It is critical that you change the apps password, the applsys password, and the passwords for all schemas that are responsible for licensed or shared products in your implementation.
There are two methods for changing passwords
==================================
a) Manual Method
**************************
******First (and probably by far the most important step) back up the FND_ORACLE_USERID table and the FND_USER table********
1. Make sure that all users are logged out of the application.
2. Shutdown the Concurrent Managers and make sure that any running concurrent jobs are finished.
3. Log into the applications' front end as a user with sysadmin responsibility.
4. Navigate to Register Oracle IDs form by following Security/Oracle/Register.
5. Query up into the form all available Oracle IDs in your version.
6. Log into SQL*Plus as SYSTEM or as SYSDBA (preferred).
$ sqlplus '/as sysdba'
7. In your applications session, enter your new password for the APPLSYS user in the following manner:
a. View/Query by example/Run
b. Change password of applsys/press down arrow.
c. Verify password of applsys/press down arrow.
d. File/save. Do not under any circumstances requery or exit the form at this time.
8. In the SQL*Plus session, run the following command:
SQL> alter user applsys identified by <same new
password as you entered into the screen>;
9. Back in the open applications session, enter the new password for APPS (the same one that was for applsys):
a. View/Query by example/Run
b. Change password of apps/press down arrow.
c. Verify password of apps/press down arrow.
d. File/save. Do not under any circumstances requery or exit the form at this time.
10. In the SQL*Plus session, run the following command:
SQL> alter user applsys identified by <same new
password as you entered into the screen>;
11. Exit entirely out of the application.
12. Completely close all of your browser sessions and empty the cache.
13. Log completely out of SQL*Plus.
14. Open a new browser session and log into the application as a user with sysadmin responsibility again.
15. Restart your Concurrent Managers after making sure that you changed the batch Concurrent Manager startup script password (remember, this script uses the APPS password).
You have now changed the two most critical passwords. You have up to 180 others that you will now have to change individually in exactly the same manner to make sure that your system and data are protected not only from anyone trying to gain unlawful access to your data, but from well meaning users or developers who want to see how things are done or who want quick access to just one little thing. It is important to note that this can take several hours if you have many modules implemented.
b) Batch Method
***********************
******First (and probably by far the most important step) back up the FND_ORACLE_USERID table and the FND_USER table********
...Fortunately, there is a simpler method. Oracle provides a utility called FNDCPASS that allows you to change passwords in batch mode.
***Patch 1685689*** provides you with this utility (check for new versions that include FNDCPASS through the patch download screens).
After you have installed the patch, you can run the following command to change the passwords:
Format:
FNDCPASS apps/<apps password> 0 Y system/<system password> SYSTEM APPLSYS APPS1
Examples:
FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS APPS1
-- The above example would be used to change the applsys password. By specifying SYSTEM parameter, you are telling FNDCPASS to expect the next argument in the string to be the applsys name and the password you want to assign to the applsys user.
a. Validate the applsys username is correct.
b. Re-encrypt all of the passwords in the FND_USER table based on the new applsys password (it is used as a seed value from what I understand).
c. Re-encrypt all passwords (again based on the value of the applsys password) in the FND_ORACLE_USERID table.
d. Updates the applsys password in the FND_ORACLE_USERID table and sets all IDs with the read only flag that refers to the fact that the associated user IDs have to have the same password as applsys. It sets those passwords the same as the applsys password at this point.
e. Runs an alter user <username> identified by <new password> command for all affected users at the database level.
FNDCPASS apps/apps 0 Y system/manager ORACLE BIS BIS1
-- Here (Oracle with BIS) passes Oracle as a parameter, telling FNDCPASS that it is an Oracle user ID and password (not an apps one) so all it needs to do is update and reencrypt the password in the FND_ORACLE_USERID table and run the alter user identified by script at the database level.
FNDCPASS apps/apps 0 Y system/manager USER CUSTOM_USER USER1
-- Here we are changing password of Normal EBS user password.
Note --->>>> APPLSYS's password and APPS's password always have to be identical.