控制用户alter user 修改密码的两种办法 dbv and triggers

jnrjian2026-05-21 11:45

Applies To

All Users Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later

Oracle Cloud Infrastructure - Database Service - Version N/A and later

Oracle Database Backup Service - Version N/A and later

Oracle Database Cloud Exadata Service - Version N/A and later

Oracle Database Cloud Schema Service - Version N/A and later

Oracle Database Cloud Service - Version N/A and later

Oracle Database Exadata Express Cloud Service - Version N/A and later

Summary

How to prevent a user being granted the ALTER USER privilege from changing the SYS and SYSTEM users' password ?

Solution

This can be achieved with two methods:

  • Database Vault

  • Triggers

Database Vault

Oracle Database Vault can provide out-of-the-box separation of duties, separating database administrator activity from database user creation and maintenance. Database Vault creates roles that separate actions.

For example, if you wanted to create or alter a user, you would be required to have the DV_ACCTMGR role.

This separation applies to SYS and SYSTEM accounts as well.

Because Database Vault utilizes roles for this separation, if you wanted to grant a user the ability to create or maintain users, you would simply grant the user the DV_ACCTMGR role and they would have the privileges again.

This would all be done without triggers.

Triggers

To prevent this situation you can use event triggers:

复制代码

SQL> conn / as sysdba

Connected.

SQL> CREATE or REPLACE TRIGGER prohibit_alter_SYSTEM_SYS_pass

BEFORE ALTER on <USER1>.schema

BEGIN

IF ora_sysevent='ALTER' and ora_dict_obj_type = 'USER' and

(ora_dict_obj_name = 'SYSTEM' or ora_dict_obj_name = 'SYS')

THEN

RAISE_APPLICATION_ERROR(-20003,

'You are not allowed to alter SYSTEM/SYS user.');

END IF;

END;

/

Trigger created.

Example :

SQL> conn <USER1>/<pwd>

Connected.

SQL>alter user SYSTEM identified by <pwd2>;

alter user SYSTEM identified by <pwd2>

*

ERROR at line 1:

ORA-00604: error occurred at recursive SQL level 1

ORA-20003: You are not allowed to alter SYSTEM/SYS user.

ORA-06512: at line 5

SQL> alter user sys identified by <pwd3>;

alter user sys identified by <pwd3>

*

ERROR at line 1:

ORA-00604: error occurred at recursive SQL level 1

ORA-20003: You are not allowed to alter SYSTEM/SYS user.

ORA-06512: at line 5

SQL> alter user dbsnmp identified by <pwd5>;

User altered.

相关推荐
海南java第二人4 小时前
Nebula Graph 实战:基于图数据库存储 CMDB 实体关系
数据库·图数据库·nebula
曹牧5 小时前
oracle:“not all variables bound”
数据库·oracle
数据库百宝箱5 小时前
Oracle RMAN Image Copy 本地恢复
数据库·oracle
zuYM4g7Dp6 小时前
NoSql数据库设计心得
数据库·nosql
睡不醒男孩0308238 小时前
第七篇:揭秘 PostgreSQL 数据库内核级管控:CLup 深度架构设计与高可用底座技术白皮书
数据库·postgresql·clup
cmes_love9 小时前
Level 2逐笔成交历史数据下载方法笔记
数据库·笔记·oracle
swordbob9 小时前
MySQL字符集陷阱:从Oracle迁移踩坑到utf8mb4强制规范
数据库·sql
牛油果子哥q9 小时前
【C++ STL string 】C++ STL string 终极精讲:底层原理、内存机制、全套API、深浅拷贝、易错坑点与工程实战规范
数据库·c++
十五年专注C++开发9 小时前
MySql中各种功能用sql语句实现总结
数据库·sql·mysql
数据库小学妹9 小时前
AI时代数据库怎么选?多模融合、数据统一存储与选型实战指南
数据库·人工智能·经验分享·ai
热门推荐
01《置身钉内》原文-可播放阅读02GitHub 镜像站点03【AI】2026 年具身智能模型和世界模型总结04Codex 下载安装指南:Windows 和 macOS 官方版下载052026 AI 编程工具终极实战指南:Cursor vs Claude Code vs Copilot,开发者该怎么选?062026 年 AI 编程工具终极横评:Cursor vs Claude Code vs Copilot vs Windsurf07【踩坑记录 | 第一篇】微软商店无法使用时,如何手动安装 OpenAI Codex?附`.msix`文件系统错误解决方法08CC-Switch 下载、安装与使用配置指南【2026.5.29】09AI科技热点日报 | 2026年6月1日10CC-Switch & Claude 基于 Linux 服务器安装使用指南