Search for answers or browse our knowledge base.
How to change the “protect” user password in the Oracle database for Symantec DLP
- DLP connects to the Oracle database using a user named “protect”.
-
The Oracle protect password is stored in an encrypted file named DatabasePassword.properties located on the Enforce server
- The DBPasswordChanger utility is used to change the Oracle database password in that file.
- In DLP versions 15.0 and earlier, the DBPasswordChanger is located in SymantecDLPProtectbin
- In DLP versions 15.1 and later it is located at Program FilesSymantecDataLossPreventionEnforceServer15.5Protectbin (Windows), or /opt/SymantecDLP/Protect/bin (Linux).
NOTE:
To avoid an account lock-out, run the DBPasswordChanger utility as soon as possible after the Oracle Data Loss Prevention account password is changed. If a lock-out does occur, see the article: “ORA-28000: the account is locked” for resolution.
Example:
- DLP Administrator password is rhubarb
- New Oracle protect user password is potato
Process Overview:
- Shutdown all DLP services. (see Windows, see Linux)
- Change the database password within Oracle.
- Verify the new password.
- Change the password on the Enforce server.
- Start the DLP services.
- Log in to the Enforce UI.
Detailed steps for 2-4 above:
Changing the database password for the protect account on Oracle:
IMPORTANT: Be sure to follow the guidelines for acceptable passwords in the article: Password guidelines for the Oracle ‘protect’ user
– Start a sqlplus session:
sqlplus /nolog
– Login as sysdba:
SQL> connect sys as sysdba
(Enter the password when prompted.)
– Change the protect password to potato:
SQL> alter user protect identified by potato;
– Verify the password change:
SQL> conn protect/potato
– Exit sqlplus:
SQL> exit
Changeing the password for the protect account used by the Enforce server:
NOTE: The examples assume a Windows installation; for Linux, substitute the appropriate paths (e.g. /opt/Vontu/Protect/bin)
– Start a command shell and change to the bin directory:
cd SymantecDLPProtectbin
– Change the Oracle password in the configuration file:
For version 15.0 and earlier:
The syntax for DBPasswordChanger is:
DBPasswordChanger <PasswordFilePath> <New Oracle Password>
So:
DBPasswordChanger c:SymantecDLPprotectconfigDatabasePassword.properties potato
For version 15.1 and later:
The syntax for DBPasswordChanger is:
DBPasswordChanger <PasswordFilePath> <New Oracle Password>
So:
DBPasswordChanger “C:Program FilesSymantecDataLossPreventionEnforceServer15.5ProtectconfigDatabasePassword.properties” potato