Showing posts with label USER PROFILE. Show all posts
Showing posts with label USER PROFILE. Show all posts

Monday, 19 June 2017

Script to Drop a user's objects.

This script will produce the alter/drop commands that we can use to drop all the user objects from a database.


REM Script to drop all user objects

SET LINES 132 PAGES 59 FEEDBACK OFF ECHO OFF VERIFY OFF
BREAK ON username
TTITLE left _date center 'SQL To Drop A Users Objects' skip 2

PROMPT When prompted, enter the name of the user who''s objects you wish to drop
PROMPT Then cut and paste the commands presented to drop those objects.

SELECT 'alter table '
|| owner
|| '.'
|| table_name
|| ' drop constraint '
|| constraint_name
|| ' cascade;' code
FROM dba_constraints
WHERE (constraint_type = 'R') AND (owner = UPPER ('&&enter_user_name'))
UNION
SELECT DISTINCT 'DROP '
|| object_type
|| ' '
|| owner
|| '.'
|| object_name
|| ';' code
FROM dba_objects
WHERE (object_type NOT IN ('INDEX'))
AND (owner = UPPER ('&&enter_user_name'))
ORDER BY code DESC;


Sample Output

SQL> When prompted, enter the name of the user who’s objects you wish to drop
SQL> Then cut and paste the commands presented to drop those objects.

18-JUL-08 SQL To Drop A Users Objects

CODE
--------------------------------------------------------------------------------------
DROP TABLE SCOTT.UMCATEGORYCONVFACTOR;
DROP TABLE SCOTT.UOMCATEGORYCONVFACTOR;
DROP TABLE SCOTT.UDT_SOURCING;
DROP TABLE SCOTT.WEBSPRELOPTS;
DROP TABLE SCOTT.WEBSKUOPTS;
DROP TABLE SCOTT.WDDDATA;





I hope this article helped you. Your suggestions/feedback are most welcome.

Keep learning... Have a great day!!!



Friday, 28 November 2014

How to re-open expired oracle database account without change password



Imagine that you have an expired Oracle Database account and you have an urgent need to recover it. Maybe you don’t have any chance to ask that user to change password, or maybe you expired such an account that used by a production application by mistake!

-yes, I confess; it was me who experienced that situation-

If so, do what I did; calm down and take a deep breath and imagine that you are the one who survived after a big disaster on the earth. Just kidding, it’s not a big trouble.

Anyway, I couldn’t find any documented solution for that by Oracle, but found a way to accomplish this task:
Alter user’s password with existing password. Yes, it works. Let’s make a short demo:
    1. Create a user
    2. Expire it
    3. Alter user’s password with existing password to unexpire

1. CREATE AN ACCOUNT NAME TEST

SQL> CREATE USER TEST IDENTIFIED BY "manager";

User Created

SQL> SELECT username,account_status,expiry_date FROM dba_users WHERE username='TEST';

USERNAME ACCOUNT_STATUS EXPIRY_DATE
-------- -------------- -----------
TEST OPEN

2. EXPIRE IT
 
SQL> ALTER USER TEST PASSWORD EXPIRE;

User altered.


SQL> SELECT username,account_status,expiry_date
FROM dba_users
WHERE username = 'TEST';

USERNAME ACCOUNT_STATUS EXPIRY_DATE
-------- -------------- ------------
TEST EXPIRED 19/12/2012
 
3. GET THE EXISTING PASSWORD

SQL> SELECT DBMS_METADATA.get_ddl ('USER', 'TEST')
FROM DUAL;

CREATE USER "TEST" IDENTIFIED BY VALUES 'S:24BF9B8EBC5BC5B609D01915E089AF86D13E1F0627A729146708F5296E32;806B1E705874556A'
DEFAULT TABLESPACE "USERS"
TEMPORARY TABLESPACE "TEMP"
PASSWORD EXPIRE
 
4.EDIT ABOVE SCRIPT TO HAVE ALTER STATEMENT AND EXECUTED IT

SQL> ALTER USER "TEST"
IDENTIFIED BY VALUES 'S:4F5BD279183624CB94C3E67420A1E748A484183579F89E64B98ECB17A162;806B1E705874556A';

User altered.


SQL>SELECT username,account_status, expiry_date FROM dba_users WHERE username = 'TEST';

USERNAME ACCOUNT_STATUS EXPIRY_DATE
-------- -------------- -----------
TEST OPEN


5.OPTIONALLY DELETE TUTORIAL OBJECT


SQL> Drop user TEST cascade;




I hope this article helped you. Your suggestions/feedback are most welcome.
Keep learning... Have a great day!!!


 

Wednesday, 26 November 2014

How to Resolved the Account Locked (Timed) issue?


For application user account, you may come across issue where user account get lock very frequently.

To avoid frequent user account lock issue you can create new profile with unlimited resource limit.

Below are the detail step by step to resolve user account lock issue.

Details:
Oracle Database Version:
11g R2

 Application User: APPUSR
Error: ORA-28000: the account is locked

Login as SYSDBA

SQL> conn /as sysdba

Check the APPSUSR account status.

SQL> SELECT username, account_status,PROFILE FROM dba_users WHERE username= ‘APPUSR’;

USERNAME ACCOUNT_STATUS PROFILE
-------------------- -------------------- ---------------
APPUSR LOCKED(TIMED) DEFAULT

Here we can see the account status is LOCKED (TIMED) and the default user’s profile is DEFAULT.

Check the resource limits of DEFAULT profile.

SQL> SELECT resource_name,resource_type,limit FROM dba_profiles WHERE profile='DEFAULT';

RESOURCE_NAME RESOURCE LIMIT
-------------------------------- -------- ----------
COMPOSITE_LIMIT KERNEL UNLIMITED
SESSIONS_PER_USER KERNEL UNLIMITED
CPU_PER_SESSION KERNEL UNLIMITED
CPU_PER_CALL KERNEL UNLIMITED
LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
LOGICAL_READS_PER_CALL KERNEL UNLIMITED
IDLE_TIME KERNEL UNLIMITED
CONNECT_TIME KERNEL UNLIMITED
PRIVATE_SGA KERNEL UNLIMITED
FAILED_LOGIN_ATTEMPTS PASSWORD 10
PASSWORD_LIFE_TIME PASSWORD UNLIMITED
PASSWORD_REUSE_TIME PASSWORD UNLIMITED
PASSWORD_REUSE_MAX PASSWORD UNLIMITED
PASSWORD_VERIFY_FUNCTION PASSWORD NULL
PASSWORD_LOCK_TIME PASSWORD UNLIMITED
PASSWORD_GRACE_TIME PASSWORD UNLIMITED

All resource limits for DEFAULT profile is set to UNLIMITED, but only for FAILED_LOGIN_ATTEPTS attribute, it’s set to some value (10). Due to this the user account keeps getting locked(timed).When we check in the Oracle Documentations, it’s stated that FAILED_LOGIN_ATTEPTS attribute for DEFAULT profile has been changed from 10.2.0.1 from UNLIMITED to 10.

What we can do is, either we may need to change the resource limit for FAILED_LOGIN_ATTEPTS attribute in DEFAULT profile, or create a new profile for that user with FAILED_LOGIN_ATTEPTS attribute value set to UNLIMITED. But for security reasons, we will not tamper the DEFAULT profile, which is not recommended too. Then let’s go for creating a new profile and assign that profile to the user.

Create a profile.

SQL> CREATE PROFILE APPUSR_DEFAULT LIMIT
COMPOSITE_LIMIT UNLIMITED
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL UNLIMITED

LOGICAL_READS_PER_SESSION UNLIMITED
LOGICAL_READS_PER_CALL UNLIMITED
IDLE_TIME UNLIMITED
CONNECT_TIME UNLIMITED
PRIVATE_SGA UNLIMITED
FAILED_LOGIN_ATTEMPTS UNLIMITED
PASSWORD_LIFE_TIME UNLIMITED
PASSWORD_REUSE_TIME UNLIMITED
PASSWORD_REUSE_MAX UNLIMITED
PASSWORD_VERIFY_FUNCTION NULL
PASSWORD_LOCK_TIME UNLIMITED
PASSWORD_GRACE_TIME UNLIMITED;


Profile created.

Assign the newly created profile to the user as default profile.

SQL> ALTER USER appusr PROFILE appusr_default;

User altered.

Unlock the user account:

SQL> ALTER USER appusr ACCOUNT UNLOCK;

User altered.

Now check again the status of APPUSR user.

SQL> SELECT username, account_status FROM dba_users WHERE username= ‘APPUSR’;

USERNAME ACCOUNT_STATUS    PROFILE
-------------------- --------------------
APPUSR     OPEN           APPUSR_DEFAULT





I hope this article helped you. Your suggestions/feedback are most welcome.

Keep learning... Have a great day!!!