Trigger - allow only SYSADM change password

Hello

I would like to create a trigger for Oracle 9i, which allows only the SYSADM change passwords and deny all users to change their password. Is this possible?

I found a script, but it does not allow users to change their password (sorry, can't remember where I found it, but credit to author :))

CREATE TRIGGER No_Change_PWD_trigger
BEFORE ALTER
WE DATABASE
DECLARE
BEGIN
IF (ora_dict_obj_type = ' USER') THEN
raise_application_error (-20010, ' you cannot change the password, try nice ;)) ») ;
END IF;
END;
/

Can someone help me to modify the script to allow SYSADM to be the only user with ALTER USER privileges?

Thank you
Ryan

Hello

a simple addition should work (but not tested):

CREATE TRIGGER No_Change_PWD_trigger
BEFORE ALTER
ON DATABASE
DECLARE
BEGIN
IF (ora_dict_obj_type = 'USER')
and user != 'SYSADMIN' THEN
raise_application_error(-20010,'You cannot change the password, nice try ;)');
END IF;
END;
/

Herald tiomela
http://htendam.WordPress.com

Tags: Database

Similar Questions

  • Responsibility to allow only for user password resets (for personal help from the front desk)

    Hi all

    Someone managed to create a responsibility to allow only the password resets? The idea is to assign this responsibility to our office staff help password reset requests. They will not have the opportunity to do anything outside of search for users, and then reset the password. This would allow a large number of the number of tickets to be processed directly by our help desk staff.

    Any information would be greatly appreciated.

    Hello

    Create a custom liability (similar to the system administrator), which only has the (security > user > set) screen.

    Why don't you use reset them password 'features' "that comes with the application? See (Note: 399766,1 - FAQ of the Reset password feature) and (Note: 763352.1 - how to set "password forgotten"to work without treatment in 11i?) For more details.

    Kind regards
    Hussein

  • How to activate the "Change Password" on the page "my account"?

    Hi all

    I log on using "Administrator" on the page "My account", there is no "Change Password" link on the page.
    Can someone tell me what I need to do to activate it?

    Thank you
    Dan.

    With 11g, OBIEE essentially uses the notion of 10g of external authentication.

    By default, this is done by the LDAP WLS (Weblogic) identity store, but it can be done by an another supported authenticator WLS, or OBIS (custom authenticator or LDAP) metadata. As a result, OBIEE has control over user passwords; This is why the steps mentioned in the notes 1102353.1 do not apply to OBIEE 11 g, but only to users internal/repository-defined in OBIEE 10 g.

    So, as for the maintenance of password in OBIEE 10 g when an external authenticator is used, it is in this authentication system external this password is changed, not in OBIEE 11 g. There is no option in OBIEE 11 g to allow users to change passwords.

    There are two alternatives with which you can change your password:
    (1) from the Weblogic/WLST administration console.
    You must give this user in the Weblogic console access or access to browse the hierarchy of involved MBean and other change permissions. Change the password using WLST instance statement here:

    Ideally, the console and WLST approaches are used by administrative accounts to manage other users. But the console and WLST possible to allow other users to change the passwords (which will be more or less as an administrative task by the users themselves)

    (2) with the help of a programmatic approach.
    Here, the application that intends to provide the users with the password change functionality must implement this functionality on its own (GUI more appeal to the relevant Weblogic API). WebLogic provides an MBean that the application can use to achieve this. See here for more information.

    An enhancement request is for this feature. It is unpublished bug 11836170 - allow non-admin users to change passwords in obiee 11 g.

  • I use creative cloud of Adobe Premiere Pro and it does not allow me to drag. In the line of time, only the audio files of the video MXF files. Plays in the video source, but does not allow me to change on the time line with the. MXF files.

    I use creative cloud of Adobe Premiere Pro and it does not allow me to drag. In the line of time, only the audio files of the video MXF files. Video plays in the source window, but does not to drag me and thenedit on the time line with the. MXF files. audio will slide to the time line, but not the video. Interestingly, not later than end of December 2015 it allowed me to change with .mxf files, but no, it won't. Any help out there?

    Neil, get it fixed, I do not have the video channels set correctly on the left

    side of the line of the time. Learn the new adobe; Thank you

    Monday, February 15, 2016 13:20, R Neil Haugen [email protected]>

  • Trigger when only eno column change!

    Hello

    I have column A, B, C.
    I wonder if create a trigger that is fired when ONLY column b is changed?
    In this release I want to insert this old record of column B in another table.
    What would be the best solution for my problem?


    Kind regards
    Igor

    IgorKSCon wrote:
    When the ONLY column b is changed?

    If you want to call the trigger code only when the value of the column is changed then... you can also do like

    CREATE OR REPLACE TRIGGER trg_name AFTER
   UPDATE OF col1 ON testing FOR EACH row
   WHEN (new.col1 != old.col1) --check this line
BEGIN
    -- your trigger body here
    NULL;
END;

  • Change password of ACS

    I use ACS 4.2 device. Can users connect to the device via web to change their password? Or UCP is necessary?

    Hello

    Yes, you need UCP implementation since you want your ACS internal user must change his password on their own.

    UCP # you use the UCP to allow users to change their passwords to ACS with a web-based utility. When users need to change passwords, they can access the UCP web page by using a supported web browser. For more information about web browsers we tested with ACS, see the release notes for your product of ACS.

    HERE ARE THE STEPS

    ==================

    For the configuration of UCP

    -->, create two folders in C:\Inetpub\wwwroot\

    (1) secure

    securecgi - tray 2)

    -->, Create two virtual directories

    (1) (secure read only access)

    (2) securecgi-bin (read-only access in execution)

    --> install the UCP utility, during the installation of the utility, it will prompt you for the path where the directories

    1) http://x.x.x.x/secure

    2) http:/x.x.x.x/securecgi-bin

    also the ip address of the ACS server.

    test the UCP

    http://localhost/securecgi-bin/login.htm

    MORE INFORMATION:

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/user_passwords/UCP.html#wp1041168

    INSTALLATION GUIDE:

    http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/user_passwords/ucpNW42.html

    HTH

    JK

    Please evaluate the useful messages-

  • Change password - manager to process Post events

    I have my event handler to change password, such as listed below.

    / public class PostProcess_SetInitialPassword implements PostProcessHandler {}

    public EventResult run (long processId, long eventId,
    Orchestration of the orchestration) {}

    UserManager um = null;

    Store the user settings
    Parameters HashMap < String, Serializable > = orchestration.getParameters ();

    Operation of the user to determine
    String operation = orchestration.getOperation ();

    Working only with function 'create '.
    If (operation! = null & & operation.equalsIgnoreCase ("create"))
    {
    try {}
    UM = Platform.getService (UserManager.class);

    Definition of userLogin to the value of the connection of the user to the user attribute
    String userLogin = getParameterValue (settings, "user login");

    Generate random password
    RandomPasswordGeneratorImpl randomPasswordGenerator = new RandomPasswordGeneratorImpl();
    Char [] nouveau_mdp = randomPasswordGenerator.generatePassword (new User (null));
    Password String = new String (new_pwd);

    Set the static password to match the user login
    String password = userLogin;

    changePassword (java.lang.String Userid, password char [], boolean isUserLogin, boolean sendNotification)
    um.changePassword (userLogin, password.toCharArray (), true, true);

    } catch (Exception e) {}
    System.out.println ("Message of Exception..." + e.getMessage ());
    }
    }
    return new EventResult();
    }

    public BulkEventResult run (long processId, long eventId, BulkOrchestration bulkOrchestration) {}

    UserManager um = null;

    Store the user settings in a table
    HashMap < String, Serializable > [] parametersArray = bulkOrchestration.getBulkParameters ();

    Operation of the user to determine
    String operation = bulkOrchestration.getOperation ();

    Working only with function 'create '.
    If (operation! = null & & operation.equalsIgnoreCase ("create"))
    {
    Scroll through the table
    for (int i = 0; i < parametersArray.length; i ++)
    {
    Store the user settings
    Parameters HashMap < String, Serializable > is parametersArray;.

    try {}
    UM = Platform.getService (UserManager.class);

    The userLogin user login value value
    String userLogin = getParameterValue (settings, "user login");

    Generate random password
    RandomPasswordGeneratorImpl randomPasswordGenerator = new RandomPasswordGeneratorImpl();
    Char [] nouveau_mdp = randomPasswordGenerator.generatePassword (new User (null));
    Password String = new String (new_pwd);

    Set the static password to match the user login
    String password = userLogin;

    changePassword (java.lang.String Userid, password char [], boolean isUserLogin, boolean sendNotification)
    um.changePassword (userLogin, password.toCharArray (), true, true);

    }
    catch (System.Exception e)
    {
    System.out.println ("Message of Exception..." + e.getMessage ());

    }
    }

    }
    return new BulkEventResult();
    }

    It compiles successfully and I have the plugin saved successfully. I was uncertain about the metadata, since it doesn't really say it was successful, there are no errors.

    I'm trying to import a single user using my file flat trust GTC, the user is imported successfully, but I wasn't able to connect with the name of user and password. Where can I check the logs to see if the code is actually executed? Oim_server1-diagnosis didn't tell me what it is.

    After that I made changes to my code, can I simply re - import and it will replace my original entry? I have to back it out or do something special?

    Thank you.

    If you make changes with code plugin to re - register again. same for the DMS import for all changes on eventhandler.xml.
    Make sure that you run PurgeCache.sh everything after that.

    I guess that your eventhandler is called/trigger. Change order = 1003 or the LAST mds and re - import.

    Do not call a suggestion more um = Platform.getService (UserManager.class); on the inside of the loop. initialize once at the top.

  • My version of Firefox is 7.0.1. My bank allows only version 3.6. How do I adapt so I can do my banking online?

    My version of Firefox is 7.0.1. My bank allows only version 3.6. How do I adapt so I can do my banking online? I use a Mac.

    You could install version 3.6 next to your current version. Just download the current language of http://www.mozilla.org/en-US/firefox/all-older.html and then in the Setup program, change the installation location. You can just change the last part of the installation location (where it says Mozilla Firefox) for Mozilla Firefox2

  • Change password account Google

    Hi all

    I just changed my Google account password by singing in Google using a browser. Now, I also need to change the password of my account on OS X, or Mail.app cannot access to my Google account.

    How can I change the password in OS X? Mail, for example, request a new password, it just shows an interruption of the connection. If I go on the Internet of accounts in preferences, click on Google, click details, he comes to shows me Description and name, but no place where I could enter a password.

    Thanks for help and best regards,

    lotlorien

    Hi all

    I solved this problem by removing completely and adding my Google account. If this is the only way, it's really amazing. How can it may be difficult to implement a change password option?

    Kind regards

    lotlorien

  • I haven't used itunes for some time and now have a new PC.  I've updated my account (change password) but when I connect to my music went?

    I haven't used itunes for some time and now have a new PC.  I've updated my account (change password) but when I connect to my music went?  I am working on Win 8 and still have part of my collection on an ipod.

    Unless you subscribe to iTunes game (which is not a complete solution anyway) your iTunes Library is on your previous PC - solution the easiest is to copy from here or from a backup.  For more information, see How to move your iTunes library to a new computer - Apple Support .  Previous purchases from the iTunes Store may be available for re - download - see download your past - purchases of Apple Support.

    If none of these approaches allows to recover the contents of your library, see user turingtest2 on recover your iTunes from your iPod or an iOS device library for a list of tools and methods that can be used to copy the media etc from iPod to iTunes.

  • Windows updates won't allow me to change the settings.

    Running Vista on a new Satellite from Toshiba. Updates Windows refuses to allow me to change the settings; It is set to download/update automatically, but I want to see and select updates. When I click on this box, then ok, the authorization window returns. I click 'ok', but there is nothing else that a flicker of the cursor runs. Nothing else comes up, and if I have to cancel the window updates, it is up to the automatic update. I am the only user and have always been administrator.

    It's too late to install MSE or any other antivirus application now.

    You will find information about any Recovery hidden partition manufacturer support pages.

    If you use the disks you created, you would use the OS disk first then the drivers disk.

    If you need help, start a new thread here: http://social.answers.microsoft.com/Forums/en-US/xpinstall/threads

    ~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft

  • mx459 won't let me enter the WEP key number, allows only symbols and letters. How to enter numbers?

    mx459 won't let me enter the WEP key number, allows only symbols or letters. How to enter numbers?

    John

    This might help

    Press the SETUP button on the control panel of your printer.
    Using the arrows, select DEVICE SETTINGS, press OK.
    Select local network SETTINGS, then press OK.
    Select Configuration LAN wireless, and then press OK.
    If a message appears, press the WPS button, press STOP to cancel.
    Select STANDARD INSTALLATION in the next screen that appears, and then press OK.
    Select your access point or router, and then press OK.
    Press OK to confirm the access point name.
    Enter your password using the numeric keypad on the right.
    On the screen where you enter your password at the top right of the LCD screen, you should see a: 1. This indicates you are in digital input mode. If you press the asterisk (*) will be fixed: has or uppercase mode, pressing asterisk with tiny switch. To enter a letter in letter mode, you press the digital key to scroll through the available letters. For example: to enter a letter 'c', you press the '2' three times.
    Press OK when finished.
    The LCD will say "Connected", if the password is correct.

  • Hotmail sending emails to auto re: drug store online & can not change password of e-mail.

    my email is automatically sent drugs online / _ links to ALL my contacts.
    Hotmail is not allowing me to change my password. I go through the steps, but it does not save the password

    You need to discuss with your mail provider (Hotmail).  t-4-2 provides you with the appropriate links.  They are the ones who can access these things on your account and shut up (although I'm not sure they can stop emails being sent to your name, even if the account is closed because the source is probably not the ISP or e-mail provider but an unknown location abroad).  But do not notify them immediately in order to take appropriate measures (and don't forget to discuss how you will have access to your files if they close your account - you will need to keep it open long enough to move the information elsewhere).  The e-maiils appear in your sent items or you you told about it by your contacts, but there is no evidence in your account?

    You must also report it to the authorities (the police) so they can try to track down those criminals who cause damage even more before all is said and done.

    You can also report it to the internet crime complaint center if necessary

    http://www.ic3.gov/complaint/default.aspx

    Here's a suggestion on what to do next:http://www.microsoft.com/athome/security/bank/PhishingVictim.mspx

    I hope this helps.

    Good luck! Lorien - MCSA/MCSE/network + / has + - if this post solves your problem, please click the 'Mark as answer' or 'Useful' button at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

  • Users cannot change password for 802.1 x and implementation of ISE

    Hi all

    We have implemented cisco ISE 1.1 for a week and we notice that Microsoft active directory the user cannot change password there when it expired.

    We store all user account in Microsoft active directory for authentication and ISE is mapped with Microsoft active directory. Normally, when your expired password Microsoft active directory ask you to change your password, but in our case cisco switch or 802. 1 x do not allow communication with active directory before giving access to the network. Is this a configuration error or cisco do not support this?

    Best regards.

    Hello

    I have the same problem, did you find a solution?

    Thank you

  • Cannot change password user AD of ASA

    ASA 8.4 running. I have the password-management enabled on the tunnel group, LDAP over SSL is activated, but when I test in defining an account to require password change after the next connection, the new page password required loads (clientless) and allows to enter password again. After continue to knock, he returned to the login page user name with this message above the username field

    "

    Cannot complete the password change, because the password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.

    ".

    Yet, I am able to change the password at the same time a post work, so there is no policy of gp who refuses change of password. We have minimum days 0 and no complexity required. I'll meet the minimum length.

    a debug output when I hit continue it after entering the new password:

    Starting a session [10068]

    New [10068] Session, request the 0x74637d10 context, reqType = change password

    Started fiber [10068]

    [10068] LDAP context with uri = ldaps://192.168.102.15:636

    [10068] to connect to the LDAP server: ldaps://192.168.102.15:636, status = success

    supportedLDAPVersion [10068]: value = 3

    supportedLDAPVersion [10068]: value = 2

    [10068] link as asauser

    Authentication Simple running [10068] to asauser to 192.168.102.15

    Search LDAP [10068]:

    Base DN = [DC = subdomain, DC = company, DC = com]

    Filter = [[email protected] / * /]

    Range = [subtree]

    DN of the user [10068] = [CN = useraccount, CN = Users, DC = subdomain, DC = company, DC = com]

    [10068] talk to Active Directory 192.168.102.15

    [10068] password for reading strategy for [email protected] / * /dn:CN = useraccount, CN = Users, DC = subdomain, DC = company, DC = com

    Bad password count [10068] reading 0

    [10068] change password for [email protected] / * / password successfully converted to unicode

    [10068] output fiber Tx = 759 bytes Rx = 2959 bytes, status =-1

    End of session [10068]

    If 'asauser' is not yet a member of the "account operators" group, add to this group.

    There is an enhancement request to do this work without special privileges, see:

    CSCtq54856    ENH: Support for the management of w/o rights connection LDAP Admin DN password

    HTH

    Herbert

    EDIT:

    Just to further clarify for those hitting this thread in the search for a solution to the same problem: the 'asauser' in the above example is the user who is configured in the ASA LDAP settings:

    AAA-server ldap protocol ldap

    AAA-server ldap (inside) host 10.0.0.2

    Server-port 636

    LDAP-base-dn cn = users, dc = CISCOTEST, dc = COM

    LDAP-login-password *.

    LDAP-connection-dn asauser

    enable LDAP over ssl

    microsoft server type

    While this user (the one defined with ldap-connection-"dn") must be in the group account opertators, not all vpn users.

Maybe you are looking for