How Can We Help?

Search for answers or browse our knowledge base.

Documentation | Demos | Support

< All Topics

How to change the “protect” user password in the Oracle database for Symantec DLP

  • DLP connects to the Oracle database using a user named “protect”.
  • The Oracle protect password is stored in an encrypted file named located on the Enforce server
  • The DBPasswordChanger utility is used to change the Oracle database password in that file.
  • In DLP versions 15.0 and earlier, the DBPasswordChanger is located in SymantecDLPProtectbin
  • In DLP versions 15.1 and later it is located at Program FilesSymantecDataLossPreventionEnforceServer15.5Protectbin (Windows), or /opt/SymantecDLP/Protect/bin (Linux).



To avoid an account lock-out, run the DBPasswordChanger utility as soon as possible after the Oracle Data Loss Prevention account password is changed. If a lock-out does occur, see the article: “ORA-28000: the account is locked” for resolution.


  • DLP Administrator password is rhubarb
  • New Oracle protect user password is potato


Process Overview:

  1. Shutdown all DLP services. (see Windows, see Linux)
  2. Change the database password within Oracle.
  3. Verify the new password.
  4. Change the password on the Enforce server.
  5. Start the DLP services.
  6. Log in to the Enforce UI.


Detailed steps for 2-4 above:

Changing the database password for the protect account on Oracle:

IMPORTANT: Be sure to follow the guidelines for acceptable passwords in the article: Password guidelines for the Oracle ‘protect’ user

– Start a sqlplus session:
sqlplus /nolog


– Login as sysdba:
SQL> connect sys as sysdba
(Enter the password when prompted.)


– Change the protect password to potato:
SQL> alter user protect identified by potato;
– Verify the password change:
SQL> conn protect/potato

– Exit sqlplus:
SQL> exit 

Changeing the password for the protect account used by the Enforce server:

NOTE: The examples assume a Windows installation; for Linux, substitute the appropriate paths (e.g. /opt/Vontu/Protect/bin)

– Start a command shell and change to the bin directory:
cd SymantecDLPProtectbin

– Change the Oracle password in the configuration file:

For version 15.0 and earlier:

The syntax for DBPasswordChanger is:

DBPasswordChanger <PasswordFilePath> <New Oracle Password>


DBPasswordChanger potato


For version 15.1 and later:

The syntax for DBPasswordChanger is:

DBPasswordChanger <PasswordFilePath> <New Oracle Password>


DBPasswordChanger “C:Program” potato

Was this article helpful?
4.5 out of 5 stars
5 Stars 0%
4 Stars 100%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents