RAC 下Oracle default 用户全部可以locked，包括sysrac

The following error occur while trying to change the password for SYSRAC or while trying to lock/unlock in?BETA:DB23C.

/home/oracle >sqlplus / as sysdba

SQL*Plus: Release 23.0.0.0.0 - Beta on Do Dec 15 09:06:24 2022
Version 23.1.0.0.0

Copyright (c) 1982, 2022, Oracle. All rights reserved.
Oracle Database 23c Enterprise Edition Release 23.0.0.0.0 - Beta
Version 23.1.0.0.0

SQL> alter user SYSRAC identified by Passw0rd;
alter user SYSRAC identified by Passw0rd
*
ERROR at line 1:
ORA-28222: may not modify reserved user


SQL> alter user SYSRAC account lock;
alter user SYSRAC account lock
*
ERROR at line 1:
ORA-28222: may not modify reserved user


SQL> alter user SYSRAC password expire account lock;
alter user SYSRAC password expire account lock
*
ERROR at line 1:
ORA-28222: may not modify reserved user

- The same error occur in version 21.3?

/refresh/home> sqlplus / as sysdba

SQL*Plus: Release 21.0.0.0.0 - Production on Thu Dec 15 13:54:44 2022
Version 21.3.0.0.0
Copyright (c) 1982, 2021, Oracle. All rights reserved.

Connected to:
Oracle Database 21c Enterprise Edition Release 21.0.0.0.0 - Production
Version 21.3.0.0.0

SQL> set pages 500
SQL> set line 300
SQL> col username for a30
SQL> select username,account_status,authentication_type from dba_users where username='SYSRAC';

USERNAME? ? ? ? ?ACCOUNT_STATUS? ? ? AUTHENTI
--------------? ?--------------? ? ?------------
SYSRAC? ? ? ? ? ?OPEN? ? ? ? ? ? ? ? NONE

SQL> alter user SYSRAC account lock;
alter user SYSRAC account lock
*
ERROR at line 1:
ORA-28222: may not modify reserved user

SQL> alter user SYSRAC identified by Passw0rd;
alter user SYSRAC identified by Passw0rd
*
ERROR at line 1:
ORA-28222: may not modify reserved user

?

SOLUTION

It's not allowed to lock (and unlock) SYSRAC and the authentication type cannot be changed, ONLY is allowed OS Authentication for SYSRAC.

According to the following Manual,after Upgrade to 19.3, account will be set to NO AUTHENTICATION. How to check it?

https://docs.oracle.com/en/database/oracle/oracle-database/19/upgrd/schema-only-accounts-upgraded-expired-password-accounts.html#GUID-D2C22951-2BBA-4A18-85C2-F0DF38839EF8

? During upgrades to Oracle Database 19c, default Oracle accounts that have not had their passwords reset before upgrade (and are set to?EXPIRED?status),

? and that are also set to?LOCKED?status, are set to?NO AUTHENTICATION?after the upgrade is complete.

SOLUTION

The authentication type is listed as NONE in the DBA_USERS view.
?

Before Upgrade (11.2.0.4)

SQL> SELECT username,
? 2???????? account_status,
? 3???????? authentication_type
? 4? FROM?? dba_users
? 5? WHERE ROWNUM < 10;

USERNAME?????????????????????? ACCOUNT_STATUS?????? AUTHENTI
------------------------------ -------------------- --------
SYSTEM???????????????????????? OPEN???????????????? PASSWORD
SYS??????????????????????????? OPEN???????????????? PASSWORD
SYSBACKUP????????????????????? EXPIRED & LOCKED???? PASSWORD
SYSRAC???????????????????????? EXPIRED & LOCKED???? PASSWORD
OJVMSYS??????????????????????? EXPIRED & LOCKED???? PASSWORD
SYSKM????????????????????????? EXPIRED & LOCKED???? PASSWORD
OUTLN????????????????????????? EXPIRED & LOCKED???? PASSWORD
SYS$UMF??????????????????????? EXPIRED & LOCKED???? PASSWORD
SYSDG????????????????????????? EXPIRED & LOCKED???? PASSWORD

9 rows selected.

SQL>

After Upgrade (19.3.0.0)

SQL> SELECT username,
? 2???????? account_status,
? 3???????? authentication_type
? 4? FROM?? dba_users
? 5? WHERE ROWNUM < 10;

USERNAME?????????????????????? ACCOUNT_STATUS?????? AUTHENTI
------------------------------ -------------------- --------
SYSTEM???????????????????????? OPEN???????????????? PASSWORD
SYS??????????????????????????? OPEN???????????????? PASSWORD
SYSBACKUP????????????????????? LOCKED?????????????? NONE
SYSRAC???????????????????????? LOCKED?????????????? NONE
OJVMSYS??????????????????????? LOCKED?????????????? NONE
SYSKM????????????????????????? LOCKED?????????????? NONE
OUTLN????????????????????????? LOCKED?????????????? NONE
SYS$UMF??????????????????????? LOCKED?????????????? NONE
SYSDG????????????????????????? LOCKED?????????????? NONE

9 rows selected.

SQL>