Oracle profile usage

Oracle profile usage description 1. Purpose: The profile in the Oracle system can be used to restrict the database resources that users can use. Use the create profile command to create a profile, it is used to restrict the use of database resources. If the profile is assigned to the user, all the database resources that the user can use are within the limit of the profile. 2. condition: You must have the system permission to create a profile. Specify resource limits for users. Required: 1. dynamically use alter system or use the initialization parameter resource_limit to make the resource limits take effect. This change is invalid for password resources and password resources are always available. SQL> show parameter resource_limit name type value -------------------------------------- ------------------------------------ resource_limit Boolean false SQL> alter system set resource_limit = true. SQL> show parameter resource_limit; Name type value limit ------------- ------------------------------ resource_limit Boolean true SQL> 2. Use create profile to create a profile that defines database resource restrictions. 3. Use the create user or alter USER command to allocate the profile to the user. Iii. Syntax:

     CREATE PROFILE profile

LIMIT { resource_parameters

         | password_parameters

         }

           [ resource_parameters

           | password_parameters

           ]... ;

<Resource_parameters>

{ { SESSIONS_PER_USER

 | CPU_PER_SESSION

 | CPU_PER_CALL

 | CONNECT_TIME

 | IDLE_TIME

 | LOGICAL_READS_PER_SESSION

 | LOGICAL_READS_PER_CALL

 | COMPOSITE_LIMIT

 }

 { integer | UNLIMITED | DEFAULT }

| PRIVATE_SGA

 { integer [ K | M ] | UNLIMITED | DEFAULT }

}

<Password_parameters>

{ { FAILED_LOGIN_ATTEMPTS

 | PASSWORD_LIFE_TIME

 | PASSWORD_REUSE_TIME

 | PASSWORD_REUSE_MAX

 | PASSWORD_LOCK_TIME

 | PASSWORD_GRACE_TIME

 }

 { expr | UNLIMITED | DEFAULT }

| PASSWORD_VERIFY_FUNCTION

     { function | NULL | DEFAULT }

} 4. syntax description: Profile: name of the configuration file. Oracle Database forces resource restrictions in the following ways: 1. If the user exceeds the session resource limit of connect_time or idle_time, the database rolls back the current transaction and ends the session. When the user executes the command again, the database returns an error. 2. If the user attempts to perform an operation that exceeds the limit of other session resources, the database abandons the operation, rolls back the current transaction, and immediately returns an error. After that, you can submit or roll back the current transaction. You must end the session. Tip: You can divide a row into multiple segments, such as one hour (1/24 days) to limit the time. You can specify resource restrictions for users, but the database will only execute the restrictions after the parameters take effect. Unlimited: the user who assigns the profile has no limit on the resource usage. When the password parameter is used, unlimited means that there is no limit on the parameter. Default: if it is set to default, some resource restrictions on the profile are ignored. The initial definition of the default profile is not limited to resources and can be changed through the alter profile command. Resource_parameter part session_per_user: specifies the number of concurrent sessions of a user. Cpu_per_session: Specifies the CPU time limit of the session, in the unit of 1% seconds. Cpu_per_call: Specifies the CPU time limit for one call (resolution, execution, and extraction), in 1% seconds. Connect_time: Specifies the total connection time of a session, in minutes. Idle_time: Specifies the total time for a session to allow continuous inactivity, in minutes. If the duration is exceeded, the session will be disconnected. However, long-running queries and other operations are not restricted. Logical_reads_per_session: specify the number of data blocks that a session can read, including all data blocks read from memory and disk. Logical_read_per_call: specify the maximum number of data blocks that can be read when an SQL statement (parsing, execution, and extraction) call is executed. Private_sga: specify the maximum space that a session can allocate in the Shared Pool (SGA), in bytes. (This restriction is only valid when the Shared Server structure is used. The private space of a session in SGA includes private SQL and PL/SQL, but not shared SQL and PL/SQL ). Composite_limit: Specifies the total resource consumption of a session, in the unit of service units. The Oracle Database calculates the maximum number of attempts allowed to log on to cpu_per_session, connect_time, logical_reads_per_session, and private-SGA service units password_parameter in a favorable way. Password_life_time: specifies the number of days allowed by the same password. If the password_grace_time parameter is specified at the same time, if the password is not changed within grace period, the password will be invalid and the connection to the database will be rejected. If the password_grace_time parameter is not set, the default value of unlimited will throw a database warning, but allow the user to continue the connection. Password_reuse_time and password_reuse_max: these two parameters must be associated. password_reuse_time specifies the number of days before the password cannot be reused, while password_reuse_max specifies the number of times the password has changed before the current password is reused. Both parameters must be set as integers. 1. If an integer is specified for these two parameters, the user cannot reuse the password until the password is changed to the number of times specified by password_reuse_max and later within the time specified by password_reuse_time. For example, if password_reuse_time = 30 and password_reuse_max = 10, you can reuse the password after 30 days. The password must be changed more than 10 times. 2. If one of them is specified as an integer and the other is unlimited, the user can never reuse a password. 3. if one of them is specified as default, Oracle database uses the default value defined in profile. By default, all parameters are set as unlimited in profile. If the default value of profile is not changed, the database always defaults to unlimited. 4. If both parameters are set to unlimited, the database ignores them. Password_lock_time: Specify the account contraction time after the number of failed login attempts reaches, in days. Password_grace_time: specifies the number of days before the database returns a warning. If the database password is not modified in the middle, it will expire. Password_verify_function: this field allows you to pass complex PL/SQL password verification scripts as parameters to the create profile statement. Oracle Database provides a default script, but you can create your own verification rules or use third-party software for verification. For the function name, specify the name of the password verification rule. If it is null, the password verification function is not used. If an expression is specified for the password parameter, the expression can be in any format, except for database scalar queries. V. Example: 1. create a profile: create profile new_profile limit password_reuse_max 10 password_reuse_time 30; 2. set profile resource limit: create profile app_user limit sessions_per_user unlimited cpu_per_session unlimited cpu_per_call 3000 connect_time 45 limit default limit 1000 private_sga 15 K composite_limit 5000000; total resource cost cannot exceed 5 million service units. The formula for calculating the total resource cost is specified by the alter resource cost statement. 3. set Password restrictions profile: create profile app_users2 limit 5 password_life_time 60 password_reuse_time 60 password_reuse_max 5 password_verify_function verify_function password_lock_time 1/24 password_grace_time 10; 4. assign the configuration file to the user: SQL> alter user dinya profile app_user; the user has changed. SQL> alter user dinya profile default; the user has changed. SQL>

Oracle Database SQL reference
10GRelease 1 (10.1)
Part number B10759-01