE SEQUENCE,

CREATE SESSION, CREATE SYNONYM, CREATE TABLE and CREATE VIEW. Rather a scary lot for a role

called ‘connect’

RESOURCE has CREATE CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE,

CREATE SEQUENCE, CREATE TABLE, CREATE TRIGGER and CREATE TYPE