Escolar Documentos
Profissional Documentos
Cultura Documentos
PROFILE MEANS
Profile is a database object.
Profiles are SET OF LIMITS ON DATABASE RESOURCES.
A profile is created to limit the resources a user can use.
DBAS can setup limits on the system resources by setting up profiles with defined limits.
Profiles are used to regulate the amount of resources used by each database user by creating and
assigning profiles to database users.
LIMITABLE RESOURCES
RESOURCE_NAME
------------
RESOURCE
-------------------------- --------
LIMIT
--------------------
DEFAULT
FAILED_LOGIN_ATTEMPTS
PASSWORD
10
DEFAULT
PASSWORD_LIFE_TIME
PASSWORD
180
DEFAULT
PASSWORD_REUSE_TIME
PASSWORD
UNLIMITED
DEFAULT
PASSWORD_REUSE_MAX
PASSWORD
UNLIMITED
DEFAULT
PASSWORD_VERIFY_FUNCTION
PASSWORD
NULL
DEFAULT
PASSWORD_LOCK_TIME
PASSWORD
DEFAULT
PASSWORD_GRACE_TIME
PASSWORD
7 rows selected.
RESOURCE_NAME
RESOURCE LIMIT
COMPOSITE_LIMIT
KERNEL
UNLIMITED
DEFAULT
SESSIONS_PER_USER
KERNEL
UNLIMITED
DEFAULT
CPU_PER_SESSION
KERNEL
UNLIMITED
DEFAULT
CPU_PER_CALL
KERNEL
UNLIMITED
DEFAULT
LOGICAL_READS_PER_SESSION
KERNEL
UNLIMITED
DEFAULT
LOGICAL_READS_PER_CALL
KERNEL
UNLIMITED
DEFAULT
IDLE_TIME
KERNEL
UNLIMITED
DEFAULT
CONNECT_TIME
KERNEL
UNLIMITED
DEFAULT
PRIVATE_SGA
KERNEL
UNLIMITED
9 rows selected.
RESOURCE PARAMETERS - KERNEL LIMITS
PRIVATE_SGA
: PRIVATE_SGA = <VALUE|UNLIMITED|DEFAULT>
SESSIONS_PER_USER
: SESSIONS_PER_USER = <VALUE|UNLIMITED|DEFAULT>
: CPU_PER_SESSION = <VALUE|UNLIMITED|DEFAULT>
: CPU_PER_CALL = <VALUE|UNLIMITED|DEFAULT>
Maximum connect time per session in minutes. Session will be dropped after specified time).
SYNTAX
: CONNECT_TIME = <VALUE|UNLIMITED|DEFAULT>
: LOGICAL_READS_PER_CALL = <VALUE|UNLIMITED|DEFAULT>
: LOGICAL_READS_PER_SESSION = <VALUE|UNLIMITED|DEFAULT>
: IDLE_TIME = <VALUE|UNLIMITED|DEFAULT>
: COMPOSITE_LIMIT = <VALUE|UNLIMITED|DEFAULT>
In order to enforce kernel limits resource limits are "turned on" for the database as a whole.
First verify RESOURCE_LIMIT initialization parameter. By default resorce_limit is off.
TYPE
VALUE
boolean
FALSE
TYPE
VALUE
boolean
TRUE
: FAILED_LOGIN_ATTEMPTS= <VALUE|UNLIMITED|DEFAULT>
: PASSWORD_LIFE_TIME = <VALUE|UNLIMITED|DEFAULT>
: PASSWORD_REUSE_TIME = <VALUE|UNLIMITED|DEFAULT>
Number of times a password must be changed before a previous password can be used.
SYNTAX
: PASSWORD_REUSE_MAX = <VALUE|UNLIMITED|DEFAULT>
: PASSWORD_LOCK_TIME = <VALUE|UNLIMITED|DEFAULT>
PASSWORD_GRACE_TIME
: PASSWORD_GRACE_TIME = <VALUE|UNLIMITED|DEFAULT>
DEFAULT PROFILE
Whenever you create a user in a database, a default profile is assigned to the user by default.
1) A user can have only one profile.
2) Profiles cannot be assigned to roles or other profiles.
3) Assigning a new profile to a user overtakes any earlier profile.
SYS> create user foo identified by foo;
User created.
SYS> select profile from dba_users where username='FOO';
PROFILE
-------DEFAULT
SYSTEM PRIVILEGES FOR PROFILES
CREATE PROFILE, ALTER PROFILE and DROP PROFILE
Profiles are assigned to users by CREATE USER or ALTER USER commands. To create a profile a
database user must have CREATE PROFILE system privilege.
PROFILE CREATION SYNTAX
SYS> create profile
<profile_name> LIMIT
<profile_item_name>
<value>
<profile_item_name>
<value>
..
..;
EXAMPLES
SYS> create profile p1 LIMIT
sessions_per_user
idle_time
connect_time
private_sga
composite_limit
50k
4000000;
password_lock_time
password_life_time
60
password_grace_time
password_reuse_time
60
password_reuse_max
5;
connect_time
unlimited
# minutes
30
# minutes
idle_time
logical_reads_per_session
default
# db blocks
logical_reads_per_call
default
# db blocks
composite_limt
default
private_sga
20m
failed_login_attempts
# bytes
password_life_time
30
password_reuse_time
# days
password_reuse_max
unlimited
# days
password_lock_time
default
# days
password_grace_time
2;
RESOURCE_NAME
RESOURCE LIMIT
COMPOSITE_LIMIT
KERNEL
4000000
P1
SESSIONS_PER_USER
KERNEL
P1
CPU_PER_SESSION
KERNEL
DEFAULT
P1
CPU_PER_CALL
KERNEL
DEFAULT
P1
LOGICAL_READS_PER_SESSION
KERNEL
DEFAULT
P1
LOGICAL_READS_PER_CALL
KERNEL
DEFAULT
P1
IDLE_TIME
KERNEL
P1
CONNECT_TIME
KERNEL
P1
PRIVATE_SGA
KERNEL
51200
..
...
ASSIGNING A PROFILE
We can assign profiles in two ways either user creation or alter statement.
SYS> create user sony identified by sony profile p1;
User created.
SYS> alter user foo profile p1;
User altered.
Once we assign the profile to a user, then the user cannot exceed profile limits. As I said
earlier, assigning a new profile to a user account overtakes any earlier profile. Initially user
foo has default profile but we have assigned new profile p1 to foo.
PROFILE
------------------------------ ---------------------SONY
P1
FOO
P1
ALTERING A PROFILE
Profiles can be altered with ALTER PROFILE command. A user must have ALTER PROFILE system privilege.
If profile limit is adjusted, the settings overrides the previous setting. New settings do NOT
affect current settings in process.
SYS> alter profile p1 limit sessions_per_user 1 private_sga 20k;
Profile altered.
SYS> select * from dba_profiles where profile='P1';
PROFILE
RESOURCE_NAME
RESOURCE LIMIT
SESSIONS_PER_USER
KERNEL
P1
PRIVATE_SGA
KERNEL
20480
P1
COMPOSITE_LIMIT
KERNEL
4000000
..
...
DROPPING A PROFILE
DEFAULT profile cannot be dropped.
The CASCADE clause revokes the profile from the corresponding user account.
When dropping a profile CASCADE must be used, if the profile has been assigned to any user.
When a profile is dropped, corresponding user account is reassigned to DEFAULT profile.
SYS> select username, profile from dba_users where username='FOO';
USERNAME
PROFILE
------------------------------ ---------------------FOO
P1
PROFILE
------------------------------ ---------------------FOO
P1
RESOURCE_NAME
RESOURCE LIMIT
PASSWORD_VERIFY_FUNCTION
SYS>@?/rdbms/admin/utlpwdmg.sql;
PASSWORD NULL
Function created.
Profile altered.
Function created.
RESOURCE_NAME
RESOURCE LIMIT
PASSWORD_VERIFY_FUNCTION
PASSWORD VERIFY_FUNCTION_11G
# complex password.
User created.
PROFILE
------------------------------ ---------------------SONY
DEFAULT
You can remove this password verify function, assign NULL value to PASSWORD_VERIFY_FUNCTION.
SYS> ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;
Profile altered.
utlpwdmg.sql
This function must be created in SYS schema.