Manage password for users [message #425882] |
Mon, 12 October 2009 18:05 |
rkl1
Messages: 97 Registered: June 2005
|
Member |
|
|
Dear All,
Is it possible to create an user who could take care of changing the password of users if required, unlock their accounts etc. However this user should not be given the powerful dba role but allocated enough system privilege to do enforce security on users.
I was thinking of granting alter user but it seems very powerful. The users who got this role could even change the password for sys.
Any help would be appreciated.
Thanks.
|
|
|
Re: Manage password for users [message #425883 is a reply to message #425882] |
Mon, 12 October 2009 18:32 |
|
BlackSwan
Messages: 26766 Registered: January 2009 Location: SoCal
|
Senior Member |
|
|
>Any help would be appreciated.Any help would be appreciated.
One possible approach/solution is to have a "DBA" user create and own a stored procedure that can change passowrds; only.
Let's call it NEW_PWD procedure.
Then the owner of this new procedure does the following:
GRANT EXECUTE ON NEW_PWD TO PWD_CHANGER;
Now user, PWD_CHANGER, can only do what the procedure is capable of doing.
|
|
|