password resetting

[smacattack]

Our helpdesk require oracle user access to take the burden of resetting passwords for users off our hands.

Is there any secure way of giving them an oracle user which only has this permissions and nothing else, giving people outside of the dba team admin permissions is something I do not want to do, no matter how trust worthy.


We will be using a unix user menu system to try and stop people doing any damage but this does not stop the inquisitive being able to use other oracle software which might be on there desktop for other applications etc!

Any ideas of how I action this or any better ways to implement such a request.

Thanks

 

[alexhu]

Can you use a batch job for this?

I have in the past used a batch system running as root to change user UNIX passwords (always to the same string, but then user resets on initial login).

The help desk had no access to the job as it was within a secure menu system

Alex

 

[smacattack]

The secure menu access and script from the unix side is not a problem its the permissions of the oracle user i want to use to reset password.
Is there any type of user i can setup on the oracle side which does not require full dba access but still can get to password maintenance.

cheers

 

[alexhu]

You must have DBA in order to change a users password, so why not use an ID with that role ?

Alex

 

[ddiamond]

The only thing you need to change a user's password is the ALTER USER system privilege and of course the CONNECT privilege.