Oracle User Locked Unlock method

Source: Internet
Author: User
Tags database issues set time

Modified the user password, the next day came to find the user is locked, walking in the evening is also good.

Alter profile DEFAULT limit failed_login_attempts UNLIMITED;

Alter user xxxx account unlock;

Ok!

--1.
--System parameter configuration connect Sys/[email Protected]_link as Sysdba

SELECT * from Dba_profiles where resource_name like ' failed_login_attempts% ';


--1 DEFAULT failed_login_attempts PASSWORD 10
--Continuous error connection 10 times the user is locked
--2.
--View the locked user
Select Lock_date,username from dba_users where username= ' username ';
Lock_date NULL indicates no lock, non-null is locked.

-----
SELECT S.username,
DECODE (L.type, ' TM ', ' TABLE lock ', ' TX ', ' ROW lock ', NULL) Lock_level,
O.owner,
O.object_name,
O.object_type,
S.sid,
s.serial#,
S.terminal,
S.machine,
S.program,
S.osuser
From V$session S, V$lock L, Dba_objects O
WHERE S.sid = L.sid
and o.object_id = L.id1
And S.username is not NULL;
--3.
--Unlocking method
ALTER USER user_name Account UNLOCK;
--value of attention, during the upgrade process, the locked user, may not be worth a
--Re-upgrade

-----Set the default number of logins for the system

Alter profile DEFAULT limit failed_login_attempts 10;

Alter profile DEFAULT limit failed_login_attempts UNLIMITED;

------------

The Data Administrator sets the number of logins for this user individually to find the corresponding profile for this user and then modify it. You can see the user's creation name to find the corresponding setting.

Profiles in an Oracle system can be used to restrict the database resources that a user can use, create a profile using the Create Profiles command, and use it to restrict usage of database resources, and if the profile is assigned to a user, The database resources that the user is able to use are within the limits of that profile.

Second, conditions:

The creation profile must have the system permissions of Create profile.

To specify resource limits for users, you must:

1. Use the alter system dynamically or use the initialization parameter Resource_limit to make resource restrictions effective. The change is not valid for the password resource and the password resource is always available.

Sql> Show Parameter Resource_limit

NAME TYPE VALUE

———————————— ———– ——————————

Resource_limit Boolean FALSE

Sql> alter system set resource_limit=true;

The system has changed.

Sql> Show parameter resource_limit;

NAME TYPE VALUE

———————————— ———– ——————————

Resource_limit Boolean TRUE

Sql>

2. Create a profile that defines a limit on database resources by using creation profile.

3. Use the CREATE user or alter USER command to assign the profile to the user.

Third, the syntax:

CREATE Profile
LIMIT {resource_parameters | password_parameters} [resource_parameters | password_parameters] ...;

<resource_parameters>

{{Sessions_per_user | cpu_per_session | Cpu_per_call | Connect_time | Idle_time | logical_reads_per_session | Logical_reads_per_call | Composite_limit} {integer | UNLIMITED | DEFAULT}
| PRIVATE_SGA {integer [K | M] | UNLIMITED | DEFAULT}}

< Password_parameters >

{{Failed_login_attempts | Password_life_time | Password_reuse_time | Password_reuse_max | Password_lock_time | Password_grace_time} {Expr | UNLIMITED | DEFAULT}
| password_verify_function {FUNCTION | NULL | DEFAULT}}

Four, the grammatical explanation:

Profile: The name of the configuration file. The Oracle Database forces resource throttling in the following ways:

1. If the user exceeds the session resource limit of Connect_time or idle_time, the database rolls back the current transaction and ends the session. The user executes the command again, and the database returns an error,

2. If the user tries to perform an operation that exceeds the other session resource limit, the database discards the operation, rolls back the current transaction, and returns an error immediately. After the user can commit or roll back the current transaction, the session must end.

Tip: You can limit the time by dividing one piece into multiple segments, such as 1 hours (1/24 days), and you can specify resource limits for the user, but the database will not enforce the limit until the parameters are valid.

Unlimited: The user assigning this profile has unrestricted access to the resource, and when the password parameter is used, Unlimited means that there is no restriction on the parameters.

Default: Specifying default means ignoring some resource restrictions on the profile, and the default profile initial definition is not limited to resources and can be changed by the Alter Profile command.

resource_parameter section:

Session_per_user: Specifies the number of concurrent sessions that limit the user.

Cpu_per_session: Specifies the CPU time limit for the session, in 1% seconds.

Cpu_per_call: Specifies the CPU time limit for one invocation (parse, execute, and fetch) in 1% seconds.

Connect_time: Specifies the total connection time, in minutes, for the session.

Idle_time: Specifies the total time, in minutes, that the session is allowed to be continuously inactive, and the session will be disconnected. However, long-running queries and other operations are not subject to this limitation.

Logical_reads_per_session: Specifies the number of blocks of data that a session allows to read, including all blocks of data read from memory and disk.

Logical_read_per_call: Specifies the maximum number of data blocks that are allowed to be read by the Execute SQL (parse, execute, and fetch) call at one time.

PRIVATE_SGA: Specifies the maximum amount of space, in bytes, that a session can allow to allocate in the shared pool (SGA). (This restriction is only valid when using the shared server structure, where the private space of the session in the SGA includes both private and PL/SQL, but not shared SQL and PL/SQL).

Composite_limit: Specifies the total resource consumption for a session, expressed in service units units. Oracle database calculates Cpu_per_session,connect_time, logical_reads_per_session, and PRIVATE-SGA total service units in a profitable way

password_parameter section:

Failed_login_attempts: Specifies the maximum number of times that an attempt to log in is allowed before the account is locked out.

Password_life_time: Specifies the number of days that the same password is allowed to use. If the Password_grace_time parameter is specified at the same time, if the password is not changed within grace period, the password is invalidated and the connection database is rejected. If the Password_grace_time parameter is not set, the default value of unlimited raises a database warning, but allows the user to continue the connection.

Password_reuse_time and Password_reuse_max: These two parameters must be associated with each other, password_reuse_time specifies the number of days before the password cannot be reused, and password_reuse_ MAX Specifies the number of times the password has changed before the current password is reused. Two parameters must be set to an integer.

1. If an integer is specified for both parameters, the user cannot reuse the password until the password has been changed Password_reuse_max the specified number of times after the specified amount of time in Password_reuse_time.

For example: password_reuse_time=30,password_reuse_max=10, the user can reuse the password after 30 days, requiring the password to be changed more than 10 times.

2. If one of these is specified as an integer and the other is unlimited, the user can never reuse a password.

3. If you specify one of the default values that are defined in profile for the Default,oracle database, all parameters are set to unlimited in profiles by default, and if you do not change the profile default value, The database always defaults to unlimited for this value.

4. If all two parameters are set to unlimited, the database ignores them.

Password_lock_time: Specifies the set time, in days, for the number of failed login attempts to reach payback households.

Password_grace_time: Specifies the number of days to expire, and the database issues a warning to the number of days before the login expires. If the database password is not modified in the middle, the expiration is invalidated.

Password_verify_function: This field allows complex PL/SQL password validation scripts to be passed as parameters to the Create profile statement. The Oracle database provides a default script, but you can create your own validation rules or use third-party software validation. For a function name, specifying the name of the password validation rule, which is specified as NULL, means that the password verification feature is not used. If you specify an expression for the password parameter, the expression can be in any format except for the database-scalar subquery.

V. Examples:

1. Create a profile:

Create profile New_profile limit Password_reuse_max 30 password_reuse_time;

2. To set profile resource limits:

Create profile App_user limit Sessions_per_user Unlimited cpu_per_session unlimited cpu_per_call [connect_time] Cal_reads_per_session default Logical_reads_per_call private_sga 15k composite_limit 5000000;

The total resource cost does not exceed 5 million service units. The formula for calculating the total resource cost is specified by the ALTER resource cost statement.

3. Set Password Limit profile:

Create profile App_users2 limit failed_login_attempts 5 password_life_time password_reuse_time Password_reuse_max 5 Password_verify_function verify_function password_lock_time 1/24 password_grace_time 10;

4. To assign a configuration file to a user:

sql> alter user Dinya profile App_user;

The user has changed.

sql> alter user Dinya profile default;

The user has changed.

Oracle User Locked Unlock method

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.