Skip to Main Content
  • Questions

  • ACCOUNT_STATUS is not changing from OPEN to EXPIRED

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, saurabh.

Asked: October 26, 2015 - 2:47 pm UTC

Last updated: August 15, 2019 - 2:23 am UTC

Version: 10.2.0.4.0

Viewed 10K+ times! This question is

You Asked

Hi,
I have a user in DB for whom the Account_status is showing in "OPEN" state even though the expiry_date has passed way before. Please see below:

USERNAME USER_ID PASSWORD ACCOUNT_STATUS LOCK_DATE EXPIRY_DATE DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED PROFILE INITIAL_RSRC_CONSUMER_GROUP EXTERNAL_NAME
BROWJ079 1018 5973FF44C894C986 OPEN 1/23/2012 10:58:24 AM RETEK_DATA TEMP 10/12/2009 2:03:10 PM SIMBA_NOT_USED DEFAULT_CONSUMER_GROUP


Following is the DBA_PROFILES setting:

USERNAME PROFILE RESOURCE_NAME RESOURCE_TYPE LIMIT
BROWJ079 SIMBA_NOT_USED COMPOSITE_LIMIT KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED SESSIONS_PER_USER KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED CPU_PER_SESSION KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED CPU_PER_CALL KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED LOGICAL_READS_PER_SESSION KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED LOGICAL_READS_PER_CALL KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED IDLE_TIME KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED CONNECT_TIME KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED PRIVATE_SGA KERNEL DEFAULT
BROWJ079 SIMBA_NOT_USED FAILED_LOGIN_ATTEMPTS PASSWORD 3
BROWJ079 SIMBA_NOT_USED PASSWORD_LIFE_TIME PASSWORD 90
BROWJ079 SIMBA_NOT_USED PASSWORD_REUSE_TIME PASSWORD 360
BROWJ079 SIMBA_NOT_USED PASSWORD_REUSE_MAX PASSWORD 5
BROWJ079 SIMBA_NOT_USED PASSWORD_VERIFY_FUNCTION PASSWORD WD_PASSWORD_VERIFICATION
BROWJ079 SIMBA_NOT_USED PASSWORD_LOCK_TIME PASSWORD UNLIMITED
BROWJ079 SIMBA_NOT_USED PASSWORD_GRACE_TIME PASSWORD 10


Kindly let me know why the ACCOUNT_STATUS is not showing to EXPIRED even though the EXPIRY_DATE is passed?

Thanks,
Saurabh

and Chris said...

From MOS note 291195.1:

This is the expected behaviour. The account status is updated only when the user will attempt to connect to the database while the expiry date is updated more frequently( when the user gets created, when the associated profile is modified, when the user is altered, etc. ). If an user is not connecting to the database after the expiry date has passed then the ACCOUNT_STATUS will remain set to OPEN.

When this account is connecting to the database, the current date/time is compared with the value of EXPIRY_DATE. If EXPIRY_DATE is older than the current date/time then the system will check whether the PASSWORD_GRACE_TIME parameter is defined.  If it is set then the grace period is startedt,  the account status is updated to "EXPIRED(GRACE)" and the EXPIRY_DATE is updated to a date which shows when the the account will be locked out.


See the note for a worked example.

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Case with the user SYS

Gordon K, August 14, 2019 - 3:30 pm UTC

SQL> conn sys/***@sp****ut as sysdba
Connected.

SQL> select username,ACCOUNT_STATUS,EXPIRY_DATE, sysdate from dba_users where username='SYS';

USERNAME ACCOUNT_STATUS EXPIRY_DA SYSDATE
------------------------------ -------------------------------- --------- ---------
SYS OPEN 14-JUL-19 14-AUG-19

1 row selected.

SQL> conn sys/***@sp****ut as sysdba

SQL> select username,ACCOUNT_STATUS,EXPIRY_DATE, sysdate from dba_users where username='SYS';

USERNAME ACCOUNT_STATUS EXPIRY_DA SYSDATE
------------------------------ -------------------------------- --------- ---------
SYS OPEN 14-JUL-19 14-AUG-19

1 row selected.


Have I missed anything ?
Thank you


Connor McDonald
August 15, 2019 - 2:23 am UTC

SYS is special...

SQL>  conn sys/xxxxx as sysdba
Connected.

SQL> alter user sys password expire;

User altered.

SQL>  conn sys/xxxxx as sysdba
Connected.


more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.