Oracle learns the next day---profile usage

Environment: Oracle 11g

I. Transfer of AUTHORITY

1. If you are passing object permissions, add the following with GRANT option;

Eg:system the user has a table for temp, and only wants to usertest the user has permission to query, then:

Grant Select  on Temp  to  with Grant option;

2. If you are passing system permissions, add the With admin option;

Eg:system users to pass the Connect role to Usertest users:

Grant  to  with option;

Two. Profile use detailed

1. Purpose:

Profiles in an Oracle database system can be used to restrict the database resources that users can use, and create a profile using the Creation Profiles command, which allows for limited use of database resources. If you assign a profile to a user, the database resources that the user can use are within the limits of that profile.

2. Conditions:

You must have DBA authority to configure the profile file.

3. Syntax:

CREATE profile

LIMIT {resource_parameters

| Password_parameters

}

[Resource_parameters

| Password_parameters

]... ;

<resource_parameters>

{{Sessions_per_user

| Cpu_per_session

| Cpu_per_call

| Connect_time

| Idle_time

| Logical_reads_per_session

| Logical_reads_per_call

| Composite_limit

}

{integer | UNLIMITED | DEFAULT}

| Private_sga

{Integer [K | M] | UNLIMITED | DEFAULT}

}

4. Grammar Explanation:

Resource_parameter Part
Session_per_user: Specifies the number of concurrent sessions that limit the user.
cpu_per_session: Specifies the Cpu time limit for the session, in 1% seconds.
Cpu_per_call: Specifies the Cpu time limit for one invocation (parse, execute, and fetch) in 1% seconds.
Connect_time: Specifies the total connection time, in minutes, for the session.
Idle_time: Specifies the total time, in minutes, that the session is allowed to be continuously inactive, and the session will be disconnected. However, long-running queries and other operations are not subject to this limitation.
logical_reads_per_session: Specifies the number of blocks of data that a session allows to read, including all blocks of data read from memory and disk.
Logical_read_per_call: Specifies the maximum number of data blocks that are allowed to be read by the Execute SQL (parse, execute, and fetch) call at one time.
PRIVATE_SGA: Specifies the maximum amount of space, in bytes, that a session can allow to allocate in the shared pool (SGA). (This restriction is only valid when using the shared server structure, where the private space of the session in the SGA includes both private and PL/SQL, but not shared SQL and PL/SQL).
Composite_limit: Specifies the total resource consumption for a session, expressed in service units units. Oracle database calculates cpu_per_session,connect_time,logical_reads_per_session and PRIVATE-SGA total service units in a profitable way
      
password_parameter section:  
failed_login_attempts: Specifies the maximum number of times that an attempt to log in is allowed before the account is locked out.
Password_life_time: Specifies the number of days that the same password is allowed to use. If the Password_grace_time parameter is specified at the same time, if the password is not changed within grace period, the password is invalidated and the connection database is rejected. If the Password_grace_time parameter is not set, the default value of unlimited raises a database warning, but allows the user to continue the connection.
Password_reuse_time and Password_reuse_max: These two parameters must be associated with each other, password_reuse_time specifies the number of days before the password cannot be reused, and password_reuse_ MAX Specifies the number of times the password has changed before the current password is reused. Two parameters must be set to an integer.
1>. If an integer is specified for both parameters, the user cannot reuse the password until the password has been changed Password_reuse_max the specified number of times after the specified amount of time in Password_reuse_time.
For Example: password_reuse_time=30,password_reuse_max=10, the user can reuse the password after 30 days, requiring the password to be changed more than 10 times.
2>. If one of these is specified as an integer and the other is unlimited, the user can never reuse a password.
3>. If you specify one of the default values that are defined in profile for the Default,oracle database, all parameters are set to unlimited in profiles by default, and if you do not change the profile default value, The database always defaults to unlimited for this value.
4>. If all two parameters are set to unlimited, the database ignores them.
Password_lock_time: Specifies the set time, in days, for the number of failed login attempts to reach payback households.
Password_grace_time: Specifies the number of days to expire, and the database issues a warning to the number of days before the login expires. If the database password is not modified in the middle, the expiration is invalidated.
password_verify_function: This field allows complex PL/SQL password validation scripts to be passed as parameters to the Create profile statement. The Oracle database provides a default script, but you can create your own validation rules or use third-party software validation. For a function name, specifying the name of the password validation rule, which is specified as NULL, means that the password verification feature is not used. If you specify an expression for the password parameter, the expression can be in any format except for the database-scalar subquery.

5. Example:

Instance 1> limit the number of times usertest users try to enter a password 3 times and 3 input errors, then lock the account for 3 days:

To unlock the account, use the following statement:

Sql>alter user Usertest (your_user_name) account unlock;

Instance 2> force the user to modify the password periodically. Allow usertest users to change their login password every 10 days with a grace period of 2 days:

Instance 3> you want users to be able to change their passwords without using their last password:

Use the password history so that the Oracle database will store the password modification information in the data dictionary, so that when the user modifies the password, the old and new password will be matched, and when found consistent, remind the user to re-enter the password

6. Delete profile configuration

Drop [Cascade];

Oracle learns the next day---profile usage