Changing passwords in Oracle Database is a fundamental administrative task that can be accomplished through multiple methods. The most straightforward approach uses the ALTER USER SQL command, which provides direct control over user authentication parameters.
The basic syntax for changing a password in Oracle is:
ALTER USER username IDENTIFIED BY new_password;
For example, to change the password for user 'SCOTT':
ALTER USER SCOTT IDENTIFIED BY tiger123;
Oracle provides additional options for password management:
-- Change password with password expiry
ALTER USER SCOTT IDENTIFIED BY tiger123 PASSWORD EXPIRE;
-- Change password while keeping the old password for verification
ALTER USER SCOTT IDENTIFIED BY tiger123 REPLACE old_password;
-- Set account lock/unlock status during password change
ALTER USER SCOTT IDENTIFIED BY tiger123 ACCOUNT LOCK;
Changing passwords for privileged accounts requires special consideration:
-- For SYS user (typically done during installation)
ALTER USER SYS IDENTIFIED BY new_sys_password;
-- For SYSTEM user
ALTER USER SYSTEM IDENTIFIED BY new_system_password;
Oracle 11g and later versions enforce password complexity by default. To bypass this (not recommended for production):
-- Disable password verification temporarily
ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;
-- Change password
ALTER USER SCOTT IDENTIFIED BY simplepass;
-- Re-enable verification
ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION verify_function;
In SQL*Plus, you can use the PASSWORD command for interactive password changes:
SQL> PASSWORD SCOTT
Changing password for SCOTT
New password:
Retype new password:
For scripting purposes, you might need to handle password changes programmatically:
BEGIN
EXECUTE IMMEDIATE 'ALTER USER SCOTT IDENTIFIED BY '||:new_pass;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE('Password change failed: '||SQLERRM);
END;
/
To track password changes in your database:
-- Enable auditing for ALTER USER commands
AUDIT ALTER USER BY ACCESS;
-- Create a dedicated trigger for password change tracking
CREATE OR REPLACE TRIGGER track_password_changes
AFTER ALTER ON SCHEMA
BEGIN
IF (ORA_DICT_OBJ_TYPE = 'USER' AND ORA_IS_ALTER_PASSWORD) THEN
INSERT INTO pwd_change_audit VALUES
(ORA_DICT_OBJ_NAME, USER, SYSDATE);
END IF;
END;
/
In Oracle database administration, password management is a fundamental security operation. The ALTER USER command is the standard SQL statement used for modifying user credentials. This operation requires appropriate system privileges, typically possessed by DBAs or users with ALTER USER privilege.
The simplest form of the password change command is:
ALTER USER username IDENTIFIED BY new_password;
For example, to change the password for user 'app_user':
ALTER USER app_user IDENTIFIED BY Str0ngP@ssw0rd2023;
Oracle provides additional password-related clauses:
ALTER USER hr IDENTIFIED BY new_pass PASSWORD EXPIRE ACCOUNT UNLOCK PROFILE custom_profile;
This command simultaneously changes the password, forces expiration, unlocks the account, and assigns a profile.
Oracle 11g and later versions include password verification functions. To bypass complexity checks (not recommended for production):
ALTER USER system IDENTIFIED BY simplepass REPLACE oldpass NOVERIFY;
DBAs can change passwords for any user account:
ALTER USER scott IDENTIFIED BY tiger_new;
Regular users can only change their own passwords:
ALTER USER current_user IDENTIFIED BY new_secret;
For environments using proxy authentication:
ALTER USER app_user GRANT CONNECT THROUGH proxy_user AUTHENTICATED USING PASSWORD;
If encountering ORA-28003 (password verification failure), check your password complexity rules in the assigned profile:
SELECT resource_name, limit FROM dba_profiles WHERE profile = 'DEFAULT' AND resource_type = 'PASSWORD';
For batch password changes in shell scripts:
#!/bin/bash # This script changes passwords for multiple users for user in user1 user2 user3 do sqlplus -s / as sysdba <Always consider these security measures when changing passwords:
- Use encryption for scripts containing passwords
- Audit password change operations
- Implement password rotation policies
- Consider using Oracle Wallet for password storage