FNDCPASS is a utility in Oracle E-Business Suite (EBS) used for changing Oracle Applications (APPS) schema passwords. It's commonly used during Oracle EBS upgrades or when there is a need to rotate the APPS schema password for security reasons.

FNDCPASS used to change password for front end user, fnd_user and dba_users.


The syntax of FNDCPASS is


FNDCPASS apps/password 0 Y system/password mode USERNAME PASSWORD

Mode can be divided as

SYSTEM
ORACLE
USER
ALLORACLE


> MODE = SYSTEM

Syntax:

FNDCPASS apps/apps 0 Y system/manager SYSTEM APPLSYS WELCOME

It is used for changing the password for apps and applsys.
APPS and APPLSYS are database schemas of Oracle Applications.
Alter user command should never be used to change the apps & applsys accounts.Using alter will  De-synchronize both schema and which will cost a lot to the Oracle Application and Database.
Oracle recommends using FNDCPASS only to change apps and applsys password.

The password for APPS and APPLSYS should be same so the above command also changes the password for both.

Internally the command performs these steps:

1.Validations of current applsys & system password

2.Re-encrypt all password in FND_USER & FND_ORACLE_USERID

3.Update apps & applsys password in FND_ORACLE_USERID table.

4. Update DBA_USERS table as well.






> MODE = ORACLE/ALLORACLE

Syntax:

FNDCPASS apps/apps 0 Y system/manager ALLORACLE password
FNDCPASS apps/apps 0 Y system/manager ORACLE GL GL1

ALLORACLE mode will change the password for all product schema at one go.
Apply Oracle Apps patch 4745998 for getting ALLORACLE mode.

But if need to change the password for a specific product schema like AP,AR,GL etc then use ORACLE mode.

Internally the command performs these steps:

1.Validations of current applsys & system password

2. Update GL new password in FND_ORACLE_USERID table

3. Update DBA_USERS table as well.





> MODE = USER

Syntax:
FNDCPASS apps/apps 0 Y system/manager USER VISION WELCOME

It is used for changing the application level passwords like sysadmin,Kevin etc. (Front End applications user password).

Internally the command performs these steps:

1.Validations of current applsys & system password

2.Update VISION NEW password in FND_USER table.



0 & Y are flags for FND Executable like FNDCPASS & FNDLOAD where

0 is request id (request ID 0 is assigned to request ID's which are not submitted via Submit Concurrent Request Form).
'Y' indicates the method of invocation. i.e. it is directly invoked from the command-line not from the Submit Request Form.


Always exercise caution when working with administrative tools like FNDCPASS, and ensure that any changes made are in line with your organization's security policies and best practices.