- •Contents
- •Send Us Your Comments
- •Preface
- •What’s New in SQL Reference?
- •1 Introduction to Oracle SQL
- •History of SQL
- •SQL Standards
- •Embedded SQL
- •Lexical Conventions
- •Tools Support
- •2 Basic Elements of Oracle SQL
- •Datatypes
- •Oracle Built-in Datatypes
- •ANSI, DB2, and SQL/DS Datatypes
- •Oracle-Supplied Types
- •"Any" Types
- •XML Types
- •Spatial Type
- •Media Types
- •Datatype Comparison Rules
- •Data Conversion
- •Literals
- •Text Literals
- •Integer Literals
- •Number Literals
- •Interval Literals
- •Format Models
- •Number Format Models
- •Date Format Models
- •String-to-Date Conversion Rules
- •XML Format Model
- •Nulls
- •Nulls in SQL Functions
- •Nulls with Comparison Conditions
- •Nulls in Conditions
- •Pseudocolumns
- •CURRVAL and NEXTVAL
- •LEVEL
- •ROWID
- •ROWNUM
- •XMLDATA
- •Comments
- •Comments Within SQL Statements
- •Comments on Schema Objects
- •Hints
- •Database Objects
- •Schema Objects
- •Nonschema Objects
- •Parts of Schema Objects
- •Schema Object Names and Qualifiers
- •Schema Object Naming Rules
- •Schema Object Naming Examples
- •Schema Object Naming Guidelines
- •Syntax for Schema Objects and Parts in SQL Statements
- •How Oracle Resolves Schema Object References
- •Referring to Objects in Other Schemas
- •Referring to Objects in Remote Databases
- •Referencing Object Type Attributes and Methods
- •3 Operators
- •About SQL Operators
- •Unary and Binary Operators
- •Operator Precedence
- •Arithmetic Operators
- •Concatenation Operator
- •Set Operators
- •4 Expressions
- •About SQL Expressions
- •Simple Expressions
- •Compound Expressions
- •CASE Expressions
- •CURSOR Expressions
- •Datetime Expressions
- •Function Expressions
- •INTERVAL Expressions
- •Object Access Expressions
- •Scalar Subquery Expressions
- •Type Constructor Expressions
- •Variable Expressions
- •Expression Lists
- •5 Conditions
- •About SQL Conditions
- •Condition Precedence
- •Comparison Conditions
- •Simple Comparison Conditions
- •Group Comparison Conditions
- •Logical Conditions
- •Membership Conditions
- •Range Conditions
- •Null Conditions
- •EQUALS_PATH
- •EXISTS Conditions
- •LIKE Conditions
- •IS OF type Conditions
- •UNDER_PATH
- •Compound Conditions
- •6 Functions
- •SQL Functions
- •Single-Row Functions
- •Aggregate Functions
- •Analytic Functions
- •Object Reference Functions
- •Alphabetical Listing of SQL Functions
- •ACOS
- •ADD_MONTHS
- •ASCII
- •ASCIISTR
- •ASIN
- •ATAN
- •ATAN2
- •BFILENAME
- •BITAND
- •CAST
- •CEIL
- •CHARTOROWID
- •COALESCE
- •COMPOSE
- •CONCAT
- •CONVERT
- •CORR
- •COSH
- •COUNT
- •COVAR_POP
- •COVAR_SAMP
- •CUME_DIST
- •CURRENT_DATE
- •CURRENT_TIMESTAMP
- •DBTIMEZONE
- •DECODE
- •DECOMPOSE
- •DENSE_RANK
- •DEPTH
- •DEREF
- •DUMP
- •EMPTY_BLOB, EMPTY_CLOB
- •EXISTSNODE
- •EXTRACT (datetime)
- •EXTRACT (XML)
- •EXTRACTVALUE
- •FIRST
- •FIRST_VALUE
- •FLOOR
- •FROM_TZ
- •GREATEST
- •GROUP_ID
- •GROUPING
- •GROUPING_ID
- •HEXTORAW
- •INITCAP
- •INSTR
- •LAST
- •LAST_DAY
- •LAST_VALUE
- •LEAD
- •LEAST
- •LENGTH
- •LOCALTIMESTAMP
- •LOWER
- •LPAD
- •LTRIM
- •MAKE_REF
- •MONTHS_BETWEEN
- •NCHR
- •NEW_TIME
- •NEXT_DAY
- •NLS_CHARSET_DECL_LEN
- •NLS_CHARSET_ID
- •NLS_CHARSET_NAME
- •NLS_INITCAP
- •NLS_LOWER
- •NLSSORT
- •NLS_UPPER
- •NTILE
- •NULLIF
- •NUMTODSINTERVAL
- •NUMTOYMINTERVAL
- •PATH
- •PERCENT_RANK
- •PERCENTILE_CONT
- •PERCENTILE_DISC
- •POWER
- •RANK
- •RATIO_TO_REPORT
- •RAWTOHEX
- •RAWTONHEX
- •REFTOHEX
- •REGR_ (Linear Regression) Functions
- •REPLACE
- •ROUND (number)
- •ROUND (date)
- •ROW_NUMBER
- •ROWIDTOCHAR
- •ROWIDTONCHAR
- •RPAD
- •RTRIM
- •SESSIONTIMEZONE
- •SIGN
- •SINH
- •SOUNDEX
- •SQRT
- •STDDEV
- •STDDEV_POP
- •STDDEV_SAMP
- •SUBSTR
- •SYS_CONNECT_BY_PATH
- •SYS_CONTEXT
- •SYS_DBURIGEN
- •SYS_EXTRACT_UTC
- •SYS_GUID
- •SYS_TYPEID
- •SYS_XMLAGG
- •SYS_XMLGEN
- •SYSDATE
- •SYSTIMESTAMP
- •TANH
- •TO_CHAR (character)
- •TO_CHAR (datetime)
- •TO_CHAR (number)
- •TO_CLOB
- •TO_DATE
- •TO_DSINTERVAL
- •TO_MULTI_BYTE
- •TO_NCHAR (character)
- •TO_NCHAR (datetime)
- •TO_NCHAR (number)
- •TO_NCLOB
- •TO_NUMBER
- •TO_SINGLE_BYTE
- •TO_TIMESTAMP
- •TO_TIMESTAMP_TZ
- •TO_YMINTERVAL
- •TRANSLATE
- •TRANSLATE ... USING
- •TREAT
- •TRIM
- •TRUNC (number)
- •TRUNC (date)
- •TZ_OFFSET
- •UNISTR
- •UPDATEXML
- •UPPER
- •USER
- •USERENV
- •VALUE
- •VAR_SAMP
- •VARIANCE
- •VSIZE
- •WIDTH_BUCKET
- •XMLAGG
- •XMLCOLATTVAL
- •XMLCONCAT
- •XMLELEMENT
- •XMLFOREST
- •XMLSEQUENCE
- •XMLTRANSFORM
- •ROUND and TRUNC Date Functions
- •User-Defined Functions
- •Prerequisites
- •Name Precedence
- •7 Common SQL DDL Clauses
- •allocate_extent_clause
- •constraints
- •deallocate_unused_clause
- •file_specification
- •logging_clause
- •parallel_clause
- •physical_attributes_clause
- •storage_clause
- •8 SQL Queries and Subqueries
- •About Queries and Subqueries
- •Creating Simple Queries
- •Hierarchical Queries
- •The UNION [ALL], INTERSECT, MINUS Operators
- •Sorting Query Results
- •Joins
- •Using Subqueries
- •Unnesting of Nested Subqueries
- •Selecting from the DUAL Table
- •Distributed Queries
- •9 SQL Statements: ALTER CLUSTER to ALTER SEQUENCE
- •Types of SQL Statements
- •Organization of SQL Statements
- •ALTER CLUSTER
- •ALTER DATABASE
- •ALTER DIMENSION
- •ALTER FUNCTION
- •ALTER INDEX
- •ALTER INDEXTYPE
- •ALTER JAVA
- •ALTER MATERIALIZED VIEW
- •ALTER MATERIALIZED VIEW LOG
- •ALTER OPERATOR
- •ALTER OUTLINE
- •ALTER PACKAGE
- •ALTER PROCEDURE
- •ALTER PROFILE
- •ALTER RESOURCE COST
- •ALTER ROLE
- •ALTER ROLLBACK SEGMENT
- •ALTER SEQUENCE
- •10 SQL Statements: ALTER SESSION to ALTER SYSTEM
- •ALTER SESSION
- •ALTER SYSTEM
- •ALTER TABLE
- •ALTER TABLESPACE
- •ALTER TRIGGER
- •ALTER TYPE
- •ALTER USER
- •ALTER VIEW
- •ANALYZE
- •ASSOCIATE STATISTICS
- •AUDIT
- •CALL
- •COMMENT
- •COMMIT
- •13 SQL Statements: CREATE CLUSTER to CREATE JAVA
- •CREATE CLUSTER
- •CREATE CONTEXT
- •CREATE CONTROLFILE
- •CREATE DATABASE
- •CREATE DATABASE LINK
- •CREATE DIMENSION
- •CREATE DIRECTORY
- •CREATE FUNCTION
- •CREATE INDEX
- •CREATE INDEXTYPE
- •CREATE JAVA
- •14 SQL Statements: CREATE LIBRARY to CREATE SPFILE
- •CREATE LIBRARY
- •CREATE MATERIALIZED VIEW
- •CREATE MATERIALIZED VIEW LOG
- •CREATE OPERATOR
- •CREATE OUTLINE
- •CREATE PACKAGE
- •CREATE PACKAGE BODY
- •CREATE PFILE
- •CREATE PROCEDURE
- •CREATE PROFILE
- •CREATE ROLE
- •CREATE ROLLBACK SEGMENT
- •CREATE SCHEMA
- •CREATE SEQUENCE
- •CREATE SPFILE
- •15 SQL Statements: CREATE SYNONYM to CREATE TRIGGER
- •CREATE SYNONYM
- •CREATE TABLE
- •CREATE TABLESPACE
- •CREATE TEMPORARY TABLESPACE
- •CREATE TRIGGER
- •CREATE TYPE
- •CREATE TYPE BODY
- •CREATE USER
- •CREATE VIEW
- •DELETE
- •DISASSOCIATE STATISTICS
- •DROP CLUSTER
- •DROP CONTEXT
- •DROP DATABASE LINK
- •DROP DIMENSION
- •DROP DIRECTORY
- •DROP FUNCTION
- •DROP INDEX
- •DROP INDEXTYPE
- •DROP JAVA
- •DROP LIBRARY
- •DROP MATERIALIZED VIEW
- •DROP MATERIALIZED VIEW LOG
- •DROP OPERATOR
- •DROP OUTLINE
- •DROP PACKAGE
- •DROP PROCEDURE
- •DROP PROFILE
- •DROP ROLE
- •DROP ROLLBACK SEGMENT
- •17 SQL Statements: DROP SEQUENCE to ROLLBACK
- •DROP SEQUENCE
- •DROP SYNONYM
- •DROP TABLE
- •DROP TABLESPACE
- •DROP TRIGGER
- •DROP TYPE
- •DROP TYPE BODY
- •DROP USER
- •DROP VIEW
- •EXPLAIN PLAN
- •GRANT
- •INSERT
- •LOCK TABLE
- •MERGE
- •NOAUDIT
- •RENAME
- •REVOKE
- •ROLLBACK
- •18 SQL Statements: SAVEPOINT to UPDATE
- •SAVEPOINT
- •SELECT
- •SET CONSTRAINT[S]
- •SET ROLE
- •SET TRANSACTION
- •TRUNCATE
- •UPDATE
- •Required Keywords and Parameters
- •Optional Keywords and Parameters
- •Syntax Loops
- •Multipart Diagrams
- •Database Objects
- •ANSI Standards
- •ISO Standards
- •Oracle Compliance
- •FIPS Compliance
- •Oracle Extensions to Standard SQL
- •Character Set Support
- •Using Extensible Indexing
- •Using XML in SQL Statements
- •Index
ALTER USER
ALTER USER
Purpose
Use the ALTER USER statement:
■To change the authentication or database resource characteristics of a database user.
■To permit a proxy server to connect as a client without authentication.
Prerequisites
You must have the ALTER USER system privilege. However, you can change your own password without this privilege.
12-22 Oracle9i SQL Reference
ALTER USER
Syntax
alter_user::=
user
ALTER 
USER
,
user
|
|
|
|
|
REPLACE |
old_password |
|
|
BY |
password |
|
|
|
|
|
IDENTIFIED |
EXTERNALLY |
|
|
|
|
||
|
GLOBALLY |
AS |
’ |
external_name |
’ |
||
DEFAULT |
TABLESPACE |
tablespace |
|
|
|
||
TEMPORARY |
TABLESPACE |
tablespace |
|
|
|||
|
|
|
K |
|
|
|
|
|
|
|
M |
|
|
|
|
|
integer |
|
|
|
|
|
|
QUOTA |
|
|
|
|
ON |
tablespace |
|
|
UNLIMITED |
|
|
|
|
|
|
PROFILE |
profile |
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
role |
|
|
|
|
|
|
|
|
|
|
|
, |
|
DEFAULT |
ROLE |
|
|
EXCEPT |
role |
|
|
|
|
|
|
|
|||
ALL
;
NONE
PASSWORD 
EXPIRE
LOCK
ACCOUNT
UNLOCK
proxy_clause
SQL Statements: ALTER TRIGGER to COMMIT 12-23
ALTER USER
proxy_clause::=
|
|
|
|
|
|
|
|
|
, |
|
|
|
|
|
|
|
|
|
|
|
role_name |
|
|
|
|
|
|
|
|
|
|
ROLE |
|
|
|
|
, |
|
|
|
|
|
WITH |
|
|
|
ALL |
EXCEPT |
|
role_name |
|
GRANT |
|
|
|
|
|
NO |
|
ROLES |
|
|
|
|
CONNECT |
THROUGH |
proxy |
|
|
|
|
|
|
|
|
|
|
REVOKE |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PASSWORD |
|
|
|
|
|
|
|
|
|
|
AUTHENTICATED |
USING |
DISTINGUISHED |
NAME |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
TYPE |
’ |
type |
’ |
|
VERSION |
’ |
version |
’ |
|
|
CERTIFICATE |
|
|
|
|
|
|
|
|
|
|
Semantics
The keywords, parameters, and clauses described in this section are unique to ALTER USER or have different semantics than they have in CREATE USER. Keywords, parameters, and clauses that do not appear here have the same meaning as in the CREATE USER statement.
Note: Oracle Corporation recommends that user names and passwords be encoded in ASCII or EBCDIC characters only, depending on your platform. Please refer to Oracle9i Database Administrator’s Guide for more information about this recommendation.
See Also:
■CREATE USER on page 16-32 for information on the keywords and parameters
■CREATE PROFILE on page 14-71 for information on assigning limits on database resources to a user
IDENTIFIED Clause
■Specify BY password to specify a new password for the user.
12-24 Oracle9i SQL Reference
ALTER USER
Note: Oracle expects a different timestamp for each resetting of a particular password. If you reset one password multiple times within one second (for example, by cycling through a set of passwords using a script), then Oracle may return an error message that the password cannot be reused. For this reason, Oracle Corporation recommends that you avoid using scripts to reset passwords.
You can omit the REPLACE clause if you are setting your own password for the first time or you have the ALTER USER system privilege and you are changing another user’s password. However, unless you have the ALTER USER system privilege, you must always specify the REPLACE clause if a password complexity verification function has been enabled, either by running the UTLPWDMG.SQL script or by specifying such a function in the PASSWORD_ VERIFY_FUNCTION parameter of a profile that has been assigned to the user.
Note: Oracle does not check the old password, even if you provide it in the REPLACE clause, unless you are changing your own existing password. If such a check is important in other cases (for example, when a privileged user changes another user’s password), then ensure that the password complexity verification function prohibits password changes in which the old password is null, or use the OCIPasswordChange() call instead of ALTER USER. For more information, see Oracle Call Interface Programmer’s Guide.
See Also: Oracle9i Database Administrator’s Guide for information on the password complexity verification function
■Specify GLOBALLY AS ’external_name’ to indicate that the user must be authenticated by way of an LDAP V3 compliant directory service such as Oracle Internet Directory.
You can change a user’s access verification method to IDENTIFIED GLOBALLY AS ’external_name’ only if all external roles granted directly to the user are revoked.
You can change a user created as IDENTIFIED GLOBALLY AS ’external_ name’ to IDENTIFIED BY password or IDENTIFIED EXTERNALLY.
SQL Statements: ALTER TRIGGER to COMMIT 12-25
ALTER USER
See Also: CREATE USER on page 16-32, "Changing User
Identification: Example" on page 12-28, and "Changing User
Authentication: Examples" on page 12-28
TEMPORARY TABLESPACE Clause
The tablespace you assign or reassign as the user’s temporary tablespace must be a temporary tablespace and must have a standard block size.
DEFAULT ROLE Clause
Specify the roles granted by default to the user at logon. This clause can contain only roles that have been granted directly to the user with a GRANT statement. You cannot use the DEFAULT ROLE clause to enable:
■Roles not granted to the user
■Roles granted through other roles
■Roles managed by an external service (such as the operating system), or by the Oracle Internet Directory
Oracle enables default roles at logon without requiring the user to specify their passwords.
See Also: CREATE ROLE on page 14-79
proxy_clause
The proxy_clause lets you control the ability of a proxy (an application or application server) to connect as the specified database or enterprise user and to activate all, some, or none of the user’s roles.
Note: The proxy_clause provides several varieties of proxy authentication of database and enterprise users. For information on proxy authentication of application users, see Oracle9i Application Developer’s Guide - Fundamentals.
See Also: Oracle9i Database Concepts for more information on proxies and their use of the database and "Proxy Users: Examples" on page 12-29
12-26 Oracle9i SQL Reference
ALTER USER
GRANT | REVOKE
Specify GRANT to allow the connection. Specify REVOKE to prohibit the connection.
CONNECT THROUGH Clause
Identify the proxy connecting to Oracle. Oracle expects the proxy to authenticate the user unless you specify the AUTHENTICATED USING clause.
WITH ROLE WITH ROLE role_name permits the proxy to connect as the specified user and to activate only the roles that are specified by role_name.
WITH ROLE ALL EXCEPT WITH ROLE ALL EXCEPT role_name permits the proxy to connect as the specified user and to activate all roles associated with that user except those specified by role_name.
WITH NO ROLES WITH NO ROLES permits the proxy to connect as the specified user, but prohibits the proxy from activating any of that user’s roles after connecting.
If you do not specify any of these WITH clauses, then Oracle activates all roles granted to the specified user automatically.
AUTHENTICATED USING
Specify the AUTHENTICATED USING clause if you want proxy authentication to be handled by a source other than the proxy. This clause is relevant only as part of a
GRANT CONNECT THROUGH proxy clause.
PASSWORD Specify PASSWORD if you want the proxy to present the database password of the user for authentication. The proxy relies on the database to authenticate the user based on the password.
DISTINGUISHED NAME Specify DISTINGUISHED NAME to allow the proxy to act as the globally identified user indicated by the distinguished name.
CERTIFICATE Specify CERTIFICATE to allow the proxy to act as the globally identified user whose distinguished name is contained in the certificate.
In both the DISTINGUISHED NAME and CERTIFICATE cases, the proxy has already authenticated and is acting on behalf of a global database user.
■For type, specify the type of certificate to be presented. If you do not specify type, then the default is ’X.509’.
SQL Statements: ALTER TRIGGER to COMMIT 12-27
ALTER USER
■For version, specify the version of the certificate that is to be presented. If you do not specify version, then the default is ’3’.
Restriction on CERTIFICATE You cannot specify this clause as part of a REVOKE CONNECT THROUGH proxy clause.
See Also:
■
■
Oracle9i Security Overview for an overview of database security
Oracle9i Database Administrator’s Guide and Oracle9i Application Developer’s Guide - Fundamentals for information on middle-tier systems and proxy authentication
Examples
Changing User Identification: Example The following statement changes the password of the user sidney (created in "Creating a Database User: Example" on page 16-37) second_2nd_pwd and default tablespace to the tablespace example:
ALTER USER sidney
IDENTIFIED BY second_2nd_pwd
DEFAULT TABLESPACE example;
The following statement assigns the new_profile profile "Creating a Profile: Example" on page 14-76) to the sample user sh:
ALTER USER sh
PROFILE new_profile;
In subsequent sessions, sh is restricted by limits in the new_profile profile.
The following statement makes all roles granted directly to sh default roles, except the dw_manager role:
ALTER USER sh
DEFAULT ROLE ALL EXCEPT dw_manager;
At the beginning of sh’s next session, Oracle enables all roles granted directly to sh except the dw_manager role.
Changing User Authentication: Examples The following statement changes the authentication mechanism of user app_user1(created in "Creating a Database User: Example" on page 16-37) :
12-28 Oracle9i SQL Reference
ALTER USER
ALTER USER app_user1 IDENTIFIED GLOBALLY AS ’CN=tom,O=oracle,C=US’;
The following statement causes user sidney’s password to expire:
ALTER USER sidney PASSWORD EXPIRE;
If you cause a database user’s password to expire with PASSWORD EXPIRE, then the user (or the DBA) must change the password before attempting to log in to the database following the expiration. However, tools such as SQL*Plus allow the user to change the password on the first attempted login following the expiration.
Proxy Users: Examples The following statement alters the user app_user. The example permits the app_user to connect through the proxy user sh. The example also allows app_user to enable its warehouse_user role (created in "Creating a Role: Example" on page 14-81) when connected through the proxy sh:
ALTER USER app_user1
GRANT CONNECT THROUGH sh
WITH ROLE warehouse_user;
Note: To show basic syntax, this example uses the sample database Sales History user (sh) as the proxy. Normally a proxy user would be an application server or middle-tier entity. For information on creating the interface between an application user and a database by way of an application server, please refer to
Oracle Call Interface Programmer’s Guide.
See Also:
■"Creating External Database Users: Examples" on page 16-38 to see how to create the app_user user
■"Creating a Role: Example" on page 14-81 to see how to create the dw_user role
The following statement takes away the right of user app_user to connect through the proxy user sh:
ALTER USER app_user1 REVOKE CONNECT THROUGH sh;
The following hypothetical examples show other methods of proxy authentication:
SQL Statements: ALTER TRIGGER to COMMIT 12-29
ALTER USER
ALTER USER sully GRANT CONNECT THROUGH OAS1
AUTHENTICATED USING PASSWORD;
ALTER USER green GRANT CONNECT THROUGH WebDB
AUTHENTICATED USING DISTINGUISHED NAME;
ALTER USER brown GRANT CONNECT THROUGH WebDB
AUTHENTICATED USING CERTIFICATE TYPE ’X.509’ VERSION ’3’;
12-30 Oracle9i SQL Reference