Skip to Main Content
  • Questions

  • Can users have the privilege to chnage their own password

Breadcrumb

Question and Answer

Tom Kyte

Thanks for the question, ayush.

Asked: April 25, 2013 - 6:01 am UTC

Last updated: April 25, 2013 - 8:02 pm UTC

Version: 11.2.0.3

Viewed 10K+ times! This question is

You Asked

Hi Tom,

How are you doing,

I have a geberic question, actually we ae looking into ways that an end user can change his own password as we get a lot of uch request to reset the user passwords , we are using oracle 11g database and clients.
If possible can you kindly let us know any scripts or any changes in database which would allow us to do the above, also if possible can you provide different methods so that the end users are not dependent on th dba for reseting their passowrds.

Regards
Ayush


and Tom said...

any user can already change their own password, they need no special privileges to do so.

they just issue an alter user their_name password new_password command.

many tools can be used to "automate" this as well - sqlplus for example:

scott%ORA11GR2> password
Changing password for SCOTT
Old password: *****
New password: *****
Retype new password: *****
Password changed
scott%ORA11GR2>

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

A reader, April 25, 2013 - 5:09 pm UTC

Thanks for the reply Tom,

Actually in case where users forget their passwords or lock it in that case what can be done, also I don't want the end users to use alter command, its just that they get they run a script asking them for a new password.

Regards
Ayush
Tom Kyte
April 25, 2013 - 8:02 pm UTC

well, I showed you how one tool can do it without having an alter command - in answer to "so I don't want the end users to use alter command, its
just that they get they run a script asking them for a new password."

in sqlplus, they would just type "password"

in other tools you may or may not have, you would read the documentation to see how and if they support a user changing their password.


As for the case where they forgot their passwords - you'll have to design and build something for that if you want it automated.

What I've seen in some places is that you would build a new application. It would have a single table

t( oracle_username, full_name, email, phone, ... etc )


your application would maintain this table - you could give them a web front end to maintain their personal information.

if they forgot their password, you can let them go to a screen where they type in their oracle_username, email address - and anything else you want to make them type in (maybe they have to answer one of those magic questions like what is your favorite color, your mothers maiden name, etc) - and your procedure would generate a password, alter their account, set it to expire really soon and email them this password.

or email them a link with a randomly generated identifier in it - that when clicked on - you would look up in a table and reset their password (to avoid people reseting other peoples password as a "joke"). This password reset would do what I outlined above at that point.

and you could of course expand this tiny application to have a change your password screen too.
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.