To be more proactive in prevention of account expirations, create an automated report identifying those nearing expiration. Using the scripts outlined below, a report can be set up to run on startup. This provides awareness with ease. The following were excecuted using the SYS account.
Create an account responsible for the report process. Be sure to grant connect privilege to this account.
CREATE USER Expire_Report_User IDENTIFIED BY "EXAMPLE";
GRANT CONNECT TO Expire_Report_User;
Next, create a directory object specifying the destination for the report. Assign write privilege to account created.
CREATE DIRECTORY DIR_EXPIRE_REPORT AS 'C:\Users\mbond\Desktop';
GRANT WRITE ON DIRECTORY DIR_EXPIRE_REPORT TO Expire_Report_User;
Create a view using fields from the DBA_USERS table, including USERNAME, ACCOUNT_STATUS, and EXPIRY_DATE. Grant select privilege to the execution account and create a private synonym the account.
CREATE OR REPLACE VIEW V_ACCOUNT_EXPIRATION AS (
SELECT
USERNAME,
ACCOUNT_STATUS,
EXPIRY_DATE
FROM
DBA_USERS) WITH READ ONLY;
GRANT SELECT ON V_ACCOUNT_EXPIRATION TO Expire_Report_User;
CREATE SYNONYM Expire_Report_User.V_ACCOUNT_EXPIRATION FOR SYS.V_ACCOUNT_EXPIRATION;
Write a stored procedure that generates the report using the previously created view.
CREATE OR REPLACE PROCEDURE SP_EXPIRE_REPORT
AS
O_FILE UTL_FILE.FILE_TYPE;
l_fmt1 CONSTANT VARCHAR2(34) := '<!DOCTYPE HTML><HTML><HEAD><TITLE>';
l_fmt2 CONSTANT VARCHAR2(25) := '</TITLE></HEAD><BODY>';
l_fmt3 CONSTANT VARCHAR2(19) := '</BODY></HTML>';
l_Report_Heading VARCHAR2(500) := '<H2 style="color:rgb(164, 0, 0);"> Expiring Users Report for ' || TO_CHAR(SYSDATE,'mm/dd/yyyy') || '</H2>';
CURSOR c_Expiring_Users
IS
SELECT USERNAME,
ACCOUNT_STATUS,
EXPIRY_DATE
FROM V_ACCOUNT_EXPIRATION
WHERE EXPIRY_DATE <= SYSDATE + 500
AND ACCOUNT_STATUS = 'OPEN';
r_Expiring_Users V_ACCOUNT_EXPIRATION%ROWTYPE;
BEGIN
O_FILE := UTL_FILE.FOPEN('DIR_EXPIRE_REPORT','Expiring Users.html', 'W');
UTL_FILE.PUT_LINE(O_FILE,l_fmt1);
UTL_FILE.PUT_LINE(O_FILE,'Expiring Users Report');
UTL_FILE.PUT_LINE(O_FILE,l_fmt2);
UTL_FILE.PUT_LINE(O_FILE,l_REPORT_HEADING);
UTL_FILE.PUT_LINE(O_FILE,'<table><tr><td>Account</td><td>Expiring</td></tr>');
OPEN c_Expiring_Users;
LOOP
FETCH c_Expiring_Users INTO r_Expiring_Users;
EXIT
WHEN c_Expiring_Users%NOTFOUND;
UTL_FILE.PUT_LINE(O_FILE, '<tr><td>' || r_Expiring_Users.USERNAME || '</td><td>' || TO_CHAR(r_Expiring_Users.EXPIRY_DATE,'mm/dd/yyyy') || '</td></tr>');
END LOOP;
CLOSE c_Expiring_Users;
UTL_FILE.PUT_LINE(O_FILE,'</table>');
UTL_FILE.PUT_LINE(O_FILE,l_fmt3);
UTL_FILE.FCLOSE_ALL;
END;
GRANT EXECUTE ON SP_EXPIRE_REPORT TO Expire_Report_User;
CREATE SYNONYM Expire_Report_User.SP_EXPIRE_REPORT FOR SYS.SP_EXPIRE_REPORT;
After setting up the procedure in the database, create a script containing an anonymous block, executing the stored procedure.
BEGIN
sp_expire_report;
END;
/
EXIT
/
To automate the process, create a batch script starting SQL*Plus, signing in as the created account and executing the anonymous block. Include a line to open the report in a browser after the report is created. Finally, add the batch to the startup directory so that it runs on sign in.
CD "C:\Users\mbond\Desktop\Scripts\Expire Report for Oracle"
SQLPLUS Expire_Report_User/EXAMPLE@orcl @"ExpireReport.sql"
START chrome "C:\Users\mbond\Desktop\Expiring Users.html"
EXIT
The final Results:
Expiring Users Report for 10/25/2013
| Account | Expiring |
| SYSTEM | 04/15/2014 |
| SYS | 04/15/2014 |
| MITCH | 04/15/2014 |
| SYSMAN | 04/15/2014 |
| SCOTT | 04/15/2014 |
| DBSNMP | 04/15/2014 |
| MGMT_VIEW | 04/15/2014 |
| EXPIRE_REPORT_USER | 04/22/2014 |
| Attachment | Size |
|---|---|
| Create Expire Report.sql | 2.33 KB |