控制用户alter user 修改密码的两种办法 dbv and triggers

jnrjian2026-05-21 11:45

Applies To

All Users Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later

Oracle Cloud Infrastructure - Database Service - Version N/A and later

Oracle Database Backup Service - Version N/A and later

Oracle Database Cloud Exadata Service - Version N/A and later

Oracle Database Cloud Schema Service - Version N/A and later

Oracle Database Cloud Service - Version N/A and later

Oracle Database Exadata Express Cloud Service - Version N/A and later

Summary

How to prevent a user being granted the ALTER USER privilege from changing the SYS and SYSTEM users' password ?

Solution

This can be achieved with two methods:

  • Database Vault

  • Triggers

Database Vault

Oracle Database Vault can provide out-of-the-box separation of duties, separating database administrator activity from database user creation and maintenance. Database Vault creates roles that separate actions.

For example, if you wanted to create or alter a user, you would be required to have the DV_ACCTMGR role.

This separation applies to SYS and SYSTEM accounts as well.

Because Database Vault utilizes roles for this separation, if you wanted to grant a user the ability to create or maintain users, you would simply grant the user the DV_ACCTMGR role and they would have the privileges again.

This would all be done without triggers.

Triggers

To prevent this situation you can use event triggers:

复制代码

SQL> conn / as sysdba

Connected.

SQL> CREATE or REPLACE TRIGGER prohibit_alter_SYSTEM_SYS_pass

BEFORE ALTER on <USER1>.schema

BEGIN

IF ora_sysevent='ALTER' and ora_dict_obj_type = 'USER' and

(ora_dict_obj_name = 'SYSTEM' or ora_dict_obj_name = 'SYS')

THEN

RAISE_APPLICATION_ERROR(-20003,

'You are not allowed to alter SYSTEM/SYS user.');

END IF;

END;

/

Trigger created.

Example :

SQL> conn <USER1>/<pwd>

Connected.

SQL>alter user SYSTEM identified by <pwd2>;

alter user SYSTEM identified by <pwd2>

*

ERROR at line 1:

ORA-00604: error occurred at recursive SQL level 1

ORA-20003: You are not allowed to alter SYSTEM/SYS user.

ORA-06512: at line 5

SQL> alter user sys identified by <pwd3>;

alter user sys identified by <pwd3>

*

ERROR at line 1:

ORA-00604: error occurred at recursive SQL level 1

ORA-20003: You are not allowed to alter SYSTEM/SYS user.

ORA-06512: at line 5

SQL> alter user dbsnmp identified by <pwd5>;

User altered.

相关推荐
倔强的石头1062 小时前
生产环境排坑实录:SQL 标量子查询的“静默杀手”与优化器的智能推演
数据库·sql
米高梅狮子2 小时前
01.mysql的备份与恢复
运维·数据库·mysql·docker·容器·kubernetes·github
得物技术2 小时前
Claude Code Harness 工程:数仓侧落地方案|得物技术
数据库·人工智能·ai编程
vennnnnnnnnnnnnn2 小时前
Excel 导入原文保留与内联排名配置问题复盘
前端·数据库·excel
Tirzano2 小时前
批量查询在线成员对应节点redis
数据库·redis·junit
夜雪闻竹2 小时前
语义搜索实战:从关键词到向量检索
数据库·知识图谱·ai编程·knowledge graph
GreatSQL社区3 小时前
解决 GreatSQL 报错:存储过程字符集排序规则不兼容问题
数据库
肖有米XTKF86463 小时前
肖有米开发团队:双迹美业水光系统小程序模式
数据库·人工智能·团队开发·csdn开发云
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03CC-Switch & Claude 基于 Linux 服务器安装使用指南04几个好用的ip纯净度检测网站05裂开!ChatGPT 居然开始要手机号验证,附详细解决方法06用了半年 OpenRouter,我换到了 Ofox.ai — 两个 AI API 聚合平台的真实对比07【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法08【AI】2026 年具身智能模型和世界模型总结09装上就回不去了:CodeGraph 让 AI 编程效率飙升 92%,它到底做了什么?10codex app每次打开重连5次Reconnecting问题解决