ORACLE profile系列4 --CREATE PROFILE
这篇博客是ORACLE profile系列的第四篇,主要说一下,如果创建profile和使用profile进行资源和密码控制
CREATE PROFILE
Note:
Oracle recommends that you use the Database Resource Manager rather than this SQL statement to establish resource limits. The Database Resource Manager offers a more flexible means of managing and tracking resource use. For more information on the Database Resource Manager, refer to Oracle Database Administrator‘s Guide.Purpose
Use the CREATE PROFILE statement to create a
profile, which is a set of limits on database resources. If you assign the profile to a user, then that user cannot exceed these limits.
See Also:
Oracle Database Security Guide for a detailed description and explanation of how to use password management and protectionPrerequisites
To create a profile, you must have the CREATE PROFILE system privilege.
To specify resource limits for a user, you must:
-
Enable resource limits dynamically with the
ALTERSYSTEMstatement or with the initialization parameterRESOURCE_LIMIT. This parameter does not apply to password resources. Password resources are always enabled. -
Create a profile that defines the limits using the
CREATEPROFILEstatement -
Assign the profile to the user using the
CREATEUSERorALTERUSERstatement
##创建并使profile生效的前提条件是:
要想成功创建profile,用户必须具有create profile权限
如果想使profile中指定的限制对相关用户生效,首先我们需要把该profile指定给用户,其次我们需要开启数据库的resource_limit功能。(可以在数据库启动之前在参数文件中指定RESOURCE_LIMIT初始化参数,或者直接使用alter system set resource_limit=true;来启用)
See Also:
-
ALTER SYSTEM for information on enabling resource limits dynamically
-
Oracle Database Reference for information on the
RESOURCE_LIMITparameter -
CREATE USER and ALTER USER for information on profiles
Syntax
create_profile::=
Description of the illustration create_profile.gif
Description of the illustration resource_parameters.gif
Description of the illustration password_parameters.gif
Examples
Creating a Profile: Example The following statement creates the profile
new_profile:
CREATE PROFILE new_profile
LIMIT PASSWORD_REUSE_MAX 10
PASSWORD_REUSE_TIME 30;
Setting Profile Resource Limits: Example The following statement creates the profile
app_user:
CREATE PROFILE app_user LIMIT SESSIONS_PER_USER UNLIMITED CPU_PER_SESSION UNLIMITED CPU_PER_CALL 3000 CONNECT_TIME 45 LOGICAL_READS_PER_SESSION DEFAULT LOGICAL_READS_PER_CALL 1000 PRIVATE_SGA 15K COMPOSITE_LIMIT 5000000;
If you assign the app_user profile to a user, then the user is subject to the following limits in subsequent sessions:
-
The user can have any number of concurrent sessions.
-
In a single session, the user can consume an unlimited amount of CPU time.
-
A single call made by the user cannot consume more than 30 seconds of CPU time.
-
A single session cannot last for more than 45 minutes.
-
In a single session, the number of data blocks read from memory and disk is subject to the limit specified in the
DEFAULTprofile. -
A single call made by the user cannot read more than 1000 data blocks from memory and disk.
-
A single session cannot allocate more than 15 kilobytes of memory in the SGA.
-
In a single session, the total resource cost cannot exceed 5 million service units. The formula for calculating the total resource cost is specified by the
ALTERRESOURCECOSTstatement. -
Since the
app_userprofile omits a limit forIDLE_TIMEand for password limits, the user is subject to the limits on these resources specified in theDEFAULTprofile.
Setting Profile Password Limits: Example The following statement creates the
app_user2 profile with password limits values set:
CREATE PROFILE app_user2 LIMIT FAILED_LOGIN_ATTEMPTS 5 PASSWORD_LIFE_TIME 60 PASSWORD_REUSE_TIME 60 PASSWORD_REUSE_MAX 5 PASSWORD_VERIFY_FUNCTION verify_function PASSWORD_LOCK_TIME 1/24 PASSWORD_GRACE_TIME 10;
This example uses the default Oracle Database password verification function,
verify_function. Refer to
Oracle Database Security Guide for information on using this verification function provided or designing your own verification function.
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
