First, the purpose:Profiles in an
Oracle system can be used to limit the database resources that a user can use, creating
a profile using the
Create Profiles command,
It is used to implement restricted use of database resources, and if the
profile is assigned to a user, the database resources that the user can use are within
the limits of the profiles. second, conditions:the
creation profile must have the
system permissions of Create profile. to specify resource limits for users, you must:1. Use the alter system dynamically or use the initialization parameter Resource_limit to make resource restrictions effective. The change is not valid for the password resource and the password resource is always available. sql> Show Parameter Resource_limit NAME TYPE VALUE------------------------------------ ----------- ------------------------------Resource_limit Boolean FALSEsql> alter system set resource_limit=true;The system has changed. sql> show parameter resource_limit; NAME TYPE VALUE------------------------------------ ----------- ------------------------------Resource_limit Boolean TRUEsql>2. Create a
profile that defines a limit on database resources by using creation
profile. 3. Use the CREATE user or alter USER command
to assign the profile to the user. third, the syntax:
Profile Profile
LIMIT {resource_parameters
| Password_parameters
}
[Resource_parameters
| Password_parameters
]... ;
<resource_parameters>
{{Sessions_per_user
| Cpu_per_session
| Cpu_per_call
| Connect_time
| Idle_time
| Logical_reads_per_session
| Logical_reads_per_call
| Composite_limit
}
{integer | UNLIMITED | DEFAULT}
| Private_sga
{Integer [K | M] | UNLIMITED | DEFAULT}
}
< password_parameters >
{{failed_login_attempts
| Password_life_time
| Password_reuse_time
| Password_reuse_max
| Password_lock_time
| Password_grace_time
}
{expr | UNLIMITED | DEFAULT}
| Password_verify_function
{function | NULL | DEFAULT}
}Four, the grammatical explanation:
Profile: The name of the configuration file. The
Oracle Database forces resource throttling in the following ways:1. If the user exceeds the session resource limit of Connect_time or idle_time, the database rolls back the current transaction and ends the session. The user executes the command again, and the database returns an error,2. If the user tries to perform an operation that exceeds the other session resource limit, the database discards the operation, rolls back the current transaction, and returns an error immediately. After the user can commit or roll back the current transaction, the session must end. tip: You can limit the time by dividing one piece into multiple segments, such as 1 hours (1/24 days), and you can specify resource limits for the user, but the database will not enforce the limit until the parameters are valid. Unlimited: The user
assigning this profile has unrestricted access to the resource, and when the password parameter is used, Unlimited means that there is no restriction on the parameters. default: Specifying default means ignoring some resource constraints
on the profile, the default profile initial
definition is not limited to resources and can be
command to change. Resource_parameter Part Session_per_user: Specifies the number of concurrent sessions that limit the user. cpu_per_session: Specifies the Cpu time limit for the session, in 1% seconds. Cpu_per_call: Specifies the Cpu time limit for one invocation (parse, execute, and fetch) in 1% seconds. Connect_time: Specifies the total connection time, in minutes, for the session. Idle_time: Specifies the total time, in minutes, that the session is allowed to be continuously inactive, and the session will be disconnected. However, long-running queries and other operations are not subject to this limitation. logical_reads_per_session: Specifies the number of blocks of data that a session allows to read, including all blocks of data read from memory and disk. Logical_read_per_call: Specifies the maximum number of data blocks that are allowed to be read by the Execute SQL (parse, execute, and fetch) call at one time. PRIVATE_SGA: Specifies the maximum amount of space, in bytes, that a session can allow to allocate in the shared pool (SGA). (This restriction is only valid when using the shared server structure, where the private space of the session in the SGA includes both private and PL/SQL, but not shared SQL and PL/SQL). Composite_limit: Specifies the total resource consumption for a session, expressed in service units units.
Oracle Database calculates cpu_per_session,connect_time,logical_reads_per_session and PRIVATE-SGA total service units in a profitable way password_parameter section: failed_login_attempts: Specifies the maximum number of times that an attempt to log in is allowed before the account is locked out. Password_life_time: Specifies the number of days that the same password is allowed to use. If the Password_grace_time parameter is specified at the same time, if the password is not changed within grace period, the password is invalidated and the connection database is rejected. If the Password_grace_time parameter is not set, the default value of unlimited raises a database warning, but allows the user to continue the connection. Password_reuse_time and Password_reuse_max: These two parameters must be associated with each other, password_reuse_time specifies the number of days before the password cannot be reused, and password_reuse_ MAX Specifies the number of times the password has changed before the current password is reused. Two parameters must be set to an integer. 1. If an integer is specified for both parameters, the user cannot reuse the password until the password has been changed Password_reuse_max the specified number of times after the specified amount of time in Password_reuse_time. For Example: password_reuse_time=30,password_reuse_max=10, the user can reuse the password after 30 days, requiring the password to be changed more than 10 times. 2. If one of these is specified as an integer and the other is unlimited, the user can never reuse a password. 3. If one of the defaults is specified, the
Oracle database uses the default
values defined in the profile, and by default all parameters are set to
Unlimited in profiles. If the profile
default is not changed, the database is always default to unlimited for that value. 4. If all two parameters are set to unlimited, the database ignores them. Password_lock_time: Specifies the set time, in days, for the number of failed login attempts to reach payback households. Password_grace_time: Specifies the number of days to expire, and the database issues a warning to the number of days before the login expires. If the database password is not modified in the middle, the expiration is invalidated. password_verify_function: This field allows complex PL/SQL password validation scripts to be passed as parameters to
the Create profile statement. The
Oracle database provides a default script, but you can create your own validation rules or use third-party software validation. For a function name, specifying the name of the password validation rule, which is specified as NULL, means that the password verification feature is not used. If you specify an expression for the password parameter, the expression can be in any format except for the database-scalar subquery. v. Examples:1. Create a
profile:Create
profile new_
profileLimit Password_reuse_maxPassword_reuse_time;2. To
Set profile resource limits:Create
profile App_user limitSessions_per_user UnlimitedCpu_per_session UnlimitedCpu_per_callConnect_timelogical_reads_per_session DefaultLogical_reads_per_callPRIVATE_SGA 15kcomposite_limit 5000000;The total resource cost does not exceed 5 million service units. The formula for calculating the total resource cost is specified by the ALTER resource cost statement. 3. Set password limit
profile:Create
profile app_users2 limitfailed_login_attempts 5Password_life_timePassword_reuse_timePassword_reuse_max 5password_verify_function verify_functionpassword_lock_time 1/24Password_grace_time; 4. To assign a configuration file to a user:sql> alter user Dinya
profile App_user;The user has changed. sql> sql> alter user Dinya
profile default;The user has changed. sql>
Oracle®database SQL Reference
10g Release 1 (10.1)
Part number b10759-01
Oracle Create Profile