Today I have a problem with Oracle.
I have Oracle Label Security (OLS) and Oracle Database Vault installed, but OLS is registered, ODV is not.
Today I register ODV too, and now, I can login to Enterprise Manager with user LBACSYS (of OLS) but when I click to OLS on Security tab, EM show me error :
You have been logged in to a Database with Database Vault installed on it. You do not have sufficient privileges to access the Database Vault features on Enterprise Manager. Please contact your administrator
I don't know how to use OLS with ODV enabled, can you tell me ?
Thanks.
Related
I am using Oracle database 21c Express edition in Windows x64.
With system user, I run
alter user `bichvan` account lock
With system user
but, in Oracle SQL Developer, session of user bichvan, I still can query.
Why alter user lock, still can query?
Documentation says:
To temporarily deny access to the database for a particular user account, you can lock the user account. If the user then attempts to connect, then the database displays an error message and does not allow the connection.
It means that lock won't affect currently logged users. But, if you disconnect and then try to connect, you won't be allowed to do that.
I'm new to Oracle and I'm currently hardening a database.
It's a good idea to drop SYS and SYSTEM users? normally default accounts are dropped because of security reasons, I can do that on Oracle, or I will break something?
From the documentation (emphasis added):
All databases include the administrative accounts SYS, SYSTEM, and DBSNMP. Administrative accounts are highly privileged accounts, and are needed only by individuals authorized to perform administrative tasks such as starting and stopping the database, managing database memory and storage, creating and managing database users, and so on. You log in to Oracle Enterprise Manager Database Express (EM Express) with SYS or SYSTEM. You assign the passwords for these accounts when you create the database with Oracle Database Configuration Assistant (DBCA). You must not delete or rename these accounts.
And:
All base (underlying) tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle Database.
So no, it is not a good idea, and it would destroy your database.
normally default accounts are dropped because of security reasons, I can do that on Oracle, or I will break something?
The first documentation link above also says (emphasis added again):
All databases also include internal accounts, which are automatically created so that individual Oracle Database features or components such as Oracle Application Express can have their own schemas. To protect these accounts from unauthorized access, they are initially locked and their passwords are expired. (A locked account is an account for which login is disabled.) You must not delete internal accounts, and you must not use them to log in to the database.
And it mentions sample schema accounts, which you can choose not to install in the first place, but which could be dropped if required.
The main thing is to secure all accounts, and you should limit any accounts you create to only have the minimum privileges necessary.
You can also read more about this in the database administrator's guide,
It is a very bad idea. I don't think the database will even work without them and doubt that the drop is allowed. Make sure the accounts are safe instead.
I just downloaded the Oracle Database 11g and I can't select,create,update or do anything. Every command that I entered and run only results to "ORA-01435: user does not exist"
What are the things that i need to do in order to enable creating and running some commands?
Here is a picture of ORA-01435: user does not exist
Please look at right upper corner SCHEMA:XS$NULL:
From Securing Oracle Database User Accounts
XS$NULL
An internal account that represents the absence of a user in a session. Because XS$NULL is not a user, this account can only be accessed by the Oracle Database instance. XS$NULL has no privileges and no one can authenticate as XS$NULL, nor can authentication credentials ever be assigned to XS$NULL.
Expired and locked
You need to change it to some specific schema.
I am facing a very unique situation here in Oracle DB.
I am facing "ORA-01017: invalid username/password; logon denied" error while logging in to my Oracle user using sqlplus.
Basic information about the system:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production.
2 database servers in cluster environment using Oracle clustering.
Please note that while using TOAD the user logs in perfectly however. The DB is accessible from toad using the connection details to login an individual db. It fails from TOAD while using the Cluster Scan-IP.
Following steps were performed before i started getting this issue.
I was getting a warning message from the Oracle for my user to change the password as it is expiring. Usually in situations like this i will reuse the same password however in this case it was not allowing me to reuse the same password. So I followed this link.
Now I am not able to login my user and I am even not able to completely change the password of my user and login.
Please advise with what went wrong.
Hi I am not sure exactly what your problem is, but these are the steps we follow to reuse a password:
get user profile
change profile to default
ALTER PROFILE "DEFAULT" LIMIT PASSWORD_REUSE_TIME UNLIMITED;
ALTER PROFILE "DEFAULT" LIMIT PASSWORD_REUSE_MAX UNLIMITED;
change password
ALTER PROFILE "DEFAULT" LIMIT PASSWORD_REUSE_TIME 120;
change profile back
Good luck!
The issue was caused because of special characters. I didn't imagine that "$" would be such a big deal in passwords. Anyway please find a work around for it here.
Trying to access default Database from Oracle 12c but Oracle 12c not accessing by default Username Scott and Password Tiger, Why?. While 11g provide the access.
Per the Docs
When you install Oracle Database with the Oracle Universal Installer,
the sample schemas are installed by default if you select the Basic
Installation option. Selecting the sample schemas option installs all
sample schemas (HR, OE, PM, SH, IX) in the database. If you choose not
to install the sample schemas at that time, you can add them later by
following the instructions in section "Manually Installing Sample
Schemas".
At the end of the installation process, a dialog box displays the
accounts that have been created and their lock status. By default, all
sample schemas are locked and their passwords are expired. Before you
can use a locked account, you must unlock it and reset its password.
You can unlock the accounts at this point in the installation process.
Alternatively, after the installation completes, you can unlock the
schemas and reset their passwords by using the ALTER USER ... ACCOUNT
UNLOCK statement.