Oracle Create Profile

First, the purpose:Profiles in an Oracle system can be used to limit the database resources that a user can use, creating a profile using the Create Profiles command, It is used to implement restricted use of database resources, and if the profile is assigned to a user, the database resources that the user can use are within the limits of the profiles. second, conditions:the creation profile must have the system permissions of Create profile. to specify resource limits for users, you must:1. Use the alter system dynamically or use the initialization parameter Resource_limit to make resource restrictions effective. The change is not valid for the password resource and the password resource is always available. sql> Show Parameter Resource_limit NAME TYPE VALUE------------------------------------ ----------- ------------------------------Resource_limit Boolean FALSEsql> alter system set resource_limit=true;The system has changed. sql> show parameter resource_limit; NAME TYPE VALUE------------------------------------ ----------- ------------------------------Resource_limit Boolean TRUEsql>2. Create a profile that defines a limit on database resources by using creation profile. 3. Use the CREATE user or alter USER command to assign the profile to the user. third, the syntax:

 Profile  Profile

LIMIT {resource_parameters

| Password_parameters

}

[Resource_parameters

| Password_parameters

]... ;

<resource_parameters>

{{Sessions_per_user

| Cpu_per_session

| Cpu_per_call

| Connect_time

| Idle_time

| Logical_reads_per_session

| Logical_reads_per_call

| Composite_limit

}

{integer | UNLIMITED | DEFAULT}

| Private_sga

{Integer [K | M] | UNLIMITED | DEFAULT}

}

< password_parameters >

{{failed_login_attempts

| Password_life_time

| Password_reuse_time

| Password_reuse_max

| Password_lock_time

| Password_grace_time

}

{expr | UNLIMITED | DEFAULT}

| Password_verify_function

{function | NULL | DEFAULT}

}Four, the grammatical explanation: Profile: The name of the configuration file. The Oracle Database forces resource throttling in the following ways:1. If the user exceeds the session resource limit of Connect_time or idle_time, the database rolls back the current transaction and ends the session. The user executes the command again, and the database returns an error,2. If the user tries to perform an operation that exceeds the other session resource limit, the database discards the operation, rolls back the current transaction, and returns an error immediately. After the user can commit or roll back the current transaction, the session must end. tip: You can limit the time by dividing one piece into multiple segments, such as 1 hours (1/24 days), and you can specify resource limits for the user, but the database will not enforce the limit until the parameters are valid.       Unlimited: The user assigning this profile has unrestricted access to the resource, and when the password parameter is used, Unlimited means that there is no restriction on the parameters. default: Specifying default means ignoring some resource constraints on the profile, the default profile initial definition is not limited to resources and can be command to change. Resource_parameter Part      Session_per_user: Specifies the number of concurrent sessions that limit the user. cpu_per_session: Specifies the Cpu time limit for the session, in 1% seconds. Cpu_per_call: Specifies the Cpu time limit for one invocation (parse, execute, and fetch) in 1% seconds. Connect_time: Specifies the total connection time, in minutes, for the session. Idle_time: Specifies the total time, in minutes, that the session is allowed to be continuously inactive, and the session will be disconnected. However, long-running queries and other operations are not subject to this limitation. logical_reads_per_session: Specifies the number of blocks of data that a session allows to read, including all blocks of data read from memory and disk. Logical_read_per_call: Specifies the maximum number of data blocks that are allowed to be read by the Execute SQL (parse, execute, and fetch) call at one time. PRIVATE_SGA: Specifies the maximum amount of space, in bytes, that a session can allow to allocate in the shared pool (SGA). (This restriction is only valid when using the shared server structure, where the private space of the session in the SGA includes both private and PL/SQL, but not shared SQL and PL/SQL). Composite_limit: Specifies the total resource consumption for a session, expressed in service units units. Oracle Database calculates cpu_per_session,connect_time,logical_reads_per_session and PRIVATE-SGA total service units in a profitable way       password_parameter section:      failed_login_attempts: Specifies the maximum number of times that an attempt to log in is allowed before the account is locked out. Password_life_time: Specifies the number of days that the same password is allowed to use. If the Password_grace_time parameter is specified at the same time, if the password is not changed within grace period, the password is invalidated and the connection database is rejected. If the Password_grace_time parameter is not set, the default value of unlimited raises a database warning, but allows the user to continue the connection. Password_reuse_time and Password_reuse_max: These two parameters must be associated with each other, password_reuse_time specifies the number of days before the password cannot be reused, and password_reuse_ MAX Specifies the number of times the password has changed before the current password is reused. Two parameters must be set to an integer. 1. If an integer is specified for both parameters, the user cannot reuse the password until the password has been changed Password_reuse_max the specified number of times after the specified amount of time in Password_reuse_time. For Example: password_reuse_time=30,password_reuse_max=10, the user can reuse the password after 30 days, requiring the password to be changed more than 10 times. 2. If one of these is specified as an integer and the other is unlimited, the user can never reuse a password. 3. If one of the defaults is specified, the Oracle database uses the default values defined in the profile, and by default all parameters are set to Unlimited in profiles. If the profile default is not changed, the database is always default to unlimited for that value. 4. If all two parameters are set to unlimited, the database ignores them. Password_lock_time: Specifies the set time, in days, for the number of failed login attempts to reach payback households. Password_grace_time: Specifies the number of days to expire, and the database issues a warning to the number of days before the login expires. If the database password is not modified in the middle, the expiration is invalidated. password_verify_function: This field allows complex PL/SQL password validation scripts to be passed as parameters to the Create profile statement. The Oracle database provides a default script, but you can create your own validation rules or use third-party software validation. For a function name, specifying the name of the password validation rule, which is specified as NULL, means that the password verification feature is not used. If you specify an expression for the password parameter, the expression can be in any format except for the database-scalar subquery.       v. Examples:1. Create a profile:Create profile new_ profileLimit Password_reuse_maxPassword_reuse_time;2. To Set profile resource limits:Create profile App_user limitSessions_per_user UnlimitedCpu_per_session UnlimitedCpu_per_callConnect_timelogical_reads_per_session DefaultLogical_reads_per_callPRIVATE_SGA 15kcomposite_limit 5000000;The total resource cost does not exceed 5 million service units. The formula for calculating the total resource cost is specified by the ALTER resource cost statement.       3. Set password limit profile:Create profile app_users2 limitfailed_login_attempts 5Password_life_timePassword_reuse_timePassword_reuse_max 5password_verify_function verify_functionpassword_lock_time 1/24Password_grace_time;             4. To assign a configuration file to a user:sql> alter user Dinya profile App_user;The user has changed. sql>             sql> alter user Dinya profile default;The user has changed. sql>

Oracle®database SQL Reference
10g Release 1 (10.1)
Part number b10759-01

Oracle Create Profile