FNDCPASS Utlity in R12.2

Changing passwords frequently helps ensure database security, Oracle Applications provides a command line utility, FNDCPASS, to change/reset Oracle Applications schema passwords. This utility changes the password registered in Oracle Applications tables, changes the schema password in the database and can also change user passwords.

Key Considerations:

  1. Autoconfig Requirement:
    After changing the APPLSYSPUB or GUEST user passwords, need to run the autoconfig.

  2. Pre-Change Preparations:

    • Shutdown Applications: Before changing the APPS password, make sure to shut down the application.
    • Backup Critical Tables: Perform a backup of the FND_USER and FND_ORACLE_USER_ID tables. If anything goes wrong during the password change process, you can restore these tables to revert to the previous state.
  1. Restrictions:

    • The system and sys user passwords cannot be changed using the FNDCPASS utility.
    • Users not registered in the FND metadata tables cannot be modified using this utility.
Syntax:

1. FNDCPASS  apps/apps 0 Y  system/manager  SYSTEM  APPLSYS WELCOME
2. FNDCPASS  apps/apps 0 Y  system/manager  ORACLE  GL      GL1
3. FNDCPASS  apps/apps 0 Y  system/manager  USER     VISION  WELCOME
4. FNDCPASS  apps/apps 0 Y  system/manager ALLORACLE
  
Note:

The SYSTEM token is used when changing the APPLSYS password.

The ORACLE token is used when changing a SINGLE Applications schema password.

The ALLORACLE token is used when changing ALL Applications schema passwords.

The USER token is used when changing an Applications USER password.


1. Changing Apps/Applsys password


FNDCPASS  apps/apps 0 Y  system/manager  SYSTEM  APPLSYS WELCOME


User: APPLSYS  
Password : cloneapps

What will happen in FNDCPASS Command changing in Apps Password:

Steps and Impacts of Changing the APPS Password:

  1. Shutdown the Application Tier Services:
    Before initiating the apps password change, it's essential to shut down the application tier services.

  2. Validation of the APPLSYS Schema:
    The utility will validate the APPLSYS schema, ensuring that everything is in order before proceeding with the password change.

  3. Re-registering the Password in Oracle Applications:
    Once the password is changed, it is re-registered within the Oracle Applications, ensuring that all components recognize the new credentials.

  4. Re-encryption of Passwords in Critical Tables:

    • The FND_USER table, which stores user passwords, will have all its passwords re-encrypted.
    • Similarly, all passwords in the FND_ORACLE_USER_ID table will also be re-encrypted.
  5. Updating Passwords in the FND_ORACLE_USER_ID Table:

    • The APPLSYS password is updated in the FND_ORACLE_USER_ID table.
    • The APPS password is also updated in the same table, ensuring consistency across the database.
  6. Synchronization of APPLSYS, APPS, and APPS_NE Passwords:

    • The APPLSYS and APPS passwords are changed to the same value.
    • The APPLSYS password change automatically updates the APPS and APPS_NE passwords to the same value, ensuring uniformity.
  7. Execution of the ALTER USER Command:
    The ALTER USER command is executed to officially change the Oracle password, reflecting the changes in the database.

  8. Updates in the DBS_USERS Table:
    The changes made are reflected in the DBS_USERS table, updating the password information.

  9. Running Autoconfig:
    After the password change, it is necessary to manually run Autoconfig to apply the changes across the Oracle Applications environment.

  10. Restarting the Application and Updating JDBC Datasource:

    • Start the admin server and update the JDBC datasource with the new password.
    • Once the updates are made, restart the entire application to ensure that the new password is fully integrated.


2.Changing Frontend User Password

FNDCPASS apps/cloneapps 0 Y system/system123 USER sysadmin sysadmin



User: sysadmin Password sysadmin

Once password changed after Run autoconfic in database and application side

Note:

0 & Y are flags for FNDCPASS

0 is request id (request ID 0 is assigned to request ID's which are not submitted via Submit Concurrent Request Form)

'Y' indicates that this method is directly invoked from the command-line and not from the Submit Request Form. 



Comments

  1. I wish to show thanks to you just for bailing me out of this particular trouble. As a result of checking through the net and meeting techniques that were not productive, Same as your blog I found another one Oracle Cloud Applications .Actually I was looking for the same information on internet for Oracle Cloud Applications Consultant and came across your blog. I am impressed by the information that you have on this blog. Thanks once more for all the details.

    ReplyDelete

Post a Comment

Popular posts from this blog

How to troubleshoot long running concurrent request in R12.2

How to run Gather Schema Statistics in R12.2

How to clear weblogic stuck threads in R12.2