Using the DBMS_SQL
Oracle Tips by
A common request from users is the ability to change their
password. Unfortunately, Oracle does not allow a user to change an
account password without having the ALTER USER privilege. This
privilege also allows users to change information other than the
password and for any user. So, unless you want to grant this level of
access to users, the DBA has the responsibility of assigning and
Letís use the DBMS_SQL package to create a
Change_Password() function, which the DBA can compile and make
accessible to all users. This function can be called from a systemís
front end, usually via a button on a form or a menu item, to allow the
user to change a password (and only a password). The
Change_Password() function is shown in Listing 9.3.
Listing 9.3 The Change_Password() function.
CREATE OR REPLACE
FUNCTION Change_Password (vUsername IN varchar2,
vPassword IN varchar2)
vCommand varchar2 (80);
IF (vUserName IS NULL OR vPassword IS NULL) THEN
vCommand := 'ALTER USER ' ||
'identified by ' ||
iCursorID := DBMS_SQL.Open_Cursor;
iReturned := DBMS_SQL.Execute (iCursorID);
WHEN OTHERS THEN
This function must be run by a user who has the ALTER USER
privilege. In this implementation, the function allows any userís
password to be changed. This particular implementation assumes that
you will pass only the login name of the current user as a parameter.
The function first builds the proper SQL*Plus command and stores it
in the vCommand string. The function then calls functions and
procedures in the DBMS_SQL package to parse and execute the
This function requires a username and password to be passed as
parameters. If the userís password is successfully changed, the
function returns 1. Otherwise, the function returns 0.
This is an excerpt from the book "High Performance Oracle
Database Automation" by Jonathan Ingram and Donald K.
Burleson, Series Editor.