Skip Headers

Oracle® Database SQL Reference
10g Release 1 (10.1)

Part Number B10759-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page
Previous
Go to next page
Next
View PDF

ALTER USER

Purpose

Use the ALTER USER statement:

Prerequisites

You must have the ALTER USER system privilege. However, you can change your own password without this privilege.

Syntax


alter_user::=
Description of alter_user.gif follows
Description of the illustration alter_user.gif


proxy_clause::=
Description of proxy_clause.gif follows
Description of the illustration proxy_clause.gif


proxy_authentication::=
Description of proxy_authentication.gif follows
Description of the illustration proxy_authentication.gif

Semantics

The keywords, parameters, and clauses described in this section are unique to ALTER USER or have different semantics than they have in CREATE USER. Keywords, parameters, and clauses that do not appear here have the same meaning as in the CREATE USER statement.


Note:

Oracle Corporation recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform. Please refer to Oracle Database Administrator's Guide for more information about this recommendation.


See Also:

CREATE USER for information on the keywords and parameters and CREATE PROFILE for information on assigning limits on database resources to a user


IDENTIFIED Clause

DEFAULT TABLESPACE Clause

Use this clause to assign or reassign a tablespace for the user's permanent segments. This clause overrides any default tablespace that has been specified for the database.


TEMPORARY TABLESPACE Clause

Use this clause to assign or reassign a tablespace or tablespace group for the user's temporary segments.


Restriction on User Temporary Tablespace

Any individual tablespace you assign or reassign as the user's temporary tablespace must be a temporary tablespace and must have a standard block size.


DEFAULT ROLE Clause

Specify the roles granted by default to the user at logon. This clause can contain only roles that have been granted directly to the user with a GRANT statement. You cannot use the DEFAULT ROLE clause to enable:

Oracle Database enables default roles at logon without requiring the user to specify their passwords or otherwise be authenticated. If you have granted an application role to the user, you should use the DEFAULT ROLE ALL EXCEPT role clause to ensure that, in subsequent logons by the user, the role will not be enabled except by applications using the authorized package.


See Also:

CREATE ROLE


proxy_clause

The proxy_clause lets you control the ability of a proxy (an application or application server) to connect as the specified database or enterprise user and to activate all, some, or none of the user's roles.

The proxy_clause provides several varieties of proxy authentication of database and enterprise users. For information on proxy authentication of application users, see Oracle Database Application Developer's Guide - Fundamentals.


See Also:

Oracle Database Concepts for more information on proxies and their use of the database and "Proxy Users: Examples"


GRANT | REVOKE

Specify GRANT to allow the connection. Specify REVOKE to prohibit the connection.


CONNECT THROUGH Clause

Identify the proxy connecting to Oracle Database. Oracle Database expects the proxy to authenticate the user unless you specify the AUTHENTICATED USING clause.


WITH ROLE

WITH ROLE role_name permits the proxy to connect as the specified user and to activate only the roles that are specified by role_name.


WITH ROLE ALL EXCEPT

WITH ROLE ALL EXCEPT role_name permits the proxy to connect as the specified user and to activate all roles associated with that user except those specified for role_name.


WITH NO ROLES

WITH NO ROLES permits the proxy to connect as the specified user, but prohibits the proxy from activating any of that user's roles after connecting.

If you do not specify any of these WITH clauses, then Oracle Database activates all roles granted to the specified user automatically.


proxy_authentication

Use this clause to indicate how you want the proxy authenticated. This clause is valid only as part of the GRANT CONNECT THROUGH proxy clause (not REVOKE CONNECT THROUGH proxy).


AUTHENTICATION REQUIRED Clause

Specify AUTHENTICATION REQUIRED to ensure that authentication credentials for the user must be presented when the user is authenticated through the specified proxy. The credential is a password.


AUTHENTICATED USING

This clause has been deprecated and is ignored if you use it in your code. Oracle recommends that you specify the proxy clause either with or without the AUTHENTICATION REQUIRED clause.


See Also:


Examples


Changing User Identification: Example

The following statement changes the password of the user sidney (created in "Creating a Database User: Example") second_2nd_pwd and default tablespace to the tablespace example:

ALTER USER sidney 
    IDENTIFIED BY second_2nd_pwd
    DEFAULT TABLESPACE example; 

The following statement assigns the new_profile profile (created in "Creating a Profile: Example") to the sample user sh:

ALTER USER sh 
    PROFILE new_profile; 

In subsequent sessions, sh is restricted by limits in the new_profile profile.

The following statement makes all roles granted directly to sh default roles, except the dw_manager role:

ALTER USER sh 
    DEFAULT ROLE ALL EXCEPT dw_manager; 

At the beginning of sh's next session, Oracle Database enables all roles granted directly to sh except the dw_manager role.


Changing User Authentication: Examples

The following statement changes the authentication mechanism of user app_user1 (created in "Creating a Database User: Example"):

ALTER USER app_user1 IDENTIFIED GLOBALLY AS 'CN=tom,O=oracle,C=US';

The following statement causes user sidney's password to expire:

ALTER USER sidney PASSWORD EXPIRE;

If you cause a database user's password to expire with PASSWORD EXPIRE, then the user (or the DBA) must change the password before attempting to log in to the database following the expiration. However, tools such as SQL*Plus allow the user to change the password on the first attempted login following the expiration.


Assigning a Tablespace Group: Example

The following statement assigns tbs_grp_01 (created in "Adding a Temporary Tablespace to a Tablespace Group: Example") as the tablespace group for user sh:

ALTER USER sh
  TEMPORARY TABLESPACE tbs_grp_01;

Proxy Users: Examples

The following statement alters the user app_user1. The example permits the app_user1 to connect through the proxy user sh. The example also allows app_user1 to enable its warehouse_user role (created in "Creating a Role: Example") when connected through the proxy sh:

ALTER USER app_user1 
   GRANT CONNECT THROUGH sh
   WITH ROLE warehouse_user;

To show basic syntax, this example uses the sample database Sales History user (sh) as the proxy. Normally a proxy user would be an application server or middle-tier entity. For information on creating the interface between an application user and a database by way of an application server, please refer to Oracle Call Interface Programmer's Guide.


See Also:


The following statement takes away the right of user app_user1 to connect through the proxy user sh:

ALTER USER app_user1 REVOKE CONNECT THROUGH sh;

The following hypothetical examples shows another method of proxy authentication:

ALTER USER sully GRANT CONNECT THROUGH OAS1
   AUTHENTICATED USING PASSWORD;