How to find who changed the user password in oracle?

@lew 

To find out who changed a user password in Oracle, you can review the audit logs for the database. Here are the steps you can follow:

1. Check the audit trail settings: Make sure that auditing of password changes is enabled in your Oracle database. You can do this by querying the DBA_PRIV_AUDIT_OPTS view:

1

SELECT * FROM DBA_PRIV_AUDIT_OPTS WHERE PRIVILEGE = 'ALTER USER';

If you see a row with 'ALTER USER' privilege and AUDIT_OPTION = 'BY SESSION', it means that password changes are being audited.

1. Review the audit trail: You can review the audit trail to see if any password changes have been recorded. You can query the DBA_AUDIT_TRAIL view for this:

1

SELECT * FROM DBA_AUDIT_TRAIL WHERE ACTION_NAME = 'ALTER USER' AND OBJ_NAME = 'USERNAME' AND OBJ_PRIVILEGE = 'ALTER USER';

Replace 'USERNAME' with the actual username for which you want to find the password change details. This query will give you information about who changed the password and when it was changed.

1. Check the default auditing settings: If auditing of password changes is not enabled, you can still check the default auditing settings to see if any information is available about the password change. You can query the DBA_STMT_AUDIT_OPTS view for this:

1

SELECT * FROM DBA_STMT_AUDIT_OPTS WHERE OBJ_NAME = 'USERNAME';

Replace 'USERNAME' with the actual username for which you want to find the password change details. This query will show you if there are any default auditing settings for the user in question.

By following these steps, you should be able to find out who changed the user password in Oracle. Remember that auditing needs to be enabled for these steps to work.