I have this problem:
When I create the TEST user with the password TEST but in the PDBDB1 container
ALTER SESSION SET CONTAINER= PDBDB1;
CREATE USER TEST IDENTIFIED BY TEST ;
GRANT "CONNECT" TO TEST ;
GRANT "RESOURCE" TO TEST ;
ALTER USER "TEST" DEFAULT ROLE "CONNECT","RESOURCE";
And when I try to connect with SQL Developer from my laptop and use the srvpdb1 service (from this container),
I have an error: invalid username / password; logon denied
But when I give it SYSDBA permission
GRANT SYSDBA TO TEST;
And in SQL Developer, I will change Role: SYSDBA
It connects correctly to the correct container right away.
show con_name
CON_NAME
------------------------------
PDBDB1
Make sure your connection looks like this -
It's likely you copied your SYS connection, and had your Role set to 'SYSDBA' - which will give you a bad user/password response if the user doesn't have the SYSDBA role granted.
PS Don't grant this role to someone unless they are truly the type who will be doing dba work or upgrading/repairing your database.
When will I do:
SQL> revoke sysdba from TEST;
And I set Role: Default in SQL Developer unable to connect.
And I have an invalid user / password error.
And when (for tests only) I set:
SQL> GRANT SYSDBA TO TEST;
And I set "SYSDBA" in SQL Developer, the TEST user connects correctly.
Of course, I don't want to leave SYSDBA, but how do I make it connect properly?
Problem solved!
SEC_CASE_SENSITIVE_LOGON parameter on CDB database must be TRUE !
ALTER SYSTEM SET SEC_CASE_SENSITIVE_LOGON = true;
Related
I just installed Firebird for Win64, and I was trying to connect to the employee database which comes pre-packaged with ISQL.
Following the steps from the Firebird official QuickStart Documentation I opened the ISQL utility and entered:
connect localhost:employee user sysdba password masterkey;
As a result I got:
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
Strangest thing is that if I navigate to the employee database sample itself and issue the isql command from there I can successfully connect.
The difference is that connecting directly to a database file doesn't require a password, it will even ignore the password, and just use the provided user to know which privileges to apply.
Without a hostname, ISQL will by default use Firebird embedded mode, and not the server. To compare, try using isql employee.fdb (or isql employee), it will just login with your current OS username, while isql localhost:employee will fail with a 'Your user name and password are not defined'.
It looks like you specified a different password than the default of masterkey, or somehow the sysdba account wasn't initialized. I recall there was a problem with the installer of an earlier Firebird 3 version, but I don't think 3.0.2 should be affected by this (or at least: it worked for me).
If the SYSDBA account wasn't initialized, then follow the steps of the Firebird 3 release notes, section Initializing the Security Database:
Initialization Steps
Initialization is performed in embedded mode using the isql utility.
For an embedded connection, an authentication password is not required
and will be ignored if you provide one. An embedded connection will
work fine with no login credentials and “log you in” using your host
credentials if you omit a user name. However, even though the user
name is not subject to authentication, creating or modifying anything
in the existing security database requires that the user be SYSDBA;
otherwise, isql will throw a privilege error for the CREATE USER
request.
The SQL user management commands will work with any open database.
Because the sample database employee.fdb is present in your
installation and already aliased in databases.conf, it is convenient
to use it for the user management task.
Stop the Firebird server. Firebird 3 caches connections to the security database aggressively. The presence of server connections may
prevent isql from establishing an embedded connection.
In a suitable shell, start an isql interactive session, opening the employee database via its alias:
> isql -user sysdba employee
Create the SYSDBA user:
SQL> create user SYSDBA password 'SomethingCryptic';
SQL> commit;
SQL> quit;
To complete the initialization, start the Firebird server again. Now you will be able to perform a network login to databases,
including the security database, using the password you assigned to
SYSDBA.
Where 'SomethingCryptic', should be your password.
If a SYSDBA user was created, you will need to change its password if you no longer remember what you set. Follow the same steps, but in step 3 do:
SQL> alter user SYSDBA set password '<new password>';
SQL> commit;
SQL> quit;
If this gives an error "record not found for user: SYSDBA", make sure you are really connected as SYSDBA, otherwise retry the original step 3. Not having admin access will behave as if the user doesn't exist, so the error is the same if the user really doesn't exist, or if you are connected with an unprivileged user.
CONNECT 'employee' user 'SYSDBA' password 'masterkey';
You need make sure that your alias.conf have something like this: employee=C:/examplepath/employee.fdb
make sure that the services of firebird is on
After running these commands against an Azure SQL Server (in SSMS or using a command line utility):
-- run in the master table to create the login
CREATE LOGIN SusanDBA with password= 'U$3r---Pa55W0rd!!'
-- run against AnotherDB (not the master db)
CREATE USER SusanDBA from LOGIN SusanDBA
SusanDBA can login to open a connection to the AnotherDB but cannot execute the Alter Login command to change the password. This reportedly has to be done against the master database. But we don't want the user to connect to the master db for security reasons.
The command
Alter Login SusanDBA
with PASSWORD = 'U$3r---Pa55W0rd!!---'
OLD_PASSWORD='U$3r---Pa55W0rd!!'
Gets the response
Msg 5001, Level 16, State 3, Line 1 User must be in the master
database.
An administrator with appropriate master privileges can change the password but that kind of defeats the purpose: the administrator now knows the user's password.
Constraints:
- We are not in a position to use AD in this case so its SQL Authentication.
- We would like to use a command prompt utility like SQLCMD.
Correct syntax on March 2021
ALTER LOGIN [login] WITH PASSWORD='XXX' OLD_PASSWORD='NNN';
ALTER USER userName WITH PASSWORD='newPassword' OLD_PASSWORD='oldPassword';
also reference:
https://learn.microsoft.com/en-us/sql/t-sql/statements/alter-user-transact-sql?view=sql-server-ver15
I forgot to feed sys, system and hr password while Oracle DB installation and hit OK but now for SQ*Plus it needs those credentials for login in command prompt.How to get default user name and password?
You can simply login as :
sqlplus / as sysdba
Then give password to the respective users :
ALTER USER <username> IDENTIFIED BY <password>;
You can do that for all the three users.
I hope you are not on 12c. Else, you need to mention which CONTAINER are you working with. For example, if you are working on pluggable database, let's say PDBORCL, you need to do following steps :
connect / as sysdba;
alter session to set the container of which the respective users are a part of.
alter session set container=PDBORCL;
Then follow the same steps to change the passwords for the users.
CHANGE_ON_INSTALL is default password for sys and system.
You can directly login to database as sysdba from host machine and using installation user of oracle and execute below command to change system or sys password.
sqlplus "/as sysdba"
alter user sys identified by passwd;
Alternatively you can create password file to from host server
go to directory
$ORACLE_HOME\database (windows)
$ORACLE_HOME\dbs (unix\linux)
and execute
orapwd password=password file=orapwSID force=y entries=5
and login to database .
I have just created a new user on an newly created Oracle 12C database and cannot use it to login from either SQL*Plus or SQL Developer. What am I doing wrong? I can connect as SYSTEM but not as NEWGUY.
-- logged in as SYSTEM....
alter session set CONTAINER=PDBNEW
create user NEWGUY identified by FRED
grant connect to NEWGUY
I can connect as system but trying to connect changing only the username and password results in failure. (ORA-91917: invalid username/password; login denied.
I can see NEWGUY in the DBA_USERS table.
I'll amend this if you need more information....
Remember everyone that if you create a PDB you have to open it and set it to read/write in order for it to be open for business.
ALTER PLUGGABLE DATABASE myPDBDatabase OPEN READ WRITE;
I need to keep track of the last login time for each user in our SQL Server 2005 database.
I created a trigger like this:
CREATE TRIGGER LogonTimeStamp
ON ALL SERVER FOR LOGON
AS
BEGIN
IF EXISTS (SELECT * FROM miscdb..user_last_login WHERE user_id = SYSTEM_USER)
UPDATE miscdb..user_last_login SET last_login = GETDATE() WHERE user_id = SYSTEM_USER
ELSE
INSERT INTO miscdb..user_last_login (user_id,last_login) VALUES (SYSTEM_USER,GETDATE())
END;
go
This trigger works for users that are system admins but it won't allow regular users to login. I have granted public select,insert and update to the table but that doesn't seem to be the issue. Is there a way to set permissions on the trigger? Is there something else I am missing?
Regular users get the error message:
Logon failed for login 'xxxx' due to trigger execution.
Changed database context to 'xxxx',
Changed language setting to us_english. (Microsoft SQL Server, Error: 17892).
Thanks
EDIT: We have just noticed that this only happens for active directory accounts, not sql accounts.
For example:
C:\>osql -S server -E
Logon failed for login 'xxx\xxxx' due to trigger execution.
C:\>osql -S server -U xxxx
Password:
1>
First of all, I would strongly recommend that you move this table to either [master] or [msdb]. Having a Logon trigger dependent on any non-system database is very problematic.
Secondly, if the current question is "How to grant rights to all logins?" as stated in your comment, then the answer is: "Grant them to the Public server role." Every login is in that role, so its permissions apply to everyone.
CREATE TRIGGER [Logon_Audit_Tgr] ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN ....