Trigger to track user password changes in table

I need to create a trigger which tracks user password changes into a table my_table. I have a database user who has alter user privileges and would like him to change users who belong to his group. That is, when the user changes the password for a user, the trigger fires and inserts info into my_table. In case this user tries to change another user's password, the trigger should fire again telling him 'cannot alter the user.'

I need to create a trigger which tracks user password changes into a table my_table. I have a database user who has alter user privileges and would like him to change users who belong to his group. That is, when the user changes the password for a user, the trigger fires and inserts info into my_table. In case this user tries to change another user's password, the trigger should fire again telling him 'cannot alter the user.'

I'm enclosing the trigger code I wrote:

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

 create or replace trigger LOGG_TRAIL
  before alter on database
  when (ora_dict_obj_type = 'USER' and 
ora_dict_obj_name != user
        and sys_context('USERENV','ISDBA') = 'FALSE' ); 
declare
  by_user  varchar2(30);
  to_user  varchar2(30);
  vprofile varchar2(30);
begin
  select to.PROFILE into vprofile
  from DBA_USERS by, DBA_USERS to
  where by.USERNAME = user
  and to.USER_NAME = ora_dict_obj_name
  and by.PROFILE = to.PROFILE;
 
  insert into TRAIL_TEMP (USER_ALTERED, PASSWORD_MODIFIED_BY, 
PASSWORD_MODIFIED_DATE, PROFILE)
  values (ora_dict_obj_name, user, sysdate, vprofile); exception
  when others then
    raise_application_error (-20001,'can''t alter user'); end; /

This gives errors. Can you please check it? Your help will be highly appreciated.

If I had to perform this action, I would take a slightly different route. Each user is assigned a profile and that profile can include a password verification function. There is nothing stopping you from coding your rules in that password verification function. This function can insert rows of data into another table and raise exceptions.

This was last published in August 2006

Dig Deeper on Oracle database design and architecture

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Oracle Database / Applications experts

View all Oracle Database / Applications questions and answers

SearchDataManagement

Related Resources

Dig Deeper on Oracle database design and architecture

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.